Telnet Passwords Used In Brute Force Attacks

Just a quick post today, but I wanted to give you some insight into the Telnet scans we have been seeing lately. Here are the passwords that have been used to target logins on port 23 on one of our HITME sensors in the United States. This particular system emulates a login, and the probes appear to be automated. We saw no evidence of any manual probes on this sensor in the last month that targeted telnet.

The passwords used in brute force attacks on telnet (used against the usual root/admin/etc users…): 

default
1234
220
428
436
Admin
D-Link
admin
cobr4
dreambox
echo
enable
home-modem
l
password
private
public
root
sh
user

Keep a careful eye on any systems with Telnet exposed to the Internet. They are a common attraction point to attackers.

Just a Reminder, SIP is a Popular Scanning Target

I just wanted to give you a quick reminder that SIP scanning remains quite popular on the Internet. These probes can lead to compromise and fraud against your VoIP systems. Make sure you do not have VoIP systems exposed to the Internet without proper controls. If you review your logs on the Internet perimeter, SIP scans will look similar to this:

This was captured from the HITME using HoneyPoint Personal Edition.

2013-09-30 17:02:18 – HoneyPoint received a probe from 207.127.61.156 on port 23

Input: OPTIONS sip:nm SIP/2.0

Via: SIP/2.0/TCP nm;branch=foo

From: <sip:nm@nm>;tag=root

To: <sip:nm2@nm2>

Call-ID: 50000

CSeq: 42 OPTIONS

Max-Forwards: 70

Content-Length: 0

Contact: <sip:nm@nm>

Accept: application/sdp

Keep an inventory of your VoIP exposures. They remain a high area of interest for attackers.

Infosec, The World & YOU Episode 3 is Out!

Our newest episode is out, and this time we are joined by a very special guest, @TSGouge who discuss social engineering for companies and on the nation state scale. Victoria reveals her new plans to take over the world and Brent tries to keep up with these gals, who are straight up geniuses. We also pontificate on Syria and the potential for cyber-fallout from the action going on over there.

Check it out here

Have a global real world/cyber issue you want us to tackle? Observed an odd event that ties to a real world cause in the Internets? Drop us a line ~ we’d love to hear about it or get you on the show! 

You can find Brent on Twitter at @lbhuston and Victoria stars as @gisoboz. Get in touch! 

Using HoneyPoint as a Nuance Detection System in Utility Companies

I often get asked about how utility companies deploy HoneyPoint in an average implementation. To help folks with that, I whipped up this quick graphic that shows a sample high level deployment. 

Thanks for reading! Let me know what you think, or if you have an interest in discussing an implementation in your environment.

More on Persistent Penetration Testing from MSI

MicroSolved has been offering Persistent Penetration Testing (PPT) to select clients now for a couple of years. We have been testing and refining our processes to make sure we had a scalable, value driven, process to offer our full client base. We have decided to open the PPT program up to another round of clients, effective immediately. We will be open to adding three additional clients to the PPT group. In order to qualify, your organization must have an appetite for these services and meet the criteria below:

The services:

  • MSI will actively emulate a focused team of attackers for either a 6 or 12  month period, depending on complexity, pricing and goals
  • During that time, MSI will actively and passively target your organization seeking to reach a desired and negotiated set of goals (usually fraud or theft of IP related data, deeper than traditional pen testing)
  • Full spectrum attacks will be expressed against your organization’s defenses in red team mode, across the time window 
  • Once an initial compromise occurs and the appropriate data has been identified and targeted, we will switch to table top exercises with the appropriate team members to discuss exploitation and exfiltration, prior to action
  • If, and only if, your organization approves and desires, then exploitation and exfiltration will occur (note that this can be pivoted from real world systems to test/QA environments at this point)
  • Reporting and socialization of the findings occurs, along with mitigation strategies, awareness training and executive level briefings
  • The process then repeats, as desired, through the terms and sets of goals

The criteria for qualification; Your organization must:

  • Have full executive support for the initiative, all the way to the C-level and/or Board of Directors
  • Have a mature detection and egress process in place (otherwise, the test will simply identify the needs for these components)
  • Have the will to emulate real world threat activity without applying compliance-based thinking and other unnatural restraints to the process
  • Have a capable security team for MSI to work with that has the capability to interface with the targeted lines of business in a rapid, rational and safe manner
  • If desired, have the capability to construct testing/QA platforms and networks to model real world deployments in a rapid and accurate fashion (requires rapid VM capability)
  • Be open to engaging in an exercise with an emulated aggressive adversary to establish real world risk and threat profiles
  • Be located in the US (sorry, we are not currently accepting non-US organizations for this service at this point)

If your organization meets these requirements and you are interested in discussing PPT services, please drop me a line (Twitter: @lbhuston), or via email at Info at microsolved dot com. You can also reach me via phone at (614) 351-1237 x 201.

China’s Report on US Military Cyber Troop Strength

(紅龍) Red Dragon’s statement: If you think you are paying too much for cyber threat intelligence and your current provider DID NOT SHOW this Chinese article to youthen you have paid too much for the incorrect type of Chinese Cyber Threat Intelligence…

Contact the Red Dragon (紅龍) @ MicroSolved, save money, stay better informed – find a capable cyber intelligence authority for less, much less….

whagestad@microsolved.com

謝謝您

紅龍

People’s Republic of China Report: U.S. network warfare unit’s equivalent to 7 over 8 million people equal to the 101st Airborne Division

At 08:49 on August 15, 2013 Source: Phoenix

Core Tip : According to Sing Tao Global Network reported that the U.S. share of global 29% of the number of hackers, the U.S. military about 3000-5000 information warfare experts, and 50000-70000 cyberwar soldiers, together with the original electronic warfare officer , the U.S. network warfare units should have eighty-eight thousand seven hundred people, the scale is equivalent to seven 101st Airborne Division, which will burden future wars weakened the enemy four into combat missions.

Phoenix August 14 “military observation room”, the following is the text Record:

Commentary: Snowdon event causes a foreign media speculation, in fact, the United States first established the largest network warfare units, the development of the world’s most advanced network warfare equipment, and bringing it to actual combat. Recently, the Sing Tao Global Network reported that the U.S. share of global 29% of the number of hackers, the U.S. military about 3000-5000 information warfare experts, and 50000-70000 cyberwar soldiers, together with the original electronic warfare officer, U.S. Army network warfare units should have eighty-eight thousand seven hundred people, the scale is equivalent to seven 101st Airborne Division, which will burden future wars to weaken the enemy four combat missions.

U.S. network army of four thousand people, the world’s top computer experts and hackers, including the CIA, NSA, FBI and other sector experts, all members of the average IQ of 140 or more, known as 140 troops from American four-star general Alexander lasted eight single-handedly built his independent command of the Tenth Fleet, including the Navy, the Air Force 24th Air Force and the Army Second Army, responsible for the training of the academic elite spy technology centers, as well as specialized eavesdropping embassies around the world special data collection center, the United States is being set up forty network security forces, including 13 as offensive forces, the main development network warfare weapons, another 27 troops mainly to protect DoD computer systems and data, all 40 teams will branch to be completed before the autumn of 2015.

