People’s Republic of Hacking…Latest Cyber Threat SA…

Posted on June 5, 2013 by Bill Hagestad

Good day folks, here’s the most current People’s Republic of Hacking…Latest Cyber Threat SA…

People’s Republic of Hacking: Chinese Hackers Behind ‘NetTraveller’ Global Cyber Surveillance

http://www.techweekeurope.co.uk/news/chinese-hackers-nettraveller-global-cyber-surveillance-118140?

People’s Republic of China has ‘mountains of data’ about U.S. cyber attacks: official

http://www.reuters.com/article/2013/06/05/us-china-usa-hacking-idUSBRE95404L20130605

People’s Republic of China is victim of hacking attacks – People’s Daily Online
Incredible Infographic about the People’s Republic of China as a victim of hacking….

http://english.peopledaily.com.cn/90883/8271052.html

How the People’s Republic of China’s ZTE is winning the US market – People’s Daily Online

http://english.peopledaily.com.cn/90778/8270807.html

Global IT and techno-jingoism – People’s Daily Online

http://english.peopledaily.com.cn/90778/8270803.html

This week Barack Obama must avoid the start of a cold war with People’s Republic of China
Guess no one told the Guardian that the Cold War with the People’s Republic of China started months ago…

http://www.guardian.co.uk/commentisfree/2013/jun/05/obama-china-superpower-decline

Shaming Chinese hackers won’t work because cyber-espionage is here to stay

http://www.guardian.co.uk/commentisfree/2013/may/30/china-hacking-cyber-espionage-obama?INTCMP=ILCNETTXT3487

People’s Republic of Siamese Copycats: Lei Jun Builds His Xiaomi Empire by Aping Apple and Steve Jobs

http://www.nytimes.com/2013/06/05/business/global/in-china-an-empire-built-by-aping-apple.html?partner=rssnyt&emc=rss&_r=0&pagewanted=all

People’s Republic of Hacking: Cyber-attacks likely to take centre stage when Obama and Xi meet in California

http://www.guardian.co.uk/world/2013/jun/04/obama-xi-cyberattacks-california-summit

Michelle Obama ‘snubs’ China’s first lady

http://www.telegraph.co.uk/news/worldnews/michelle-obama/10100017/Michelle-Obama-snubs-Chinas-first-lady.html

Cyber Command Redefines the Art | SIGNAL Magazine

http://www.afcea.org/content/?q=node%2F11117

Enjoy –

Semper Fi,

謝謝
紅龍

International Cyber Threat Situational Awareness…

Posted on June 4, 2013 by Bill Hagestad

Good morning Folks;

Here is a very comprehensive list of the latest International Cyber Threat Situational Awareness…

Silicon Valley at front line of global cyber-war…People’s Republic of China dominates US

http://gadgets.ndtv.com/internet/news/silicon-valley-at-front-line-of-global-cyber-war-375258

China’s military to drill on digitalized forces – Xinhua | English.news.cn

http://news.xinhuanet.com/english/china/2013-05/29/c_132415053.htm

OP Middle Kingdom: PLA joint cyberwarfare drill to show new strength and sophistication
The People’s Liberation Army will conduct its first joint combat drills involving cyberwarfare, special troops, army aviation and electronic countermeasures units next month to test the integration and co-ordination of its land and air forces, state media reported yesterday.

http://asitimes.blogspot.com/2013/05/pla-joint-cyberwarfare-drill-to-show.html

People’s Republic of China Developing ‘Digital’ Military Forces

http://www.thetelecomblog.com/2013/05/30/china-developing-digital-military-forces/

PLA joint cyberwarfare drill to show new strength and sophistication

http://www.scmp.com/news/china/article/1249255/pla-prepares-massive-drill-show-its-new-strength-and-sophistication

Chinese army to include digital forces in June military drill
The drill will be carried out in late June at the Zhurihe training base in North China’s Inner Mongolia autonomous region, which is the country’s largest military field, it said. Forces from the Beijing Military Area Command, as well as eight military academics will be participating.

http://www.zdnet.com/cn/chinese-army-to-include-digital-forces-in-june-military-drill-7000016008/

People’s Republic of China Doesn’t Care if Its ‘Digitalized’ Military Cyberwar Drill Scares You

http://www.theatlanticwire.com/technology/2013/05/china-cyberwar-drill/65678/

People’s Republic of China army to conduct first digital exercise

http://www.reuters.com/article/2013/05/29/us-china-defence-idUSBRE94S03O20130529

People’s Republic of China army to conduct first “digital” exercise

http://news.yahoo.com/china-army-conduct-first-digital-exercise-022542367.html

People’s Republic of China’s Huawei Denies Involvement in US Cyber-Attacks

http://www.thetelecomblog.com/2013/05/10/huawei-denies-involvement-in-us-cyber-attacks/

People’s Republic of China’s Huawei Security Chief: We Are the Most “Poked” Company in the World

http://news.softpedia.com/news/Huawei-Security-Chief-We-Are-the-Most-Poked-Company-in-the-World-356340.shtml

People’s Republic of China Denies Stealing New ASIO Headquarters Plans
Chinese military spokeswoman says ” we have already colonized Australia, why would we steal anything?”

http://news.softpedia.com/news/China-Denies-Stealing-New-ASIO-Headquarter-Plans-356487.shtml

People’s Republic of China’s digitalized troops begin to take shape – People’s Daily

http://english.peopledaily.com.cn/90786/8245879.html

People’s Republic of China willing to hold dialogues with U.S. on cyber security – People’s Daily

http://english.peopledaily.com.cn/90786/8269498.html

People’s Republic of China’s Doublethink on the Law of the Sea

http://thediplomat.com/the-naval-diplomat/2013/06/05/chinas-doublethink-on-the-law-of-the-sea/?

