Password Breach Mining is a Major Threat on the Horizon

Just a quick note today to get you thinking about a very big issue that is just over the security horizon.

As machine learning capabilities grow rapidly and mass storage pricing drops to close to zero, we will see a collision that will easily benefit common criminals. That is, they will begin to apply machine learning correlation and prediction capabilities to breach data – particularly passwords, in my opinion.

Millions of passwords are often breached at a time these days. Compiling these stolen password is quite easy, and with each added set, the idea of tracking and tracing individual users and their password selection patterns becomes trivial. Learning systems could be used to turn that raw data into insights about particular user patterns. For example, if a user continually creates passwords based on a season and a number (ex: Summer16) and several breaches show that same pattern as being associated with that particular user (ex: Summer16 on one site, Autumn12 on another and so on…) then the criminals can use prediction algorithms to create a custom dictionary to target that user. The dictionary set will be concise and is likely to be highly effective.

Hopefully, we have been teaching users not to use the same password in multiple locations – but a quick review of breach data sets show that these patterns are common. I believe they may well become the next evolution of bad password choices.

Now might be the time to add this to your awareness programs. Talk to users about password randomization, password vaults and the impacts that machine learning and AI are likely to have on crime. If we can change user behavior today, we may be able to prevent the breaches of tomorrow!

Custom Security and Business Intelligence at Your Fingertips

We have decided to bring what has been a service offering to very select clients for the last several years to availability for all of our clients and the public.

For years, several of our clients have been enjoying custom security intelligence driven by the MSI TigerTrax™ analytics platform and our dedicated team of analysts and subject matter experts. The research and analysis work the team has been performing has been focused on agendas like:

  • competitive analysis
  • economic industry scale market analysis
  • consumer behavior, demographic or psychographic profiling
  • organizational human network data flows and relationship mapping
  • gathering data for marketing and sales opportunities on a global scale
  • dark net data raids
  • trend and disruptive technology assessments
  • scalability & DRM techniques
  • piracy and underground market analyses
  • and even assessments of threats against brands, nation-states and multi-national cooperatives

Our team has robust expertise to gather, profile, mine, visualize and analyze public or private data en masse for your organization.

Want customized threat data about your brands, on a global scale, updated monthly with new findings from the public, deep and dark web spaces? We can do that.

Want large amounts of competitive market data gathered, visualized and summarized? We can do that too. 

Need daily briefings on a set of specific trends, geo-locations or products? Our experts are experienced at producing it.

Desire to have entire market segments deconstructed, profiled and researched to find vendors, trends and critical relationships up to 3 levels away from the core processes? We’ve done that now for multiple industries.

How about a customized monthly briefing of industry wide changes, summaries of events and monitoring of specific sets of questions your organization may have around critical topic areas? We have done this for clients across multiple industries.

Basically, if your organization would like to have customized research, analysis and intelligence – and we aren’t talking about lists of indicators of compromises and such – but REAL WORLD operational intelligence for optimizing your products, services or marketing, then we may be able to assist you. If you need a larger world view than the data you have now permits, we may be able to solve that for you. If you need to match your organization’s internal data-driven views with the views of the public or smaller groups of the public, we may be able to turn those efforts into insights.

If any of this sounds interesting and useful, join us for a cup of coffee or a conference call, and let’s talk about your needs and our capabilities. We have been performing these services for years for a select few clients, and are now ready to open these capabilities to a wider audience. To schedule a discussion, drop us a line at info@microsolved.com, hit our website at microsolved.com and click on the request a quote button or give us a call at (614) 351-1237 today. We look forward to talking with you.

Cyber-Mania & Situation Awareness in the Binary Worlds…

Good Friday Afternoon Folks;

In today’s issue of the latest cyber news we have quite a bit in the way of Cyber-Mania & Situation Awareness in the Binary Worlds…

Pay particular attention to the immediate section below and the latest items of interest from the People’s Republic of Cyber Espionage…er, sorry, China…
There are a couple of interesting items regarding cuber attacks and a cuber timeline from NATO…yeah OTAN…go figure!
And yes the F-B-I is looking for Hacker love…be sure to use a condom … or those executable files ail ruin your weekend…:-)

