Workstation Logging Best Practices

Why Workstation Logging Matters

Workstations are important components of any IT infrastructure, and they’re also one of the most overlooked. Often seen as expendable, many organizations fail to see the value of workstation logs, and how they can add to the visibility and detection capabilities of the security team. Workstations are quite likely to be early indicators of attack and malware infections. They are also often super useful in identifying manual attacker behaviors and performing adequate forensics.

Organizations that don’t maintain and organize workstation logs are usually missing out on some essential data and falling short of having across-the-enterprise visibility. This is especially true if you have a decentralized work environment. Simply enabling, configuring, and properly aggregating workstation logs can give you a huge forensic advantage. Adding real-time or near real-time log parsing and event alerting makes that advantage a superpower.

What to Log

The security events an organization captures on their workstations depend largely on industry-specific needs and relevant legal requirements. However, best practices call for several events that must be recorded and logged to ensure user accountability and to help organizations detect, understand, and recover from malicious events. These events include:

  • Authentication successes and failures for all users and services
  • Access control successes and failures for all users and services
  • Session activity, including files and applications used, especially system utilities and Powershell, if applicable
  • Changes in user access rights or privileges

The Bottom Line

Get busy logging on workstations. Make sure the logs are properly configured, aggregated, and processed as a part of your detection capabilities. Don’t view workstation logs as throw-aways. Instead, see them as a powerful lens for early detection, forensics, and attack recovery.


Thanks to @TheTokenFemale for pointing out that the logs should be sent somewhere off the system. I meant that by aggregation, but to clarify, the logs should be sent, processed, and archived using a log aggregation system or toolset that includes proper chain of evidence handling, alerting, and heuristics. It should also store and archive the relevant logs according to best practices and legal and regulatory guidance. 

Cyber-Mania & Situation Awareness in the Binary Worlds…

Good Friday Afternoon Folks;

In today’s issue of the latest cyber news we have quite a bit in the way of Cyber-Mania & Situation Awareness in the Binary Worlds…

Pay particular attention to the immediate section below and the latest items of interest from the People’s Republic of Cyber Espionage…er, sorry, China…
There are a couple of interesting items regarding cuber attacks and a cuber timeline from NATO…yeah OTAN…go figure!
And yes the F-B-I is looking for Hacker love…be sure to use a condom … or those executable files ail ruin your weekend…:-)

People’s Republic of China allows spies to plunder companies
Slight shift seen in official Chinese attitude on cybersecurity
People’s Republic ofChina firmly pursues peaceful development: defense minister
How America Is Fighting Back Against Chinese Hackers |
President Xi inspects Chinese Academy of Sciences in Beijing _ Qiushi Journal
People’s Republic of China’s Huawei Looks to Build Up Enterprise-Network Business

NATO History of Cyber Attacks – A Timeline
Fitting cyber attacks to jus ad bellum — Consequence-based approachPart III
Cyberattacks devastated my business!
NSA behind cyber attacks the took down ‘Dark Web’ used by online pedophiles
Defendant in Romanian Cyber Crime Ring Convicted of Wire Fraud and Identification Document Fraud Conspiracies

Are Black Hats and White Hats Really Grey Hats?

FBI director calls on private sector to help with cyber threat
I’ll be sure to send him a .pdf with an executable file in it – oh wait the Minneapolis Cyber Field Office already received it….Nyarch!
CIA, FBI and NSA Leaders Ask for Help Fighting Cyberattacks
The Government Wants to Create Cybersecurity Insurance
IPv6 is latest tool for stealing credit card numbers and passwords

Semper Fi,


New threats: Unknown Cyber Threats & APT according to InfoSec Researchers in the Peoples’s Republic of China 新型威胁:未知威胁与APT 中華人民共和國

 New threats: Unknown Cyber Threats & APT according to InfoSec Researchers in the Peoples’s Republic of China 新型威胁:未知威胁与APT 中華人民共和國

Good day folks;

Here’s an article about how information security researchers within the People’s Republic of China, 中華人民共和國 define ‘Unknown Cyber Threats & the innocuous Western term “APT”.


