Category Archives: Threat Intelligence

Blast From the Past: D-Link Probes in the HITME

Posted on by
Reply

We got a few scans for an old D-Link router vulnerability that dates back to 2009. It’s interesting to me how long scanning signatures live in online malware and scanning tools. This has lived for quite a while. 

Here are the catches from a HoneyPoint Personal Edition I have deployed at home and exposed to the Internet. Mostly, this is just to give folks looking at the scans in their logs an idea of what is going on. (xxx) replaces the IP address… 

2013-10-02 02:46:13 – HoneyPoint received a probe from 71.103.222.99 on port 80 Input: GET /HNAP1/ HTTP/1.1 Host: xxxx User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) WebWasher 3.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://xxxx/ Authorization: Basic YWRtaW46dWA+NXhZQlU1d2VR Connection: keep-alive

2013-10-02 03:22:13 – HoneyPoint received a probe from 71.224.194.47 on port 80 Input: GET /HNAP1/ HTTP/1.1 Host: xxxx User-Agent: Opera/6.x (Linux 2.4.8-26mdk i686; U) [en] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://xxxx/ Authorization: Basic YWRtaW46InkwYi4qMF5wL05G Connection: keep-alive

This probe is often associated with vulnerable D-Link routers, usually older ones, those made between 2006 and mid-2010. The original release and proof of concept exploit tool is here. The scan has also been embedded into several scanning tools and a couple of pieces of malware, so it continues to thrive.

Obviously, if you are using these older D-Link routers at home or in a business, make sure they are updated to the latest firmware, and they may still be vulnerable, depending on their age. You should replace older routers with this vulnerability if they can not be upgraded. 

The proof of concept exploit also contains an excellent doc that explains the HNAP protocol in detail. Give it a read. It’s dated, but remains very interesting.

PS – As an aside, I also ran the exploit through VirusTotal to see what kind of detection rate it gets. 0% was the answer, at least for that basic exploit PoC. 

Scanning Targets for PHP My Admin Scans

Posted on by
Reply

Another quick update today. This time an updated list of the common locations where web scanning tools in the wild are checking for PHPMyAdmin. As you know, this is one of the most common attacks against PHP sites. You should check to make sure your site does not have a real file in these locations or that if it exists, it is properly secured.

The scanners are checking the following locations these days:

//phpMyAdmin/scripts/setup.php
//phpmyadmin/scripts/setup.php
/Admin/phpMyAdmin/scripts/setup.php
/Admin/phpmyadmin/scripts/setup.php
/_PHPMYADMIN/scripts/setup.php
/_pHpMyAdMiN/scripts/setup.php
/_phpMyAdmin/scripts/setup.php
/_phpmyadmin/scripts/setup.php
/admin/phpmyadmin/scripts/setup.php
/administrator/components/com_joommyadmin/phpmyadmin/scripts/setup.php
/apache-default/phpmyadmin/scripts/setup.php
/blog/phpmyadmin/scripts/setup.php
/cpanelphpmyadmin/scripts/setup.php
/cpphpmyadmin/scripts/setup.php
/forum/phpmyadmin/scripts/setup.php
/php/phpmyadmin/scripts/setup.php
/phpMyAdmin-2.10.0.0/scripts/setup.php
/phpMyAdmin-2.10.0.1/scripts/setup.php
/phpMyAdmin-2.10.0.2/scripts/setup.php
/phpMyAdmin-2.10.0/scripts/setup.php
/phpMyAdmin-2.10.1.0/scripts/setup.php
/phpMyAdmin-2.10.2.0/scripts/setup.php
/phpMyAdmin-2.11.0.0/scripts/setup.php
/phpMyAdmin-2.11.1-all-languages/scripts/setup.php
/phpMyAdmin-2.11.1.0/scripts/setup.php
/phpMyAdmin-2.11.1.1/scripts/setup.php
/phpMyAdmin-2.11.1.2/scripts/setup.php
/phpMyAdmin-2.5.5-pl1/index.php
/phpMyAdmin-2.5.5/index.php
/phpMyAdmin-2.6.1-pl2/scripts/setup.php
/phpMyAdmin-2.6.1-pl3/scripts/setup.php
/phpMyAdmin-2.6.4-pl3/scripts/setup.php
/phpMyAdmin-2.6.4-pl4/scripts/setup.php
/phpMyAdmin-2.6.4-rc1/scripts/setup.php
/phpMyAdmin-2.6.5/scripts/setup.php
/phpMyAdmin-2.6.6/scripts/setup.php
/phpMyAdmin-2.6.9/scripts/setup.php
/phpMyAdmin-2.7.0-beta1/scripts/setup.php
/phpMyAdmin-2.7.0-pl1/scripts/setup.php
/phpMyAdmin-2.7.0-pl2/scripts/setup.php
/phpMyAdmin-2.7.0-rc1/scripts/setup.php
/phpMyAdmin-2.7.5/scripts/setup.php
/phpMyAdmin-2.7.6/scripts/setup.php
/phpMyAdmin-2.7.7/scripts/setup.php
/phpMyAdmin-2.8.2.3/scripts/setup.php
/phpMyAdmin-2.8.2/scripts/setup.php
/phpMyAdmin-2.8.3/scripts/setup.php
/phpMyAdmin-2.8.4/scripts/setup.php
/phpMyAdmin-2.8.5/scripts/setup.php
/phpMyAdmin-2.8.6/scripts/setup.php
/phpMyAdmin-2.8.7/scripts/setup.php
/phpMyAdmin-2.8.8/scripts/setup.php
/phpMyAdmin-2.8.9/scripts/setup.php
/phpMyAdmin-2.9.0-rc1/scripts/setup.php
/phpMyAdmin-2.9.0.1/scripts/setup.php
/phpMyAdmin-2.9.0.2/scripts/setup.php
/phpMyAdmin-2.9.0/scripts/setup.php
/phpMyAdmin-2.9.1/scripts/setup.php
/phpMyAdmin-2.9.2/scripts/setup.php
/phpMyAdmin-2/
/phpMyAdmin-2/scripts/setup.php
/phpMyAdmin-3.0.0-rc1-english/scripts/setup.php
/phpMyAdmin-3.0.0.0-all-languages/scripts/setup.php
/phpMyAdmin-3.0.1.0-english/scripts/setup.php
/phpMyAdmin-3.0.1.0/scripts/setup.php
/phpMyAdmin-3.0.1.1/scripts/setup.php
/phpMyAdmin-3.1.0.0-english/scripts/setup.php
/phpMyAdmin-3.1.0.0/scripts/setup.php
/phpMyAdmin-3.1.1.0-all-languages/scripts/setup.php
/phpMyAdmin-3.1.2.0-all-languages/scripts/setup.php
/phpMyAdmin-3.1.2.0-english/scripts/setup.php
/phpMyAdmin-3.1.2.0/scripts/setup.php
/phpMyAdmin-3.4.3.1/scripts/setup.php
/phpMyAdmin/
/phpMyAdmin/scripts/setup.php
/phpMyAdmin/translators.html
/phpMyAdmin2/
/phpMyAdmin2/scripts/setup.php
/phpMyAdmin3/scripts/setup.php
/phpmyadmin/
/phpmyadmin/scripts/setup.php
/phpmyadmin1/scripts/setup.php
/phpmyadmin2/
/phpmyadmin2/scripts/setup.php
/phpmyadmin3/scripts/setup.php
/typo3/phpmyadmin/scripts/setup.php
/web/phpMyAdmin/scripts/setup.php
/xampp/phpmyadmin/scripts/setup.php
<title>phpMyAdmin

