Feb 24
Times EnemyChina, news, security China, insecure news, news
China denies cyber attacks on Google originated in two of country’s schools
By Aileen McCabe, Canwest News Service
February 24, 2010 7:54 AM
The Chinese government came out swinging Tuesday against allegations the cyber attacks that led Google to threaten to pull out of the world’s most populous nation originated in one of China’s top universities and at a little-known vocational school with suspected links to the military.
“Reports that these [attacks] came from Chinese schools are groundless, and accusations of Chinese government involvement are irresponsible and out of ulterior motives,” a Foreign Affairs spokesman told reporters.
Qin Gang said China has laws against hacking that are strictly enforced.
His words came as reports leaked out that Google is preparing to resume talks about its future with Beijing, which were interrupted for the Lunar New Year holiday.
Since Google announced in January that hackers it believed were based in China breached its defences, the company has been trying to determine whether it is possible to stop complying with Chinese Internet censorship rules and still continue to operate its popular Google.cn search engine in the country.
The California-based Internet giant’s attempts to deal with the hacking controversy quietly were hijacked on the weekend when the New York Times published new “evidence” further implicating China.
Citing “people involved in the investigation” of the online attacks against Google and about 30 U.S. companies, the Times said Shanghai’s Jiaotong University and the Lanxiang Vocational School in Shandong province appeared to be involved.
London’s Financial Times followed with more revelations this week, claiming a Chinese programmer in his 30s wrote at least part of the script that was used to target a hole in Microsoft’s Internet Explorer.
It claimed U.S. analysts have identified him as a freelance security consultant who posted his work on a “hacking forum.”
Both schools identified by the Times have denied any knowledge of, or connection to, the sophisticated hackers.
Jiaotong, which is one of China’s elite universities, has a strong computer science department and proudly boasts of professors who have worked with the People’s Liberation Army.
Lanxiang, on the other hand, is little-known, even in China, and claims its students are nowhere near advanced enough to carry out anything close to the kind of attack that Google suffered.
“The reports are too boring, simply unfounded and politically orientated,” Li Zixiang, Communist party chief at Lanxiang School told the official Chinese news agency, Xinhua.
The Times claimed that Lanxiang’s dean and chief professor have both worked on “technology matters” for the PLA.
© Copyright (c) National Post
Feb 24
Times Enemynews news, search engines
Google Europe: A No Good, Very Bad Week
Ian Paul, PCWorld
Feb 24, 2010 8:13 am
This has not a good week so far for Google’s European operations. The search giant has been hit with official complaints of anti-competitive behavior from three companies based in the European Union, and three Google employees have been convicted of violating Italian privacy laws.
European Commission
Three companies have filed complaints with the European Commission, the EU’s regulatory board, charging Google with anti-competitive behavior, according to a Google Blog post. Foundem, a price comparison site, is reportedly arguing that since it is a direct competitor to Google’s own shopping services, the search giant ranks Foundem lower in its results. Ejustice.fr has similar complaints to Foundem, while Microsoft-owned Ciao has taken issue with Google’s terms and conditions, Google says.
In my own tests, using the search terms “price comparison sites uk” on Google.co.uk, Foundem was listed towards the bottom of the third page of search results after an extensive list of UK-based price comparison sites.
Microsoft
In its blog post about these issues, Google not so subtly ties Microsoft to these complaints. Ciao’s ties are obvious since it is a Microsoft-owned company, but Foundem had indirect ties since it is a member of a group called Initiative for a Competitive Marketplace (ICOMP), which is supported in part by Microsoft. That does not necessarily mean, however, that these companies’ complaints are unfounded. As the Financial Times points out, the Web browser maker Opera, a direct competitor of Microsoft’s Internet Explorer, initiated the successful antitrust case recently brought against Microsoft in Europe.
Woe is Google
Charges against Google for unfair practices relating to its search algorithms are nothing new. In 2006, a US-based company named KinderStart took Google to court, arguing the search giant was unfairly excluding KinderStart from its search results; the suit was dismissed a year later.