Semper Fi,




安全威胁近些年来发生巨大的变化,黑客攻击从传统带有恶作剧与技术炫耀性质逐步转变为利益化、商业化。为了突破传统的安全防御方法,一种名为APT的攻击迅速发展起来。APT是advanced persistent threat的缩写,译为高级持续性威胁。它是指近年来,专业且有组织的黑客(甚至可能有国家背景支持),针对重要目标和系统发起的一种攻击手段。


 持续性: 攻击者为了重要的目标长时间持续攻击直到攻破为止。攻击成功用上一年到三年,攻击成功后持续潜伏五年到十年的案例都有。这种持续性攻击下,让攻击完全处于动态发展之中,而当前我们的防护体系都是强调静态对抗能力很少有防护者有动态对抗能力,因此防护者或许能挡住一时的攻击,但随时间的发展,系统不断有新的漏洞被发现,防御体系也会存在一定的空窗期:比如设备升级、应用需要的兼容性测试环境等等,最终导致系统的失守。

终端性: 攻击者虽然针对的是重要的资产目标,但是入手点却是终端为主。再重要的目标,也是由终端的人来访问的。而人在一个大型组织里,是难以保证所有人的安全能力与安全意识都处于一个很高水准之上的。而做好每个人的终端防护比服务器端防护要困难很多。通过SQL注射攻击了WEB服务器,一般也是希望利用他攻击使用这些WEB服务器的终端用户作为跳板渗透进内网。

广谱信息收集性: 攻击者会花上很长的时间和资源,依靠互联网搜集,主动扫描,甚至真实物理访问方式,收集被攻击目标的信息,主要包括:组织架构,人际关系,常用软件,常用防御策略与产品,内部网络部署等信息。

针对性: 攻击者会针对收集到的常用软件,常用防御策略与产品,内部网络部署等信息,搭建专门的环境,用于寻找有针对性安全漏洞,测试特定的木马是否能饶过检测。

未知性: 攻击者依据找到的针对性安全漏洞,特别是0DAY,根据应用本身构造专门的触发攻击的代码。并编写符合自己攻击目标,但能饶过现有防护者检测体系的特种木马。这些0DAY漏洞和特种木马,都是防护者或防护体系所不知道的。

渗透性社工: 攻击者为了让被攻击者目标更容易信任,往往会先从被攻击者目标容易信任的对象着手,比如攻击一个被攻击者目标的电脑小白好友或家人,或者被攻击者目标使用的内部论坛,通过他们的身份再对组织内的被攻击者目标发起0DAY攻击,成功率会高很多。再利用组织内的已被攻击成功的身份再去渗透攻击他的上级,逐步拿到对核心资产有访问权限的目标。

隐蔽合法性: 攻击者访问到重要资产后,往往通过控制的客户端,分布使用合法加密的数据通道,将信息窃取出来,以饶过我们的审计和异常检测的防护。

长期潜伏与控制: 攻击者长期控制重要目标获取的利益更大。一般都会长期潜伏下来,控制和窃取重要目标。当然也不排除在关键时候破坏型爆发。





不要以为你重要的信息资产只在内网甚至物理隔离就能不遭受APT攻击,因为即使物理阻止了网络层流,也阻止不了逻辑上的信息流。RSA被APT攻击利用FLASH 0DAY偷走了在内网严密保护的SECURID令牌种子,震网利用7个0DAY和摆渡成功渗透进了伊朗核设施级的物理隔离网络。

 New threats: unknown threats and APT

Security threats change dramatically in recent years, with a mischievous hacker attacks from the traditional sports and technology gradually changed the nature of the interests and commercialization. In order to break through the traditional method of security and defense, called APT attacks developed rapidly. APT is the advanced persistent threat acronym, translated advanced persistent threats. It refers to recent years, professional and organized hackers (and may even have national context support), an important goal and system for initiating a means of attack.

