October Touchdown Task: Phone System Review

Posted on October 22, 2013 by Brent Huston

This month’s Touchdown Task is to take an hour and give your phone system security a quick review. PBX hacking, toll fraud and VoIP attacks remain fairly common and many organizations don’t often visit the security of their phone systems. Thus, a quick review might find some really interesting things and go a long way to avoiding waste, fraud and abuse.

If you have a traditional PBX/analog phone system, here are some ideas for you to check out.

If you have a VoIP-based system, here are some checks to consider. (Note that this is a STIG in a zip file).

Generally speaking, you want to check passwords on voice mail boxes, give a look over to make sure that the phone system has some general logging/alerting capability and that it is turned on. Pay attention to out going dialing rules and test a few to make sure arbitrary calls can’t be made remotely. On the personnel side, make sure someone is actively monitoring the phone system, auditing the bill against “normal” and adding/deleting entries in the system properly.

Give the phone system a bit of your time. You never know what you might learn, and you might avoid tens to hundreds of thousands of dollars in fraud and abuse.

Thanks for reading and I hope you are enjoying the season!

Blast From the Past: D-Link Probes in the HITME

Posted on October 9, 2013 by Brent Huston

We got a few scans for an old D-Link router vulnerability that dates back to 2009. It’s interesting to me how long scanning signatures live in online malware and scanning tools. This has lived for quite a while.

Here are the catches from a HoneyPoint Personal Edition I have deployed at home and exposed to the Internet. Mostly, this is just to give folks looking at the scans in their logs an idea of what is going on. (xxx) replaces the IP address…

2013-10-02 02:46:13 – HoneyPoint received a probe from 71.103.222.99 on port 80 Input: GET /HNAP1/ HTTP/1.1 Host: xxxx User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) WebWasher 3.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://xxxx/ Authorization: Basic YWRtaW46dWA+NXhZQlU1d2VR Connection: keep-alive

2013-10-02 03:22:13 – HoneyPoint received a probe from 71.224.194.47 on port 80 Input: GET /HNAP1/ HTTP/1.1 Host: xxxx User-Agent: Opera/6.x (Linux 2.4.8-26mdk i686; U) [en] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://xxxx/ Authorization: Basic YWRtaW46InkwYi4qMF5wL05G Connection: keep-alive

This probe is often associated with vulnerable D-Link routers, usually older ones, those made between 2006 and mid-2010. The original release and proof of concept exploit tool is here. The scan has also been embedded into several scanning tools and a couple of pieces of malware, so it continues to thrive.

Obviously, if you are using these older D-Link routers at home or in a business, make sure they are updated to the latest firmware, and they may still be vulnerable, depending on their age. You should replace older routers with this vulnerability if they can not be upgraded.

The proof of concept exploit also contains an excellent doc that explains the HNAP protocol in detail. Give it a read. It’s dated, but remains very interesting.

PS – As an aside, I also ran the exploit through VirusTotal to see what kind of detection rate it gets. 0% was the answer, at least for that basic exploit PoC.

Scanning Targets for PHP My Admin Scans

Posted on October 7, 2013 by Brent Huston

Another quick update today. This time an updated list of the common locations where web scanning tools in the wild are checking for PHPMyAdmin. As you know, this is one of the most common attacks against PHP sites. You should check to make sure your site does not have a real file in these locations or that if it exists, it is properly secured.

The scanners are checking the following locations these days:

