Quick PHP Malware vs AV Update

It’s been a while since I checked on the status of PHP malware versus anti-virus. So, here is a quick catch up post. (I’ve been talking about this for a while now. Here is an old example.)

I took a randomly selected piece of PHP malware from the HITME and checked it out this afternoon. Much to my surprise, the malware detection via AV has gotten better.

The malware I grabbed for the test turned out to be a multi-stage PHP backdoor. The scanner thought it was exploiting a vulnerable WordPress installation. 

I unpacked the malware parts into plain text and presented both the original packed version from the log and the unpacked version to VirusTotal for detection testing. As you know, in the past, detection of malware PHP was sub single digits in many cases. That, at least to some extent has changed. For those interested, here are the links to see what was tripped.

Decoded to plain text vs Encoded, as received

As you can see, decoded to plain text scored a detection of 44% (19/43), which is significantly improved from a year or so ago. Additionally, excitingly, undecoded, the attack in raw form triggered a detection rate of 30% (13/44)! The undecoded result is HUGE, given that the same test a year or so ago often yielded 0-2% detection rates. So, it’s getting better, just SLOWLY.

Sadly though, even with the improvements, we are still well below half (50%) detection rates and many of the AV solutions that fail to catch the PHP malware are big name vendors with commercial products that organizations running PHP in commercial environments would likely be depending on. Is your AV in the missing zone? If so, you might want to consider other forms of more nuanced detection

Now, obviously, organizations aren’t just depending on AV alone for detection of web malware. But, many may be. In fact, a quick search for the dropped backdoor file on Google showed 58,800 systems with the dropped page name (a semi-unique indicator of compromise). With that many targets already victim to this single variant of PHP backdoors, it might be worth checking into if you are a corporate PHP user.

Until next time, take a look around for PHP in your organization. It is a commonly missed item in the patch and update cycles. It also has a pretty wide security posture with a long list of known attack tools and common vulnerabilities in the coding patterns used by many popular products. Give any PHP servers you have a deeper inspection and consider adding more detection capability around them. As always, thanks for reading and stay safe out there! 

Chinese Cyber Military Situational Awareness & other fun stories from ‘Cybernia”

Good day Folks;

Some very peculiar chatter from within the People’s Republic of China today lends itself to this edition of Chinese Cyber Military Situational Awareness & other fun stories from ‘Cybernia”…
Make note of the Huawei stories as well the PLA’s 86th birthday…while China’s President Xi Jinping tell’s the army in China how to behave…

People’s Republic of China’s Hackers, bloggers & professors team up to tap into blocked microblog content
http://www.globaltimes.cn/content/799621.shtml
Asian Spying Said to Focus on U.S. Radiation-Hardened Electronics
http://www.nationaljournal.com/global-security-newswire/asian-spying-said-to-focus-on-u-s-radiation-hardened-electronics-20130725
Move over Huawei, there’s a new People’s Republic of China bogeyman in town and it’s called Lenovo
http://qz.com/109356/move-over-huawei-theres-a-new-bogeyman-in-town-and-its-called-lenovo/
Intelligence Agencies Ban People’s Republic of China’s Lenovo
http://www.ibtimes.com/lenovo-banned-international-intelligence-agencies-deem-computers-vulnerable-hacking-1363611?ft=j979o
People’s Republic of China’s Huawei announces successful completion of Boracay-Palawan submarine cable system
China’s OP Middle Kingdom now completes Phase V in the Philippines…

http://www.telegeography.com/products/commsupdate/articles/2013/07/30/huawei-announces-successful-completion-of-boracay-palawan-submarine-cable-system/?
French Scholar Challenges Western Preoccupation With Chinese ‘Threat’
People’s Republic of China’s OP Middle Kingdom now completes Phase VI in France…Manadrin Chinese classes no longer optional at university….

http://www.ibtimes.com/china-not-threat-nature-qa-dr-lionel-vairon-1363679?ft=a73y7

People’s Republic of China’s Economic Strategy Series…观察者网-中国关怀 全球视野
Detailed Operational Panning Documents for Operation Middle Kingdom…

http://www.guancha.cn/strategy-book/

People’s Republic of China’s Xi: Troops must strictly follow CPC leadership – Xinhua |
PLA Troops must demonstrate IDEOLOGICAL PURITY…

http://news.xinhuanet.com/english/china/2013-07/29/c_132584552.htm
China’s Ambassador Cui Tiankai Celebrating the 86th Anniversary of the Founding of the PLA |
Soldiers of People’s Republic of China’s female special forces unit – Xinhua |

http://news.xinhuanet.com/english/photo/2013-07/30/c_132585113.htm

How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts
http://blog.webroot.com/2013/07/29/how-much-does-it-cost-to-buy-one-thousand-russianeastern-european-based-malware-infected-hosts/