APT main features:


Sustainability: an important target for attackers continued to attack until a long break so far. A successful attack to spend one to three years, a successful attack lurking five to ten years after the last case has. This persistent attack, the attacker completely dynamically evolving, and the current emphasis of our protection system are rarely static protective ability against those who have the dynamic ability to fight, so those who may be able to block the protective moment of attack, but with the time of development, the system constantly new vulnerabilities are discovered, there will still be some defense system window period: for example, equipment upgrades, application compatibility testing environment and so require, eventually leading to the fall of the system.

Terminal resistance: Although the attacker is an important asset for a goal, but starting point is the main terminal. Further important objective, but also by people to access the terminal. And people in a large organization, it is difficult to ensure the safety of all ability and safety awareness are at a very high level above. And do everyone’s terminal protective than the server-side protection to be much more difficult. SQL injection attacks via the WEB server, are generally hoping to use him against the use of these WEB server as a springboard to penetrate into the end-user within the network.

Broad spectrum of information collection: the attacker will take a long time and resources, relying on the Internet to collect, active scanning, and even real physical access, to collect information about the target to be attacked, including: organizational structure, interpersonal relationships, commonly used software, common defense strategy and products, internal network deployment and other information.

Targeted: The attacker will be collected from the commonly used software for commonly used defense strategy and products, internal network deployment and other information, to build a dedicated environment for finding security vulnerabilities targeted to test whether a particular Trojan bypass detection.

Unknown sex: the attacker targeted basis to find security vulnerabilities, especially 0DAY, depending on the application itself is constructed of specialized trigger an attack code. And prepared in line with their targets, but it can bypass the existing system of special protection by detecting Trojans. These 0DAY loopholes and special Trojans, are protective or protective system does not know.

Permeability social workers: the attacker to allow an attacker to target more likely to trust, they tend to start with the easy confidence by attackers target object to proceed, such as attacking a target computer to be attacked by white friends or family, or the attacker targets Using the internal forum, through their identity and then the organization launched by attackers target 0DAY attack, the success rate would be much higher. Re-use within the organization’s identity has been successful attack penetration attacks his superiors to go step by step to get to the core assets have access goals.

Covert Legitimacy: the attacker access to critical assets, often through the control of the client, using the legitimate distribution of encrypted data channel, the information to steal out to bypass our audit and anomaly detection protection.

Long-term potential and control: an attacker to obtain long-term control of the interests of more important goals. Usually long-simmering down, control and steal important goals. Of course, does not rule out sabotage outbreak at a critical time.

From the point of view the above characteristics, the following conclusions can be obtained

APT attack is costly (professional team, long-term information gathering, mining and utilization 0DAY, Tema, environmental testing, permeability and latent social workers, a variety of detection confrontation) is intended only for professional or organized cybercrime gangs and national support team special attack

Therefore APT attacks are of great value for the asset or strategically important objectives, general military, energy, finance, military, government, and other key high-tech enterprise most vulnerable to APT attacks.

While ordinary users will not suffer APT attacks attention, but if you are APT attacks target tissue or even just an ordinary employee organization with APT attack targets a general staff are friends or relatives, you are still likely to be in the middle of APT attack springboard, of course, as an ordinary person, APT attack itself will not steal your personal anything (such as your own is an important figure in the senior management of the organization or individual host inside except the preservation of important data).

Do not think you important information assets are physically isolated from the internal network can not even suffer APT attacks because even if the physical network layer prevents flow logically can stop the flow of information. RSA APT attacks use FLASH 0DAY was stolen including network closely guarded SECURID token seed, Stuxnet and ferry use 7 0DAY successful penetration into the Iranian nuclear facility-level physical isolation network.