“Military observation room” program broadcast in the Phoenix Chinese Channel ] [Program Area

Moderator: Dong Jiayao Moderator Zone]

First time: (Wednesday) 21:50-22:30

Playback time: (Thursday) 04:10-04:50,15:15-15:55

Statement : where marked “Phoenix” sources of work (text, audio, video), without the Phoenix authorization, any media, and individuals shall not be reproduced, link, posted or otherwise use; already authorized in writing by the webmaster at use must be marked “Source: Phoenix.” Violate the above statement, Ben Wang will pursue its legal responsibilities.

 美國網路戰部隊逾8萬人 相當於7101空降師20130815 08:49

來源:鳳凰衛視

核心提示:據星島環球網報道,美國駭客數量佔全球29%,美軍約有三千到五千名資訊戰專家,及五萬到七萬名網路戰兵,加上原有的電子戰人員,美軍網路戰部隊應該有八萬八千七百人,這個規模相當於七個101空降師,它在未來戰爭將負擔削弱敵人四成戰鬥力的任務。

鳳凰衛視8月14日《軍情觀察室》,以下為文字實錄:

解說:斯諾登事件引起中外媒體一輪炒作,其實美國最早建立規模最大的網路戰部隊,發展了世界最先進的網路戰裝備,並將其推向實戰。近日,星島環球網報道,美國駭客數量佔全球29%,美軍約有三千到五千名資訊戰專家,及五萬到七萬名網路戰兵,加上原有的電子戰人員,美軍網路戰部隊應該有八萬八千七百人,這個規模相當於七個101空降師,它在未來戰爭將負擔削弱敵人四成戰鬥力的任務。

美國網軍達四千人,由世界頂級電腦專家和駭客組成,包括中央情報局、國家安全局、聯邦調查局以及其他部門的專家,所有成員平均智商在140以上,稱為140部隊,由美國四星上將亞歷山大歷時八年一手打造,他獨立指揮權包括海軍第十艦隊,空軍第24航空隊以及陸軍第二軍,負責培訓間諜技術的學術精英中心,以及專門竊聽世界各國大使館的特殊數據收集中心,美國正在組建四十支網路安全部隊,其中13支為進攻性部隊,主要開發網路戰武器,另外27支部隊主要保護國防部的電腦系統和資料,所有40支部隊將於2015年秋季前全部建成。

《軍情觀察室》節目在鳳凰衛視中文臺播出【節目專區】

http://big5.ifeng.com/gate/big5/phtv.ifeng.com/program/jqgcs/

主持人:董嘉耀【主持人專區】

首播時間:(週三)21:50-22:30

重播時間:(週四)04:10-04:50,15:15-15:55

聲明:凡註明“鳳凰網”來源之作品(文字、音頻、視頻),未經鳳凰網授權,任何媒體和個人不得轉載、鏈結、轉貼或以其他方式使用;已經本網書面授權的,在使用時必須註明“來源:鳳凰網”。違反上述聲明的,本網將追究其相關法律責任。

 http://big5.ifeng.com/gate/big5/phtv.ifeng.com/program/jqgcs/detail_2013_08/15/28642074_0.shtml

Cyber SA…Global Perspectives

Good Monday Folks;

Much news from Cyber~Land today – and thus, you may enjoy the most recent Global Perspectives of Cyber Situation Awareness (SA)…
Of particular note – information loss in the People’s Republic of China…now a crime bubbling to the service…Kenyan PC’s with Chinese malware and so much more in the China Section below, including missing US CBP & China cooperation posts; Iran’s Cyber Motivations & Actions…and of course, German and French Governments respond to PRISM…

All the cyber SA you might want in one dose!

中國人民共和國 – People’s Republic of China….

Infosecurity – Report: China Uses Taiwan as Test-Bed for US Cyber-Espionage Attacks
http://www.infosecurity-magazine.com/view/33553/report-china-uses-taiwan-as-testbed-for-us-cyberespionage-attacks/

People’s Republic of China: 1,213 arrested for personal information trafficking – People’s Daily Online
“… 468 gangs and arrested 1,213 people for suspected personal information trafficking, according to a statement released Sunday by the Ministry of Public Security.”

http://english.peopledaily.com.cn/90882/8360132.html
Stronger laws urged to protect personal information – People’s Daily Online
http://english.peopledaily.com.cn/90882/8305906.html
People’s Republic of China ‘top source’ of malicious software in Kenyan computers
http://www.nation.co.ke/business/news/China+top+source+of+malicious+software/-/1006/1944356/-/rj5e4/-/index.html
People’s Republic of China New York Times hackers strike again with evolved malware
http://www.v3.co.uk/v3-uk/news/2288076/new-york-times-hackers-strike-again-with-evolved-malware

Censorship, external authentication, and other social media lessons from China’s Great Firewall
http://www.techinasia.com/china-social-media-lessons-from-great-firewall/

China’s Xiaomi sells 100,000 units of new $130 phone in 90 seconds, chalks up 7.45m reservations |
http://thenextweb.com/asia/2013/08/12/chinas-xiaomi-sells-100000-units-of-new-130-phone-in-90-seconds-chalks-up-7-45m-reservations/
Xiaomi Beats Samsung To Top China’s Smartphone Charts | TechCrunch
http://techcrunch.com/2013/08/12/xiaomi-beats-samsung-to-top-chinas-smartphone-charts/

CBP – U.S. Customs and Border Protection / U.S., China Announce Results of First Joint Intellectual Property Operation
http://www.noodls.com/view/E418DA4AF877ADF8970BBEE9B0E38FDDAB89AC35
This original CBP Press relaese was removed from the web here:
http://www.cbp.gov/xp/cgov/newsroom/news_releases/local/07312013_7.xml

Also removed from South China Morning Post:
http://www.scmp.com/news/china/article/1293516/china-us-team-seize-fake-apple-samsung-dr-dre-electronics
U.S., People’s Republic of China team up to seize counterfeit goods in joint operation
http://www.reuters.com/article/2013/07/31/us-china-usa-counterfeit-idUSBRE96U0X120130731

HUAWEI…

Intelligence: People’s Republic of China Dodges Accusations
Chinese telecommunications equipment manufacturer Huawei continues to be dogged by accusations that it is acting as an economic and military espionage agent for the Chinese military.