Iran’s Next Cabinet: Technocratic and Security-Focused
http://www.washingtoninstitute.org/policy-analysis/view/irans-next-cabinet-technocratic-and-security-focused

Navy awards contract to Boeing to prepare EA-18G Growler electronic warfare jet to accept Next-Generation Jammer
How long before BOEING admits they were targeted and hacked again by the People’s Republic of China….?

http://www.avionics-intelligence.com/articles/2013/07/ai-boeing-ngj.html

Battle line: Cyberspace –
http://dawn.com/news/1032735/battle-line-cyberspace/?view=print

When Would Cyber War Lead to Real War?
http://www.defenseone.com/technology/2013/07/when-would-cyber-war-lead-real-war/67580/#.

Enjoy!

謝謝
紅龍

People’s Republic of Cyber Conflict & Operation Middle Kingdom….

Good Monday Morning Friends;

Much cyber conflict news related to the People’s Republic of China’s HUAWEI over the weekend.
Take particular note of both India and the United Kingdom’s leadership being pawned by HUAWEI…
Also worth mentioning is that the former head of the US Central Intelligence Agency knows and is now revealing that the People’s Republic of China’s Huawei so pies for the People’s Republic of China…oh dear no! Really…<>

Enjoy –

How Mao Tse T’ung created the People’s Republic of China’s capitalist revolution [Straits Times]
http://wanderingchina.org/2013/07/27/how-mao-created-chinas-capitalist-revolution-straits-times-risingchina-reform-mao/

Ex-CIA chief accuses People’s Republic of China’s Huawei of industrial espionage – Telegraph
http://www.telegraph.co.uk/technology/news/10191154/Ex-CIA-chief-accuses-Huawei-of-industrial-espionage.html
Why is the former head of the NSA convinced Huawei is a threat to US communication networks? | Digital Trends
http://www.digitaltrends.com/mobile/huawei-threat-to-the-us/
People’s Republic of China’s Huawei in charge of UK TalkTalk’s net filtering
Operation Middle Kingdom…Chinese colonization of United Kingdom near complete as Phase V is accomplished…
http://www.computerworlduk.com/news/security/3460990/huawei-in-charge-of-talktalks-net-filtering/
People’s Republic of China’s Huawei says it ‘shares the same cyber security goals’ as the UK government
Operation Middle Kingdom…Chinese colonization of United Kingdom near complete as Phase V is accomplished…

http://www.pcadvisor.co.uk/news/security/3459981/huawei-says-it-shares-the-same-cyber-security-goals-as-the-uk-government/
People’s Republic of China’s Huawei gets closer to its users by P@WNing India…
Operation Middle Kingdom…Chinese colonization of India near complete as Phase V is accomplished…

http://www.thehindu.com/sci-tech/technology/huawei-gets-closer-to-its-users/article4960652.ece
People’s Republic of China’s Huawei lashes out at spying allegations from former CIA head
http://gigaom.com/2013/07/19/huawei-lashes-out-at-spying-allegations-from-former-cia-head/
People’s Republic of China’s Huawei revenue grows |
http://www.itweb.co.za/index.php?option=com_content&view=article&id=65959:Huawei-revenue-grows&catid=118
Australians ‘should not fear Chinese investment’, especially People’s Republic of Huawei, says Bob Carr
http://www.scmp.com/news/hong-kong/article/1291670/australians-should-not-fear-chinese-investment-says-foreign-minister

Spy agencies ban People’s Republic of China’s Lenovo PCs on security concerns
Recall friends that Lenovo has DIRECT ties to the Chinese Academy of Sciences and the People’s Liberation Army….
http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL
Intelligence services fear People’s Republic of China’s Lenovo products due to back-doors
http://www.neowin.net/news/intelligence-services-fear-lenovo-products-due-to-back-doors
Rare Glimpse into a Real-Life Command-and-Control Server | “Dragon Eye – Mini”
http://www.crowdstrike.com/blog/rare-glimpse-real-life-command-and-control-server/index.html

Record malware growth in People’s Republic of China…
http://www.net-security.org/malware_news.php?id=2546

How America’s Top Tech Companies Created the Surveillance State
http://www.nationaljournal.com/magazine/how-america-s-top-tech-companies-created-the-surveillance-state-20130725