People’s Republic of China allows spies to plunder companies
http://www.news.com.au/business/chinese-inaction-over-industrial-spies/story-e6frfm1i-1226693898798
Slight shift seen in official Chinese attitude on cybersecurity
http://www.fiercegovernmentit.com/story/slight-shift-seen-official-chinese-attitude-cybersecurity/2013-08-07
People’s Republic ofChina firmly pursues peaceful development: defense minister
http://english.qstheory.cn/news/201308/t20130801_255078.htm
How America Is Fighting Back Against Chinese Hackers |
http://gizmodo.com/how-america-is-fighting-back-against-chinese-hackers-754599685
President Xi inspects Chinese Academy of Sciences in Beijing _ Qiushi Journal
http://english.qstheory.cn/news/201307/t20130718_250255.htm
People’s Republic of China’s Huawei Looks to Build Up Enterprise-Network Business
http://online.wsj.com/article/SB10001424127887323977304578654840024408084.html

NATO History of Cyber Attacks – A Timeline
http://www.nato.int/docu/review/2013/Cyber/timeline/EN/
Fitting cyber attacks to jus ad bellum — Consequence-based approachPart III
http://resources.infosecinstitute.com/fitting-cyber-attacks-to-jus-ad-bellum-consequence-based-approachpart-iii/?
Cyberattacks devastated my business!
http://money.cnn.com/gallery/smallbusiness/2013/05/28/cybercrime
NSA behind cyber attacks the took down ‘Dark Web’ used by online pedophiles
http://bbb-news.com/blog/2013/08/09/eric-eoin-marques-nsa-behind-cyber-attacks-the-took-down-dark-web-used-by-online-pedophiles/
Defendant in Romanian Cyber Crime Ring Convicted of Wire Fraud and Identification Document Fraud Conspiracies
http://www.fbi.gov/newyork/press-releases/2013/defendant-in-romanian-cyber-crime-ring-convicted-of-wire-fraud-and-identification-document-fraud-conspiracies?

Are Black Hats and White Hats Really Grey Hats?
http://www.digitalcommunities.com/articles/Are-Black-Hats-and-White-Hats-Really-Grey-Hats.html

FBI director calls on private sector to help with cyber threat
I’ll be sure to send him a .pdf with an executable file in it – oh wait the Minneapolis Cyber Field Office already received it….Nyarch!
http://arstechnica.com/tech-policy/2013/08/fbi-director-calls-on-private-sector-to-help-with-cyber-threat/
CIA, FBI and NSA Leaders Ask for Help Fighting Cyberattacks
http://mashable.com/2013/08/08/cia-fbi-nsa-cyberattacks/?
The Government Wants to Create Cybersecurity Insurance
http://gizmodo.com/the-government-wants-to-create-cybersecurity-insurance-1046375980
IPv6 is latest tool for stealing credit card numbers and passwords
http://www.v3.co.uk/v3-uk/news/2286734/ipv6-is-latest-tool-for-stealing-credit-card-numbers-and-passwords

Semper Fi,

謝謝
紅龍

People’s Republic of China & Operation Middle Kingdom…oh yes, Huawei and the colonization of Africa & India….

Good day my curious friends…much in the cyber news to amuse and entrain, but never alarm you…

Pay particular attention the articles below related to Huawei and their colonization of India via BSNL and Ethiopia via massive telco rollouts. People’s Republic of China & Operation Middle Kingdom…oh yes, Huawei and the colonization of Africa & India….always remember that a significant amount of cyber threat news and alerts will be released on Friday, saturdays and Sundays…when no one is paying attention…

Enjoy –

People’s Republic of Hacking, er…China is stealing intellectual property to boost its economic development…
Don’t let Snowden overshadow the real cyber threat

http://www.ft.com/intl/cms/s/0/d18f1e6a-ef97-11e2-a237-00144feabdc0.html

UK’s Cameron recommended porn filter controlled by People’s Republic of China’s Huawei
http://www.computing.co.uk/ctg/news/2285074/camerons-recommended-porn-filter-controlled-by-huawei

Baidu’s guide to the eight biggest Internet scams in People’s Republic of China
http://www.danwei.com/baidus-guide-to-the-eight-biggest-internet-scams-in-china/