//phpMyAdmin/scripts/setup.php
//phpmyadmin/scripts/setup.php
/Admin/phpMyAdmin/scripts/setup.php
/Admin/phpmyadmin/scripts/setup.php
/_PHPMYADMIN/scripts/setup.php
/_pHpMyAdMiN/scripts/setup.php
/_phpMyAdmin/scripts/setup.php
/_phpmyadmin/scripts/setup.php
/admin/phpmyadmin/scripts/setup.php
/administrator/components/com_joommyadmin/phpmyadmin/scripts/setup.php
/apache-default/phpmyadmin/scripts/setup.php
/blog/phpmyadmin/scripts/setup.php
/cpanelphpmyadmin/scripts/setup.php
/cpphpmyadmin/scripts/setup.php
/forum/phpmyadmin/scripts/setup.php
/php/phpmyadmin/scripts/setup.php
/phpMyAdmin-2.10.0.0/scripts/setup.php
/phpMyAdmin-2.10.0.1/scripts/setup.php
/phpMyAdmin-2.10.0.2/scripts/setup.php
/phpMyAdmin-2.10.0/scripts/setup.php
/phpMyAdmin-2.10.1.0/scripts/setup.php
/phpMyAdmin-2.10.2.0/scripts/setup.php
/phpMyAdmin-2.11.0.0/scripts/setup.php
/phpMyAdmin-2.11.1-all-languages/scripts/setup.php
/phpMyAdmin-2.11.1.0/scripts/setup.php
/phpMyAdmin-2.11.1.1/scripts/setup.php
/phpMyAdmin-2.11.1.2/scripts/setup.php
/phpMyAdmin-2.5.5-pl1/index.php
/phpMyAdmin-2.5.5/index.php
/phpMyAdmin-2.6.1-pl2/scripts/setup.php
/phpMyAdmin-2.6.1-pl3/scripts/setup.php
/phpMyAdmin-2.6.4-pl3/scripts/setup.php
/phpMyAdmin-2.6.4-pl4/scripts/setup.php
/phpMyAdmin-2.6.4-rc1/scripts/setup.php
/phpMyAdmin-2.6.5/scripts/setup.php
/phpMyAdmin-2.6.6/scripts/setup.php
/phpMyAdmin-2.6.9/scripts/setup.php
/phpMyAdmin-2.7.0-beta1/scripts/setup.php
/phpMyAdmin-2.7.0-pl1/scripts/setup.php
/phpMyAdmin-2.7.0-pl2/scripts/setup.php
/phpMyAdmin-2.7.0-rc1/scripts/setup.php
/phpMyAdmin-2.7.5/scripts/setup.php
/phpMyAdmin-2.7.6/scripts/setup.php
/phpMyAdmin-2.7.7/scripts/setup.php
/phpMyAdmin-2.8.2.3/scripts/setup.php
/phpMyAdmin-2.8.2/scripts/setup.php
/phpMyAdmin-2.8.3/scripts/setup.php
/phpMyAdmin-2.8.4/scripts/setup.php
/phpMyAdmin-2.8.5/scripts/setup.php
/phpMyAdmin-2.8.6/scripts/setup.php
/phpMyAdmin-2.8.7/scripts/setup.php
/phpMyAdmin-2.8.8/scripts/setup.php
/phpMyAdmin-2.8.9/scripts/setup.php
/phpMyAdmin-2.9.0-rc1/scripts/setup.php
/phpMyAdmin-2.9.0.1/scripts/setup.php
/phpMyAdmin-2.9.0.2/scripts/setup.php
/phpMyAdmin-2.9.0/scripts/setup.php
/phpMyAdmin-2.9.1/scripts/setup.php
/phpMyAdmin-2.9.2/scripts/setup.php
/phpMyAdmin-2/
/phpMyAdmin-2/scripts/setup.php
/phpMyAdmin-3.0.0-rc1-english/scripts/setup.php
/phpMyAdmin-3.0.0.0-all-languages/scripts/setup.php
/phpMyAdmin-3.0.1.0-english/scripts/setup.php
/phpMyAdmin-3.0.1.0/scripts/setup.php
/phpMyAdmin-3.0.1.1/scripts/setup.php
/phpMyAdmin-3.1.0.0-english/scripts/setup.php
/phpMyAdmin-3.1.0.0/scripts/setup.php
/phpMyAdmin-3.1.1.0-all-languages/scripts/setup.php
/phpMyAdmin-3.1.2.0-all-languages/scripts/setup.php
/phpMyAdmin-3.1.2.0-english/scripts/setup.php
/phpMyAdmin-3.1.2.0/scripts/setup.php
/phpMyAdmin-3.4.3.1/scripts/setup.php
/phpMyAdmin/
/phpMyAdmin/scripts/setup.php
/phpMyAdmin/translators.html
/phpMyAdmin2/
/phpMyAdmin2/scripts/setup.php
/phpMyAdmin3/scripts/setup.php
/phpmyadmin/
/phpmyadmin/scripts/setup.php
/phpmyadmin1/scripts/setup.php
/phpmyadmin2/
/phpmyadmin2/scripts/setup.php
/phpmyadmin3/scripts/setup.php
/typo3/phpmyadmin/scripts/setup.php
/web/phpMyAdmin/scripts/setup.php
/xampp/phpmyadmin/scripts/setup.php
<title>phpMyAdmin