Tiananmen Square online searches censored by Chinese authorities

http://www.guardian.co.uk/world/2013/jun/04/tiananmen-square-online-search-censored

People’s Republic of China signals hunger for Arctic’s mineral riches
Operation Middle Kingdom focuses on further colonization of Iceland and eventually most of Scandinavia including Norway….

http://www.guardian.co.uk/environment/2013/jun/04/china-arctics-mineral-riches

Xi Jinping’s Chinese Dream
People’s Republic of China’s President Xi Jinping decsribes Operation Middle Kingdom as the reformist/nationalist view aka The Chinese Dream

http://www.nytimes.com/2013/06/05/opinion/global/xi-jinpings-chinese-dream.html?partner=rssnyt&emc=rss&_r=0&pagewanted=all

Soft Power? The People’s Republic of China Has Plenty
Great article defining Operation Middle Kingdom and the colonization of Australia, British Isles and Canada….

http://thediplomat.com/2013/06/04/soft-power-china-has-plenty/?all=true

TAIWAN: President Ma takes part in computerized war games

http://www.chinapost.com.tw/taiwan/national/national-news/2013/05/29/379836/President-Ma.htm

Commentary: People’s Republic of China should publish report on U.S. military power – People’s Daily

http://english.peopledaily.com.cn/90786/8244270.html

People’s Republic of China, Canada sign initiative on military cooperation – People’s Daily
OP Middle Kingdom – the People’s Republic of China now successful in adding Canada as the latest country to be colonized…United Kingdom and Australia have already initiated mandatory “Learn Chinese” courses…

http://english.peopledaily.com.cn/90786/8269530.html

Chinese defense minister meets Canadian Minister of National Defence – People’s Daily

http://english.peopledaily.com.cn/90786/8268981.html

Intellectual property theft detection is the best prevention

http://www.scmagazineuk.com/intellectual-property-theft–detection-is-the-best-prevention/article/295643/

IT security: M&A transactions are a different matter

http://www.scmagazineuk.com/it-security-ma-transactions-are-a-different-matter/article/295689/

American Gets Targeted by Digital Spy Tool Sold to Foreign Governments

http://www.wired.com/threatlevel/2013/06/spy-tool-sold-to-governments/

Google believes zero-day vulnerabilities should be responded to within a week

http://www.scmagazineuk.com/google-believes-zero-day-vulnerabilities-should-be-responded-to-within-a-week/article/295641/

DEFEATING INTERNET BLOCKING WITH LAHANA VPN-TOR BRIDGE

http://threatpost.com/defeating-internet-blocking-with-lahana-vpn-tor-bridge/

Microsoft to offer threat data in ‘near real-time’ to Certs and ISPs

http://www.scmagazineuk.com/microsoft-to-offer-threat-data-in-near-real-time-to-certs-and-isps/article/295448/

Semper Fi,

謝謝
紅龍

Ask the Experts: Travel Abroad with Electronics

Posted on June 4, 2013 by Brent Huston

This time around, a reader wrote in with a very common question:

Q: “A member of my management team is about to go on a business trip to a country with known cyber-spying capabilities. She wants to take her phone, tablet and laptop so she can be productive on the road. What can I do to make this safer for her and our organization without restricting her work capability on the road in an unreasonable manner?”

Adam Hostetler opened with:

The standard here is don’t bring anything electronic, if you can help it. In most cases, that’s not probable so don’t bring your normal personal phones or laptops, no smartphone at all is advisable. Bring loaner devices that have only exactly what they need and can be burned when they get back. Only connect through a VPN, and have that account monitored on the other end. Don’t leave phone or laptop in a hotel room, even in the safe, and don’t talk business there either.

Jim Klun added:

There is likely no way to do this without restricting – or at least significantly changing – the way she works.

It has to be assumed that any information on her personal devices will be compromised.
It also can be assumed that any information flowing between her devices and the outside world will be compromised.

I would recommend two things:

1. Take only what you can afford to lose. Communicate only what you can afford to lose.

        So – take a small number of devices (e.g. phone, laptop) minimally configured with only that information absolutely required for this trip.
        Better to have corporate staff respond to email requests from her rather than to allow access to critical corporate resources from suspect location.
        If internal connectivity to corporate resources must be allowed ( e.g VPN) it should be ideally require 2-factor auth of some sort, use strong encryption, and grant access only to a limited subset of resources.
        All credentials can be assumed to be lost – hence the utility of two-factor. All of the employees credentials should be changed on return.

All devices brought back should be assumed to be compromised and will need complete re-imaging.

2. Consider creating “go-kits” and well-defined repeatable processes for employees who travel to such locations.

     A special set of devices ( laptop, phone, etc) that are minimally configured and can be wiped on return. No personally owned devices should be allowed.
     Connectivity for those devices – if absolutely needed – that allows access only to a tightly restricted and monitored subset of internal corporate resources.
     Most importantly – training for employees who make these trips. The employee must understand the special risks being incurred and be aware of their responsibility to protect the company and the companies existing customers.
      As above – all of the employees credentials should be changed on return.

Bill Hagestad summed it up with this:

This one is near and dear to my heart…I call these rules of counter cyber espionage the 李侃如的中國旅遊規則 (Lieberthal’s China Travel Rules)

Cellphone and laptop @ home brings “loaner” devices, erased before he leaves home country & wiped clean immediately upon returns;

In China, disable Bluetooth & Wi-Fi, phone never out of his sight;

In meetings, not only turn off his phone but also remove battery, microphone could be turned on remotely;

Connect to the Internet only via encrypted, password-protected channel, copies & pastes his password from a USB thumb drive;

Never type in a password directly, “the Chinese are very good at installing key-logging software on your laptop.”