Chinese can be pressured into accepting global cybersecurity norms
http://www.fiercegovernmentit.com/story/lewis-chinese-can-be-pressured-accepting-global-cybersecurity-norms/2013-07-24
Chinese hacker who once targeted the US switches sides to help defend Western companies… |
http://www.abc.net.au/news/2013-07-22/chinese-hacker-switches-from-attack-to-defence/4836572
Chinese hacker to help defend Western companies
http://au.news.yahoo.com/latest/a/-/article/18104751/chinese-hacker-who-once-targeted-the-us-switches-sides-to-help-defend-western-companies/
The Decline of China’s Internet Cafes
http://thediplomat.com/china-power/the-decline-of-chinas-internet-cafes/?
The great firewall of China gets metaphorical
The Chinese government’s increasingly sophisticated approach to censorship demands a new interpretation

http://www.guardian.co.uk/technology/2013/jul/14/china-great-firewall-put-out
Hengqin New Area Aims to Skirt Great Firewall – China Digital Times (CDT)
http://chinadigitaltimes.net/2013/07/hengqin-new-area-aims-to-skirt-great-firewall/?

BSNL to switch to People’s Republic of China’s Huawei’s next generation networks
China’s colonization of India is now complete as Operation Middle Kingdom continues…

http://www.thehindu.com/business/Industry/bsnl-to-switch-to-huaweis-next-generation-networks/article4953441.ece
Huawei Hits 100th 100G Deployment Milestone, Paving an Information Super Highway for the Next Decade
http://www.webwire.com/ViewPressRel.asp?aId=177824
Ethiopia signs $700 mn mobile network deal with People’s Republic of China’s Huawei
Operation Middle Kingdom continues in Africa as People’s Republic of China colonizes with their business development instead of weapon systems…US AFRICOM puzzled by lack of success…

http://nazret.com/blog/index.php/2013/07/25/ethiopia-signs-700-mn-mobile-network-deal-with-china-s-huawei

Find Out Why Apple’s Revenues in China Dropped 43% in Q2
http://www.techinasia.com/apple-china-revenues-drop-q2-2013/
Insight: How Samsung is beating Apple in the People’s Republic of China
http://www.reuters.com/article/2013/07/26/us-samsung-apple-china-insight-idUSBRE96P05F20130726
Apple Developer site hack: doubts cast on Turkish hacker’s claims
Guardian investigation raises questions over claims by Turkish researcher that he hacked into Apple’s Developer portal

http://www.guardian.co.uk/technology/2013/jul/26/apple-developer-site-hack

Japanese Minister Proposes More Active Military Presence in Region
http://www.nytimes.com/2013/07/27/world/asia/japanese-minister-proposes-more-active-military-presence-in-region.html?&pagewanted=all

$300 million Russian cyber crime ring broken by US feds
http://www.scmagazineuk.com/300-million-russian-cyber-crime-ring-broken-by-us-feds/article/304680/
Five Charged in Massive Financial Hacking Case | TIME.com
http://techland.time.com/2013/07/26/five-charged-in-massive-financial-hacking-case/

US Marines Focused at Tactical Edge of Cyber, Commander Says…
http://www.defense.gov/news/newsarticle.aspx?id=120246
USAF pleads with airmen to think about business of cyber…http://www.defense.gov/news/newsarticle.aspx?id=120222

A historical overview of the cyberattack landscape
http://www.net-security.org/secworld.php?id=15284
US Military: Forget cold war — Here comes cyber war
http://www.digitaljournal.com/article/355119
“What Is That Box?” — When The NSA Shows Up At Your Internet Company
http://www.buzzfeed.com/justinesharrock/what-is-that-box-when-the-nsa-shows-up-at-your-internet-comp

Hacked in 276 Seconds – Timely Intelligence Improves Ability to Thwart Cyber Attacks: Survey |
http://www.securityweek.com/hacked-276-seconds-timely-intelligence-improves-ability-thwart-cyber-attacks-survey

KPMG red-faced after being found w/data leak Reverse assessment reveals KPMGs publicly accessible data |
http://www.scmagazineuk.com/exclusive-reverse-assessment-reveals-kpmgs-publicly-accessible-data/article/304295/

Semper Fi,

謝謝
紅龍

People’s Republic of China and Hacking the US Defense Industrial Base (DIB)….

Good morning Folks –

Much news to post for a Sunday…remember the Red Dragon’s thought, controversial and unpopular stories are published on the weekends…today 9 JUNE 2013 is certainly a landmark day….enjoy the cyber threat intelligence news of the day from all corners of the cyber world…here is today’s edition of People’s Republic of China and Hacking the US Defense Industrial Base (DIB)….