Telnet Passwords Used In Brute Force Attacks

Posted on October 4, 2013 by Brent Huston

Just a quick post today, but I wanted to give you some insight into the Telnet scans we have been seeing lately. Here are the passwords that have been used to target logins on port 23 on one of our HITME sensors in the United States. This particular system emulates a login, and the probes appear to be automated. We saw no evidence of any manual probes on this sensor in the last month that targeted telnet.

The passwords used in brute force attacks on telnet (used against the usual root/admin/etc users…):

default
1234
220
428
436
Admin
D-Link
admin
cobr4
dreambox
echo
enable
home-modem
l
password
private
public
root
sh
user

Keep a careful eye on any systems with Telnet exposed to the Internet. They are a common attraction point to attackers.

Just a Reminder, SIP is a Popular Scanning Target

Posted on October 2, 2013 by Brent Huston

I just wanted to give you a quick reminder that SIP scanning remains quite popular on the Internet. These probes can lead to compromise and fraud against your VoIP systems. Make sure you do not have VoIP systems exposed to the Internet without proper controls. If you review your logs on the Internet perimeter, SIP scans will look similar to this:

This was captured from the HITME using HoneyPoint Personal Edition.

2013-09-30 17:02:18 – HoneyPoint received a probe from 207.127.61.156 on port 23

Input: OPTIONS sip:nm SIP/2.0

Via: SIP/2.0/TCP nm;branch=foo

From: <sip:nm@nm>;tag=root

To: <sip:nm2@nm2>

Call-ID: 50000

CSeq: 42 OPTIONS

Max-Forwards: 70

Content-Length: 0

Contact: <sip:nm@nm>

Accept: application/sdp

Keep an inventory of your VoIP exposures. They remain a high area of interest for attackers.

Infosec, The World & YOU Episode 3 is Out!

Posted on September 5, 2013 by Brent Huston

Our newest episode is out, and this time we are joined by a very special guest, @TSGouge who discuss social engineering for companies and on the nation state scale. Victoria reveals her new plans to take over the world and Brent tries to keep up with these gals, who are straight up geniuses. We also pontificate on Syria and the potential for cyber-fallout from the action going on over there.

Check it out here.

Have a global real world/cyber issue you want us to tackle? Observed an odd event that ties to a real world cause in the Internets? Drop us a line ~ we’d love to hear about it or get you on the show!

You can find Brent on Twitter at @lbhuston and Victoria stars as @gisoboz. Get in touch!

Using HoneyPoint as a Nuance Detection System in Utility Companies

Posted on August 26, 2013 by Brent Huston

I often get asked about how utility companies deploy HoneyPoint in an average implementation. To help folks with that, I whipped up this quick graphic that shows a sample high level deployment.

Thanks for reading! Let me know what you think, or if you have an interest in discussing an implementation in your environment.

More on Persistent Penetration Testing from MSI

Posted on August 22, 2013 by Brent Huston

MicroSolved has been offering Persistent Penetration Testing (PPT) to select clients now for a couple of years. We have been testing and refining our processes to make sure we had a scalable, value driven, process to offer our full client base. We have decided to open the PPT program up to another round of clients, effective immediately. We will be open to adding three additional clients to the PPT group. In order to qualify, your organization must have an appetite for these services and meet the criteria below:

The services:

MSI will actively emulate a focused team of attackers for either a 6 or 12 month period, depending on complexity, pricing and goals
During that time, MSI will actively and passively target your organization seeking to reach a desired and negotiated set of goals (usually fraud or theft of IP related data, deeper than traditional pen testing)
Full spectrum attacks will be expressed against your organization’s defenses in red team mode, across the time window
Once an initial compromise occurs and the appropriate data has been identified and targeted, we will switch to table top exercises with the appropriate team members to discuss exploitation and exfiltration, prior to action
If, and only if, your organization approves and desires, then exploitation and exfiltration will occur (note that this can be pivoted from real world systems to test/QA environments at this point)
Reporting and socialization of the findings occurs, along with mitigation strategies, awareness training and executive level briefings
The process then repeats, as desired, through the terms and sets of goals

The criteria for qualification; Your organization must:

Have full executive support for the initiative, all the way to the C-level and/or Board of Directors
Have a mature detection and egress process in place (otherwise, the test will simply identify the needs for these components)
Have the will to emulate real world threat activity without applying compliance-based thinking and other unnatural restraints to the process
Have a capable security team for MSI to work with that has the capability to interface with the targeted lines of business in a rapid, rational and safe manner
If desired, have the capability to construct testing/QA platforms and networks to model real world deployments in a rapid and accurate fashion (requires rapid VM capability)
Be open to engaging in an exercise with an emulated aggressive adversary to establish real world risk and threat profiles
Be located in the US (sorry, we are not currently accepting non-US organizations for this service at this point)

If your organization meets these requirements and you are interested in discussing PPT services, please drop me a line (Twitter: @lbhuston), or via email at Info at microsolved dot com. You can also reach me via phone at (614) 351-1237 x 201.

China’s Report on US Military Cyber Troop Strength

Posted on August 19, 2013 by Bill Hagestad

(紅龍) Red Dragon’s statement: If you think you are paying too much for cyber threat intelligence and your current provider DID NOT SHOW this Chinese article to you…then you have paid too much for the incorrect type of Chinese Cyber Threat Intelligence…

Contact the Red Dragon (紅龍) @ MicroSolved, save money, stay better informed – find a capable cyber intelligence authority for less, much less….

whagestad@microsolved.com

謝謝您

紅龍

People’s Republic of China Report: U.S. network warfare unit’s equivalent to 7 over 8 million people equal to the 101st Airborne Division

At 08:49 on August 15, 2013 Source: Phoenix

Core Tip : According to Sing Tao Global Network reported that the U.S. share of global 29% of the number of hackers, the U.S. military about 3000-5000 information warfare experts, and 50000-70000 cyberwar soldiers, together with the original electronic warfare officer , the U.S. network warfare units should have eighty-eight thousand seven hundred people, the scale is equivalent to seven 101st Airborne Division, which will burden future wars weakened the enemy four into combat missions.

Phoenix August 14 “military observation room”, the following is the text Record:

Commentary: Snowdon event causes a foreign media speculation, in fact, the United States first established the largest network warfare units, the development of the world’s most advanced network warfare equipment, and bringing it to actual combat. Recently, the Sing Tao Global Network reported that the U.S. share of global 29% of the number of hackers, the U.S. military about 3000-5000 information warfare experts, and 50000-70000 cyberwar soldiers, together with the original electronic warfare officer, U.S. Army network warfare units should have eighty-eight thousand seven hundred people, the scale is equivalent to seven 101st Airborne Division, which will burden future wars to weaken the enemy four combat missions.

U.S. network army of four thousand people, the world’s top computer experts and hackers, including the CIA, NSA, FBI and other sector experts, all members of the average IQ of 140 or more, known as 140 troops from American four-star general Alexander lasted eight single-handedly built his independent command of the Tenth Fleet, including the Navy, the Air Force 24th Air Force and the Army Second Army, responsible for the training of the academic elite spy technology centers, as well as specialized eavesdropping embassies around the world special data collection center, the United States is being set up forty network security forces, including 13 as offensive forces, the main development network warfare weapons, another 27 troops mainly to protect DoD computer systems and data, all 40 teams will branch to be completed before the autumn of 2015.