Security Vendors: Do No Harm, Heal Thyself — Krebs on Security
Symantec quietly releasedsecurity updates to fix serious vulnerabilities in itsSymantec Web Gateway, a popular line of security appliances designed to help “protect organizations against multiple types of Web-borne malware.”
http://krebsonsecurity.com/2013/07/security-vendors-do-no-harm-heal-thyself/

CreepyDOL…Cheap Monitoring Highlights Dangers Of Internet Of Things — Dark Reading
http://www.darkreading.com/monitoring/cheap-monitoring-highlights-dangers-of-i/240159061

U.K. Ministry of Defence hit by cyberattack, data stolen | ZDNet
http://www.zdnet.com/u-k-ministry-of-defence-hit-by-cyberattack-data-stolen-7000017831/
People’s Republic of China’s Huawei slammed for locking GCHQ personnel out of security cell
http://www.v3.co.uk/v3-uk/news/2283330/huawei-slammed-for-locking-gchq-personnel-out-of-security-cell?

China’s UK censorwall will also block “terrorist content,” “violence,” “circumvention tools,” “forums”
http://boingboing.net/2013/07/26/uk-censorwall-will-also-block.html

Russian hackers got 160 million bank card numbers, but that wasn’t worst part
Federal prosecutors say they’ve blown open the largest hacking ring in US history, indicting four Russians and a Ukrainian. The biggest worry: One of them hacked into NASDAQ.

http://www.csmonitor.com/USA/Justice/2013/0725/Russian-hackers-got-160-million-bank-card-numbers-but-that-wasn-t-worst-part

Semper Fi,

謝謝
紅龍

Ask The Experts: Too Much Data

Q: “I have massive amounts of log files I have to dig through every day. I have tried a full blown SEIM, but can’t get it to work right or my management to support it with budget. Right now I have Windows logs, firewall logs and AV logs going to a syslog server. That gives me a huge set of text files every day. How can I make sense of all that text? What tools and processes do you suggest? What should I be looking for? HELP!!!!”

 

Adam Hostetler answered with:

 

I would say give OSSEC a try. It’s a free log analyzer/SEIM. It doesn’t

have a GUI with100 different dashboards and graphs, it’s all cli and

e-mail based (though there is a simple web interface for it also). It is

easy to write rules for, and it has default rules for many things,

except for your AV. You can write simple rules for that, especially if

you are just looking for items AV caught. It does take some tuning, as

with all analysis tools, but isn’t difficult after learning how OSSEC

works. If you want to step it up a bit, you can feed OSSEC alerts into

Splunk where you can trend alerts, or create other rules and reports in it.

 

Bill Hagestad added:

 

First things first – don’t be or feel overwhelmed – log files are what they are much disparate data from a variety of resources that need reviewing sooner rather than later.

 

Rather than looking at another new set to tools or the latest software gizmo the trade rags might suggest based on the flair of the month, try a much different and more effective approach to the potential threat surface to your network and enterprise information network.

 

First take a look at what resources need to be protected in order of importance to your business. Once you have prioritized these assets then begin to  determine what is the minimum level of acceptable risk you can assign to each resource you have just prioritized.

 

Next, make two columns on a either a piece of paper or a white board. In one column list your resources in order of protection requirements, i.e.; servers with customer data, servers with intellectual property, so and so forth. In a column to the right of the first assets list plug in your varying assigned levels of risk. Soon you will see what areas/assets within your organization/enterprise you should pay the most attention to in terms of threat mitigation.

 

After you have taken the steps to determine your own self- assessment of risk contact MicroSolved for both a vulnerability assessment and penetration test to provide additional objective perspective on threats to your IT infrastructure and commercial enterprise. 

 

Finally, Jim Klun weighed in with: 

 

You are way ahead of the game by just having a central log repository.  You can go to one server and look back in time to the point where you expect a security incident.

 

And what you have – Windows logs, firewall logs, and AV – is fantastic.  Make sure all your apps are logging as well ( logon success, logon failure).

Too often I have seen apps attacked and all I had in syslog was OS events that showed nothing.

 

Adam’s suggestion, OSSEC, is the way to go to keep cost down… but don’t just install and hope for the best.

You will have to tweak the OSSEC rules and come up with what works.

 

Here’s the rub: there is no substitute for knowing your logs – in their raw format, not pre-digested by a commercial SIEM or OSSEC.

 

That can seem overwhelming. And to that, some Unix commands and regular expressions are your friend.