The article can be found @ http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html?pagewanted=all

Brent Huston closed with:

Any electronic items they do take on the road with them should be current on patches, AV signatures and detection capabilities. All data, drives, systems, etc. should be strongly encrypted when possible to do so (Pay special attention to export restrictions on crypto depending on where they are going.) Also, turn and burn EVERYTHING when they come back. Treat all media and data obtained during the travel as suspicious or malicious in nature. Trojans of data and documents are common (and usually they scan as clean with common tools). This is especially true for high value targets and critical infrastructure clients. Trust us! Safe travels!

李侃如的中國旅遊規則

(Lieberthal’s China Travel Rules)

ØCellphone and laptop @ home brings “loaner” devices, erased before he leaves home country & wiped clean immediately upon returns;

ØIn China, disable Bluetooth & Wi-Fi, phone never out of his sight;

ØIn meetings, not only turn off his phone but also remove battery, microphone could be turned on remotely;

ØConnect to the Internet only via encrypted, password-protected channel, copies & pastes his password from a USB thumb drive;

ØNever types in a password directly, “the Chinese are very good at installing key-logging software on your laptop.”

The article can be found @ http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html?pagewanted=all

Global Cyber Threat Intelligence…Holy Crap All This on a Monday…?!

Posted on June 3, 2013 by Bill Hagestad

Good morning Folks..Global Cyber Threat Intelligence…Holy Crap All This on a Monday…?! All this and a bag of chips…

People’s Republic of China’s digitalized troops begin to take shape
http://english.peopledaily.com.cn/90786/8245879.html

What to Expect June 4, People’s Republic of China’s Unofficial and Orwellian ‘Internet Maintenance Day’
http://www.techinasia.com/june-4-china-unofficial-orwellian-internet-maintenance-day/

People’s Republic of China’s Government is Stifling Tech Innovation and Prolonging Social Problems
http://www.techinasia.com/chinas-government-stifling-tech-innovation-prolonging-social-problems/

Raspberry Pi: Beating the Censorship of The People’s Republic of China’s Great Firewall
http://www.techinasia.com/censorship-china-great-firewall-raspberry-pi/

US & People’s Republic of China to discuss cybersecurity at high-level diplomatic meetings
United States is next target of OP Middle Kingdom…colonization by the People’s Republic of China….
http://www.guardian.co.uk/world/2013/jun/02/us-china-cybersecurity-hacking-espionage-meetings

US Sec Def Chuck Hagel accuses People’s Republic of China of ‘cyber intrusions’ on US
Didn’t Hagel get the memo from POTUS…?
http://www.telegraph.co.uk/news/worldnews/asia/china/10092909/Chuck-Hagel-accuses-China-of-cyber-intrusions-on-US.html

What happens when People’s Republic of China hacks U.S. weapons designs?
http://killerapps.foreignpolicy.com/posts/2013/05/31/what_happens_when_china_hacks_us_weapons_designs

People’s Republic of China, US agree to talks on cyber theft and espionage
http://www.theage.com.au/it-pro/security-it/china-us-agree-to-talks-on-cyber-theft-and-espionage-20130602-2nk06.html

Hackers Are Spying On You: Inside the World of Digital Espionage
http://www.thedailybeast.com/newsweek/2013/05/29/hackers-are-spying-on-you-inside-the-world-of-digital-espionage.html

Hagel says Chinese cyberattacks a “growing threat” People’s Republic of China |
http://www.homelandsecuritynewswire.com/dr20130603-hagel-says-chinese-cyberattacks-a-growing-threat

US Cyber Chief: Military Is Unprepared for Hacking
http://thediplomat.com/the-editor/2013/05/31/us-cyber-chief-military-is-unprepared-for-hacking/?

Government-developed standards not an effective cybersecurity approach..Hire the People’s Republic of China
http://www.homelandsecuritynewswire.com/dr20130602-governmentdeveloped-standards-not-an-effective-cybersecurity-approach-analyst

Why the US needs People’s Republic of China’s Huawei more than Huawei needs the US
http://gigaom.com/2013/05/31/why-the-us-needs-huawei-more-than-huawei-needs-the-us/

Australian Defence electronics manufacturer hacked by Chinese
http://www.manmonthly.com.au/features/defence-electronics-manufacturer-hacked-by-chinese

If Britain wants greater prosperity, we need to look East to People’s Republic of China
United Kingdom colonization by People’s Republic of China is now complete…OP Middle Kingdom
http://www.telegraph.co.uk/news/worldnews/asia/china/10092754/If-Britain-wants-greater-prosperity-we-need-to-look-East-to-China.html

Kuwait Commercial and government enterprise market key to Huawei’s growth in 2013 | Huawei Technologies
http://www.ameinfo.com/kuwait-commercial-government-enterprise-market-key-344164

Los Alamos director: cyber-securing U.S. electrical grid key to energy security
http://www.homelandsecuritynewswire.com/dr20130602-los-alamos-director-cybersecuring-u-s-electrical-grid-key-to-energy-security

An Elizabethan Cyberwar
http://www.nytimes.com/2013/06/01/opinion/an-elizabethan-cyberwar.html?src=recg

A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 | Atlantic Council
http://www.acus.org/afiercedomain

U.S. & People’s Republic of China to Hold Regular Talks on Hacking
http://www.nytimes.com/2013/06/02/world/asia/us-and-china-to-hold-talks-on-hacking.html?src=recg

People’s Republic of China Rapidly Taking Over World Economically
http://www.newsmax.com/Newsfront/chine-buying-corporations-economic/2013/06/02/id/507585

People’s Republic of China Reaps Biggest Benefits of Iraq Oil Boom
http://www.nytimes.com/2013/06/03/world/middleeast/china-reaps-biggest-benefits-of-iraq-oil-boom.html?