“Military observation room” program broadcast in the Phoenix Chinese Channel ] [Program Area

Moderator: Dong Jiayao Moderator Zone]

First time: (Wednesday) 21:50-22:30

Playback time: (Thursday) 04:10-04:50,15:15-15:55

Statement : where marked “Phoenix” sources of work (text, audio, video), without the Phoenix authorization, any media, and individuals shall not be reproduced, link, posted or otherwise use; already authorized in writing by the webmaster at use must be marked “Source: Phoenix.” Violate the above statement, Ben Wang will pursue its legal responsibilities.

美國網路戰部隊逾8萬人 相當於7個101空降師2013年08月15日 08:49

來源：鳳凰衛視

核心提示：據星島環球網報道，美國駭客數量佔全球29%，美軍約有三千到五千名資訊戰專家，及五萬到七萬名網路戰兵，加上原有的電子戰人員，美軍網路戰部隊應該有八萬八千七百人，這個規模相當於七個101空降師，它在未來戰爭將負擔削弱敵人四成戰鬥力的任務。

鳳凰衛視8月14日《軍情觀察室》，以下為文字實錄：

解說：斯諾登事件引起中外媒體一輪炒作，其實美國最早建立規模最大的網路戰部隊，發展了世界最先進的網路戰裝備，並將其推向實戰。近日，星島環球網報道，美國駭客數量佔全球29%，美軍約有三千到五千名資訊戰專家，及五萬到七萬名網路戰兵，加上原有的電子戰人員，美軍網路戰部隊應該有八萬八千七百人，這個規模相當於七個101空降師，它在未來戰爭將負擔削弱敵人四成戰鬥力的任務。

美國網軍達四千人，由世界頂級電腦專家和駭客組成，包括中央情報局、國家安全局、聯邦調查局以及其他部門的專家，所有成員平均智商在140以上，稱為140部隊，由美國四星上將亞歷山大歷時八年一手打造，他獨立指揮權包括海軍第十艦隊，空軍第24航空隊以及陸軍第二軍，負責培訓間諜技術的學術精英中心，以及專門竊聽世界各國大使館的特殊數據收集中心，美國正在組建四十支網路安全部隊，其中13支為進攻性部隊，主要開發網路戰武器，另外27支部隊主要保護國防部的電腦系統和資料，所有40支部隊將於2015年秋季前全部建成。

《軍情觀察室》節目在鳳凰衛視中文臺播出【節目專區】

http://big5.ifeng.com/gate/big5/phtv.ifeng.com/program/jqgcs/

主持人：董嘉耀【主持人專區】

首播時間：（週三）21:50－22:30

重播時間：（週四）04:10－04:50，15:15－15:55

聲明：凡註明“鳳凰網”來源之作品（文字、音頻、視頻），未經鳳凰網授權，任何媒體和個人不得轉載、鏈結、轉貼或以其他方式使用；已經本網書面授權的，在使用時必須註明“來源：鳳凰網”。違反上述聲明的，本網將追究其相關法律責任。

http://big5.ifeng.com/gate/big5/phtv.ifeng.com/program/jqgcs/detail_2013_08/15/28642074_0.shtml

Cyber SA…Global Perspectives

Posted on August 12, 2013 by Bill Hagestad

Good Monday Folks;

Much news from Cyber~Land today – and thus, you may enjoy the most recent Global Perspectives of Cyber Situation Awareness (SA)…
Of particular note – information loss in the People’s Republic of China…now a crime bubbling to the service…Kenyan PC’s with Chinese malware and so much more in the China Section below, including missing US CBP & China cooperation posts; Iran’s Cyber Motivations & Actions…and of course, German and French Governments respond to PRISM…

All the cyber SA you might want in one dose!

中國人民共和國 – People’s Republic of China….