http://www.strategypage.com/htmw/htintel/articles/20130810.aspx
People’s Republic of China’s Economy Slows but Its Influence Rises
http://blogs.cfr.org/asia/2013/08/12/chinas-economy-slows-but-its-influence-rises/
People’s Republic of China Rising, Huawei Team For Secure Virtualization Solutions – ChinaTechNews
http://www.chinatechnews.com/2013/08/12/19562-chinas-rising-huawei-team-for-secure-virtualization-solutions
People’s Republic of China’s Huawei partners w/Telematics to bolster Unified Communications capabilities in UAE, Qatar –
http://english.mubasher.info/DFM/news/2377832/Huawei-partners-with-Telematics-to-bolster-Unified-Communications-capabilities-in-UAE-Qatar
Serbian Railways Opts for People’s Republoc of China’s Huawei Solutions
http://enterprisechannels.com/ContentDetails.aspx?Moduleid=12159&&ModuleType=Serbian%20Railways%20Opts%20for%20Huawei%20Solutions
People’s Republic of China Blames Cisco for Huawei’s U.S. Woes
http://channelnomics.com/2012/10/12/china-blames-cisco-huaweis-u-s-woes/

It’s Not Just the People’s Republic of China: Indian Hacker Group Spied On Targets In Pakistan, U.S. And Europe – Forbes
http://www.forbes.com/sites/andygreenberg/2013/05/21/its-not-just-china-indian-hacker-group-spied-on-targets-in-pakistan-u-s-and-europe/
Pakistan Intelligence Agency ISI hacks India’s largest telco BSNL Systems by Social Engineering
http://www.thehackerspost.com/2013/08/pakistan-intelligence-agency-hacks-bsnl.html

Escalation Cause: How the Pentagon’s new strategy could trigger war with the People’s Republic of China
“…according to Air-Sea Battle, U.S. forces would launch physical attacks and cyberattacks against the enemy’s “kill-chain” of sensors and weaponry in order to disrupt its command-and-control systems, wreck its launch platforms (including aircraft, ships, and missile sites), and finally defeat the weapons they actually fire. The sooner the kill-chain is broken, the less damage U.S. forces will suffer — and the more damage they will be able to inflict on the enemy.”

http://www.chinausfocus.com/peace-security/escalation-cause-how-the-pentagons-new-strategy-could-trigger-war-with-china/
A Future Without War for the People’s Republic of China & the US |
http://www.chinausfocus.com/foreign-policy/a-future-without-war-for-china-and-the-us/
People’s Republic of China among top five countries on US’ surveillance list – TruthDive
“…the list of NSA’s spying targets, China, Russia, Iran, Pakistan and North Korea are of prime importance for surveillance, Der Spiegal reports.

According to the report, the US is especially interested in gathering intelligence related to the countries’ foreign policy, international trade and economic stability along with topics related to new technology and energy security which score low level priority.”

http://truthdive.com/2013/08/11/Pak-China-among-top-five-countries-on-US-surveillance-list.html
H-6K bombers used by PLA capable of reaching Hawaii: Kanwa Defense Review
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130812000082&cid=1101
The untold truth behind the US rebalancing policy…WantChinaTimes.com
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130811000079&cid=1703

People’s Republic of China investigates France’s Sanofi for alleged bribery: Xinhua
http://www.reuters.com/article/2013/08/10/us-sanofi-china-idUSBRE97902L20130810

ISLAMIC REPUBLIC OF IRAN ~ Cyber

Iran’s cyber warfare could hit public more than military: report
http://www.washingtontimes.com/news/2013/jul/29/irans-cyber-warfare-could-hit-public-more-military/
Iran’s Covert Cyber War
http://blog.heritage.org/2013/08/07/irans-covert-cyber-war/

INTERNATIONAL HACKING>>>

Inside the Tor exploit | ZDNet
http://www.zdnet.com/inside-the-tor-exploit-7000018997/
Hackers put a bull’s-eye on small business | PCWorld
http://www.pcworld.com/article/2046300/hackers-put-a-bulls-eye-on-small-business.html
Reported data breached records in US from 2005 to present exceed 500 million | ZDNet
http://www.zdnet.com/reported-data-breached-records-in-us-from-2005-to-present-exceed-500-million-7000018991/
Meet Darknet, the hidden, anonymous underbelly of the searchable Web | PCWorld
http://www.pcworld.com/article/2046227/meet-darknet-the-hidden-anonymous-underbelly-of-the-searchable-web.html

The Classifieds
“Are American spies the next victims of the Internet age?”

http://www.foreignpolicy.com/articles/2013/08/09/the_classifieds_open_source_intelligence_prieto?page=full
Deutsche Telekom and United Internet launch ‘made in Germany’ email in response to PRISM | ZDNet
http://www.zdnet.com/deutsche-telekom-and-united-internet-launch-made-in-germany-email-in-response-to-prism-7000019266/
Spy or Die – Can corporate suicide stop the NSA?
http://www.foreignpolicy.com/articles/2013/08/09/spy_or_die_nsa_lavabit_silent_circle?page=full

HACKSURFER
http://hacksurfer.com/
Fort Disco: The new brute-force botnet | ZDNet
http://www.zdnet.com/fort-disco-the-new-brute-force-botnet-7000019126/#%21
The Danger of Mixing Cyberespionage With Cyberwarfare
http://insights.wired.com/profiles/blogs/the-danger-of-mixing-cyberespionage-with-cyberwarfare#axzz2bmMnUKxL

France has its own PRISM system: Report | ZDNet
As the US and the UK admit that they are intercepting data for intelligence purposes, an investigative report has revealed that the French government is doing the same.

http://www.zdnet.com/france-has-its-own-prism-system-report-7000017694/

Enjoy!

Semper Fi,

謝謝
紅龍

Three Tough Questions with Aaron Bedra

This time I interviewed Aaron Bedra about his newest creation ~ RepSheet. Check it out here:


Aaron’s Bio:

Aaron is the Application Security Lead at Braintree Payments. He is the co-author of Programming Clojure, 2nd Edition as well as a frequent contributor to the Clojure language. He is also the creator of Repsheet, a reputation based intelligence and security tool for web applications.


Question #1:  You created a tool called Repsheet that takes a reputational approach to web application security. How does it work and why is it important to approach the problem differently than traditional web application firewalling?

I built Repsheet after finding lots of gaps in traditional web application security. Simply put, it is a web server module that records data about requests, and either blocks traffic or notifies downstream applications of what is going on. It also has a backend to process information over time and outside the request cycle, and a visualization component that lets you see the current state of the world. If you break down the different critical pieces that are involved in protecting a web application, you will find several parts:

* Solid and secure programming practices

* Identity and access management

* Visibility (what’s happening right now)

* Response (make the bad actors go away)

* HELP!!!! (DDoS and other upstream based ideas)

* A way to manage all of the information in a usable way

This is a pretty big list. There are certainly some things on this list that I haven’t mentioned as well (crypto management, etc), but this covers the high level. Coordinating all of this can be difficult. There are a lot of tools out there that help with pieces of this, but don’t really help solve the problem at large.