People’s Republic of China And The Biggest Territory Grab Since World War II
http://www.forbes.com/sites/gordonchang/2013/06/02/china-and-the-biggest-territory-grab-since-world-war-ii/

People’s Republic of China’s Economic Empire
http://www.nytimes.com/2013/06/02/opinion/sunday/chinas-economic-empire.html?_r=2&pagewanted=all

How to Play Well With People’s Republic of China
http://www.nytimes.com/2013/06/02/opinion/sunday/how-to-play-well-with-china.html?_r=0&smid=tw-share&pagewanted=all

China Voice: Pentagon report deviates from building trust – People’s Daily Online
http://english.peopledaily.com.cn/90786/8237325.html

People’s Republic of China skeptical of expanded US role in the Pacific
http://www.apnewsarchive.com/2013/China-questions-expanded-US-role-in-the-Pacific;-Hagel-warns-Beijing-on-computer-based-attacks/id-526b8c8f680443d9ac415836133521be

Chinese navy begins US economic zone patrols – FT.com
US Navy Admiral Samual Locklear says”It is ok the PLAN is patrolling, we encourage them to do that, especially since we are not under he OSD Sequester and have US Marines aboard our flat bottom amphibs”….
http://www.ft.com/intl/cms/s/0/02ce257e-cb4a-11e2-8ff3-00144feab7de.html

Chinese general reveals ‘strategy’ for Panatag takeover
Major General Zhang Zhaozhong reflects on US Navy Admiral Samual Locklear comments “It is ok the PLAN is patrolling, we encourage them to do that, especially since we are not under he OSD Sequester and have US Marines aboard our flat bottom amphibs”….
http://www.philstar.com/headlines/2013/05/31/948591/chinese-general-reveals-strategy-panatag-takeover?

People’s Republic of China accused the U.S. of interfering in China’s internal affairs by the June incident
中国指责美国借六四事件干涉中国内政 – 中国数字时代
https://kexueshangwang.info/chinese/2013/06/bbc-中国指责美国借六四事件干涉中国内政/?

People’s Republic of China’s Ministry of Truth: Japan-Africa, South China Sea – China Digital Times (CDT)

Ministry of Truth: Japan-Africa, South China Sea

People’s Republic of China warns U.N. against ‘irresponsible remarks’ on North Koreans | Reuters
http://uk.reuters.com/article/2013/06/03/uk-korea-north-china-idUKBRE9520AB20130603

China-North Korea Dossier No. 2: “China’s ‘Measure of Reserve’ toward Succession”

China-North Korea Dossier No. 2: “China’s ‘Measure of Reserve’ toward Succession”

Hacking the Drone War’s Secret History
http://www.wired.com/dangerroom/2013/05/drone-api/

Hackers Spawn Web Supercomputer on Way to Chess World Record
http://www.wired.com/wiredenterprise/2013/06/43651/

USSR’s old domain name attracts cybercriminals
http://news.yahoo.com/ussrs-old-domain-name-attracts-cybercriminals-070143935.html

U.S. Targets Iran’s Petrochemical Industry
http://www.nytimes.com/2013/06/01/world/middleeast/us-targets-irans-petrochemical-industry.html?src=recg

Iran prepared to counter US cyber threats: Lawmaker
http://www.presstv.ir/detail/2013/06/01/306540/iran-ready-to-counter-us-cyber-threats/

Marine Corps prepares to cut cord on NMCI…NON MISSION CAPABLE INTERNET…
http://www.federalnewsradio.com/412/3342421/Marine-Corps-prepares-to-cut-cord-on-NMCI

Back to the Basics: Chess, Poker & the Future of Warfare
http://smallwarsjournal.com/jrnl/art/back-to-the-basics-chess-poker-the-future-of-warfare

Interpol filter scope creep: ASIC ordering unilateral website blocks

Interpol filter scope creep: ASIC ordering unilateral website blocks

Anticipating Cyber Threats Beyond APT
http://blog.zeltser.com/post/50497161014/anticipating-cyber-threats-beyond-apt

Semper Fi,

謝謝

紅龍

Posted in Emerging Threats, General InfoSec, MicroSolved's Strategies & Tactics Talks, Red Dragon Rising, Threat Intelligence, Threat-Centric | Tagged ; People's Republic of Hacking, Counterintelligence, Islamic Republic of Iran, ISSA, People's Liberation Army, People's Republic of China, Red Dragon Rising | 1 Reply

Cyber Threat SA for Thursday from Abu Dhabi…

Posted on May 29, 2013 by Bill Hagestad

Reply

Tweet

Good morning from Abu Dhabi, United Arab Emirates…

Here are the latest cyber threat intelligence notes you need to be aware of…enjoy!

People’s Republic of China says it is opposed to all forms of hacking

http://www.news-journalonline.com/article/20130529/API/1305290639

People’s Republic of China’s military to drill on digitalized forces – Xinhua |

http://news.xinhuanet.com/english/china/2013-05/29/c_132415053.htm

Chinese hackers have access to major US weapons designs, report says

http://www.scmp.com/news/china/article/1248077/chinese-hackers-stole-plans-australian-spy-headquarters-says-report

People’s Republic of China’s Huawei all governments hack secret data using their kit –

http://phys.org/news/2013-05-hack-secret-huawei.html

U.S., Australia reports allege new spying by People’s Republic of China hackers –

http://www.cbc.ca/news/technology/story/2013/05/28/australia-china-hacking.html?cmp=rss

Australia: People’s Republic of China spy agency hack claims ‘will not hit ties’ – Hack claims over Australia spy HQ

http://www.bbc.co.uk/news/world-asia-22685332

Spy claim no threat to People’s Republic of China ties: Foreign Minister Carr

http://news.smh.com.au/breaking-news-national/spy-claim-no-threat-to-china-ties-carr-20130528-2n87j.html

Australian spy HQ plans stolen by Chinese hackers: report

http://www.reuters.com/article/2013/05/28/us-australia-hacking-idUSBRE94R02A20130528