Cyber ceasefire? US & the People’s Republic of Hacking <> square off over Internet espionage claims

http://rt.com/news/obama-xi-cyber-hacking-356/

US-China summit ends with accord on all but cyber-espionage
Obama’s meeting with Xi overshadowed by revelations of NSA’s snooping –


http://www.guardian.co.uk/world/2013/jun/09/us-china-summit-barack-obama-xi-jinping

Cyber crimes confrontation at Obama Xi summit

http://www.telegraph.co.uk/news/worldnews/asia/china/10108486/Cyber-crimes-confrontation-at-Obama-Xi-summit.html

U.S. and China Move Closer on North Korea, but Not on Cyberespionage

http://www.nytimes.com/2013/06/09/world/asia/obama-and-xi-try-building-a-new-model-for-china-us-ties.html?partner=rssnyt&emc=rss&pagewanted=all

Redefining relations [China Daily]

http://wanderingchina.org/2013/06/09/redefining-relations-china-daily-risingchina-xiobamasummit-transpacificcooperation/

Obama tells intelligence chiefs to draw up cyber target list – full document text
People’s Republic of China is @ the top of the targeting list…uh oh…


http://www.guardian.co.uk/world/interactive/2013/jun/07/obama-cyber-directive-full-text

People’s Republic of Hacking <> flips cybersecurity tables; reports claim U.S. is prepping attacks

http://www.washingtontimes.com/news/2013/jun/7/obama-urges-chinese-president-cooperate-cybersecur/

Did the People’s Republic of China Leak Prism Deliberately?

http://blog.knowbe4.com/bid/297153/did-china-leak-prism-deliberately?

The Economist’s ‘Brokeback Mountain’ Cover & PRISM Won’t Stop Obama & Xi

http://www.theatlanticwire.com/global/2013/06/economist-brokeback-mountain-cover-obama-xi/65999/

People’s Republic of China’s Response to Pentagon Report “Baseless, Counterproductive”

http://www.jamestown.org/programs/chinabrief/single/?tx_ttnews%5Btt_news%5D=40856&cHash=7454cb6965b8ef66e9be3338386ec41d

People’s Republic of China encircles U.S. by sailing warships in American waters, arming neighbors

http://www.washingtontimes.com/news/2013/jun/7/china-encircles-us-arming-western-hemisphere-state/

People’s Republic of China’s 2013 Defense White Paper in Perspective

http://www.jamestown.org/programs/chinabrief/single/?tx_ttnews%5Btt_news%5D=40783&cHash=ff46c8fad4f7da66e5e3e642e6da62e4

People’s Republic of China’s Iraq Oil Strategy Comes Into Sharper Focus

http://www.jamestown.org/programs/chinabrief/single/?tx_ttnews%5Btt_news%5D=40861&cHash=20da431fe2272ad34a6ace632cdecb96#.UbSEKfkqh8E

People’s Republic of China To America: You Hack Us, Too – Network Computing

http://www.networkcomputing.com/quickview/china-to-america-you-hack-us-too/3581?wc=4?cid=NWC_report_2013-06-08_html&elq=f22330ccd1b64c119ef17d90549174b7&wc=4

People’s Republic of China hacking vs. Pentagon whacking: An arms race in cyber-space?

http://rt.com/op-edge/china-pentagon-hacking-cyber-211/

People’s Republic of Chain’s Huawei reiterates that its products do not pose a security threat

http://www.phonearena.com/news/Huawei-reiterates-that-its-products-do-not-pose-a-security-threat_id43818?