The other problem I have is that although I think having a WAF is important, I don’t necessarily believe in using it to block traffic. There are just too many false positives and things that can go wrong. I want to be certain about a situation before I act aggressively towards it. This being the case, I decided to start by simply making a system that records activity and listens to ModSecurity. It stores what has happened and provides an interface that lets the user manually act based on the information. You can think of it as a half baked SIEM.

That alone actually proved to be useful, but there are many more things I wanted to do with it. The issue was doing so in a manner that didn’t add overhead to the request. This is when I created the Repsheet backend. It takes in the recorded information and acts on it based on additional observation. This can be done in any form and it is completely pluggable. If you have other systems that detect bad behavior, you can plug them into Repsheet to help manage bad actors.  

The visualization component gives you the detailed and granular view of offenses in progress, and gives you the power to blacklist with the click of a button. There is also a global view that lets you see patterns of data based on GeoIP information. This has proven to be extremely useful in detecting localized botnet behavior.

So, with all of this, I am now able to manage the bottom part of my list. One of the pieces that was recently added was upstream integration with Cloudflare, where the backend will automatically blacklist via the Cloudflare API, so any actors that trigger blacklisting will be dealt with by upstream resources. This helps shed attack traffic in a meaningful way.

The piece that was left unanswered is the top part of my list. I don’t want to automate good programming practices. That is a culture thing. You can, of course, use automated tools to help make it better, but you need to buy in. The identity and access management piece was still interesting to me, though. Once I realized that I already had data on bad actors, I saw a way to start to integrate this data that I was using in a defensive manner all the way down to the application layer itself. It became obvious that with a little more effort, I could start to create situations where security controls were dynamic based on what I know or don’t know about an actor. This is where the idea of increased security and decreased friction really set it and I saw Repsheet become more than just a tool for defending web applications.

All of Repsheet is open sourced with a friendly license. You can find it on Github at:

https://github.com/repsheet

There are multiple projects that represent the different layers that Repsheet offers. There is also a brochureware site at http://getrepsheet.com that will soon include tutorial information and additional implementation examples.

Question #2: What is the future of reputational interactions with users? How far do you see reputational interaction going in an enterprise environment?

For me, the future of reputation based tooling is not strictly bound to defending against attacks. I think once the tooling matures and we start to understand how to derive intent from behavior, we can start to create much more dynamic security for our applications. If we compare web security maturity to the state of web application techniques, we would be sitting right around the late 90s. I’m not strictly talking about our approach to preventing breaches (although we haven’t progressed much there either), I’m talking about the static nature of security and the impact it has on the users of our systems. For me the holy grail is an increase in security and a decrease in friction.

A very common example is the captcha. Why do we always show it? Shouldn’t we be able to conditionally show it based on what we know or don’t know about an actor? Going deeper, why do we force users to log in? Why can’t we provide a more seamless experience if we have enough information about devices, IP address history, behavior, etc? There has to be a way to have our security be as dynamic as our applications have become. I don’t think this is an easy problem to solve, but I do think that the companies that do this will be the ones that succeed in the future.

Tools like Repsheet aim to provide this information so that we can help defend against attacks, but also build up the knowledge needed to move toward this kind of dynamic security. Repsheet is by no means there yet, but I am focusing a lot of attention on trying to derive intent through behavior and make these types of ideas easier to accomplish.

Question #3: What are the challenges of using something like Repsheet? Do you think it’s a fit for all web sites or only specific content?

I would like to say yes, but realistically I would say no. The first group that this doesn’t make sense for are sites without a lot of exposure or potential loss. If you have nothing to protect, then there is no reason to go through the trouble of setting up these kinds of systems. They basically become a part of your application infrastructure and it takes dedicated time to make them work properly. Along those lines, static sites with no users and no real security restrictions don’t necessarily see the full benefit. That being said, there is still a benefit from visibility into what is going on from a security standpoint and can help spot events in progress or even pending attacks. I have seen lots of interesting things since I started deploying Repsheet, even botnets sizing up a site before launching an attack. Now that I have seen that, I have started to turn it into an early warning system of sorts to help prepare.

The target audience for Repsheet are companies that have already done the web security basics and want to take the next step forward. A full Repsheet deployment involves WAF and GeoIP based tools as well as changes to the application under the hood. All of this requires time and people to make it work properly, so it is a significant investment. That being said, the benefits of visibility, response to attacks, and dynamic security are a huge advantage. Like every good investment into infrastructure, it can set a company apart from others if done properly.

Thanks to Aaron for his work and for spending time with us! Check him out on Twitter, @abedra, for more great insights!

Quick PHP Malware vs AV Update

It’s been a while since I checked on the status of PHP malware versus anti-virus. So, here is a quick catch up post. (I’ve been talking about this for a while now. Here is an old example.)

I took a randomly selected piece of PHP malware from the HITME and checked it out this afternoon. Much to my surprise, the malware detection via AV has gotten better.

The malware I grabbed for the test turned out to be a multi-stage PHP backdoor. The scanner thought it was exploiting a vulnerable WordPress installation. 

I unpacked the malware parts into plain text and presented both the original packed version from the log and the unpacked version to VirusTotal for detection testing. As you know, in the past, detection of malware PHP was sub single digits in many cases. That, at least to some extent has changed. For those interested, here are the links to see what was tripped.

Decoded to plain text vs Encoded, as received

As you can see, decoded to plain text scored a detection of 44% (19/43), which is significantly improved from a year or so ago. Additionally, excitingly, undecoded, the attack in raw form triggered a detection rate of 30% (13/44)! The undecoded result is HUGE, given that the same test a year or so ago often yielded 0-2% detection rates. So, it’s getting better, just SLOWLY.

Sadly though, even with the improvements, we are still well below half (50%) detection rates and many of the AV solutions that fail to catch the PHP malware are big name vendors with commercial products that organizations running PHP in commercial environments would likely be depending on. Is your AV in the missing zone? If so, you might want to consider other forms of more nuanced detection

Now, obviously, organizations aren’t just depending on AV alone for detection of web malware. But, many may be. In fact, a quick search for the dropped backdoor file on Google showed 58,800 systems with the dropped page name (a semi-unique indicator of compromise). With that many targets already victim to this single variant of PHP backdoors, it might be worth checking into if you are a corporate PHP user.

Until next time, take a look around for PHP in your organization. It is a commonly missed item in the patch and update cycles. It also has a pretty wide security posture with a long list of known attack tools and common vulnerabilities in the coding patterns used by many popular products. Give any PHP servers you have a deeper inspection and consider adding more detection capability around them. As always, thanks for reading and stay safe out there! 

Chinese Information Warfare (IW) Doctrinal Development Circa 2005….