Telnet Passwords Used In Brute Force Attacks

Posted on by
Reply

Just a quick post today, but I wanted to give you some insight into the Telnet scans we have been seeing lately. Here are the passwords that have been used to target logins on port 23 on one of our HITME sensors in the United States. This particular system emulates a login, and the probes appear to be automated. We saw no evidence of any manual probes on this sensor in the last month that targeted telnet.

The passwords used in brute force attacks on telnet (used against the usual root/admin/etc users…): 

default
1234
220
428
436
Admin
D-Link
admin
cobr4
dreambox
echo
enable
home-modem
l
password
private
public
root
sh
user

Keep a careful eye on any systems with Telnet exposed to the Internet. They are a common attraction point to attackers.

China’s Report on US Military Cyber Troop Strength

Posted on by
5

(紅龍) Red Dragon’s statement: If you think you are paying too much for cyber threat intelligence and your current provider DID NOT SHOW this Chinese article to youthen you have paid too much for the incorrect type of Chinese Cyber Threat Intelligence…

Contact the Red Dragon (紅龍) @ MicroSolved, save money, stay better informed – find a capable cyber intelligence authority for less, much less….

whagestad@microsolved.com

謝謝您

紅龍

People’s Republic of China Report: U.S. network warfare unit’s equivalent to 7 over 8 million people equal to the 101st Airborne Division

At 08:49 on August 15, 2013 Source: Phoenix

Core Tip : According to Sing Tao Global Network reported that the U.S. share of global 29% of the number of hackers, the U.S. military about 3000-5000 information warfare experts, and 50000-70000 cyberwar soldiers, together with the original electronic warfare officer , the U.S. network warfare units should have eighty-eight thousand seven hundred people, the scale is equivalent to seven 101st Airborne Division, which will burden future wars weakened the enemy four into combat missions.

Phoenix August 14 “military observation room”, the following is the text Record:

Commentary: Snowdon event causes a foreign media speculation, in fact, the United States first established the largest network warfare units, the development of the world’s most advanced network warfare equipment, and bringing it to actual combat. Recently, the Sing Tao Global Network reported that the U.S. share of global 29% of the number of hackers, the U.S. military about 3000-5000 information warfare experts, and 50000-70000 cyberwar soldiers, together with the original electronic warfare officer, U.S. Army network warfare units should have eighty-eight thousand seven hundred people, the scale is equivalent to seven 101st Airborne Division, which will burden future wars to weaken the enemy four combat missions.

U.S. network army of four thousand people, the world’s top computer experts and hackers, including the CIA, NSA, FBI and other sector experts, all members of the average IQ of 140 or more, known as 140 troops from American four-star general Alexander lasted eight single-handedly built his independent command of the Tenth Fleet, including the Navy, the Air Force 24th Air Force and the Army Second Army, responsible for the training of the academic elite spy technology centers, as well as specialized eavesdropping embassies around the world special data collection center, the United States is being set up forty network security forces, including 13 as offensive forces, the main development network warfare weapons, another 27 troops mainly to protect DoD computer systems and data, all 40 teams will branch to be completed before the autumn of 2015.

“Military observation room” program broadcast in the Phoenix Chinese Channel ] [Program Area

Moderator: Dong Jiayao Moderator Zone]

First time: (Wednesday) 21:50-22:30

Playback time: (Thursday) 04:10-04:50,15:15-15:55

Statement : where marked “Phoenix” sources of work (text, audio, video), without the Phoenix authorization, any media, and individuals shall not be reproduced, link, posted or otherwise use; already authorized in writing by the webmaster at use must be marked “Source: Phoenix.” Violate the above statement, Ben Wang will pursue its legal responsibilities.

 美國網路戰部隊逾8萬人 相當於7101空降師20130815 08:49

來源:鳳凰衛視

核心提示:據星島環球網報道,美國駭客數量佔全球29%,美軍約有三千到五千名資訊戰專家,及五萬到七萬名網路戰兵,加上原有的電子戰人員,美軍網路戰部隊應該有八萬八千七百人,這個規模相當於七個101空降師,它在未來戰爭將負擔削弱敵人四成戰鬥力的任務。

鳳凰衛視8月14日《軍情觀察室》,以下為文字實錄:

解說:斯諾登事件引起中外媒體一輪炒作,其實美國最早建立規模最大的網路戰部隊,發展了世界最先進的網路戰裝備,並將其推向實戰。近日,星島環球網報道,美國駭客數量佔全球29%,美軍約有三千到五千名資訊戰專家,及五萬到七萬名網路戰兵,加上原有的電子戰人員,美軍網路戰部隊應該有八萬八千七百人,這個規模相當於七個101空降師,它在未來戰爭將負擔削弱敵人四成戰鬥力的任務。