 

So:

 

zcat auth.log | grep ssh | egrep -i ‘failed|accepted’

 

produces:

 

Jul  4 16:32:16 dmz-server01 sshd[8786]: Failed password for user02 from 192.168.105.51 port 38143 ssh2

Jul  4 16:33:53 dmz-server01 sshd[8786]: Accepted password for user01 from 192.168.105.38 port 38143 ssh2

Jul  4 16:36:05 dmz-server01 sshd[9010]: Accepted password for user01 from 192.168.105.38 port 38315 ssh2

Jul  5 01:04:00 dmz-server01 sshd[9308]: Accepted password for user01 from 192.168.105.38 port 60351 ssh2

Jul  5 08:21:58 dmz-server01 sshd[9802]: Accepted password for user01 from 192.168.105.38 port 51436 ssh2

Jul  6 10:21:52 dmz-server01 sshd[21912]: Accepted password for user01 from 192.168.105.38 port 36486 ssh2

Jul  6 13:43:10 dmz-server01 sshd[31701]: Accepted password for user01 from 192.168.105.30 port 34703 ssh2

Jun 26 11:21:02 dmz-server01 sshd[31950]: Accepted password for user01 from 192.168.105.70 port 37209 ssh2

 

 

Instead of miles of gibberish the log gets reduced to passed/fail authentication attempts.

 

You can spend an hour with each log source ( firewall, AV, etc) and quickly pare them down to whats interesting.

 

Then make SURE your OSSEC  rules cover what you want to see.

If that does not work – cron a script to parse the logs of interest using your regular expression expertise and have an email sent to you when something goes awry.

 

Revisist the logs manually periodically – they will change. New stuff will happen.  Only a human can catch that.

 

Take a look at:

http://www.securitywarriorconsulting.com/logtools/

 

The site lists a number of tools that may be useful

 

John Davis added:

 

You voice one of the biggest problems we see in information security programs: monitoring! People tell us that they don’t have the proper tools and, especially, they don’t have the manpower to perform effective logging and monitoring. And what they are saying is true, but unfortunately doesn’t let them out from having to do it. If you have peoples financial data, health data (HIPAA) or credit card information (PCI) you are bound by regulation or mandate to properly monitor your environment – and that means management processes, equipment, vulnerabilities and software as well as logs and tool outputs. The basic problem here is that most organizations don’t have any dedicated information security personnel at all, or the team they have isn’t adequate for the work load. Money is tight and employees are expensive so it is very difficult for senior management to justify the expenditure – paying a third party to monitor firewall logs is cheaper. But for real security there is no substitute for actual humans in the security loop – they simply cannot be replaced by technology. Unfortunately, I feel the only answer to your problem is for government and industry to realize this truth and mandate dedicated security personnel in organizations that process protected data.

 

As always, thanks for reading and if you have a question for the experts, either leave it in the comments, email us or drop us a line on Twitter at (@lbhuston). 

People’s Republic of China & Operation Middle Kingdom…oh yes, Huawei and the colonization of Africa & India….

Good day my curious friends…much in the cyber news to amuse and entrain, but never alarm you…

Pay particular attention the articles below related to Huawei and their colonization of India via BSNL and Ethiopia via massive telco rollouts. People’s Republic of China & Operation Middle Kingdom…oh yes, Huawei and the colonization of Africa & India….always remember that a significant amount of cyber threat news and alerts will be released on Friday, saturdays and Sundays…when no one is paying attention…

Enjoy –

People’s Republic of Hacking, er…China is stealing intellectual property to boost its economic development…
Don’t let Snowden overshadow the real cyber threat

http://www.ft.com/intl/cms/s/0/d18f1e6a-ef97-11e2-a237-00144feabdc0.html

UK’s Cameron recommended porn filter controlled by People’s Republic of China’s Huawei
http://www.computing.co.uk/ctg/news/2285074/camerons-recommended-porn-filter-controlled-by-huawei

Baidu’s guide to the eight biggest Internet scams in People’s Republic of China
http://www.danwei.com/baidus-guide-to-the-eight-biggest-internet-scams-in-china/