Cyber Threat Situational Awareness for 09JUL2013

Good Day Folks;

Below is a short list of some of the latest stories you need to be aware of to maintain & improve your Cyber Threat Situational Awareness for today,09JUL2013…

矽對海洋和平,帕拉戰爭 or in Latin…Si vis pacem, para bellum…

Talking Cyberthreat With the People’s Republic of China

Traitor Snowden revelations imperil cyber hacking talks with People’s Republic of China |

Patriot hacker ‘The Jester’ attacks nations offering Snowden help

South Korea Attackers ‘Pierced Military Networks’
Same crew that hit TV stations and banks managed to get malware onto military networks

Dissecting operation Troy: Cyberespionage in South Korea
How Cybercriminals Operate — Dark Reading
A look at cybercriminal motives, resources, and processes — and how they may affect enterprise defense

Iran Planning Cyber Drills
US agency baffled by modern technology, destroys mice to get rid of viruses
The US Economic Development Administration (EDA) is an agency in the Department of Commerce takes a cyber threat property destruction lesson from the German Government 🙂 “…$170,000 of PCs, printers, keyboards, cameras, and mice destroyed in gross overreaction.”

Across Europe, Nations Mold Cyber Defenses


Semper Fi…


Sign up for updates from MSI:

International Cyber Intelligence & Situational Awareness (SA)…Operation Middle Kingdom

Good day Folks;

Here is an extensive list of the recent International Cyber Intelligence & Situational Awareness (SA) you should be cognizant of…something cyber for everyone including the People’s Republic of H@cking, HUAWEI, Pakistan ~ People’s Republic of China relations and much, much more cybernia related…and coming soon to a computer and networked system near you OP Middle Kingdom…

Innovation and Disruption, & Why the People’s Republic of China Needs the Latter

A Breakdown of the People’s Republic of China’s New Visa Rules
A New Anti-American Axis? People’s Republic of China & Russia…

People’s Republic of China’s Huawei Zambia to invest $500,000 in brand promotion | Times of Zambia
People’s Republic of China, Pakistan Build Communication, Transportation Links

PM urges People’s Republic of China’s Huawei to set up research centre in Pakistan

People’s Republic of China’s Huawei-Imperial plan renews Chinese cyber-security fears

People’s Republic of China’s Huawei deploys high speed 4G on Mount Everest

People’s Republic of China’s Huawei to build China-Pakistan link

People’s Republic of China’s Huawei Ready to Outspend Ericsson in R&D Race to Woo Clients

People’s Republic of China’s Huawei supports Asia Pacific hospitals

People’s Republic of China’s Huawei boosts spending on research

People’s Republic of China, Switzerland sign free trade agreement
Switerland is latest OP MIddle Kingom acquistion by the People’s Republic of China…

Studies: Cyberspying Targeted SKorea, US Military

Turkish Agent Hacked US Air Force Culture & Language Center Website | Cyberwarzone
Didn’t the USAF tell the US Senate they were lead DoD on Cyber & were going to protect US Critical INfrastructure againsts hackers?
Hell, they cannot even protect themselves….

Taiwanese Military to stage computer-aided war game later this month: MND
“tested the armed forces ability to fend off a simulated invasion by Chinese forces.”

EU and People’s Republic of China close in on solar panel deal

Pakistan, China set sights on Arabian Sea link |

Is People’s Republic of China’s Huawei Becoming Less Chinese?

People’s Republic of China’s Huawei to overtake Ericsson in R&D spending

Papua New Guinea’s fixed line incumbent Telikom recruits People’s Republic of China’s Huawei for NBN project

FCC approves deals between Japan’s Softbank, Sprint, Clearwire
Softbank signs huge deal with Huawei….backdoor to United States critical infrastructure now wide open for Huawei courtesy of Japan…

People’s Republic of China’s Huawei, Imperial College, London announce big data joint venture |

Chinese Web giant Tencent faces obstacles in its goal to expand in global IM market

People’s Republic of China Says Private Banks Possible

Emerging market giants quick to grab Australian foothold
Chinese banks, among the world’s largest, are busy in Australia