REPORT: Chinese Hackers Stole Plans For Dozens Of Critical US Weapons Systems

http://newsle.com/article/0/76807927/

Researchers uncover new global cyberespionage operation dubbed Safe

http://www.pcworld.com/article/2039011/researchers-uncover-new-global-cyberespionage-operation-dubbed-safenet.html

Cyber Attack on Norway’s Telenor was part of large cyberespionage operation with Indian origins, report says

http://www.pcworld.com/article/2039257/attack-on-telenor-was-part-of-large-cyberespionage-operation-with-indian-origins-report-says.html

US accuses Iran of hacking energy companies

http://www.itproportal.com/2013/05/24/us-accuses-iran-hacking-energy-companies/

Semper Fi,

謝謝

紅龍

Posted in Information Security Training, Red Dragon Rising, Threat Intelligence, Threat-Centric | Tagged ; People's Republic of Hacking, Huawei, Islamic Republic of Iran, People's Liberation Army, People's Republic of China, Red Dragon Rising, Threat Modeling | Leave a reply

HoneyPoint Used to Confirm Skype URL Indexing

Posted on May 29, 2013 by Brent Huston

4

Tweet

Last week, several sources were talking about the indexing of URLs that happen inside supposedly secure and private Skype sessions. There was a bit of press about it and we thought it would be fun to test it out and easy to do with HoneyPoint Personal Edition. Here’s how we did it:

First, we stood up a HoneyPoint Personal Edition and dilated port 80 with a web listener. We configured it to look like a default under construction page on an IIS box. We then exposed it to the Internet.

In order to cut down on noise from scanning while we were testing, we decided we would use a target page in our test URL of vixennixie.htm, since scanners aren’t generally looking for that page, if we get scanned while we are testing, it won’t interfere with our data gathering and analysis.

Next, we created a Skype chat between to members of the team and made sure each of us was configured for full security.

Once this was confirmed, we passed the URL: http://target_ip/vixennixe.htm between us. The time was 1:13pm Eastern.

Then, we waited.

Lo and behold, we got this nearly 12 hours later:

2013-05-22 01:09:45 – HoneyPoint received a probe from 65.52.100.214 on port 80 Input: HEAD /vixennixie.htm HTTP/1.1 Host: target_ip Connection: Keep-Alive

A whois of 65.52.100.214 shows:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

#
# Query terms are ambiguous. The query is assumed to be:
# “n 65.52.100.214”
#
# Use “?” to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=65.52.100.214?showDetails=true&showARIN=false&ext=netref2
#

NetRange: 65.52.0.0 – 65.55.255.255
CIDR: 65.52.0.0/14
OriginAS:
NetName: MICROSOFT-1BLK
NetHandle: NET-65-52-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Assignment
RegDate: 2001-02-14
Updated: 2012-03-20
Ref: http://whois.arin.net/rest/net/NET-65-52-0-0-1

OrgName: Microsoft Corp
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2011-04-26
Ref: http://whois.arin.net/rest/org/MSFT

OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: noc@microsoft.com
OrgNOCRef: http://whois.arin.net/rest/poc/ZM23-ARIN

OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@microsoft.com
OrgTechRef: http://whois.arin.net/rest/poc/MSFTP-ARIN

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@hotmail.com
OrgAbuseRef: http://whois.arin.net/rest/poc/HOTMA-ARIN

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@hotmail.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE231-ARIN

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@msn.com
OrgAbuseRef: http://whois.arin.net/rest/poc/MSNAB-ARIN

RTechHandle: ZM23-ARIN
RTechName: Microsoft Corporation
RTechPhone: +1-425-882-8080
RTechEmail: noc@microsoft.com
RTechRef: http://whois.arin.net/rest/poc/ZM23-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

I’ll leave it to the reader to decide what they think about the data. You can draw your own conclusions. We just appreciated yet another use for HoneyPoint and a quick and dirty project to play with. Thanks for reading!

Posted in Announcements, End-user Focused, General InfoSec, HoneyPoint, Information Security Training, Projects, Testing Lab | Tagged HoneyPoint, privacy, research, skype | 4 Replies

Day Three Homeland Security Summit Middle East…Cyber Threat Intelligence SA You Need To Know….

Posted on May 28, 2013 by Bill Hagestad

2

Tweet

Good morning from Abu Dhabi – yes I know it is Zero Dark Thirty here… thank you my Australian friends for pointing that out…

The restless, passionate and wicked never sleep…

Nonetheless, here is the latest Cyber Threat Intelligence you need to be aware of…

This one is my favorite! IN fact this is a very well written article…

Chinese Cyber Espionage: Don’t Believe the Hype

http://securitywatch.pcmag.com/security/311911-chinese-cyber-espionage-don-t-believe-the-hype

Of course, then this list of compromised US Military technology is also hype, isn’t?

The following is reproduced from the nonpublic version of the Defense Science Board report “Resilient Military Systems and the Advanced Cyber Threat” as posted originally by the Washington Post:

Table 2.2 Expanded partial list of DoD system designs and technologies compromised via cyber exploitation

SYSTEM DESIGNS

Terminal High Altitude Area Defense

Patriot Advanced Capability-3

Extended Area Protection and Survivability System (EAPS)

F-35

V-22

C-17

Hawklink

Advanced Harpoon Weapon Control System

Tanker Conversions

Long-term Mine Reconnaissance System

Global Hawk

Navy antenna mechanisms

Global Freight Management System

Micro Air Vehicle

Brigade Combat Team Modernization

Aegis Ballistic Missile Defense System

USMC Tracked Combat Vehicles

Warfighter Information Network-Tactical (WIN-T)

T700 Family of Engines

Full Authority Digital Engine Controller (FADEC)

UH-60 Black Hawk

AMRAAM (AIM-120 Advanced Medium-Range Air-to-Air Missile)

Affordable Weapons System

Littoral Combat Ship

Navy Standard Missile (SM-2,3,6)

P-8A/Multi-Mission Aircraft

F/A and EA-18

RC-135 Detect./Collect.