Chinese can be pressured into accepting global cybersecurity norms
http://www.fiercegovernmentit.com/story/lewis-chinese-can-be-pressured-accepting-global-cybersecurity-norms/2013-07-24
Chinese hacker who once targeted the US switches sides to help defend Western companies… |
http://www.abc.net.au/news/2013-07-22/chinese-hacker-switches-from-attack-to-defence/4836572
Chinese hacker to help defend Western companies
http://au.news.yahoo.com/latest/a/-/article/18104751/chinese-hacker-who-once-targeted-the-us-switches-sides-to-help-defend-western-companies/
The Decline of China’s Internet Cafes
http://thediplomat.com/china-power/the-decline-of-chinas-internet-cafes/?
The great firewall of China gets metaphorical
The Chinese government’s increasingly sophisticated approach to censorship demands a new interpretation

http://www.guardian.co.uk/technology/2013/jul/14/china-great-firewall-put-out
Hengqin New Area Aims to Skirt Great Firewall – China Digital Times (CDT)
http://chinadigitaltimes.net/2013/07/hengqin-new-area-aims-to-skirt-great-firewall/?

BSNL to switch to People’s Republic of China’s Huawei’s next generation networks
China’s colonization of India is now complete as Operation Middle Kingdom continues…

http://www.thehindu.com/business/Industry/bsnl-to-switch-to-huaweis-next-generation-networks/article4953441.ece
Huawei Hits 100th 100G Deployment Milestone, Paving an Information Super Highway for the Next Decade
http://www.webwire.com/ViewPressRel.asp?aId=177824
Ethiopia signs $700 mn mobile network deal with People’s Republic of China’s Huawei
Operation Middle Kingdom continues in Africa as People’s Republic of China colonizes with their business development instead of weapon systems…US AFRICOM puzzled by lack of success…

http://nazret.com/blog/index.php/2013/07/25/ethiopia-signs-700-mn-mobile-network-deal-with-china-s-huawei

Find Out Why Apple’s Revenues in China Dropped 43% in Q2
http://www.techinasia.com/apple-china-revenues-drop-q2-2013/
Insight: How Samsung is beating Apple in the People’s Republic of China
http://www.reuters.com/article/2013/07/26/us-samsung-apple-china-insight-idUSBRE96P05F20130726
Apple Developer site hack: doubts cast on Turkish hacker’s claims
Guardian investigation raises questions over claims by Turkish researcher that he hacked into Apple’s Developer portal

http://www.guardian.co.uk/technology/2013/jul/26/apple-developer-site-hack

Japanese Minister Proposes More Active Military Presence in Region
http://www.nytimes.com/2013/07/27/world/asia/japanese-minister-proposes-more-active-military-presence-in-region.html?&pagewanted=all

$300 million Russian cyber crime ring broken by US feds
http://www.scmagazineuk.com/300-million-russian-cyber-crime-ring-broken-by-us-feds/article/304680/
Five Charged in Massive Financial Hacking Case | TIME.com
http://techland.time.com/2013/07/26/five-charged-in-massive-financial-hacking-case/

US Marines Focused at Tactical Edge of Cyber, Commander Says…
http://www.defense.gov/news/newsarticle.aspx?id=120246
USAF pleads with airmen to think about business of cyber…http://www.defense.gov/news/newsarticle.aspx?id=120222

A historical overview of the cyberattack landscape
http://www.net-security.org/secworld.php?id=15284
US Military: Forget cold war — Here comes cyber war
http://www.digitaljournal.com/article/355119
“What Is That Box?” — When The NSA Shows Up At Your Internet Company
http://www.buzzfeed.com/justinesharrock/what-is-that-box-when-the-nsa-shows-up-at-your-internet-comp

Hacked in 276 Seconds – Timely Intelligence Improves Ability to Thwart Cyber Attacks: Survey |
http://www.securityweek.com/hacked-276-seconds-timely-intelligence-improves-ability-thwart-cyber-attacks-survey

KPMG red-faced after being found w/data leak Reverse assessment reveals KPMGs publicly accessible data |
http://www.scmagazineuk.com/exclusive-reverse-assessment-reveals-kpmgs-publicly-accessible-data/article/304295/

Semper Fi,

謝謝
紅龍

YAPT: Yet Another Phishing Template

Earlier this week, we gave you the touchdown task for July, which was to go phishing. In that post, we described a common scam email. I wanted to post an example, since some folks reached out on Twitter and asked about it. Here is a sample of the email I was discussing.

<paste>

Hi My name is Mrs. Hilda Abdul , widow to late Dr. Abdul A. Osman, former owner of Petroleum & Gas Company, here in Kuwait. I am 67 years old, suffering from long time Cancer of the breast.

From all indications my condition is really deteriorating and it’s quite obvious that I won’t live more than 3 months according to my doctors. This is because the cancer stage has gotten to a very bad stage.