Current cybercrime market is all about Cybercrime-as-a-Service |

Traitorous Snowden Says the NSA and Israel Wrote Stuxnet Malware Together

EU adopts stricter penalties for cyber criminals
EU Parliament to launch inquiry into US surveillance programs
Piratin Nocun über den Überwachungsskandal…Cyberwar governments against their citizens

Iran to hold nationwide cyber maneuver

United Kingdom Cyber War ‘At Its Gunpowder Moment’

Beware the Internet and the danger of cyberattacks
U.S. military realm extends to cyberspace

The cyber-intelligence complex and its useful idiots
“Those who tell us to trust the US’s secret, privatised surveillance schemes should recall the criminality of J Edgar Hoover’s FBI”
Cyberwar: Angriffe auf Industrieanlagen wachsen…Cyberwar: Attacks on industrial plants grow

Blind Fear Of Cyberwar Drives Columnist To Call For Elimination Of The Internet |

Cyberwar ist kein Kalter Krieg
Brazil was target of U.S. signals spying, Globo newspaper says

Enjoy –

Semper Fi –


Latest Cyber Threat Intelligence News from Australia…People’s Republic of H@cking, NGC & Raytheon’s Best Public Appearance…FAIL

G’Day from Day Two of Australian Defence Magazine’s 3rd Annual Cyber Security Summit from Canberra, Australia…

It was hilarious yesterday as pasty late middle aged Americans stormed into Canberra from two major DoD Contractors. Describing in acronym laden, nervous voices how they could save the Australian defense world both from themselves and the giant new menace called China…with, get this, VAPOR FRICKIN’ WARE…yes the boys from NGC and Raytheon came in for only their speaking portions and announced they would save the world and then left – typical disingenuous American behavior overseas – it was as if they, as American businessmen are too important to develop relationships here in Canberra… C’mon guys if you are the best from these two companies then executive leadership should review hiring practices at NGC & Raytheon…enough ranting…

Pentagon’s Cybersecurity Plan Sees $23 Billion Through 2018 (1)
This what those pasty white middle age exec’s from NGC & Raytheon smell…US taxdollars for their new enemy China…

People’s Republic of China’s agenda in Switzerland (and Europe)…Operation Middle Kingdom
Operation Middle Kingdom = colonization of the West…

In first response to Snowden, People’s Republic of Hacking e.g.; China, skirts direct comment

NSA hacks People’s Republic of China, leaker Snowden claims
National Security FAIL…Booz Allen Hamilton

Communist Party of China in Hong Kong wants answers on Snowden’s hacking claims

Australia under attack from cyber spies

Malawi govt set to award digital TV migration deal to People’s Republic of China’s Huawei–948691

The NSA Has A Secret Group Called ‘TAO’ That’s Been Hacking China For 15 Years

U.S.-Chinese Summit: 4 Information Security Takeaways — People’s Republic of China Dominates Obama

China Reveals First Space-Based Quantum Communications Experiment

Google Says It Has Uncovered Iranian Spy Campaign

Iranian phishing on the rise as elections approach

The Shady Role of Start-ups in the NSA’s War on Cyber Terror

NSA Snooping Was Only the Beginning. Meet the Spy Chief Leading Us Into Cyberwar |

NSA Snooping Was Only the Beginning. Meet the Spy Chief Leading Us Into Cyberwar

Wall Street goes to war with hackers in Quantum Dawn 2 simulation

NSA leaker Edward Snowden: U.S. targets China with hackers
Massive National Security FAIL by Booz Allen….

Chinese piracy ring operator sentenced after selling military-related software…OP Crack99

China Syndrome: U.S. Issues Build

Hawaii Spy Case: Did Chinese Girlfriend Lure Secrets From Contractor?