Mk54 Light Weight Torpedo

TECHNOLOGIES

Directed Energy

UAV video system

Specific Emitter identification

Nanotechnology

Dual Use Avionics

Fuze/Munitions safety and development

Electronic Intelligence Processing

Tactical Data Links

Satellite Communications

Electronic Warfare

Advanced Signal Processing Technologies for Radars

Nanostructured Metal Matrix Composite for Light Weight Ballistic Armor

Vision-aided Urban Navigation & Collision Avoidance for Class I Unmanned Air Vehicles (UAV)

Space Surveillance Telescope

Materials/processing technologies

IR Search and Track systems

Electronic Warfare systems

Electromagnetic Aircraft Launch

Rail Gun

Side Scan sonar

Mode 5 IFF

Export Control, ITAR, Distribution Statement B,C,D Technical Information

CAD drawings, 3D models, schematics

Software code

Critical technology

Vendor/supply chain data

Technical manuals

PII (email addresses, SSN, credit card numbers, passwords, etc.)

Attendee lists for program reviews and meetings

Indeed – don’t believe the hype, these are not the Chinese Hackers you are looking for…they already took your data! 🙂

Chinese vice premier, military leader meet US nat’l security adviser

http://english.peopledaily.com.cn/90883/8261728.html

China demonstrates defence determination to US: ministry

http://english.peopledaily.com.cn/90786/8223335.html

People’s Republic of Hacking: Chinese hackers ‘access sensitive US weapons systems’

http://www.telegraph.co.uk/news/worldnews/asia/china/10083296/Chinese-hackers-access-sensitive-US-weapons-systems.html

Russia Uses ‘Single Register’ Law To Selectively Block Internet Content

http://www.infosecurity-magazine.com/blog/2013/5/22/russia-uses-single-register-law-to-selectively-block-internet-content/905.aspx

Semper Fi,

謝謝

紅龍

Posted in Emerging Threats, Information Security Training, Red Dragon Rising, Threat Intelligence, Threat-Centric | Tagged ; People's Republic of Hacking, OP Middle Kingom, Operation Middle Kingdom, People's Liberation Army, People's Republic of China, Red Dragon Rising, Threat Monitoring | 2 Replies

Cyber Threat SA from Abu Dhabi Homeland Security Summit Middle East

Posted on May 28, 2013 by Bill Hagestad

Reply

Tweet

Good day from Abu Dhabi, Additional Cyber Threat Situational Awareness @ the Homeland Security Summit Middle East –

People’s Republic of China High-ranking Military Spies Woo Australia Business Leaders

http://chinaview.wordpress.com/2013/05/26/china-high-ranking-military-spies-woo-australia-business-leaders/

Watch a Chinese “Cyber Espionage Unit” Steal Files from an American Hard Drive in Real-Time

See it @
http://motherboard.vice.com/read/watch-a-chinese-cyber-espionage-unit-steal-files-from-an-american-hard-drive

People’s Republic of China PLA’s “Department of Enemy Work” Reachs Out to Western Elites in Australia and US

http://chinaview.wordpress.com/2013/05/26/china-armys-department-of-enemy-work-reachs-out-to-western-elites-in-australia-and-us/

No Chrome, No Firefox: Why Chinese Online Banking Still Requires Internet Explorer

http://www.techinasia.com/chrome-firefox-chinese-online-banking-requires-internet-explorer/

People’s Republic of China’s Huawei: ‘trust us, we are being transparent’

http://www.theregister.co.uk/2013/05/28/huawei_trust_us_we_are_being_transparent/

People’s Republic of China’s Huawei’s Middle East Revenue Up 18% – ChinaTechNews.com –

http://www.chinatechnews.com/2013/05/28/19369-huaweis-middle-east-revenue-up-18

ASIO hack: Julia Gillard defends intelligence funding for spy agency after Four Corners report

http://www.abc.net.au/news/2013-05-28/gillard-defends-intelligence-funding-in-wake-of-asio-hack/4718166

People’s Republic of China dismisses Australian spy HQ hacking claims

http://www.guardian.co.uk/world/2013/may/28/china-asio-australian-spy-hq-hacking-claims

People’s Republic of China ‘hacked’ new Australian spy HQ | News | DW.DE | 28.05.2013

http://www.dw.de/china-hacked-new-australian-spy-hq/a-16841717?maca=en-rss-en-all-1573-xml-atom

Telecoms official: G20 could be platform for cybersecurity

http://www.euractiv.com/infosociety/huawei-cyber-chief-use-g20-platf-interview-528069?

Iran’s approaching vote brings receding Web access

http://www.sfgate.com/business/technology/article/Iran-s-approaching-vote-brings-receding-Web-access-4551232.php

New Computer Attacks Traced to Iran, Officials Say

http://www.nytimes.com/2013/05/25/world/middleeast/new-computer-attacks-come-from-iran-officials-say.html?

This Pentagon Project Makes Cyberwar as Easy as Angry Birds | Danger Room | Wired.com

http://www.wired.com/dangerroom/2013/05/pentagon-cyberwar-angry-birds/

Frustrated Chinese send complaints to White House website

http://www.guardian.co.uk/world/2013/may/28/chinese-complaints-white-house-website

Semper Fi,

謝謝

紅龍

Posted in Information Security Training, Red Dragon Rising, Threat Intelligence, Threat-Centric | Tagged ; People's Republic of Hacking, Islamic Republic of Iran, OP Middle Kingom, Operation Middle Kingdom, panda, People's Liberation Army, People's Republic of China, Project X, Red Dragon Rising, Threat Monitoring | Leave a reply

Cyber Situational Awareness stories from the International Cyber Front…yes folks Asymmetric Cyber Conflict

Posted on May 27, 2013 by Bill Hagestad

2

Tweet

Red Dragon Rising bids you a great morning from Abu Dhabi & the Middle East Homeland Security Summit.