I don’t want your pity but I need your trust. My late husband died early last year from Heart attack, and during the period of our marriage we couldn’t produce any child. My late husband was very wealthy and after his death, I inherited all his businesses and wealth .The doctor has advised me that I will not live for more than 3 months ,so I have now decided to spread all my wealth, to contribute mainly to the development of charity in Africa, America,

Asia and Europe .Am sorry if you are embarrassed by my mail. I found your e-mail address in the web directory, and I have decided to contact you, but if for any reason  you find this mail offensive, you can ignore it and please accept my apology. Before my late husband died he was major oil tycoon in Kuwait and (Eighteen Million Dollars)was deposited  in a Bank in cote d ivoire some years ago, that’s  all I have left now,

I need you to collect this funds and distribute it yourself to charity .so that when I die my soul can rest in peace. The funds will be entirely in hands and management. I hope God gives you the wisdom to touch very many lives that is my main concern. 20% of this money will be for your time and effort includin any expensese,while 80% goes to charity. You can get back to me via my private e-mail: (hilda.abdul@yahoo.com) God bless you.
1. Full name :
2. Current Address :
3. Telephone N° :
4. Occupation :
5. Age :
6. Country :

MRS. Hilda Abdul

<end paste>

As you can see, this is a common format of a phishing scam. In this case, you might want to edit the targeting mechanism a bit, so that they have to click through to a web page to answer or maybe even include a URL as supposed proof of the claim. That way you would have two ways to catch them, one by email reply and two by click through to the simple phish application.

As always your milage and paranoia may vary, but it is still pretty easy to get people to click or reply ~ even with age old spam phish attacks like this. What kind of return percentages did you get? What lessons did you learn? Drop us a line on Twitter (@lbhuston) and let us know. 

July’s Touchdown Task: Go Phish Yourself!

This month’s touchdown task is to spend about an hour doing some phishing. Phish your user base, executives and other likely targets. Use the process as a basis for ongoing awareness and security training.

Phishing is a LOT easier and more effective than you might think. We’ve made it easy for you to do, with a free tool called MSI SimplePhish. You can learn exactly how to do it by clicking here.

Pay special attention to this step:

PreCursor: Obtain permission from your security management to perform these activities and to do phishing testing. Make sure your management team supports this testing BEFORE you engage in it.

You might need a couple more ideas for some phishing templates, so here are a couple of the most simple examples from real phishing going on right now:

1. Simply send a non-sensical subject line and the entire body of the message is the phishing url. You might encode this to make it more fun using something like a URL shortener.

2. Copy one of those spam messages that go around where the target inherits 40 million dollars from an oil company exec in the Congo or somewhere. Check your spam folder for examples. Replace the URLs with your phish site URL and click send.

3.  Send a simple music trivia question, which is common knowledge, and tell them to click on the target URL to answer. Make it appear to be from a local radio station and if they answer correctly, they win a prize (movie tickets, concert tickets, etc.)

As a bonus, simply do what many testing vendors do ~ open your gmail spam folder and pick and choose any of the spam templates collected there. Lots to pick from. 

The exercise should be fun, easy and likely effective. If you need any help, drop us a line or give us a call. Until next month, stay safe out there! 

HITCON 2013 Concludes…”No, these are not the Chinese Cyberspies You are looking for, move along, move along…”! Red Dragon Returns from Taiwan…

Good Monday Morning from Taipei, Taiwan, Republic of China…

Much in the news to share – take particular note of the growing distrust in the People’s Republic of China’s State Owned Enterprise (SOE) HUAWEI. The United Kingdom is starting to wonder why Huawei’s own employees are reviewing their own telecommunications and networking kit…”No, these are not he Chinese Cyberspies You are looking for, move along, move along…”!

Winning Without Fighting: The Chinese Psychological Warfare Challenge
http://www.heritage.org/research/reports/2013/07/winning-without-fighting-the-chinese-psychological-warfare-challenge

German anxieties over the People’s Republic of China’s rise | Germany | DW.DE | 20.07.2013
http://www.dw.de/german-anxieties-over-chinas-rise/a-16963665?