Infosecurity – Gartner analysts drop the bomb on cyberwar hysteria

Presidential cyberwar directive gives Pentagon long-awaited marching orders

Cybersecurity hearing: NSA head Keith Alexander testifies in front of Senate

Tens of thousands of spamvertised emails lead to W32/Casonline

Global BotNet Visualized

RARSTONE Found In Targeted Attacks | …attacks were carried out using spear-phishing attacks against the target organizations, using messages related to diplomatic discussions in the Asia-Pacific region.

Enjoy –

Semper Fi


People’s Republic of China and Hacking the US Defense Industrial Base (DIB)….

Good morning Folks –

Much news to post for a Sunday…remember the Red Dragon’s thought, controversial and unpopular stories are published on the weekends…today 9 JUNE 2013 is certainly a landmark day….enjoy the cyber threat intelligence news of the day from all corners of the cyber world…here is today’s edition of People’s Republic of China and Hacking the US Defense Industrial Base (DIB)….

Cyber ceasefire? US & the People’s Republic of Hacking <> square off over Internet espionage claims

US-China summit ends with accord on all but cyber-espionage
Obama’s meeting with Xi overshadowed by revelations of NSA’s snooping –

Cyber crimes confrontation at Obama Xi summit

U.S. and China Move Closer on North Korea, but Not on Cyberespionage

Redefining relations [China Daily]

Obama tells intelligence chiefs to draw up cyber target list – full document text
People’s Republic of China is @ the top of the targeting list…uh oh…

People’s Republic of Hacking <> flips cybersecurity tables; reports claim U.S. is prepping attacks

Did the People’s Republic of China Leak Prism Deliberately?

The Economist’s ‘Brokeback Mountain’ Cover & PRISM Won’t Stop Obama & Xi

People’s Republic of China’s Response to Pentagon Report “Baseless, Counterproductive”

People’s Republic of China encircles U.S. by sailing warships in American waters, arming neighbors

People’s Republic of China’s 2013 Defense White Paper in Perspective

People’s Republic of China’s Iraq Oil Strategy Comes Into Sharper Focus

People’s Republic of China To America: You Hack Us, Too – Network Computing

People’s Republic of China hacking vs. Pentagon whacking: An arms race in cyber-space?

People’s Republic of Chain’s Huawei reiterates that its products do not pose a security threat

Censoring Remembrance: People’s Republic of China’s Twenty-Fourth Unrealized Commemoration

People’s Republic of China’s Lenovo And Huawei: Chinese Smartphones Ready To Take On The World

Fiat could look for new China partner for Jeep: CEO

US Naval Academy Launches Cyber Operations Major…Mandarin Chinese not to be offered….

Is “cyber war” just a scare tactic?
“Officials warn of looming Armageddon. Critics say it’s a subterfuge to erode online privacy and accountability…”Oh, the hyperbole…”

The State of Cyber-War

Taiwan to open new cyberwar unit

2 more Taiwanese sites attacked in cyberwar tit-for-tat

China’s 2nd State…Taiwan Military Reform: Declining Operational Capabilities?

People’s Republic of China’s ZTE sends 400Gbps over 3,100 miles
People’s Republic of China’s ZTE redines High Speed Avenue of Approach in Chinese Military offensive cyber weapons arsenal…

CCTV reveals Chinese army unit number, military praised for transparency

China v the US: how the superpowers compare |

Defending an Open, Global Internet: China Is Not the Only Challenge, But Is a Big One

Chinese Corporate Espionage: A Legal Gray Area?