Here are some of the latest Cyber Situational Awareness stories from the International front you need to know…

Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies

See the entire story @ http://www.washingtonpost.com/world/national-security/confidential-report-lists-us-weapons-system-designs-compromised-by-chinese-cyberspies/2013/05/27/a42c3e1c-c2dd-11e2-8c3b-0b5e9247e8ca_story.html

軍事行動古村 OP Middle Kingdom achieves objective of complete colonization of Australia…US scare tactics to keep Chinese business out

http://www.smh.com.au/it-pro/security-it/us-scare-tactics-to-keep-chinese-business-out-20130527-2n7lb.html

Premier Li : People’s Republic of China, Germany now economic ‘dream team’ OP Middle Kingdom continues…Colonization of Europe continues under OP Middle Kingdom…Germany acknowledges People’s Republic of China as the True Global Leader…

http://www.reuters.com/article/2013/05/27/us-china-germany-li-idUSBRE94Q0JZ20130527

OP Middle Kingdom (軍事行動古村) captures United Kingdom as the People’s Republic of China continues affirmative colonization of the United Kingdom…UK and Germany ‘oppose duties on People’s Republic of China duties’

http://www.bbc.co.uk/news/business-22684663

Tracing APT_163QQ Malware from the People’s Republic of China…Hong Kong

http://espionageware.blogspot.hk/

People’s Republic of China’s PLA: Electronic warfare unit in simulated offense-and-defense drill – People’s Daily Online

http://english.peopledaily.com.cn/90786/8253243.html

As Chinese Leader’s Visit Nears, United States Will Be Urged to Allow Retaliation Against Cyberattacks

http://www.nytimes.com/2013/05/22/world/asia/as-chinese-leaders-visit-nears-us-urged-to-allow-retaliation-for-cyberattacks.html?

Iranian Hackers targeting US oil, gas, and electric companies

http://thehackernews.com/2013/05/iranian-hackers-targeting-us-oil-gas.html

The U.S.-China Showdown Over Cyber Attacks Heats Up

http://www.businessweek.com/articles/2013-05-24/the-u-dot-s-dot-china-showdown-over-cyberhacking-heats-up

Strike Back If People’s Republic of China Steals IP, Companies Told —

http://www.informationweek.com/security/attacks/strike-back-if-china-steals-ip-companies/240155480

People’s Republic of China’s Coexistence Strategy and the Consequences for World Order

http://www.jamestown.org/programs/chinabrief/single/?tx_ttnews%5Btt_news%5D=40914&cHash=d8be948bc55dcb0d41788b4b876db5c6

Missile Defense with Chinese Characteristics

http://www.jamestown.org/programs/chinabrief/single/?tx_ttnews%5Btt_news%5D=40915&cHash=bd1dd683123a93c0ab390143b34d7a90

People’s Republic of China: Informatization Drives Expanded Scope of Public Security

http://www.jamestown.org/programs/chinabrief/single/?tx_ttnews%5Btt_news%5D=40721&cHash=f1a040999f18d83c1c56713807fc5e6f

A naval fleet of the Chinese People’s Liberation Army (PLA) on Monday passed through the Miyako Strait and entered the Western Pacific Ocean for a training mission

http://www.chinadaily.com.cn/china/2013-05/27/content_16537520.htm

Seriously? USA to legalize rootkits, spyware, ransomware and trojans to combat piracy?

http://blog.emsisoft.com/2013/05/27/seriously-usa-to-legalize-rootkits-spyware-ransomware-and-trojans-to-combat-piracy/

People’s Republic of China to Build $5 Billion EU Beachhead in Belarus

China to Build $5 Billion EU Beachhead in Belarus

軍事行動古村 OP Middle Kingdom…How do you spell ‘COLONIZATION’ by the People’s Republic of China “E U”
EU countries resist plan to impose duties on Chinese solar panels…

http://www.guardian.co.uk/world/2013/may/27/eu-duties-chinese-solar-panels

Next Target of COLONIZATION by the People’s Republic of China…Switzerland….軍事行動古村 OP Middle Kingdom…
People’s Republic of China calls time on import tariffs on Swiss watches

http://www.guardian.co.uk/world/2013/may/27/china-calls-time-import-tariffs-swiss-watches

People’s Republic of China’s OP Middle Kingdom 軍事行動古村: Greece becomes trade battleground as China invests in NCI
The Chinese are interested in airports, harbours and railways…” Chinese colonization continues unabated…

http://www.guardian.co.uk/world/2013/may/27/greece-trade-battleground-foreign-investors-swoop

Semper Fi,

謝謝

紅龍

Posted in HoneyPoint, Information Security Training, Malware, Red Dragon Rising, Threat Intelligence, Threat-Centric | Tagged ; People's Republic of Hacking, 軍事行動古村, OP Middle Kingom, Operation Middle Kingdom, panda, People's Liberation Army, People's Republic of China, Red Dragon Rising | 2 Replies

Cyber Situational Awareness Part Deux for Memorial Day…

Posted on May 27, 2013 by Bill Hagestad

2

Tweet

Good afternoon and Happy Memorial Day from Abu Dhabi –

Here are some of the latest Cyber Situational Awareness items to take note of this afternoon;

Hackers tracked to China stole secret ASIO blueprints…
Computer hackers in China are understood to be behind a cyber attack that stole highly classified blueprints of the new ASIO headquarters in Canberra…uh oh…

http://www.abc.net.au/news/2013-05-27/hackers-steal-secret-asio-blueprints/4716096

Cyber-security turns into new battleground as US-China tension grows
As the countries trade blows amid claims of online spying, some see it as a final effort by Washington to retain its economic superiority…