美國網軍達四千人,由世界頂級電腦專家和駭客組成,包括中央情報局、國家安全局、聯邦調查局以及其他部門的專家,所有成員平均智商在140以上,稱為140部隊,由美國四星上將亞歷山大歷時八年一手打造,他獨立指揮權包括海軍第十艦隊,空軍第24航空隊以及陸軍第二軍,負責培訓間諜技術的學術精英中心,以及專門竊聽世界各國大使館的特殊數據收集中心,美國正在組建四十支網路安全部隊,其中13支為進攻性部隊,主要開發網路戰武器,另外27支部隊主要保護國防部的電腦系統和資料,所有40支部隊將於2015年秋季前全部建成。

《軍情觀察室》節目在鳳凰衛視中文臺播出【節目專區】

http://big5.ifeng.com/gate/big5/phtv.ifeng.com/program/jqgcs/

主持人:董嘉耀【主持人專區】

首播時間:(週三)21:50-22:30

重播時間:(週四)04:10-04:50,15:15-15:55

聲明:凡註明“鳳凰網”來源之作品(文字、音頻、視頻),未經鳳凰網授權,任何媒體和個人不得轉載、鏈結、轉貼或以其他方式使用;已經本網書面授權的,在使用時必須註明“來源:鳳凰網”。違反上述聲明的,本網將追究其相關法律責任。

 http://big5.ifeng.com/gate/big5/phtv.ifeng.com/program/jqgcs/detail_2013_08/15/28642074_0.shtml

Cyber SA…Global Perspectives

Posted on by
1

Good Monday Folks;

Much news from Cyber~Land today – and thus, you may enjoy the most recent Global Perspectives of Cyber Situation Awareness (SA)…
Of particular note – information loss in the People’s Republic of China…now a crime bubbling to the service…Kenyan PC’s with Chinese malware and so much more in the China Section below, including missing US CBP & China cooperation posts; Iran’s Cyber Motivations & Actions…and of course, German and French Governments respond to PRISM…

All the cyber SA you might want in one dose!

中國人民共和國 – People’s Republic of China….

Infosecurity – Report: China Uses Taiwan as Test-Bed for US Cyber-Espionage Attacks
http://www.infosecurity-magazine.com/view/33553/report-china-uses-taiwan-as-testbed-for-us-cyberespionage-attacks/

People’s Republic of China: 1,213 arrested for personal information trafficking – People’s Daily Online
“… 468 gangs and arrested 1,213 people for suspected personal information trafficking, according to a statement released Sunday by the Ministry of Public Security.”
http://english.peopledaily.com.cn/90882/8360132.html
Stronger laws urged to protect personal information – People’s Daily Online
http://english.peopledaily.com.cn/90882/8305906.html
People’s Republic of China ‘top source’ of malicious software in Kenyan computers
http://www.nation.co.ke/business/news/China+top+source+of+malicious+software/-/1006/1944356/-/rj5e4/-/index.html
People’s Republic of China New York Times hackers strike again with evolved malware
http://www.v3.co.uk/v3-uk/news/2288076/new-york-times-hackers-strike-again-with-evolved-malware

Censorship, external authentication, and other social media lessons from China’s Great Firewall
http://www.techinasia.com/china-social-media-lessons-from-great-firewall/

China’s Xiaomi sells 100,000 units of new $130 phone in 90 seconds, chalks up 7.45m reservations |
http://thenextweb.com/asia/2013/08/12/chinas-xiaomi-sells-100000-units-of-new-130-phone-in-90-seconds-chalks-up-7-45m-reservations/
Xiaomi Beats Samsung To Top China’s Smartphone Charts | TechCrunch
http://techcrunch.com/2013/08/12/xiaomi-beats-samsung-to-top-chinas-smartphone-charts/

CBP – U.S. Customs and Border Protection / U.S., China Announce Results of First Joint Intellectual Property Operation
http://www.noodls.com/view/E418DA4AF877ADF8970BBEE9B0E38FDDAB89AC35
This original CBP Press relaese was removed from the web here:
http://www.cbp.gov/xp/cgov/newsroom/news_releases/local/07312013_7.xml

Also removed from South China Morning Post:
http://www.scmp.com/news/china/article/1293516/china-us-team-seize-fake-apple-samsung-dr-dre-electronics
U.S., People’s Republic of China team up to seize counterfeit goods in joint operation
http://www.reuters.com/article/2013/07/31/us-china-usa-counterfeit-idUSBRE96U0X120130731

HUAWEI…

Intelligence: People’s Republic of China Dodges Accusations
Chinese telecommunications equipment manufacturer Huawei continues to be dogged by accusations that it is acting as an economic and military espionage agent for the Chinese military.
http://www.strategypage.com/htmw/htintel/articles/20130810.aspx
People’s Republic of China’s Economy Slows but Its Influence Rises
http://blogs.cfr.org/asia/2013/08/12/chinas-economy-slows-but-its-influence-rises/
People’s Republic of China Rising, Huawei Team For Secure Virtualization Solutions – ChinaTechNews
http://www.chinatechnews.com/2013/08/12/19562-chinas-rising-huawei-team-for-secure-virtualization-solutions
People’s Republic of China’s Huawei partners w/Telematics to bolster Unified Communications capabilities in UAE, Qatar –
http://english.mubasher.info/DFM/news/2377832/Huawei-partners-with-Telematics-to-bolster-Unified-Communications-capabilities-in-UAE-Qatar
Serbian Railways Opts for People’s Republoc of China’s Huawei Solutions
http://enterprisechannels.com/ContentDetails.aspx?Moduleid=12159&&ModuleType=Serbian%20Railways%20Opts%20for%20Huawei%20Solutions
People’s Republic of China Blames Cisco for Huawei’s U.S. Woes
http://channelnomics.com/2012/10/12/china-blames-cisco-huaweis-u-s-woes/

It’s Not Just the People’s Republic of China: Indian Hacker Group Spied On Targets In Pakistan, U.S. And Europe – Forbes
http://www.forbes.com/sites/andygreenberg/2013/05/21/its-not-just-china-indian-hacker-group-spied-on-targets-in-pakistan-u-s-and-europe/
Pakistan Intelligence Agency ISI hacks India’s largest telco BSNL Systems by Social Engineering
http://www.thehackerspost.com/2013/08/pakistan-intelligence-agency-hacks-bsnl.html