UK discovers People’s Republic of China’s Huawei UK staff auditing Huawei kit: Govt orders probe •
http://www.theregister.co.uk/2013/07/19/huawei_cybersecurity_centre/

Huawei’s Chinese connection continues to be source of suspicion
http://www.net-security.org/secworld.php?id=15254
People’s Republic of China’s Huawei Tells Accusers ‘Put Up, or Shut Up’ Following Fresh Spying Allegations
http://www.ibtimes.co.uk/articles/492427/20130719/huawei-lashes-out-spying-allegations-cia-uk.htm
Ex-CIA chief Hayden claims People’s Republic of China’s Huawei spies for Chinese state
http://www.scmp.com/news/china/article/1286054/it-goes-without-saying-huawei-spies-china-says-ex-cia-chief
Former CIA boss says aware of evidence Huawei spying for thePeople’s Republic of China
http://www.reuters.com/article/2013/07/19/us-huawei-security-idUSBRE96I06I20130719
Huawei accused of spying for the People’s Republic of China by former CIA boss
http://www.slashgear.com/huawei-accused-of-spying-for-china-by-former-cia-boss-18291022/?
Anatomy of another Android hole – Chinese researchers claim new code verification bypass
http://nakedsecurity.sophos.com/2013/07/17/anatomy-of-another-android-hole-chinese-researchers-claim-new-code-verification-bypass/?

People’s Republic of China’s Huawei denies spying for Chinese government
http://www.digitalspy.co.uk/tech/news/a499762/huawei-denies-spying-for-chinese-government.html?rss
People’s Republic of China’s Huawei says CIA chief’s spy claims were ‘politically inspired and racist corporate defamation’
http://www.computing.co.uk/ctg/news/2283637/huawei-says-cia-chief-s-spy-claims-were-politically-inspired-and-racist-corporate-defamation
People’s Republic of China’s Huawei fends off more spying claims and faces UK security review
http://www.fiercewireless.com/europe/story/huawei-fends-more-spying-claims-and-faces-uk-security-review/2013-07-19?

PRISM Causes China’s Public Campaign Against American Companies
Growing Chinese Animosity Following PRISM Revelations Could Threaten Tech Firms’ Prospects In World’s No. 2 Economy

http://www.ibtimes.com/growing-chinese-animosity-following-prism-revelations-could-threaten-tech-firms-prospects-worlds-no

Good Practices Guide on Non-Nuclear Critical Energy Infrastructure Protection (NNCEIP) from Terrorist Attacks Focusing on Threats Emanating from Cyberspace
http://www.osce.org/atu/103500

US Military to Deploy Units Devoted to Cyber Operations
http://www.acqmagazine.com/military-to-deploy-units-devoted-to-cyber-operations/

Enjoy!

Semper Fi,

謝謝
紅龍

Meeting the Number One Chinese Hacker…and Americans making progress in Taipei @ HITCON 2013

Good day Folks from HITCON 2013!

An interesting international INFOSEC day indeed! Alliteration aside – today was phenomenal @ HITCON 2013!

For yours truly today’s HITCON 2013 marked the pinnacle of success for the Red Dragon – meeting the Number 1 Hacker from the People’s Republic of China! The gentlemen was very forthright and reminded me in so many ways of the China I knew of in 1983 – earnest, open, honest and willing to share with foreigners – this my friends was the Red Dragon coming face to face with the ‘mysterious’ China Hacking boogeyman – quite frankly, there isn’t one!

What marked today’s events even more inedibly in mind was another group of Chinese Hackers who had purchased multiple copies of my book “21st Century Chinese Cyber Warfare” in order to study and reference the concept of Middle Kingdom Information Warfare Doctrine development in their home country!!!

Wow. If Chinese Hackers are buying a foreigners book, then the Red Dragon has accomplished his mission. Roger out.

The icing on the cake for today was when finished with the Keynote speech I called China’s number 1 Hacker up front on stage and presented him with an autographed copy of the Chinese Hackers new manual…sadly, this fellow wasn’t on the original distribution list with the initial purchase. Yet as he thumbed carefully through the copy in his hands, it was meant to be that he should have a copy of “21st Century Chinese Cyber Warfare” as a gift.

I wonder if all the military & political might focused so negatively on the Middle Kingdom could ever achieve such progress as we experienced today in Taipei @ HITCON 2013…

UK Government Security Adviser To Review People’s Republic of China’s Huawei Cell

http://www.techweekeurope.co.uk/news/government-security-huawei-cell-122238?

No firewall for Macao’s new campus, exempt from the Great Firewall of China – CHINA – Globaltimes.cn
http://www.globaltimes.cn/content/797007.shtml#.UehyNj6G1JE
PRC Officials encouraged to promote ‘mass line’ campaign – SPECIAL COVERAGE – Globaltimes.cn
http://www.globaltimes.cn/content/796861.shtml#.Uehy9T6G1JE

Semper Fidelis my new Chinese Friends!

