Cyber Threat SA for Thursday from Abu Dhabi…

Good morning from Abu Dhabi, United Arab Emirates…

Here are the latest cyber threat intelligence notes you need to be aware of…enjoy!

People’s Republic of China says it is opposed to all forms of hacking

People’s Republic of China’s military to drill on digitalized forces – Xinhua |

Chinese hackers have access to major US weapons designs, report says

People’s Republic of China’s Huawei all governments hack secret data using their kit –

U.S., Australia reports allege new spying by People’s Republic of China hackers –

Australia: People’s Republic of China spy agency hack claims ‘will not hit ties’ – Hack claims over Australia spy HQ

Spy claim no threat to People’s Republic of China ties: Foreign Minister Carr

Australian spy HQ plans stolen by Chinese hackers: report

REPORT: Chinese Hackers Stole Plans For Dozens Of Critical US Weapons Systems

Researchers uncover new global cyberespionage operation dubbed Safe

Cyber Attack on Norway’s Telenor was part of large cyberespionage operation with Indian origins, report says

US accuses Iran of hacking energy companies

Semper Fi,



HoneyPoint Used to Confirm Skype URL Indexing

Last week, several sources were talking about the indexing of URLs that happen inside supposedly secure and private Skype sessions. There was a bit of press about it and we thought it would be fun to test it out and easy to do with HoneyPoint Personal Edition. Here’s how we did it:

  • First, we stood up a HoneyPoint Personal Edition and dilated port 80 with a web listener. We configured it to look like a default under construction page on an IIS box. We then exposed it to the Internet.
  • In order to cut down on noise from scanning while we were testing, we decided we would use a target page in our test URL of vixennixie.htm, since scanners aren’t generally looking for that page, if we get scanned while we are testing, it won’t interfere with our data gathering and analysis.
  • Next, we created a Skype chat between to members of the team and made sure each of us was configured for full security.
  • Once this was confirmed, we passed the URL: http://target_ip/vixennixe.htm between us. The time was 1:13pm Eastern.
  • Then, we waited.
  • Lo and behold, we got this nearly 12 hours later:

                     2013-05-22 01:09:45 – HoneyPoint received a probe from on port 80 Input: HEAD /vixennixie.htm HTTP/1.1 Host: target_ip Connection: Keep-Alive

A whois of shows:

# ARIN WHOIS data and services are subject to the Terms of Use
# available at:

# Query terms are ambiguous. The query is assumed to be:
# “n”
# Use “?” to get help.

# The following results may also be obtained via:

NetRange: –
NetHandle: NET-65-52-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Assignment
RegDate: 2001-02-14
Updated: 2012-03-20

OrgName: Microsoft Corp
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2011-04-26

OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080

OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080

RTechHandle: ZM23-ARIN
RTechName: Microsoft Corporation
RTechPhone: +1-425-882-8080

# ARIN WHOIS data and services are subject to the Terms of Use
# available at:

I’ll leave it to the reader to decide what they think about the data. You can draw your own conclusions. We just appreciated yet another use for HoneyPoint and a quick and dirty project to play with. Thanks for reading!

Day Three Homeland Security Summit Middle East…Cyber Threat Intelligence SA You Need To Know….

Good morning from Abu Dhabi – yes I know it is Zero Dark Thirty here… thank you my Australian friends for pointing that out…

The restless, passionate and wicked never sleep…

Nonetheless, here is the latest Cyber Threat Intelligence you need to be aware of…

This one is my favorite! IN fact this is a very well written article…

Chinese Cyber Espionage: Don’t Believe the Hype

Of course, then this list of compromised US Military technology is also hype, isn’t?