Escalation Cause: How the Pentagon’s new strategy could trigger war with the People’s Republic of China
“…according to Air-Sea Battle, U.S. forces would launch physical attacks and cyberattacks against the enemy’s “kill-chain” of sensors and weaponry in order to disrupt its command-and-control systems, wreck its launch platforms (including aircraft, ships, and missile sites), and finally defeat the weapons they actually fire. The sooner the kill-chain is broken, the less damage U.S. forces will suffer — and the more damage they will be able to inflict on the enemy.”
http://www.chinausfocus.com/peace-security/escalation-cause-how-the-pentagons-new-strategy-could-trigger-war-with-china/
A Future Without War for the People’s Republic of China & the US |
http://www.chinausfocus.com/foreign-policy/a-future-without-war-for-china-and-the-us/
People’s Republic of China among top five countries on US’ surveillance list – TruthDive
“…the list of NSA’s spying targets, China, Russia, Iran, Pakistan and North Korea are of prime importance for surveillance, Der Spiegal reports.

According to the report, the US is especially interested in gathering intelligence related to the countries’ foreign policy, international trade and economic stability along with topics related to new technology and energy security which score low level priority.”

http://truthdive.com/2013/08/11/Pak-China-among-top-five-countries-on-US-surveillance-list.html
H-6K bombers used by PLA capable of reaching Hawaii: Kanwa Defense Review
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130812000082&cid=1101
The untold truth behind the US rebalancing policy…WantChinaTimes.com
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130811000079&cid=1703

People’s Republic of China investigates France’s Sanofi for alleged bribery: Xinhua
http://www.reuters.com/article/2013/08/10/us-sanofi-china-idUSBRE97902L20130810

ISLAMIC REPUBLIC OF IRAN ~ Cyber

Iran’s cyber warfare could hit public more than military: report
http://www.washingtontimes.com/news/2013/jul/29/irans-cyber-warfare-could-hit-public-more-military/
Iran’s Covert Cyber War
http://blog.heritage.org/2013/08/07/irans-covert-cyber-war/

INTERNATIONAL HACKING>>>

Inside the Tor exploit | ZDNet
http://www.zdnet.com/inside-the-tor-exploit-7000018997/
Hackers put a bull’s-eye on small business | PCWorld
http://www.pcworld.com/article/2046300/hackers-put-a-bulls-eye-on-small-business.html
Reported data breached records in US from 2005 to present exceed 500 million | ZDNet
http://www.zdnet.com/reported-data-breached-records-in-us-from-2005-to-present-exceed-500-million-7000018991/
Meet Darknet, the hidden, anonymous underbelly of the searchable Web | PCWorld
http://www.pcworld.com/article/2046227/meet-darknet-the-hidden-anonymous-underbelly-of-the-searchable-web.html

The Classifieds
“Are American spies the next victims of the Internet age?”
http://www.foreignpolicy.com/articles/2013/08/09/the_classifieds_open_source_intelligence_prieto?page=full
Deutsche Telekom and United Internet launch ‘made in Germany’ email in response to PRISM | ZDNet
http://www.zdnet.com/deutsche-telekom-and-united-internet-launch-made-in-germany-email-in-response-to-prism-7000019266/
Spy or Die – Can corporate suicide stop the NSA?
http://www.foreignpolicy.com/articles/2013/08/09/spy_or_die_nsa_lavabit_silent_circle?page=full

HACKSURFER
http://hacksurfer.com/
Fort Disco: The new brute-force botnet | ZDNet
http://www.zdnet.com/fort-disco-the-new-brute-force-botnet-7000019126/#%21
The Danger of Mixing Cyberespionage With Cyberwarfare
http://insights.wired.com/profiles/blogs/the-danger-of-mixing-cyberespionage-with-cyberwarfare#axzz2bmMnUKxL

France has its own PRISM system: Report | ZDNet
As the US and the UK admit that they are intercepting data for intelligence purposes, an investigative report has revealed that the French government is doing the same.
http://www.zdnet.com/france-has-its-own-prism-system-report-7000017694/

Enjoy!

Semper Fi,

謝謝
紅龍

US Concocting People’s War to Hype China Cyber Fears – FreeBeacon is Wrong…People’s Republic of China Rebuttal….

Posted on by
6

US Concocting People’s War to Hype China Cyber Fears – FreeBeacon is Wrong…People’s Republic of China Rebuttal….

http://world.huanqiu.com/exclusive/2013-08/4195091.html

U.S. media reports the magazine when the internal network fabricated Chinese people’s war planning

RedDragon’s Insight…there have been very few if any ‘cyber’ madness stories pointing the finger at the People’s Republic of China (中華人民共和國) since the traitorous Snowden left for Hong Kong and ended up in Russia working for the Soviet version of Facebook…This latest amplification by Gertz’ ‘Washington Free Bacon sorry Beacon…is yet another attempt by the unknowing and ignorant to cause controversy where there isn’t any…maybe the Free Bacon needs press, I expect the China hyperbole is the ticket..

Nonetheless, below is a story from within the People’s Republic of China indicating that Free Bacon is both incorrect (I wonder if Mr. Gertz speaks or understands Chinese or he is simply manufacturing a new enemy for the DIB?) and full of mis and dis- information…

The suggestion is to read the news story below and decide for yourself…having met with China’s Elite Hackers I can tell you they pout the trousers on one leg at a time just like we do….

                                                         Semper Fi –

                                                           謝謝您  紅龍

At 07:19 on August 1, 2013 Source: Global Times Author: Chen Chong Sun Micro Flow Limei Wang Xiaoxiong Roshan love Tu draft selection: Wei Zheng

  Original title: U.S. media reports the magazine when the internal planning cyber war concocted China

  LONDON August 1 message: “Chinese military theorists are the tactics of Mao’s peasant uprising to the United States for the next war,” U.S. “Washington Freedom Beacon” July 30 come to the surprising conclusion, is trying to set off another one pair of “Chinese cyber warfare,” the siege. However, the “Global Times” reporter found that the report mentioned in the article is not what the “internal defense report,” U.S. media’s most in-depth study of the U.S. cyber warfare theory originated from China just for grafted to the sensational.