UK monthly exports to China hit £1bn for first time
ONS sees marked shift in Britain’s trading patterns as UK firms diversify away from crisis-hit eurozone

U.S. Internet Spying Draws Anger, and Envy

Cyber Attacks — the Reality, the Reason and the Resolution. Part 1—-the-Reality-the-Reason-and-the-Resolution-Part-1.html

Cyber Attacks — the Reality, the Reason and the Resolution. Part 2

U.S. on Offense in Cyber War: Building Command Center, Hiring Warriors

Clearing the air on cyber, electronic warfare | Deep Dive Intel

Editorial: Cyberwar Defense

Commentary: Keep Cyberwar Narrow |

US DoD Sheds First Clear Light On AirSea Battle: Warfare Unfettered…discovers Chinese PLA “Unrestricted Warfare”…

Waging the cyber war in Syria

Iranian Lawmaker: US Cyber War on Iran Violating Int’l Law


Semper Fi,


People’s Republic of Hacking…Latest Cyber Threat SA…

Good day folks, here’s the most current People’s Republic of Hacking…Latest Cyber Threat SA…

People’s Republic of Hacking: Chinese Hackers Behind ‘NetTraveller’ Global Cyber Surveillance

People’s Republic of China has ‘mountains of data’ about U.S. cyber attacks: official

People’s Republic of China is victim of hacking attacks – People’s Daily Online
Incredible Infographic about the People’s Republic of China as a victim of hacking….

How the People’s Republic of China’s ZTE is winning the US market – People’s Daily Online

Global IT and techno-jingoism – People’s Daily Online

This week Barack Obama must avoid the start of a cold war with People’s Republic of China
Guess no one told the Guardian that the Cold War with the People’s Republic of China started months ago…

Shaming Chinese hackers won’t work because cyber-espionage is here to stay

People’s Republic of Siamese Copycats: Lei Jun Builds His Xiaomi Empire by Aping Apple and Steve Jobs

People’s Republic of Hacking: Cyber-attacks likely to take centre stage when Obama and Xi meet in California

Michelle Obama ‘snubs’ China’s first lady

Cyber Command Redefines the Art | SIGNAL Magazine

Enjoy –

Semper Fi,


International Cyber Threat Situational Awareness…

Good morning Folks;

Here is a very comprehensive list of the latest International Cyber Threat Situational Awareness…

Silicon Valley at front line of global cyber-war…People’s Republic of China dominates US

China’s military to drill on digitalized forces – Xinhua |

OP Middle Kingdom: PLA joint cyberwarfare drill to show new strength and sophistication
The People’s Liberation Army will conduct its first joint combat drills involving cyberwarfare, special troops, army aviation and electronic countermeasures units next month to test the integration and co-ordination of its land and air forces, state media reported yesterday.

People’s Republic of China Developing ‘Digital’ Military Forces

PLA joint cyberwarfare drill to show new strength and sophistication

Chinese army to include digital forces in June military drill
The drill will be carried out in late June at the Zhurihe training base in North China’s Inner Mongolia autonomous region, which is the country’s largest military field, it said. Forces from the Beijing Military Area Command, as well as eight military academics will be participating.

People’s Republic of China Doesn’t Care if Its ‘Digitalized’ Military Cyberwar Drill Scares You

People’s Republic of China army to conduct first digital exercise

People’s Republic of China army to conduct first “digital” exercise

People’s Republic of China’s Huawei Denies Involvement in US Cyber-Attacks

People’s Republic of China’s Huawei Security Chief: We Are the Most “Poked” Company in the World

People’s Republic of China Denies Stealing New ASIO Headquarters Plans
Chinese military spokeswoman says ” we have already colonized Australia, why would we steal anything?”

People’s Republic of China’s digitalized troops begin to take shape – People’s Daily

People’s Republic of China willing to hold dialogues with U.S. on cyber security – People’s Daily

People’s Republic of China’s Doublethink on the Law of the Sea

Tiananmen Square online searches censored by Chinese authorities

People’s Republic of China signals hunger for Arctic’s mineral riches
Operation Middle Kingdom focuses on further colonization of Iceland and eventually most of Scandinavia including Norway….

Xi Jinping’s Chinese Dream
People’s Republic of China’s President Xi Jinping decsribes Operation Middle Kingdom as the reformist/nationalist view aka The Chinese Dream

Soft Power? The People’s Republic of China Has Plenty
Great article defining Operation Middle Kingdom and the colonization of Australia, British Isles and Canada….