Good Day Chinese Cyber Conflict Fans…the following post about Chinese Information Warfare Doctrine as written by Lu Yong, Department of National Defense Strategy, 中國人民解放軍, 總參謀部..yes The People’s Liberation Army…circa 2005. This post was discovered by the Red Dragon a week ago and has already been removed from the web…sinister?

Here it is folks, a glimpse into Chinese Information Warfare Doctrinal Development in 2005…

“Information Warfare Challenges and Countermeasures For Executing the People’s War”

http://www.chinamil.com.cn/site1/zgmb/2005-08/18/content_148840.htm

 Lu Yong, Department of National Defense Strategy, 中國人民解放軍, 總參謀部

    People’s War is a traditional weapon to defeat the enemy army. Since the 90s of last century, with the world’s burgeoning revolution in military affairs, and high-tech weapons in the war widely used form of war started by the mechanized warfare to information warfare changes, “Information warfare is the major wars of the 21st century form “has become a consensus. In the semi-mechanized and mechanized warfare formed and developed the people’s war, and how to address information warfare challenges, how to continue in the information war play its unique advantages to ensure winning future possible war, is we are faced with a major theoretical issues and practical issues urgent. First, information warfare launched the people’s war is faced with severe challenges     (a) the purpose of information warfare, the limited size of the previous national war, the country is facing severe challenges the way to meet the enemy     since World War II, especially in the last century 80 years, the international situation has undergone major changes, “peace and development” instead of “war and revolution”, a theme of the times. Correspondingly, local war to replace the previous world wars and the full-scale war, become the world’s major warfare. We may face future information warfare, must be local wars, which makes the whole war, lasting way to defeat the enemy is facing severe challenges.    

 First, the purpose of information technology local wars, limited size, the possibility of universal war greatly reduced. Compared with the world wars and the full-scale war, information local war by political, economic, diplomatic and other factors more directly, the purpose of war is often limited to a certain political and economic goals, the scale of war is also controlled in a certain range. In this case, the state can not disrupt the overall national development strategic steps, the state transferred from peacetime “Everything for the front, everything for victory in the war,” the wartime regime, to mobilize all the people participate in the war.     Secondly, information warfare, the power of the warring parties is not primarily the number of competitions contest, but the quality of competition, the number of people’s war in the traditional pattern of strengths compensate for disadvantages quality hard work. In information warfare, weapons and equipment quality exists “Time difference” has been impossible to quantify the advantage to make the war directly to the performance of quality and efficiency, technology-intensive confrontation between elite standing army.

 Therefore, national mobilization, national war is neither necessary, nor can fundamentally change the balance of forces contrast.     Again, the limited capacity of information warfare battlefield, the war directly to the masses are severely constrained. Information warfare battlefield often limited to the parties directly within a certain depth, certain waters or airspace, such as the Anti-Japanese war the Japanese into my territory impossible to reproduce the situation, which makes the past that a large number of armed and unarmed masses to direct war Traditional methods are severely constrained, even though the war is also useless.     (Two) Information sudden outbreak of war increased, shortening the process of war, lasting defeat the enemy’s strategic facing severe challenges     in the past war, war lasted a relatively long time to carry out the people’s war, it is possible to mobilize the masses to participate in the war, give full play to the advantages of quantity, quality and quantity of weapons and equipment to make up for the disadvantages, to make up for military, material deficiencies, gradual change through sustained combat enemy forces, and ultimately win the war. This is the victory of people’s war past, the basic experience, but also from the other instructions, the traditional gathering of people’s war and the release force take a long time.    

Information warfare is one of the important features of the sudden outbreak of war increased, the process of shortening the war. Provoke a war party, in order to create a fait accompli and a more favorable situation, often with a sudden attack caught off guard the way to the other side to blow, and seeks to achieve a decisive victories in a short time. In addition, information warfare consumption increased dramatically, both sides are trying to combat a quick fix with little cost to achieve the purposes of war. In this case, change through sustained combat enemy forces greatly reduces the possibility. Therefore, the information warfare conduct civil wars, not only faced with how to release in a short test of the people’s war Weili, and the possibility of lasting defeat the enemy becomes negligible.     (Three) high-tech information warfare, and more in the sparsely populated border and coastal areas as well as sea and air for the masses traditional way of war frontline facing serious challenges     in the past war, a large scale because of the war and the relatively tech weaponry low, logistical and equipment support technical requirements are not high, coupled with the war mainly on land, ordinary people will be able to directly participate in a little training operations, delivering supplies to the front or to the way frontline. Therefore, human and human frontline war is war frontline people’s traditional way of war.    

 In the information war, the warring parties tend to use one or the most advanced aircraft, ships, tanks, artillery, missiles, and other cutting-edge technology, greatly improve the technical content of war, battle space from the past in order to develop a terrestrial land-based , sea, air, space, electricity multidimensional space to support security operations equipment and technical means of highly specialized equipment. In addition, information warfare unit time combat strength increases rapidly, fighting more intense, direct combatants psychological and physical quality put forward higher requirements. No rigorous professional training not only ordinary people cannot use advanced weapons and equipment and well-trained and have high-tech weapons of the enemy to make a direct confrontation, and even logistical and equipment support is difficult to carry out the task. Coupled with the war mostly in sparsely populated border and coastal areas as well as sea and air, greatly increased the masses direct war frontline of difficulty. Therefore, information warfare, the masses will direct the war, supporting the front of the main changes is indirect war, supporting the front main support for the war is also supported by the human and material resources into technology-based intelligence support based.    

(Four) of information warfare undergone revolutionary change, people’s war is facing severe challenges the traditional tactics     of people’s war in the long-term practice, the army formed a set of flexible strategies and tactics of people’s war, created numerous “survival of the fittest,” the war miracle. However, we should see that in the past we have conducted a people’s war, is the relatively low level of weaponry semi-mechanized warfare, the main battle, the battle is on the ground, thus forming the main form of combat – trench warfare, warfare and a series of guerrilla warfare and related, are conducive to our full advantage of the number of people. Especially in irregular warfare guerrilla warfare that, in the proportion of combat operations and the impact of the outcome of the war is relatively large.     Engels pointed out: “Once technological advances can be used for military purposes and has been used for military purposes, they will almost immediately forcibly, and often is a violation of the will of the commander of the changes caused by warfare or even revolution.”

With IT The rapid development of high-tech weapons and the widespread use of information warfare revolutionary change taking place. For example: Battlefield to the five-dimensional space development; missiles, electronic warfare, network warfare, and many other new combat styles have been in war; C4 ISR against the increasingly fierce battle to win control of information and operational command of the army to become the premise and focus; to become independent of combat raids, much warfare, night fighting, the proportion of firepower increases; emphasize more arms, a variety of weapons to combat the overall implementation of the integration of diverse, asymmetric, non-contact, non-linear operations become an important mode of combat, etc. and so on. In this case, the traditional to the Army mainly to ground-based battlefield warfare, warfare, guerrilla warfare combat forms and information warfare will be difficult to adapt to the requirements. For example, in past wars, melee midnight oil has been the army’s forte. But in the information war, faced with advanced surveillance technology and long-range precision strike weapons of the enemy, we will be faced with melee midnight oil does not rely on rope, unseen challenges, and even enemies in the night-side occupy a greater advantage.