  ”Washington Freedom Beacon” July 30 reported that China an internal defense report noted that China’s military is preparing for the cyber warfare, including the launch of the satellite from space attacks and the use of military and civil personnel initiating digital ” people’s war. ” The newspaper said the report, “Space Network warfare research,” the report by the Shanghai Research Center of a home defense drafted four engineers, including disclosure of Chinese cyber warfare and space warfare plans for further details, “This report makes the outside world a rare Beijing to peep into the most secret military projects: Future plans cyber warfare against the United States. ” The report concludes that, in the past, nuclear war strategy is based, but in the information age, with a strategic war should be cyber warfare. “Due to rely on information warfare in space, cyberspace will become a fight for control of the network hotspots.”

  ”China’s cyber warfare capabilities and anti-satellite missiles and interference projects, the PLA hide the deepest secrets. Held earlier this month in China-US Strategic and Economic Dialogue, the topic of cyber warfare by the U.S. and Chinese military defense officials instituted.” ” Washington Freedom Beacon “In reaching this conclusion, but re-claimed the newspaper received a copy of a translation of the report, marked above dates are December 2012, published in the” Aerospace Electronic Warfare “journal . The journal is the China Aerospace Science and Industry Group 8511 Nanjing Institute publications.

  ”Washington Freedom Beacon” really got China’s internal defense report yet? “Global Times” reporter July 31 telephone interview, “Aerospace Electronic Warfare” magazine. The magazine one person familiar with the situation told reporters, “Aerospace Electronic Warfare” is a publicly issued bimonthly, anyone want to see you can get this magazine, which is a little secret the contents of the article are not, let alone is the “internal defense report.” Specific to the thing I read entitled “Space Cyber ​​warfare research,” the article, by the Shanghai Institute of Satellite Engineering of Huanghan Wen and other four people to write, mainly for the Chinese readers “Space cyberwar” no unified concept, the lack of clear understanding of the U.S. space-related cyber warfare concepts, definitions introduced to China, is not what the Chinese military theorists in the study of people’s war in cyberspace.

  ”Global Times” reporter easily downloaded from the Internet this article. In the reporter seems more like a science article describes, beginning on several U.S. cites the definition of cyber warfare. Which describes the characteristics of cyber war, said: “Cyber ​​warfare is not limited to military personnel to participate, with the information systems expertise and skilled personnel, can be implemented cyber warfare, cyber warfare can be said to be a people’s war.”

  China National Innovation Strategy Research and Development Center for Strategic Studies cyberspace Renqin An 31, 2011, the “Global Times” said that the people’s war and cyber warfare irrelevant, network warfare is “elite war”, how could become the “People’s war “?

美媒把杂志当内部报告 编造中国筹划网络人民战争

【环球时报综合报道】“中国军方理论学者正在将毛泽东的农民起义战术用于未来对美战争”,美国《华盛顿自由灯塔报》7月30日得出的惊人结论,正试图掀起另一轮对“中国网络战”的围攻。然而,《环球时报》记者调查发现,文章中提到的报告根本不是什么“内部防务报告”,美国媒体把美国研究最深入的网络战理论嫁接到源于中国只是为了耸人听闻。

  《华盛顿自由灯塔报》7月30日报道称,中国一份内部防务报告指出,中国军方正在为网络战争做准备,其中包括从太空对卫星发起袭击,并利用军事和民间人员发起数字化的“人民战争”。该报称,这份名为“空间网络战研究”的报告由上海某家国防研究中心的4名工程师起草,其中披露了中国网络战和太空战计划的详细细节,“这份报告使得外界罕见地窥视到北京最为秘密的军事项目:未来针对美国的网络战计划”。这份报告认为,过去,战略战争是以核武器为基础,但在信息时代,具有战略意义的战争应该是网络战。“由于信息战要依赖于太空,网络空间将成为争夺网络控制权的热点。”

  “中国的网络战能力与反卫星导弹和干扰项目一样,是解放军隐藏最深的秘密。在本月初召开的中美战略与经济对话中,网络战的话题被美国和中国军事防务官员提起。”《华盛顿自由灯塔报》在得出这一结论时,却又转口声称,该报获得了这份报告的翻译件复印件,上面标注的日期是2012年12月,发表在《航天电子对抗》期刊上。这份期刊是中国航天科工集团南京8511研究所的出版物。

  《华盛顿自由灯塔报》真的搞到中国的内部防务报告了吗?《环球时报》记者7月31日电话采访了《航天电子对抗》杂志。该杂志一名熟悉情况的人士告诉记者,《航天电子对抗》是一份对外公开发行的双月刊,任何人只要想看就可以得到这份杂志,里面的文章一点涉密内容都没有,更不可能是“内部防务报告”。具体到那篇题为“空间赛博战研究”的文章,是由上海卫星工程研究所的黄汉文等4人写的,主要针对的是中国读者对“空间网络战”没有统一的概念,缺乏明确的认识,把美国有关空间网络战的概念、定义介绍给中国,根本不是什么中国军方理论家在研究网络空间的人民战争。

  《环球时报》记者轻易地从网上下载了这篇文章。在记者看来,文章更像是一篇科普介绍,开头就引用了几个美国对赛博战的定义。其中介绍赛博战特点时说:“赛博战并不限于军人参加,具备信息系统专门知识和技能的人员,都可以实施赛博战,可 以说赛博战是一种人民战争 。”

  中国国家创新与发展战略研究会网络空间战略研究中心主任秦安31日对《环球时报》说,人民战争与网络战风马牛不相及,网络战是“精英战”,怎么可能变成“人民战争”?

  【环球时报驻美国、英国特约记者 谌庄流  孙微 环球时报记者 屠丽美 王晓雄 罗山爱】

Ask the Experts: Travel Abroad with Electronics

Posted on by
6

This time around, a reader wrote in with a very common question:

Q: “A member of my management team is about to go on a business trip to a country with known cyber-spying capabilities. She wants to take her phone, tablet and laptop so she can be productive on the road. What can I do to make this safer for her and our organization without restricting her work capability on the road in an unreasonable manner?”