TAIWAN: President Ma takes part in computerized war games

Commentary: People’s Republic of China should publish report on U.S. military power – People’s Daily

People’s Republic of China, Canada sign initiative on military cooperation – People’s Daily
OP Middle Kingdom – the People’s Republic of China now successful in adding Canada as the latest country to be colonized…United Kingdom and Australia have already initiated mandatory “Learn Chinese” courses…

Chinese defense minister meets Canadian Minister of National Defence – People’s Daily

Intellectual property theft detection is the best prevention–detection-is-the-best-prevention/article/295643/

IT security: M&A transactions are a different matter

American Gets Targeted by Digital Spy Tool Sold to Foreign Governments

Google believes zero-day vulnerabilities should be responded to within a week


Microsoft to offer threat data in ‘near real-time’ to Certs and ISPs

Semper Fi,


Day Three Homeland Security Summit Middle East…Cyber Threat Intelligence SA You Need To Know….

Good morning from Abu Dhabi – yes I know it is Zero Dark Thirty here… thank you my Australian friends for pointing that out…

The restless, passionate and wicked never sleep…

Nonetheless, here is the latest Cyber Threat Intelligence you need to be aware of…

This one is my favorite! IN fact this is a very well written article…

Chinese Cyber Espionage: Don’t Believe the Hype

Of course, then this list of compromised US Military technology is also hype, isn’t?

The following is reproduced from the nonpublic version of the Defense Science Board report “Resilient Military Systems and the Advanced Cyber Threat” as posted originally by the Washington Post:

Table 2.2 Expanded partial list of DoD system designs and technologies compromised via cyber exploitation


Terminal High Altitude Area Defense

Patriot Advanced Capability-3

Extended Area Protection and Survivability System (EAPS)





Advanced Harpoon Weapon Control System

Tanker Conversions

Long-term Mine Reconnaissance System

Global Hawk

Navy antenna mechanisms

Global Freight Management System

Micro Air Vehicle

Brigade Combat Team Modernization

Aegis Ballistic Missile Defense System

USMC Tracked Combat Vehicles

Warfighter Information Network-Tactical (WIN-T)

T700 Family of Engines

Full Authority Digital Engine Controller (FADEC)

UH-60 Black Hawk

AMRAAM (AIM-120 Advanced Medium-Range Air-to-Air Missile)

Affordable Weapons System

Littoral Combat Ship

Navy Standard Missile (SM-2,3,6)

P-8A/Multi-Mission Aircraft

F/A and EA-18

RC-135 Detect./Collect.

Mk54 Light Weight Torpedo


Directed Energy

UAV video system

Specific Emitter identification


Dual Use Avionics

Fuze/Munitions safety and development

Electronic Intelligence Processing

Tactical Data Links

Satellite Communications

Electronic Warfare

Advanced Signal Processing Technologies for Radars

Nanostructured Metal Matrix Composite for Light Weight Ballistic Armor

Vision-aided Urban Navigation & Collision Avoidance for Class I Unmanned Air Vehicles (UAV)

Space Surveillance Telescope

Materials/processing technologies

IR Search and Track systems

Electronic Warfare systems

Electromagnetic Aircraft Launch

Rail Gun

Side Scan sonar

Mode 5 IFF

Export Control, ITAR, Distribution Statement B,C,D Technical Information

CAD drawings, 3D models, schematics

Software code

Critical technology

Vendor/supply chain data

Technical manuals

PII (email addresses, SSN, credit card numbers, passwords, etc.)

Attendee lists for program reviews and meetings

Indeed – don’t believe the hype, these are not the Chinese Hackers you are looking for…they already took your data! 🙂

Chinese vice premier, military leader meet US nat’l security adviser

China demonstrates defence determination to US: ministry

People’s Republic of Hacking: Chinese hackers ‘access sensitive US weapons systems’

Russia Uses ‘Single Register’ Law To Selectively Block Internet Content

Semper Fi,