The following is reproduced from the nonpublic version of the Defense Science Board report “Resilient Military Systems and the Advanced Cyber Threat” as posted originally by the Washington Post:

Table 2.2 Expanded partial list of DoD system designs and technologies compromised via cyber exploitation


Terminal High Altitude Area Defense

Patriot Advanced Capability-3

Extended Area Protection and Survivability System (EAPS)





Advanced Harpoon Weapon Control System

Tanker Conversions

Long-term Mine Reconnaissance System

Global Hawk

Navy antenna mechanisms

Global Freight Management System

Micro Air Vehicle

Brigade Combat Team Modernization

Aegis Ballistic Missile Defense System

USMC Tracked Combat Vehicles

Warfighter Information Network-Tactical (WIN-T)

T700 Family of Engines

Full Authority Digital Engine Controller (FADEC)

UH-60 Black Hawk

AMRAAM (AIM-120 Advanced Medium-Range Air-to-Air Missile)

Affordable Weapons System

Littoral Combat Ship

Navy Standard Missile (SM-2,3,6)

P-8A/Multi-Mission Aircraft

F/A and EA-18

RC-135 Detect./Collect.

Mk54 Light Weight Torpedo


Directed Energy

UAV video system

Specific Emitter identification


Dual Use Avionics

Fuze/Munitions safety and development

Electronic Intelligence Processing

Tactical Data Links

Satellite Communications

Electronic Warfare

Advanced Signal Processing Technologies for Radars

Nanostructured Metal Matrix Composite for Light Weight Ballistic Armor

Vision-aided Urban Navigation & Collision Avoidance for Class I Unmanned Air Vehicles (UAV)

Space Surveillance Telescope

Materials/processing technologies

IR Search and Track systems

Electronic Warfare systems

Electromagnetic Aircraft Launch

Rail Gun

Side Scan sonar

Mode 5 IFF

Export Control, ITAR, Distribution Statement B,C,D Technical Information

CAD drawings, 3D models, schematics

Software code

Critical technology

Vendor/supply chain data

Technical manuals

PII (email addresses, SSN, credit card numbers, passwords, etc.)

Attendee lists for program reviews and meetings

Indeed – don’t believe the hype, these are not the Chinese Hackers you are looking for…they already took your data! 🙂

Chinese vice premier, military leader meet US nat’l security adviser

China demonstrates defence determination to US: ministry

People’s Republic of Hacking: Chinese hackers ‘access sensitive US weapons systems’

Russia Uses ‘Single Register’ Law To Selectively Block Internet Content

Semper Fi,



Cyber Threat SA from Abu Dhabi Homeland Security Summit Middle East

Good day from Abu Dhabi, Additional Cyber Threat Situational Awareness @ the Homeland Security Summit Middle East –

People’s Republic of China High-ranking Military Spies Woo Australia Business Leaders

Watch a Chinese “Cyber Espionage Unit” Steal Files from an American Hard Drive in Real-Time

See it @

People’s Republic of China PLA’s “Department of Enemy Work” Reachs Out to Western Elites in Australia and US

No Chrome, No Firefox: Why Chinese Online Banking Still Requires Internet Explorer

People’s Republic of China’s Huawei: ‘trust us, we are being transparent’

People’s Republic of China’s Huawei’s Middle East Revenue Up 18% – –

ASIO hack: Julia Gillard defends intelligence funding for spy agency after Four Corners report

People’s Republic of China dismisses Australian spy HQ hacking claims

People’s Republic of China ‘hacked’ new Australian spy HQ | News | DW.DE | 28.05.2013

Telecoms official: G20 could be platform for cybersecurity

Iran’s approaching vote brings receding Web access

New Computer Attacks Traced to Iran, Officials Say

This Pentagon Project Makes Cyberwar as Easy as Angry Birds | Danger Room |

Frustrated Chinese send complaints to White House website

Semper Fi,



Cyber Situational Awareness stories from the International Cyber Front…yes folks Asymmetric Cyber Conflict

Red Dragon Rising bids you a great morning from Abu Dhabi & the Middle East Homeland Security Summit.

Here are some of the latest Cyber Situational Awareness stories from the International front you need to know…

Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies

See the entire story @

軍事行動古村 OP Middle Kingdom achieves objective of complete colonization of Australia…US scare tactics to keep Chinese business out

Premier Li : People’s Republic of China, Germany now economic ‘dream team’ OP Middle Kingdom continues…Colonization of Europe continues under OP Middle Kingdom…Germany acknowledges People’s Republic of China as the True Global Leader…

OP Middle Kingdom (軍事行動古村) captures United Kingdom as the People’s Republic of China continues affirmative colonization of the United Kingdom…UK and Germany ‘oppose duties on People’s Republic of China duties’