Adam Hostetler opened with: 

The standard here is don’t bring anything electronic, if you can help it. In most cases, that’s not probable so don’t bring your normal personal phones or laptops, no smartphone at all is advisable. Bring loaner devices that have only exactly what they need and can be burned when they get back. Only connect through a VPN, and have that account monitored on the other end. Don’t leave phone or laptop in a hotel room, even in the safe, and don’t talk business there either.

Jim Klun added:

There is likely no way to do this without restricting – or at least significantly changing – the way she works. 

It has to be assumed that any information on her personal devices will be compromised. 
It also can be assumed that any information flowing between her devices and the outside world will be compromised. 

I would recommend two things:

1. Take only what you can afford to lose. Communicate only what you can afford to lose. 

        So – take a small number of devices (e.g. phone, laptop) minimally configured with only that information absolutely required for this trip. 
        Better to have corporate staff respond to email requests from her rather than to allow access to critical corporate resources from suspect location. 
        If internal connectivity to corporate resources must be allowed ( e.g VPN) it should be ideally require 2-factor auth of some sort, use strong encryption, and grant access only to a limited subset of resources. 
        All credentials can be assumed to be lost – hence the utility of two-factor.  All of the employees credentials should be changed on return. 

        All devices brought back should be assumed to be compromised and will need complete re-imaging. 
                

2.  Consider creating “go-kits” and well-defined repeatable processes for employees who travel to such locations. 

     A special set of devices ( laptop, phone, etc) that are minimally configured and can be wiped on return.  No personally owned devices should be allowed. 
     Connectivity for those devices – if absolutely needed – that allows access only to a tightly restricted and monitored subset of internal corporate resources. 
     Most importantly – training for employees who make these trips.  The employee must understand the special risks being incurred and be aware of their responsibility to protect the company and the companies existing customers.   
      As above – all of the employees credentials should be changed on return.

Bill Hagestad summed it up with this: 

This one is near and dear to my heart…I call these rules of counter cyber espionage the  李侃如的中國旅遊規則 (Lieberthal’s China Travel Rules)

Cellphone and laptop @ home brings “loaner” devices, erased before he leaves home country & wiped clean immediately upon returns;

In China, disable Bluetooth & Wi-Fi, phone never out of his sight;

In meetings, not only turn off his phone but also remove battery, microphone could be turned on remotely;

Connect to the Internet only via encrypted, password-protected channel, copies & pastes his password from a USB thumb drive;

Never type in a password directly, “the Chinese are very good at installing key-logging software on your laptop.”

The article can be found @ http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html?pagewanted=all

Brent Huston closed with:

Any electronic items they do take on the road with them should be current on patches, AV signatures and detection capabilities. All data, drives, systems, etc. should be strongly encrypted when possible to do so (Pay special attention to export restrictions on crypto depending on where they are going.) Also, turn and burn EVERYTHING when they come back. Treat all media and data obtained during the travel as suspicious or malicious in nature. Trojans of data and documents are common (and usually they scan as clean with common tools). This is especially true for high value targets and critical infrastructure clients. Trust us! Safe travels! 

李侃如的中國旅遊規則

(Lieberthal’s China Travel Rules)


ØCellphone and laptop home brings “loaner” devices, erased before he leaves home country & wiped clean immediately upon returns;
ØIn China, disable Bluetooth Wi-Fi, phone never out of his sight;
ØIn meetings, not only turn off his phone but also remove batterymicrophone could be turned on remotely;
ØConnect to the Internet only via encrypted, password-protected channel, copies & pastes his password from a USB thumb drive;
ØNever types in a password directly, “the Chinese are very good at installing key-logging software on your laptop.”

Global Cyber Threat Intelligence…Holy Crap All This on a Monday…?!

Posted on by
1

Good morning Folks..Global Cyber Threat Intelligence…Holy Crap All This on a Monday…?! All this and a bag of chips…

People’s Republic of China’s digitalized troops begin to take shape
http://english.peopledaily.com.cn/90786/8245879.html

What to Expect June 4, People’s Republic of China’s Unofficial and Orwellian ‘Internet Maintenance Day’
http://www.techinasia.com/june-4-china-unofficial-orwellian-internet-maintenance-day/

People’s Republic of China’s Government is Stifling Tech Innovation and Prolonging Social Problems
http://www.techinasia.com/chinas-government-stifling-tech-innovation-prolonging-social-problems/

Raspberry Pi: Beating the Censorship of The People’s Republic of China’s Great Firewall
http://www.techinasia.com/censorship-china-great-firewall-raspberry-pi/

US & People’s Republic of China to discuss cybersecurity at high-level diplomatic meetings
United States is next target of OP Middle Kingdom…colonization by the People’s Republic of China….
http://www.guardian.co.uk/world/2013/jun/02/us-china-cybersecurity-hacking-espionage-meetings

US Sec Def Chuck Hagel accuses People’s Republic of China of ‘cyber intrusions’ on US
Didn’t Hagel get the memo from POTUS…?
http://www.telegraph.co.uk/news/worldnews/asia/china/10092909/Chuck-Hagel-accuses-China-of-cyber-intrusions-on-US.html

What happens when People’s Republic of China hacks U.S. weapons designs?
http://killerapps.foreignpolicy.com/posts/2013/05/31/what_happens_when_china_hacks_us_weapons_designs

People’s Republic of China, US agree to talks on cyber theft and espionage
http://www.theage.com.au/it-pro/security-it/china-us-agree-to-talks-on-cyber-theft-and-espionage-20130602-2nk06.html

Hackers Are Spying On You: Inside the World of Digital Espionage
http://www.thedailybeast.com/newsweek/2013/05/29/hackers-are-spying-on-you-inside-the-world-of-digital-espionage.html

Hagel says Chinese cyberattacks a “growing threat” People’s Republic of China |
http://www.homelandsecuritynewswire.com/dr20130603-hagel-says-chinese-cyberattacks-a-growing-threat

US Cyber Chief: Military Is Unprepared for Hacking
http://thediplomat.com/the-editor/2013/05/31/us-cyber-chief-military-is-unprepared-for-hacking/?