Infosecurity – Report: China Uses Taiwan as Test-Bed for US Cyber-Espionage Attacks
http://www.infosecurity-magazine.com/view/33553/report-china-uses-taiwan-as-testbed-for-us-cyberespionage-attacks/

People’s Republic of China: 1,213 arrested for personal information trafficking – People’s Daily Online
“… 468 gangs and arrested 1,213 people for suspected personal information trafficking, according to a statement released Sunday by the Ministry of Public Security.”
http://english.peopledaily.com.cn/90882/8360132.html
Stronger laws urged to protect personal information – People’s Daily Online
http://english.peopledaily.com.cn/90882/8305906.html
People’s Republic of China ‘top source’ of malicious software in Kenyan computers
http://www.nation.co.ke/business/news/China+top+source+of+malicious+software/-/1006/1944356/-/rj5e4/-/index.html
People’s Republic of China New York Times hackers strike again with evolved malware
http://www.v3.co.uk/v3-uk/news/2288076/new-york-times-hackers-strike-again-with-evolved-malware

Censorship, external authentication, and other social media lessons from China’s Great Firewall
http://www.techinasia.com/china-social-media-lessons-from-great-firewall/

China’s Xiaomi sells 100,000 units of new $130 phone in 90 seconds, chalks up 7.45m reservations |
http://thenextweb.com/asia/2013/08/12/chinas-xiaomi-sells-100000-units-of-new-130-phone-in-90-seconds-chalks-up-7-45m-reservations/
Xiaomi Beats Samsung To Top China’s Smartphone Charts | TechCrunch
http://techcrunch.com/2013/08/12/xiaomi-beats-samsung-to-top-chinas-smartphone-charts/

CBP – U.S. Customs and Border Protection / U.S., China Announce Results of First Joint Intellectual Property Operation
http://www.noodls.com/view/E418DA4AF877ADF8970BBEE9B0E38FDDAB89AC35
This original CBP Press relaese was removed from the web here:
http://www.cbp.gov/xp/cgov/newsroom/news_releases/local/07312013_7.xml

Also removed from South China Morning Post:
http://www.scmp.com/news/china/article/1293516/china-us-team-seize-fake-apple-samsung-dr-dre-electronics
U.S., People’s Republic of China team up to seize counterfeit goods in joint operation
http://www.reuters.com/article/2013/07/31/us-china-usa-counterfeit-idUSBRE96U0X120130731

HUAWEI…

Intelligence: People’s Republic of China Dodges Accusations
Chinese telecommunications equipment manufacturer Huawei continues to be dogged by accusations that it is acting as an economic and military espionage agent for the Chinese military.
http://www.strategypage.com/htmw/htintel/articles/20130810.aspx
People’s Republic of China’s Economy Slows but Its Influence Rises
http://blogs.cfr.org/asia/2013/08/12/chinas-economy-slows-but-its-influence-rises/
People’s Republic of China Rising, Huawei Team For Secure Virtualization Solutions – ChinaTechNews
http://www.chinatechnews.com/2013/08/12/19562-chinas-rising-huawei-team-for-secure-virtualization-solutions
People’s Republic of China’s Huawei partners w/Telematics to bolster Unified Communications capabilities in UAE, Qatar –
http://english.mubasher.info/DFM/news/2377832/Huawei-partners-with-Telematics-to-bolster-Unified-Communications-capabilities-in-UAE-Qatar
Serbian Railways Opts for People’s Republoc of China’s Huawei Solutions
http://enterprisechannels.com/ContentDetails.aspx?Moduleid=12159&&ModuleType=Serbian%20Railways%20Opts%20for%20Huawei%20Solutions
People’s Republic of China Blames Cisco for Huawei’s U.S. Woes
http://channelnomics.com/2012/10/12/china-blames-cisco-huaweis-u-s-woes/

It’s Not Just the People’s Republic of China: Indian Hacker Group Spied On Targets In Pakistan, U.S. And Europe – Forbes
http://www.forbes.com/sites/andygreenberg/2013/05/21/its-not-just-china-indian-hacker-group-spied-on-targets-in-pakistan-u-s-and-europe/
Pakistan Intelligence Agency ISI hacks India’s largest telco BSNL Systems by Social Engineering
http://www.thehackerspost.com/2013/08/pakistan-intelligence-agency-hacks-bsnl.html