 How to deal with the challenges of information warfare, the development of people’s war strategy and tactics, to carry out the people’s war to become an urgent problem. 

Second, information warfare still insist on carrying out the people’s war     (a) information warfare does not change the inherent social and political attributes of war, still have to carry out the basic conditions of the people’s war     and class produced since private ownership since the war is never left over politics. Compared with previous wars, although the scale of information warfare, duration, and other aspects of weapons and equipment have undergone significant changes, showing a lot of new features, but the war itself has properties and not because of social and political development of warfare change.

 Information warfare is still a continuation of politics, there is still justice and injustice of distinction, the nature of war and the people’s support or oppose the war are still often contributing factors, the basic conditions for the conduct of civil war, that the justice of the war and mass still exists.     The justice of the war is the political basis for the conduct of civil war, but also an important factor in the outcome of war. China’s socialist nature and a defensive national defense policy decisions for our future information warfare is necessarily oppose hegemonism and safeguarding national security and unity, the protection of national survival and development interests, building a moderately prosperous society to ensure the smooth conduct of the just war . The justice of this war is that we carry out in the information warfare solid political foundation for the people’s war is our war to win the final victory of the future fundamental guarantee.    

War mass is the source of strength to win the victory. Our future of information warfare, represents the fundamental interests of the overwhelming majority of people just war, and thus be able to get the full support of the masses. Information warfare is a comprehensive national strength, is the political, economic, military, technological, diplomatic, cultural, social and psychological fronts, including the overall war. Although the majority of the people cannot direct a large scale as before the war, supporting the front, but they are in the war embodied the role of the masses through the comprehensive national strength of support and backing for the war action reflected. In this sense, the people and the comprehensive national strength, and is inextricably linked to the outcome of war in the vast masses of people, there remains a great power war deepest roots, as long as this kind of hidden among the great masses of the people forces play out, we can still win the information war.    

 (Two) information war did not change the outcome of the basic laws of war, the determinants of the outcome of war is still the person     information warfare, the growing importance of weaponry, an advantage in weaponry easier to win the war party initiative and even war. However, no matter how the change in the form of war, the basic law of the outcome of war is constant, that is, people are the main body of the war, the determining factor is winning the war, weapons and equipment is an important factor in the decision outcome of the war.     In information warfare dominance and decisive role, not because of the extensive application of high-tech weaponry and all reduced. Engels long ago: “gun that he is not moving, you need to by a brave heart and a strong hand to use them.” Then advanced weaponry, once removed from the people, will lose its proper performance. U.S. Department of Defense submitted to the U.S. Congress in the Gulf War report: “Winning the war victory is people, not machines or technology.” Justice of the people’s war and mass decisions, our combatants are equipped with more high political consciousness and consciously contribute to achieve the purpose of the war, they better than the enemy weapons in the hands full performance.    

 Practice shows that war, weaponry weaknesses, you can play to people’s subjective initiative to change. Person’s conscious activity, not only in understanding the dynamic laws of war, revealing the possibility of victory, the most important is to actively create conditions for the use of various means of victory possibility into reality. Information warfare unprecedented fierce, brutal, war scale and process more vulnerable to a variety of factors, which also enhances the role of people in the war. Weaponry at a disadvantage in the case, as long as the person’s subjective initiative into full play, relying on the excellent political and military qualities, based on the existing equipment, creating and choosing the right strategy and tactics to achieve the best combination of people and weapons, we will be able to superior weaponry against the enemy find ways to make up for the lack of weapons, and promote superior enemy on the battlefield transformed my bad posture, and ultimately win the war.    

(Three) for the development of information technology to carry out the people’s war has injected new vitality into     this world, things are always dialectical, we must address the information war against the people’s war presented challenges, while also saw rapid information technology development but also to carry people’s war has injected new vitality.     First, the rapid development of information technology, in order to build a strong people’s war potential to provide a new historical opportunity. Since the reform and opening up, Deng Xiaoping’s “Science and technology are primary productive forces” and Jiang Zemin’s “education” under the correct guidance of strategic thinking, China’s information technology as the representative of the rapid development of high-tech, cutting-edge technology in a number of breakthrough has been made, in biotechnology, computer technology, rocket technology, satellite communications technology, superconducting materials and other fields of research, has been close to or reach the world advanced level. 

At present, the annual output value of China’s information industry to more than 2 times higher than the GDP growth rate for the overall national socio-economic structure of the increasing influence for the conduct of the people’s war has laid a relatively solid material and technological foundation.     Secondly, the rapid development of information technology, the war for the people supporting the front provides a new technical support. The level of development of science and technology determine the masses of the people to participate in and support the war, way, way. Although the material basis of information warfare and warfare has undergone a fundamental change, but the people on the course and outcome of the war has not reduced, but with the advancement of science and technology as well as improving the quality of people’s technology and growing. Compatible with the characteristics of modern high-tech military and civilian increasingly prominent in the current level of information of our military forces with a larger gap between the Western powers in the case, widely hidden in the masses of scientific and technological resources, will be the future of information warfare army survival of the fittest and the strong support necessary complement. As long as these potential technological forces in a planned, organized mobilization, we can effectively compensate for the overall military weaponry disadvantage, the formation of local areas, local battlefield technological advantages, to achieve survival of the fittest.    

 Finally, the development of information technology for innovative tactics to expand the people’s war, the new space. As Mao Zedong pointed out: “the world of things, always a thing down, there is one thing offensive, it also has a thing down. …… We believe that relying on the people, the world would not unassailable ‘magic’ . “On the one hand, the information it has its advanced weaponry side, but there are also weaknesses and limitations. Especially advanced information technology structure is very large and complex weapons systems, it is difficult for all-round protection. In recent years, several global epidemic of vicious computer viruses caused huge losses for countries that modern information systems vulnerability proof. On the other hand, the development of information technology, people’s war for us to provide new technical means, expanding the innovative tactics of people’s war room. 

In the past people’s war, we have to rely on relatively backward technology and weaponry, yet it can create a lot of strategy and tactics to defeat the enemy. Today, we already have in information technology for a foundation, but also for the specific characteristics of information warfare, transformation and creating new tactics, research and exploration play win the information war “trick.” 