Government-developed standards not an effective cybersecurity approach..Hire the People’s Republic of China
http://www.homelandsecuritynewswire.com/dr20130602-governmentdeveloped-standards-not-an-effective-cybersecurity-approach-analyst

Why the US needs People’s Republic of China’s Huawei more than Huawei needs the US
http://gigaom.com/2013/05/31/why-the-us-needs-huawei-more-than-huawei-needs-the-us/

Australian Defence electronics manufacturer hacked by Chinese
http://www.manmonthly.com.au/features/defence-electronics-manufacturer-hacked-by-chinese

If Britain wants greater prosperity, we need to look East to People’s Republic of China
United Kingdom colonization by People’s Republic of China is now complete…OP Middle Kingdom
http://www.telegraph.co.uk/news/worldnews/asia/china/10092754/If-Britain-wants-greater-prosperity-we-need-to-look-East-to-China.html

Kuwait Commercial and government enterprise market key to Huawei’s growth in 2013 | Huawei Technologies
http://www.ameinfo.com/kuwait-commercial-government-enterprise-market-key-344164

Los Alamos director: cyber-securing U.S. electrical grid key to energy security
http://www.homelandsecuritynewswire.com/dr20130602-los-alamos-director-cybersecuring-u-s-electrical-grid-key-to-energy-security

An Elizabethan Cyberwar
http://www.nytimes.com/2013/06/01/opinion/an-elizabethan-cyberwar.html?src=recg

A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 | Atlantic Council
http://www.acus.org/afiercedomain

U.S. & People’s Republic of China to Hold Regular Talks on Hacking
http://www.nytimes.com/2013/06/02/world/asia/us-and-china-to-hold-talks-on-hacking.html?src=recg

People’s Republic of China Rapidly Taking Over World Economically
http://www.newsmax.com/Newsfront/chine-buying-corporations-economic/2013/06/02/id/507585

People’s Republic of China Reaps Biggest Benefits of Iraq Oil Boom
http://www.nytimes.com/2013/06/03/world/middleeast/china-reaps-biggest-benefits-of-iraq-oil-boom.html?

People’s Republic of China And The Biggest Territory Grab Since World War II
http://www.forbes.com/sites/gordonchang/2013/06/02/china-and-the-biggest-territory-grab-since-world-war-ii/

People’s Republic of China’s Economic Empire
http://www.nytimes.com/2013/06/02/opinion/sunday/chinas-economic-empire.html?_r=2&pagewanted=all

How to Play Well With People’s Republic of China
http://www.nytimes.com/2013/06/02/opinion/sunday/how-to-play-well-with-china.html?_r=0&smid=tw-share&pagewanted=all

China Voice: Pentagon report deviates from building trust – People’s Daily Online
http://english.peopledaily.com.cn/90786/8237325.html

People’s Republic of China skeptical of expanded US role in the Pacific
http://www.apnewsarchive.com/2013/China-questions-expanded-US-role-in-the-Pacific;-Hagel-warns-Beijing-on-computer-based-attacks/id-526b8c8f680443d9ac415836133521be

Chinese navy begins US economic zone patrols – FT.com
US Navy Admiral Samual Locklear says”It is ok the PLAN is patrolling, we encourage them to do that, especially since we are not under he OSD Sequester and have US Marines aboard our flat bottom amphibs”….
http://www.ft.com/intl/cms/s/0/02ce257e-cb4a-11e2-8ff3-00144feab7de.html

Chinese general reveals ‘strategy’ for Panatag takeover
Major General Zhang Zhaozhong reflects on US Navy Admiral Samual Locklear comments “It is ok the PLAN is patrolling, we encourage them to do that, especially since we are not under he OSD Sequester and have US Marines aboard our flat bottom amphibs”….
http://www.philstar.com/headlines/2013/05/31/948591/chinese-general-reveals-strategy-panatag-takeover?

People’s Republic of China accused the U.S. of interfering in China’s internal affairs by the June incident
中国指责美国借六四事件干涉中国内政 – 中国数字时代
https://kexueshangwang.info/chinese/2013/06/bbc-中国指责美国借六四事件干涉中国内政/?

People’s Republic of China’s Ministry of Truth: Japan-Africa, South China Sea – China Digital Times (CDT)

Ministry of Truth: Japan-Africa, South China Sea

People’s Republic of China warns U.N. against ‘irresponsible remarks’ on North Koreans | Reuters
http://uk.reuters.com/article/2013/06/03/uk-korea-north-china-idUKBRE9520AB20130603

China-North Korea Dossier No. 2: “China’s ‘Measure of Reserve’ toward Succession”

China-North Korea Dossier No. 2: “China’s ‘Measure of Reserve’ toward Succession”

Hacking the Drone War’s Secret History
http://www.wired.com/dangerroom/2013/05/drone-api/

Hackers Spawn Web Supercomputer on Way to Chess World Record
http://www.wired.com/wiredenterprise/2013/06/43651/

USSR’s old domain name attracts cybercriminals
http://news.yahoo.com/ussrs-old-domain-name-attracts-cybercriminals-070143935.html

U.S. Targets Iran’s Petrochemical Industry
http://www.nytimes.com/2013/06/01/world/middleeast/us-targets-irans-petrochemical-industry.html?src=recg

Iran prepared to counter US cyber threats: Lawmaker
http://www.presstv.ir/detail/2013/06/01/306540/iran-ready-to-counter-us-cyber-threats/

Marine Corps prepares to cut cord on NMCI…NON MISSION CAPABLE INTERNET…
http://www.federalnewsradio.com/412/3342421/Marine-Corps-prepares-to-cut-cord-on-NMCI

Back to the Basics: Chess, Poker & the Future of Warfare
http://smallwarsjournal.com/jrnl/art/back-to-the-basics-chess-poker-the-future-of-warfare

Interpol filter scope creep: ASIC ordering unilateral website blocks

Interpol filter scope creep: ASIC ordering unilateral website blocks


Anticipating Cyber Threats Beyond APT
http://blog.zeltser.com/post/50497161014/anticipating-cyber-threats-beyond-apt

Semper Fi,

謝謝

紅龍

Cyber Threat SA for Thursday from Abu Dhabi…

Posted on by
Reply

Good morning from Abu Dhabi, United Arab Emirates…

Here are the latest cyber threat intelligence notes you need to be aware of…enjoy!