Escalation Cause: How the Pentagon’s new strategy could trigger war with the People’s Republic of China
“…according to Air-Sea Battle, U.S. forces would launch physical attacks and cyberattacks against the enemy’s “kill-chain” of sensors and weaponry in order to disrupt its command-and-control systems, wreck its launch platforms (including aircraft, ships, and missile sites), and finally defeat the weapons they actually fire. The sooner the kill-chain is broken, the less damage U.S. forces will suffer — and the more damage they will be able to inflict on the enemy.”
http://www.chinausfocus.com/peace-security/escalation-cause-how-the-pentagons-new-strategy-could-trigger-war-with-china/
A Future Without War for the People’s Republic of China & the US |
http://www.chinausfocus.com/foreign-policy/a-future-without-war-for-china-and-the-us/
People’s Republic of China among top five countries on US’ surveillance list – TruthDive
“…the list of NSA’s spying targets, China, Russia, Iran, Pakistan and North Korea are of prime importance for surveillance, Der Spiegal reports.

According to the report, the US is especially interested in gathering intelligence related to the countries’ foreign policy, international trade and economic stability along with topics related to new technology and energy security which score low level priority.”

http://truthdive.com/2013/08/11/Pak-China-among-top-five-countries-on-US-surveillance-list.html
H-6K bombers used by PLA capable of reaching Hawaii: Kanwa Defense Review
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130812000082&cid=1101
The untold truth behind the US rebalancing policy…WantChinaTimes.com
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130811000079&cid=1703

People’s Republic of China investigates France’s Sanofi for alleged bribery: Xinhua
http://www.reuters.com/article/2013/08/10/us-sanofi-china-idUSBRE97902L20130810

ISLAMIC REPUBLIC OF IRAN ~ Cyber

Iran’s cyber warfare could hit public more than military: report
http://www.washingtontimes.com/news/2013/jul/29/irans-cyber-warfare-could-hit-public-more-military/
Iran’s Covert Cyber War
http://blog.heritage.org/2013/08/07/irans-covert-cyber-war/

INTERNATIONAL HACKING>>>

Inside the Tor exploit | ZDNet
http://www.zdnet.com/inside-the-tor-exploit-7000018997/
Hackers put a bull’s-eye on small business | PCWorld
http://www.pcworld.com/article/2046300/hackers-put-a-bulls-eye-on-small-business.html
Reported data breached records in US from 2005 to present exceed 500 million | ZDNet
http://www.zdnet.com/reported-data-breached-records-in-us-from-2005-to-present-exceed-500-million-7000018991/
Meet Darknet, the hidden, anonymous underbelly of the searchable Web | PCWorld
http://www.pcworld.com/article/2046227/meet-darknet-the-hidden-anonymous-underbelly-of-the-searchable-web.html

The Classifieds
“Are American spies the next victims of the Internet age?”
http://www.foreignpolicy.com/articles/2013/08/09/the_classifieds_open_source_intelligence_prieto?page=full
Deutsche Telekom and United Internet launch ‘made in Germany’ email in response to PRISM | ZDNet
http://www.zdnet.com/deutsche-telekom-and-united-internet-launch-made-in-germany-email-in-response-to-prism-7000019266/
Spy or Die – Can corporate suicide stop the NSA?
http://www.foreignpolicy.com/articles/2013/08/09/spy_or_die_nsa_lavabit_silent_circle?page=full

HACKSURFER
http://hacksurfer.com/
Fort Disco: The new brute-force botnet | ZDNet
http://www.zdnet.com/fort-disco-the-new-brute-force-botnet-7000019126/#%21
The Danger of Mixing Cyberespionage With Cyberwarfare
http://insights.wired.com/profiles/blogs/the-danger-of-mixing-cyberespionage-with-cyberwarfare#axzz2bmMnUKxL

France has its own PRISM system: Report | ZDNet
As the US and the UK admit that they are intercepting data for intelligence purposes, an investigative report has revealed that the French government is doing the same.
http://www.zdnet.com/france-has-its-own-prism-system-report-7000017694/

Enjoy!

Semper Fi,

謝謝
紅龍

MSI :: State of Security

Insight from the Information Security Experts

Category Archives: Emerging Threats