謝謝

紅龍

Taiwan & Asia’s Premiere Hacking CON – HITCON 2013 – MicroSolved’s own Red Dragon Rising Keynotes

Good morning from Taiwan & Asia’s Premiere Hacking CON – HITCON 2013
MicroSolved’s own Red Dragon Rising Keynotes on the comparative cyber convict doctrine of the People’s Republic of China, Russia and Iran!
If you are in Taipei please stop by and say ‘hello’!

Today’s cyber threat situational awareness (SA) includes quite a few items about the People’s Republic of China’s Huawei and the companies efforts to support the Communist Regimes efforts to colonize the world via Operation Middle Kingdom (OP Middle Kingdom). You’ll note that the Brit’s are getting wise to Huawei’s investment initiatives as a possible threat to Her Royal Majesty’s National Security. On a similar track is Saudi Arabia’s investment in Huawei…and thus the high tech colonization of the Middle East has begun. India has already been colonized by Huawei as you’ll read about the significant volume of high tech patents Huawei has purchased in the former British colony.

Please enjoy these cyber threat SA items – more to come I’m certain from HITCON 2013 in 台北, 中華民國 ~ Taiepi, Republic of China.

How the U.S. Uses Information Gained From Spying on Foreign Companies

UK reviews People’s Republic of China’s Huawei security center deal (as you would during a low-level cyberwar)

http://gigaom.com/2013/07/18/uk-reviews-huawei-security-center-deal-as-you-would-during-a-low-level-cyberwar/

http://www.theatlanticwire.com/national/2013/07/how-us-uses-information-gained-spying-foreign-companies/67321/
Britain to review People’s republic of China’s Huawei cyber center to allay security fears

http://www.reuters.com/article/2013/07/18/us-security-britain-huawei-idUSBRE96H0GA20130718

People’s Republic of China’s Huawei under investigation from UK government over security foul play | ITProPortal.com

http://www.itproportal.com/2013/07/18/huawei-under-investigation-from-uk-government-over-security-foul-play/

Government to review People’s Republic of China’s Huawei’s UK cyber security centre

http://www.computing.co.uk/ctg/news/2283352/government-to-review-huaweis-uk-cyber-security-centre

Saudia Arabia’s ITC & People’s Republic of Huawei in partnership to upgrade core network
People’s Republic of China’s Operation Middle Kingdom knows no limits as it focuses colonizaton of Saudia Arabia…


http://www.telegeography.com/products/commsupdate/articles/2013/07/18/itc-and-huawei-in-partnership-to-upgrade-core-network/?

People’s Republic of China’s Huawei Invests in 5G Networks IOT begin High Tech colonizing of world

http://blogs.wsj.com/digits/2013/07/17/huawei-invests-in-5g-networks/?

People’s Republic of China’s Huawei also developing an app to clear Other Storage problem

http://wmpoweruser.com/huawei-also-developing-an-app-to-clear-other-storage-problem/?

HTC-Huawei Merger Should Be Considered, Says JP Morgan Analyst | Tech Biz | The Diplomat

http://thediplomat.com/tech-biz/2013/07/17/htc-huawei-merger-should-be-considered-says-jp-morgan-analyst/?

People’s Republic of China’s Huawei reduces focus on U.S. market

http://news.cnet.com/8301-1001_3-57593961-92/huawei-reduces-focus-on-u.s-market/?

People’s Republic of China’s Hong Kong Ranked Asia’s Most Innovative Market

http://thediplomat.com/pacific-money/2013/07/18/hong-kong-ranked-asias-most-innovative-market/?

People’s Republic of China’s Huawei applied for 56K patents, invested $4.8bn in R&D in 2012
OP Middle Kingom successful as the People’s Republic of China’s High Tech colonization of India is complete.


http://www.thehindubusinessline.com/industry-and-economy/info-tech/huawei-applied-for-56k-patents-invested-48bn-in-rd-in-2012/article4924068.ece

Japan paper’s social media accounts ‘blocked in China’

http://phys.org/news/2013-07-japan-paper-social-media-accounts.html

Is North Korea Poised to Launch a Cyber Attack?

http://www.internationalpolicydigest.org/2013/07/13/is-north-korea-poised-to-launch-a-cyber-attack/?

South Korea accuses North of cyber attacks

http://www.reuters.com/article/2013/07/16/net-us-korea-cyber-idUSBRE96F0A920130716

Semper Fi!

謝謝
紅龍