Tracing APT_163QQ Malware from the People’s Republic of China…Hong Kong

People’s Republic of China’s PLA: Electronic warfare unit in simulated offense-and-defense drill – People’s Daily Online

As Chinese Leader’s Visit Nears, United States Will Be Urged to Allow Retaliation Against Cyberattacks

Iranian Hackers targeting US oil, gas, and electric companies

The U.S.-China Showdown Over Cyber Attacks Heats Up

Strike Back If People’s Republic of China Steals IP, Companies Told —

People’s Republic of China’s Coexistence Strategy and the Consequences for World Order

Missile Defense with Chinese Characteristics

People’s Republic of China: Informatization Drives Expanded Scope of Public Security

A naval fleet of the Chinese People’s Liberation Army (PLA) on Monday passed through the Miyako Strait and entered the Western Pacific Ocean for a training mission

Seriously? USA to legalize rootkits, spyware, ransomware and trojans to combat piracy?

People’s Republic of China to Build $5 Billion EU Beachhead in Belarus

軍事行動古村 OP Middle Kingdom…How do you spell ‘COLONIZATION’ by the People’s Republic of China “E U”
EU countries resist plan to impose duties on Chinese solar panels…

Next Target of COLONIZATION by the People’s Republic of China…Switzerland….軍事行動古村 OP Middle Kingdom…
People’s Republic of China calls time on import tariffs on Swiss watches

People’s Republic of China’s OP Middle Kingdom 軍事行動古村: Greece becomes trade battleground as China invests in NCI
The Chinese are interested in airports, harbours and railways…” Chinese colonization continues unabated…

Semper Fi,



Cyber Situational Awareness Part Deux for Memorial Day…

Good afternoon and Happy Memorial Day from Abu Dhabi –

Here are some of the latest Cyber Situational Awareness items to take note of this afternoon;

Hackers tracked to China stole secret ASIO blueprints…
Computer hackers in China are understood to be behind a cyber attack that stole highly classified blueprints of the new ASIO headquarters in Canberra…uh oh…

Cyber-security turns into new battleground as US-China tension grows
As the countries trade blows amid claims of online spying, some see it as a final effort by Washington to retain its economic superiority…

Read more @ :

From IT Week: People’s Republic of Chain’s Huawei Faces Uphill Battle In Enterprise IT Market

More info @

Clearwire to pull Huawei from network … Chinese vendor caught in takeover crossfire

The whole story can be read here @

Berlin tells EU it opposes solar anti-dumping action vs People’s Republic of China: government source

Reuters article here:

EU, People’s Republic of China to hold talks on trade dispute

Europeans Press People’s Republic of China Over Trade in Telecom…Chinese Telecom Companies Caught in Middle of Trade Dispute

People’s Republic of China’s premier Li Keqiang warns Europe over trade war while in Germany…trading Euros for Ren Min Bi instead of Deustche Marks….

As EU Investigates Huawei, is China Gearing Up to Retaliate?

Semper Fi,



Save The Date: June 10 is CMHSecLunch

Save the date of June 10th for the next CMHSecLunch. This month’s event is at the Polaris Mall food court. It’s 11:30 to 1pm.

As usual, you can sign up here. You can also talk to @cahnee about it on Twitter if you would prefer. She can help you find folks wherever we meet.

The event is FREE, open to anyone interested in IT and InfoSec. You can brown bag it, or get food from the vendors. But, the conversations are amazing. You get to see old friends and make some new ones. Check it out! 

Cyber News Today from Homeland Security Middle East – Abu Dhabi, UAE

Happy Memorial Day Readers;

The Red Dragon and MicroSolved are at the Homeland Security Summit- Middle East taking place in Abu Dhabi, United Arab Emirates…

Latest World Cyber News you should be maintaining cyber situational awareness on comes to you today after 6 different flights across 4 different continents and a total of 30,000 airmiles…oh yes 5 hours of sleep –

Nonetheless – here are some developing stories out of the International Cyber World….