Read more @ : http://www.telegraph.co.uk/finance/10081592/Cyber-security-turns-into-new-battleground-as-US-China-tension-grows.html

From IT Week: People’s Republic of Chain’s Huawei Faces Uphill Battle In Enterprise IT Market

More info @ http://www.informationweek.com/hardware/data-centers/huawei-faces-uphill-battle-in-enterprise/240155488

Clearwire to pull Huawei from network … Chinese vendor caught in takeover crossfire

The whole story can be read here @ http://www.theregister.co.uk/2013/05/27/clearwire_to_pull_huawei_from_network/

Berlin tells EU it opposes solar anti-dumping action vs People’s Republic of China: government source

Reuters article here: http://www.reuters.com/article/2013/05/27/us-eu-solar-china-idUSBRE94Q07T20130527

EU, People’s Republic of China to hold talks on trade dispute

http://www.timesofoman.com/News/Article-16484.aspx

Europeans Press People’s Republic of China Over Trade in Telecom…Chinese Telecom Companies Caught in Middle of Trade Dispute

http://www.nytimes.com/2013/05/27/technology/chinese-telecom-companies-caught-in-middle-of-trade-dispute.html

People’s Republic of China’s premier Li Keqiang warns Europe over trade war while in Germany…trading Euros for Ren Min Bi instead of Deustche Marks….

http://edition.cnn.com/2013/05/26/business/china-europe-trade-war/index.html?

As EU Investigates Huawei, is China Gearing Up to Retaliate?

http://www.techinasia.com/eu-investigates-huawei-china-gearing-retaliate/

Semper Fi,

謝謝

紅龍

Posted in Information Security Training, Malware, Red Dragon Rising, Threat Intelligence, Threat-Centric | Tagged ; People's Republic of Hacking, cyber, Huawei, People's Liberation Army, People's Republic of China, Red Dragon Rising | 2 Replies

Post navigation

← Older posts

Newer posts →

Subscribe to our mailing list

* indicates required

Email Address *

First Name

Last Name

Catagories

80/20 Rule for Information Security

AI and Machine Learning

Announcements

Anti-Virus

Application Security

Ask the Security Experts

Asset Management

Audio Blog Post

Awareness

blockchain

Book Reviews

Chat

China

CIS CSC

ClawBack

Cloud Technology

Code Review

Compliance

Credit Unions

Data Leak

Detection in Depth

Emerging Threats

End-user Focused

Events

Free Tool

General InfoSec

Healthcare

HoneyPoint

HoneyPoint Manifesto

How To

ICS/SCADA

incident response

Information Security Training

intelligence

Iran

ISSA InfoSec Summit

jobs

MachineTruth

Malware

Maps

MicroSolved's Strategies & Tactics Talks

Mobile Application Security

New Category

Opinion

OWASP

Password Security

Pen Testing & Vuln Mgmt

PHI

Phishing

Podcast

Policy and Process

Poll

Privacy

Projects

prompt engineering

ProtoPredator

Rants

Red Dragon Rising

Regulation

Reputational Risk

Research

Risk Management

SCADA/ICS

Smart Grid

Stolen Data Impact Model

Supply Chain

Surprise Interviews

Testing Lab

Threat Intelligence

Threat-Centric

Three Tough Questions

TigerTrax

Tool Review

Touchdown Task

Tweetstream

vCISO

Video

Vulnerability Management

Webinar

What is HPSS?

Authors

Brent Huston

Adam Hostetler

John Davis

Lisa Wallace

Dave Rose

Johnny Chuah

Jim Klun

State of Security – MicroSolved, Inc.
Integrating Llama 2 AI Models into Daily Cybersecurity Operations November 26, 2024
6 Innovative Ways AI is Revolutionizing Cybersecurity Management November 20, 2024
Enhancing Security Operations with AI-Driven Log Analysis: A Path to Cooperative Intelligence November 11, 2024
How to Implement Tailscale for Distributed Companies October 28, 2024
Key Factors to Evaluate When Selecting a Cloud Backup Provider October 21, 2024
Past Posts
Past Posts
Information Security Blogroll

Dave Rose interview with CEO Brent Huston

Digital Soapbox: Down the Security Rabbithole!

Dr. InfoSec (TM)

ESET Threat Blog

Evil Code Cave

Hacking the Universe

Head Hacker

Information Security Law

Infosanity's Blog

InfoSec Ramblings

ISO 27001 & BS 25999

ITWorld Security Site

Jamie Levy

Jon's Network

Krebs on Security

Mac Virus

McAfee Labs Blog

MicroSolved Home Page

Network Security Blog

Nova InfoSec Portal

PaulDotCom

Peter Van Eeckhoutte's Blog

Red Team Secure

RedCondor Secure

RSA Conference

Search Security

SecTechno Information Security Blog

Securiteam

Security Active Blog

Security Dark Reading

Security in Motion

Security Ninja

Security Warrior

Security Watch

Selil

Steve Kalman

Taddong

Tao Security

Tech Buddha

The AVIEN Blog

The Falcon's View

The Guerilla CISO

Voice of VOIPSA

Windows Incident Response

Zero Day Blog

MSI :: State of Security

Insight from the Information Security Experts

People’s Republic of Hacking…Latest Cyber Threat SA…

International Cyber Threat Situational Awareness…

Ask the Experts: Travel Abroad with Electronics

Global Cyber Threat Intelligence…Holy Crap All This on a Monday…?!

Cyber Threat SA for Thursday from Abu Dhabi…

HoneyPoint Used to Confirm Skype URL Indexing

Day Three Homeland Security Summit Middle East…Cyber Threat Intelligence SA You Need To Know….

Cyber Threat SA from Abu Dhabi Homeland Security Summit Middle East

Cyber Situational Awareness stories from the International Cyber Front…yes folks Asymmetric Cyber Conflict

Cyber Situational Awareness Part Deux for Memorial Day…