Third, information warfare to carry out the people’s war Countermeasures     (a) accelerate the development of comprehensive national strength, and lay a solid foundation of people’s war     of information warfare in the final analysis is a comprehensive national strength. Refers to a country’s comprehensive national strength have all the resources and material and spiritual strength, marking the country’s economic, political, technological, military, cultural and other aspects of the overall level of development. To carry out the people’s war winning the information war, you must have a strong comprehensive national strength. On China’s national conditions, in order to accelerate the development of comprehensive national strength, lay the foundation of people’s war, we must focus on grasping the following aspects:    

First, to develop the economy. Economic strength of a country’s comprehensive national strength is an important indicator. Strong economic strength, winning the information war can lay a solid material foundation.Meanwhile, the economic strength is the material basis for the modernization of national defense, there are no certain economic forces for support, defense modernization will lose the foundation. Therefore, we must persist in taking economic construction as the center, concentrating on the development of social productive forces, the country’s overall economic construction to consciously obey.    

 Second, in order to accelerate the development of high-tech information technology as the representative. On the one hand, science and technology to enhance the comprehensive national strength has a decisive, transformative role. In the current form of society by the industrialized to the process of information, who can seize the technology “commanding heights” and “frontier”, whoever may enhance the comprehensive national strength to win. On the other hand, science and technology are primary productive forces, but also the first combat, defense construction is inseparable from the support of advanced science and technology. Especially information technology compared to other technologies, the military and civilian compatibility stronger, the new information technologies emerging, in accelerating national and social information, but also for the military information construction provides a rare historical opportunity.    

Third, comprehensively promote the construction of military information, and constantly enhance military strength. After the war directly to the performance of military forces of the contest, to winning the information war is inseparable from a strong line with the requirements of the military information warfare. To seize the world’s new military revolution brought to the army building historic opportunity to accelerate weaponry leapfrog development, modernization of the means to achieve the people’s war; unswervingly implement the strategic project, training a large number of qualified military personnel; at all levels to strengthen joint and combined arms training to improve joint operational capabilities; according elite, synthesis, efficient principle, establish and perfect an appropriate scale, reasonable structure, organization lean, agile command of military system; study the characteristics of information warfare, innovation and the development of information warfare theory.    

Fourth, for the information war characteristics, strengthen national defense reserve forces. For information militia building should be the characteristics of high-tech warfare, and universality in keeping the masses on the basis of outstanding quality construction. Primary militia and militia on the distinction between ordinary and should not be confined to the age criteria, but to combine their technological quality measure. To further reduce the size of infantry units, focus on strengthening the missiles, artillery, communications, chemical defense, information and other high-tech special unit of the building. Reserve forces to comprehensively enhance the quality of construction, vigorously improve the rapid mobilization and the ability to carry out combat missions, narrowing the gap with the active forces fighting efforts to achieve the establishment of an appropriate scale, reasonable structure, compiled scientific, reliable and workable objectives reserve forces.    

Fifth, to carry out various forms of national defense education, improve national defense. The strength of the concept of national defense exhibit a country preparing for war ideological foundation is solid, countries in the world to enhance the national defense concept placed in improving comprehensive national strength in an important position. To adhere to the masses of people’s war, we must carry out effective, diverse forms of national defense education, so that the masses has always been to establish a strong national defense, information warfare is carried out in the people’s war to lay a solid ideological foundation.    

(Two) features in-depth study of information warfare, development and innovation strategy and tactics of people’s war     strategy and tactics of people’s war, is to carry out the soul of the people’s war. As the saying goes: “The Sword inferior to sword better than people.” In past wars, people’s war has been able to repeatedly create a “survival of the fittest” miracle, one of the important reasons is that we have a set of adjustable strategy and tactics. In the future for a long period of time, we will be at a disadvantage on the weaponry, and the traditional people’s war strategy and tactics as the development of warfare changes facing severe challenges, so winning the information war under conditions of people , must examine the characteristics of information warfare, development and innovation strategy and tactics of people’s war. Create new tactics in the development process, should focus grasp the following principles:    

Ffirst, to establish and adapt to information warfare operational concepts. Since there has been no information warfare military practice, so in the process of creating new tactics, the concept of mechanized warfare vulnerable bondage. Therefore, the idea is to create new tactics update the premise that only break the shackles of old ideas, establish and adapt to information warfare operational concepts in order to provide a fresh perspective, with the correct way of thinking to create new tactics. For example: In the assessment of combat forces, we should abandon the labor-intensive, the number and scale of their concepts, technology-intensive, quality and efficiency concepts; choice of target in combat, to abandon the idea of annihilating the enemy’s effective strength-based, establish a centralized main forces to fight the enemy vital concept.    

Second, pay attention to the traditional military tactics absorb nutrients. Information warfare is a new form of war, our military has created in the last war tactics, may not apply to today’s wars, and some tactics need to abandon, and some need to be improved. We study and research the traditional tactics of war, not in the future information warfare copy of these tactics, but to learn the older generation of revolutionaries, military strategist creating new tactics stand, viewpoint and method. This is our future development and creating new tactics and source of wisdom. For example, in China’s Revolutionary War created a “concentrate superior forces to fight a war of annihilation” of war, in the information war, as a means of long-range precision strike extensive use of the practice of concentration of forces no longer feasible. However, we should understand the tactics of Mao Zedong created the spiritual essence, that the enemy superior in the case of my poor, through a certain method, the local formation of the war situation in who wins. This idea is still in the information war has important guiding significance. We can use this as a guide, according to the specific characteristics of information warfare, the development of the traditional tactics to “concentrate superior firepower to fight the enemy vital” new tactics.    

Third, the combination of the actual record of our military tactics. Creating new tactics, not behind closed doors, not on paper, must be combined with the actual situation of our army. Currently, the army is actually the largest in weaponry compared with the developed countries there is still a big gap, though they have some advanced weaponry, but still in a lot of low-tech equipment. Which determine our tactics neither copying Western countries of war, in order to avoid committing “Porgy and dragon than treasure” low-level errors, nor imagined, impractical so-called “new tactics.” Measure one kind of tactics is correct or not, not to see how its name sounds good, how novel methods, means, how advanced the key depends on whether it is really effective in combat. Enhance the value of research tactics, is that correct tactics to make up the gap weaponry to achieve superior weaponry with inferior equipment to defeat the purpose of the enemy. We should adhere to the “you hit, I hit my”, the focus on tactical innovation to existing equipment on high-tech enemy and seize enemy weapons and equipment information some of the weaknesses, give full play to existing weapons equipment performance, and strive to me for so long, and strike the enemy’s weaknesses, research, and create a “soil”, “foreign” combination of low high school weaponry combined tactics.     (Three) to establish a sound mechanism for rapid mobilization of national defense, to ensure the people’s war potential for rapid accumulation and transformation of information warfare to carry out the people’s war, faced with the short duration of the war and the people gathered the forces of war and transformation contradiction between the relatively long time. To resolve this conflict, we must establish a sound mechanism for rapid mobilization of national defense. The range includes the formation of rapid military expansion and expand quickly, persons and goods transport and complement fast, fast track to a wartime economy, the restructuring of the industrial structure and expand military production and fast; rapid mobilization mechanism of this standard is to be able to adapt to the information sudden outbreak of the war, the war is characterized by short duration, so that the potential of the people’s war in a very short time and quickly gathered quickly converted into national defense capabilities. Establishment of mechanisms for rapid mobilization of national defense, for the power of the people’s war play, winning the information war has very important significance. 