Censoring Remembrance: People’s Republic of China’s Twenty-Fourth Unrealized Commemoration

http://wanderingchina.org/2013/06/08/censoring-remembrance-chinas-twenty-fourth-unrealized-commenoration-three-torches-risingchina-tiananmen/

People’s Republic of China’s Lenovo And Huawei: Chinese Smartphones Ready To Take On The World

http://seekingalpha.com/article/1487682-lenovo-and-huawei-chinese-smartphones-ready-to-take-on-the-world?source=feed

Fiat could look for new China partner for Jeep: CEO

http://www.reuters.com/article/2013/06/08/us-fiat-jeep-idUSBRE95707C20130608

US Naval Academy Launches Cyber Operations Major…Mandarin Chinese not to be offered….

http://defensetech.org/2013/06/08/naval-academy-launches-cyber-operations-major/

Is “cyber war” just a scare tactic?
“Officials warn of looming Armageddon. Critics say it’s a subterfuge to erode online privacy and accountability…”Oh, the hyperbole…”


http://www.salon.com/2013/05/26/is_cyber_war_just_a_scare_tactic_partner/singleton/

The State of Cyber-War
http://www.asiasentinel.com/index.php?option=com_content&task=view&id=5466&Itemid=422

Taiwan to open new cyberwar unit

http://phys.org/news/2013-05-taiwan-cyberwar.html

2 more Taiwanese sites attacked in cyberwar tit-for-tat

http://www.gmanetwork.com/news/story/308017/scitech/technology/2-more-taiwanese-sites-attacked-in-cyberwar-tit-for-tat

China’s 2nd State…Taiwan Military Reform: Declining Operational Capabilities?

http://www.jamestown.org/programs/chinabrief/single/?tx_ttnews%5Btt_news%5D=40996&cHash=c90aea17a261bdf85762692f2104d44f

People’s Republic of China’s ZTE sends 400Gbps over 3,100 miles
People’s Republic of China’s ZTE redines High Speed Avenue of Approach in Chinese Military offensive cyber weapons arsenal…


http://www.computerworld.com/s/article/9239903/ZTE_sends_400Gbps_over_3_100_miles?sou

CCTV reveals Chinese army unit number, military praised for transparency

http://www.globaltimes.cn/content/756590.shtml

China v the US: how the superpowers compare |
http://www.guardian.co.uk/news/datablog/2013/jun/07/china-us-how-superpowers-compare-datablog

Defending an Open, Global Internet: China Is Not the Only Challenge, But Is a Big One

http://blogs.cfr.org/asia/2013/06/07/defending-an-open-global-internet-china-is-not-the-only-challenge-but-is-a-big-one/

Chinese Corporate Espionage: A Legal Gray Area?

http://chinadigitaltimes.net/2013/06/chinese-corporate-espionage-a-legal-gray-area/?

UK monthly exports to China hit £1bn for first time
ONS sees marked shift in Britain’s trading patterns as UK firms diversify away from crisis-hit eurozone


http://www.guardian.co.uk/business/2013/jun/07/uk-exports-china-ons

U.S. Internet Spying Draws Anger, and Envy

http://www.nytimes.com/2013/06/08/business/global/us-internet-spying-draws-anger-and-envy.html?partner=rssnyt&emc=rss&pagewanted=all

Cyber Attacks — the Reality, the Reason and the Resolution. Part 1

http://www.digitalcommunities.com/Column-Cyber-Attacks—-the-Reality-the-Reason-and-the-Resolution-Part-1.html

Cyber Attacks — the Reality, the Reason and the Resolution. Part 2

http://www.digitalcommunities.com/articles/Column-Cyber-Attacks-the-Reality-the-Reason-and-the-Resolution-Part-2.html?

U.S. on Offense in Cyber War: Building Command Center, Hiring Warriors

http://www.insurancejournal.com/news/national/2013/06/07/294731.htm

Clearing the air on cyber, electronic warfare | Deep Dive Intel

http://www.deepdiveintel.com/2013/05/30/clearing-the-air-about-electronic-warfare/?

Editorial: Cyberwar Defense

http://www.vnews.com/opinion/6456148-95/editorial-cyberwar-defense

Commentary: Keep Cyberwar Narrow |

http://nationalinterest.org/commentary/keep-cyberwar-narrow-8459

US DoD Sheds First Clear Light On AirSea Battle: Warfare Unfettered…discovers Chinese PLA “Unrestricted Warfare”…
http://breakingdefense.com/2013/06/03/dod-document-sheds-first-new-light-on-airsea-battle-warfare-unfettered/?

Waging the cyber war in Syria
http://fullcomment.nationalpost.com/2013/05/21/ronald-deibert-waging-the-cyber-war-in-syria/

Iranian Lawmaker: US Cyber War on Iran Violating Int’l Law

http://english.farsnews.com/newstext.php?nn=9202246150

Enjoy!

Semper Fi,

謝謝
紅龍