People’s Republic of China says it is opposed to all forms of hacking

http://www.news-journalonline.com/article/20130529/API/1305290639

People’s Republic of China’s military to drill on digitalized forces – Xinhua |

http://news.xinhuanet.com/english/china/2013-05/29/c_132415053.htm

Chinese hackers have access to major US weapons designs, report says

http://www.scmp.com/news/china/article/1248077/chinese-hackers-stole-plans-australian-spy-headquarters-says-report

People’s Republic of China’s Huawei all governments hack secret data using their kit –

http://phys.org/news/2013-05-hack-secret-huawei.html

U.S., Australia reports allege new spying by People’s Republic of China hackers –

http://www.cbc.ca/news/technology/story/2013/05/28/australia-china-hacking.html?cmp=rss

Australia: People’s Republic of China spy agency hack claims ‘will not hit ties’ – Hack claims over Australia spy HQ

http://www.bbc.co.uk/news/world-asia-22685332

Spy claim no threat to People’s Republic of China ties: Foreign Minister Carr

http://news.smh.com.au/breaking-news-national/spy-claim-no-threat-to-china-ties-carr-20130528-2n87j.html

Australian spy HQ plans stolen by Chinese hackers: report

http://www.reuters.com/article/2013/05/28/us-australia-hacking-idUSBRE94R02A20130528

REPORT: Chinese Hackers Stole Plans For Dozens Of Critical US Weapons Systems

http://newsle.com/article/0/76807927/

Researchers uncover new global cyberespionage operation dubbed Safe

http://www.pcworld.com/article/2039011/researchers-uncover-new-global-cyberespionage-operation-dubbed-safenet.html

Cyber Attack on Norway’s Telenor was part of large cyberespionage operation with Indian origins, report says

http://www.pcworld.com/article/2039257/attack-on-telenor-was-part-of-large-cyberespionage-operation-with-indian-origins-report-says.html

US accuses Iran of hacking energy companies

http://www.itproportal.com/2013/05/24/us-accuses-iran-hacking-energy-companies/

Semper Fi,

謝謝

紅龍

Day Three Homeland Security Summit Middle East…Cyber Threat Intelligence SA You Need To Know….

Posted on by
2

Good morning from Abu Dhabi – yes I know it is Zero Dark Thirty here… thank you my Australian friends for pointing that out…

The restless, passionate and wicked never sleep…

Nonetheless, here is the latest Cyber Threat Intelligence you need to be aware of…

This one is my favorite! IN fact this is a very well written article…

Chinese Cyber Espionage: Don’t Believe the Hype


http://securitywatch.pcmag.com/security/311911-chinese-cyber-espionage-don-t-believe-the-hype

Of course, then this list of compromised US Military technology is also hype, isn’t?

The following is reproduced from the nonpublic version of the Defense Science Board report “Resilient Military Systems and the Advanced Cyber Threat” as posted originally by the Washington Post:

Table 2.2 Expanded partial list of DoD system designs and technologies compromised via cyber exploitation

SYSTEM DESIGNS

Terminal High Altitude Area Defense

Patriot Advanced Capability-3

Extended Area Protection and Survivability System (EAPS)

F-35

V-22

C-17

Hawklink

Advanced Harpoon Weapon Control System

Tanker Conversions

Long-term Mine Reconnaissance System

Global Hawk

Navy antenna mechanisms

Global Freight Management System

Micro Air Vehicle

Brigade Combat Team Modernization

Aegis Ballistic Missile Defense System

USMC Tracked Combat Vehicles

Warfighter Information Network-Tactical (WIN-T)

T700 Family of Engines

Full Authority Digital Engine Controller (FADEC)

UH-60 Black Hawk

AMRAAM (AIM-120 Advanced Medium-Range Air-to-Air Missile)

Affordable Weapons System

Littoral Combat Ship

Navy Standard Missile (SM-2,3,6)

P-8A/Multi-Mission Aircraft

F/A and EA-18

RC-135 Detect./Collect.

Mk54 Light Weight Torpedo

TECHNOLOGIES

Directed Energy

UAV video system

Specific Emitter identification

Nanotechnology

Dual Use Avionics

Fuze/Munitions safety and development

Electronic Intelligence Processing

Tactical Data Links

Satellite Communications

Electronic Warfare

Advanced Signal Processing Technologies for Radars

Nanostructured Metal Matrix Composite for Light Weight Ballistic Armor

Vision-aided Urban Navigation & Collision Avoidance for Class I Unmanned Air Vehicles (UAV)

Space Surveillance Telescope

Materials/processing technologies

IR Search and Track systems

Electronic Warfare systems

Electromagnetic Aircraft Launch

Rail Gun

Side Scan sonar

Mode 5 IFF

Export Control, ITAR, Distribution Statement B,C,D Technical Information

CAD drawings, 3D models, schematics

Software code

Critical technology

Vendor/supply chain data

Technical manuals

PII (email addresses, SSN, credit card numbers, passwords, etc.)

Attendee lists for program reviews and meetings

Indeed – don’t believe the hype, these are not the Chinese Hackers you are looking for…they already took your data! 🙂

Chinese vice premier, military leader meet US nat’l security adviser


http://english.peopledaily.com.cn/90883/8261728.html

China demonstrates defence determination to US: ministry


http://english.peopledaily.com.cn/90786/8223335.html

People’s Republic of Hacking: Chinese hackers ‘access sensitive US weapons systems’


http://www.telegraph.co.uk/news/worldnews/asia/china/10083296/Chinese-hackers-access-sensitive-US-weapons-systems.html

Russia Uses ‘Single Register’ Law To Selectively Block Internet Content


http://www.infosecurity-magazine.com/blog/2013/5/22/russia-uses-single-register-law-to-selectively-block-internet-content/905.aspx

Semper Fi,

謝謝

紅龍