Rapid mobilization mechanism must have the following elements:     First, clear objectives and tasks. Should be included in national defense mobilization of economic and social development plans, incorporating national defense and army building master plan, clearly defined stages at different times under different circumstances and people’s armed mobilization, economic mobilization, civil air defense mobilization and mobilization readiness transportation and other aspects of the target with the task.    

Second, laws and regulations are complete. On the mobilization of rights and obligations, rewards and penalties, responsibilities and benefits should be based on the laws and regulations in the form of regulations, the mobilization of all aspects of the various aspects and rule-based, law.     Third, the mobilization plan carefully. Troops, economy, transportation, civil air defense, telecommunications, health and other aspects of the mobilization of both careful planning in order to prepare for mobilization in peacetime, wartime mobilization provide the basis for implementation.Army and local levels, according to the national mobilization plan to develop this level of mobilization plans and safeguards.    

Fourth, science and technology to mobilize prominent position. In information warfare launched the people’s war, the way people’s war frontline war intelligence and intelligence is mainly supporting the front, which determines the future of science and technology for national defense mobilization will be the prominent content.    

Fifth, the formal procedures quickly and efficiently. According to the characteristics of information warfare, military departure from China’s national conditions, to establish a war in the war potential into the strength of the effective ways and methods. For example, the expansion of the armed forces, civilian products, converting, transportation capacity for the acquisition, implementation of civil air defense, compensation for economic losses as well as other financial and material resources mobilization, should form a set of rapid and effective mobilization of forms and procedures, so that the people’s war bringing power and conversion speed can meet the requirement of information warfare.    

(Four) combining various approaches to play the overall power of the people’s war     of revolutionary war in the past, an important part of people’s war, is dominated by the armed struggle, the combination of a variety of forms of struggle to play the overall power of the people’s war . In information warfare, military struggle and political, economic, diplomatic, cultural, ideological struggles fields more closely intertwined, in some cases even non-dominant armed struggle. Therefore, adherence to the combination of a variety of forms of struggle, for winning the information war has a more important significance.    

 In information warfare, military by political factors more prominent political and military action, strong policy, and even a small tactical actions may be related to the overall strategic situation in the international community have a broad impact. Therefore, the information warfare conduct civil wars, on the one hand to make war all soldiers and civilians establish the overall concept of policy ideas, with significant international influence in the issue, in relation to the overall operations, ensure that the needs of the military and political obedience. On the other hand struggle in the UN and other international arena widespread publicity, win public support, and strive to get politically active.    

Information warfare increasingly focused on economic efficiency, greater dependence on the economy. In the rapidly growing trend of economic globalization, the case of economic blockade, economic sanctions would weaken the enemy’s comprehensive national strength is an important initiative, and to combat the economic center of the enemy, the better to play a drastic effect. During the Gulf War, the Kosovo War and the war in Iraq, the United States launched the war before the war and implementation process, are complemented by economic sanctions.

It is foreseeable that in the information war, economic sanctions and counter-sanctions, blockade and counter-blockade as a primary means of economic sectors will be fierce struggle to become another battlefield of information warfare. We conduct information warfare people’s war, on the one hand to use economic means of struggle, economic base and destroy the enemy’s ability to regenerate, maximize the economic loss to the enemy, eroding its war potential; hand to mobilize kind of strength, positive and effective implementation of economic protection, maintaining the normal operation of the national economy, efforts to develop production, economic development, for the victory of the war to lay a solid material foundation.     Any one country to war are very focused use of diplomatic means to secure more state support to maximize isolate each other, give each other causing huge political and moral pressure. Even superpowers also paid great attention to diplomacy with military struggle. In information warfare launched the people’s war, of course, but also actively through diplomatic struggle to establish a broad international united front. 

Reform and opening up, China has actively conducted exchanges and cooperation in the international political, economic, cultural and other fields has played an active and important role in the international community to establish a peace-loving, maintain stability, to just and responsible handling of international affairs the image of a big country, it’s all for us in the information warfare fruitful diplomatic struggle to create the conditions. In the information war, we want to make good use of all kinds of contradictions, give full play to all efforts conducive to my various international factors. To take full advantage of the favorable as a permanent member of the UN’s international status, to consolidate and expand the role of the United Nations, especially the UN Security Council in dealing with the leading role of international security to thwart any so-called international intervention against our country; give full play and the developing countries consistent with the fundamental interests of political advantage, and properly handle the relationship with the countries concerned, differentiation enemy’s allies; pay attention and have a special country with the same or equivalent national strategic interests of the military establishment of some form of collaboration or partnership, the strategic formation of a certain degree of cooperation and coordinate mechanisms. 

As long as we are able to unite all forces that can be united, to win the support of as many countries as to maximize isolate and attack the enemy, you can establish a broad international united front for the victory to carry out the people’s war to create a favorable international environment.     Information warfare, media warfare, warfare has become increasingly important. In the field of public opinion and propaganda, should make full use of newspapers, television, radio, Internet, multimedia and other traditional and non-traditional media, the Western developed countries of the world and strive to break the monopoly of public opinion, crushing hostile nations attempt to demonize the image of our country, torn hegemony doctrine of “human rights”, “humanitarian aid”, “democracy” and so gorgeous packaging, with true, correct public opinion supported the war inspired the masses of enthusiasm and self-consciousness, for the support of the international community on China.

 In the legal battle field, we should make good use of existing international law, to carry out the people’s war for me to provide a legal basis to prevent the enemy to international law as an excuse for me to intervene and wage war, but also to actively participate in international law and various international mechanisms the development and establishment, to prevent the establishment of prejudicial interests of our country, is conducive to hostile forces and international mechanisms of international law, but also to strengthen domestic legislation in the field work, so that hostile forces without loopholes. At the same time, pay attention to the psychological protection, encouraging all people to fight, winning the information war and build a strong psychological defense. 


信息化战争中开展人民战争面临的挑战和对策思考

国防大学战略教研室

中國人民解放軍

總參謀部

     人民战争是我军克敌制胜的传统法宝。上个世纪90年代以来,随着世界新军事变革的蓬勃兴起和高技术兵器在战争中的广泛应用,战争形态开始由机械化战争向信息化战争转变,信息化战争将是21纪的主要战争形态经成为共识。在半机械化、机械化战争中形成和发展起来的人民战争思想,如何正视信息化战争所带来的挑战、如何继续在信息化战争中发挥其特有的优势,确保打赢未来可能发生的战争,是我们面临的一个重大的理论问题和紧迫的实践问题。