General Alexander – Four-star general in eye of U.S. cyber storm… Read more @

The covert battle over Beijing’s defence policy heats up…People’s Republic of China gets into the business of making friends

Read more @

People’s Republic of China’s Huawei a victim of its success

Read more @: &

All for now from the Middle East…more to come as the world wakes to a new day…

Semper Fi,



What YOU Can Do About International Threats

Binary eye

With the addition of RedDragon Rising (@RedDragon1949) to the blog, we are now pushing forth a new stream of threat data and insights about the growing problem of international threats. Since we added that content to the site, many of you have written in or asked me on Twitter, what is it that YOU can do about these threats? I wanted to take a few minutes and expand on my responses.

First of all, you can remain aware and vigilant. Much of the information we post here isn’t directly actionable. It isn’t designed to be a roadmap of actions for you to take. It’s designed to be a continual source of data that slowly helps you see a clearer picture of the threat, the actors and their capability. It’s designed to keep you AWAKE. It’s custom made to help you understand your adversary. Knowledge is power and insight is key. We make this content to give you both!

Second, you can communicate the threat and knowledge to your management. This helps them remain aware. It also presents to them that you are monitoring the threats and keeping your eye on the rising tides, even as you help them steer the ship through safe waters. You can use this information to build rapport with them, to give them new insights into your decisions when you explain to them various risks and to help them understand the changing nature of the interconnected world.

You can use the information here as an impetus to get the basics of information security right. While there aren’t any panaceas to fight off the threat and there isn’t a single thing you can buy to make it better ~ we do know that focusing on the basics of infosec and getting them done efficiently, effectively and well is the best defense against a variety of threats. That said, consider doing a quick and dirty review of your security initiatives against our 80/20 Rule for Information Security. This is a set of simple projects that represent the basics of information security and map easily to other standards and baselines. Simply judging your maturity in these areas and following the roadmap to improvement will go a long way to getting the basics done right in your organization. 

Invest in detection and response. If your organization is doing the basics of prevention, that is you have hardening in place and are performing ongoing assessment and mitigation of your attack surfaces, then the next thing to do is invest in detection and response capabilities. Today, one of the largest advantages that attackers enjoy is the lack of visibility and effective response capabilities in our organizations. You should have some visibility into every segment and at every layer of your environment. You should be able to identify compromises in a timely manner and move to isolate, investigate and recover from any breaches LONG BEFORE they have become widespread and heavily leveraged against you. If you can’t do that today, make it your next major infosec goal. Need help?Ask us about it.

Lastly, share information with your peers. The bad guys are good at information sharing. They have excellent metrics. They openly share their experiences, successes, failures and new techniques. Much of crime and espionage (not all, but MUCH) is “open source” in nature. The cells of attackers free float in conglomerations of opportunity.  They barter with experience, tools, data and money. They share. The more we begin to share and emulate their “open source” approaches, the better off we can be at defending. If knowledge is power, more brains with more knowledge and experience equals MORE POWER. Be a part of the solution.

That’s it for now. Just remain calm, get better at the basics, improve your visibility and stay vigilant. As always, thanks  for reading State of Security and for choosing MicroSolved as your information security partner. We are striving to dig deeper, to think differently and to give you truly actionable intelligence and threat data that is personalized, relevant to your organization and meaningful. If you’d like to hear more about our approach and what it can mean for your organization, get in touch via Twitter (@lbhuston), email (info(at)microsolved/dot/com) or phone (614-351-1237 ext 250). 

Latests News from AusCERT 2013 & the People’s Republic of Hacking…

G’day from Gold Coast, Australia and AusCERT 2013!

The persistent nature about the People’s Republic of Hacking, er, umm, sorry, China, is ceaseless…

People’s Republic of China’s Huawei Vows Revenge On U.S. Competitors Who Drag Its Name Through The Mud

Hackers Find People’s Republic of China Is Land of Opportunity ** AWESOME ARTICLE **

Google hackers wanted intel on People’s Republic of Chinese spook monitoring,google-hackers-wanted-intel-on-chinese-spook-monitoring.aspx?

Chinese hackers said to have accessed law enforcement targets
Cyber marauders sought more than just information on activists — they wanted access to FBI, DOJ investigations on spies in the U.S.

3 N.Y.U. Scientists Accepted Bribes From People’s Republic of China, U.S. Says

All for now from Down Under…

Semper Fi,