But interestingly, the charges against Google in Europe are occurring at the same time as accusations of unfair trade practices against Google in the United States. Eric Goldman, an Associate Professor of Law at Santa Clara University School of Law, suggested in a recent blog post that some of these US-based lawsuits might be part of a Microsoft campaign “to harass Google on antitrust issues.” The evidence Goldman provides in his blog post is largely circumstantial, but the suggestion of Microsoft involvement are interesting given the new European complaints.
Italian Privacy
Google announced in a separate blog post early Wednesday that three of its employees in Italy have been convicted of violating Italian privacy laws. The case dates back to 2006 when school children in Turin, Italy filmed themselves bullying a 17-year old boy with Down Syndrome and uploaded the evidence to Google Video. The search giant complied with requests from Italian police to remove the bullying video, but not before it received about 12,000 views online. After the video was taken down, Google says it also helped police find the perpetrators.
Italian prosecutors decided to hold Google responsible for the video by charging four Google executives with defamation and failing to protect the privacy of the boy with Down Syndrome. The charge of defamation was ultimately dismissed, and Google says it will appeal the conviction of its four employees.
As Google points out in its blog post, the message these convictions send is particularly troubling. If Web sites were held accountable for every piece of user-generated content, then many aspects of the Web most users enjoy including social networks, blogs, and video and photo sharing sites would be severely threatened. Imagine if every blog owner could be hauled before a judge for comments left on their blogs, or if Twitter was sued every time someone was slandered via the microblogging service.
I’m not sure many companies would be willing to take the risk associated with the kind of responsibility the Italian court’s decision implies. It will be interesting to see if Google can successfully overturn the conviction, or whether the concept of holding Web-based services accountable for the actions of its users will spread beyond Italy.
Connect with Ian on Twitter (@ianpaul) or on Google Buzz.
Feb 24
Times EnemyChina, news al jazeera, China, news
China new web rules condemned
New regulations on internet use in China have been condemned by a media rights watchdog as an effort to tighten political control and a “disturbing step backwards” for online freedoms.
Under the new regulations announced on Tuesday that potential individual operators must submit their identity cards and photos of themselves.
The applicants are also required to personally meet regulators and representatives of service providers before being registered.
The country’s ministry of industry and information technology said the news rule was aimed at cracking down on pornography.
The ministry issued the new guidelines to local authorities on February 8 and lifted a ban imposed in December on individuals acquiring .cn domain names, state media said on Tuesday.
US pressure
The state-sanctioned Chinese group that assigns domain names froze registration of individuals after government media accused it of failing to check whether their sites provided pornographic content.
The new regulations come as Beijing is in talks with Google Inc about whether the US-based internet search giant will be allowed to continue operating in China after it said it would no longer cooperate in web censorship.
Recently the US stepped up pressure on Beijing to break down its vast system of web controls – the so-called Great Firewall of China – for the more than 380 million people now online in the country.
Washington issued those calls after Google said last month it was considering pulling out of China over cyber-attacks and Chinese government censorship of its search results.
China has the world’s biggest online population, and the government operates the world’s most extensive system of web monitoring and filtering.
The government says it censors the web to curb “unhealthy” content including porn and violence, but critics counter it is mainly trying to prevent the posting of information that challenges the ruling Communist Party.
Intimidation
Authorities have launched repeated crackdowns on online pornography and the government says nearly 5,400 people were detained last year.
Following Tuesday’s announcement, media rights watchdog Reporters Without Borders said the Chinese government was trying to scare people offline.
“These new regulations represent a very disturbing step backwards for the Chinese internet,” the group said in a statement.
“The pretext of combating pornography does not hold. The aim is to tighten political control and get internet users to censor themselves by bringing them face-to-face with their censors or their agents.
“What netizen will dare to criticise the regime after meeting the person who could put them behind bars for one wrong word?” the statement said.
An online poll by admin5.com, an internet industry website, showed more than 70 per cent of 1,300 respondents would not register a .cn address, despite the lifting of the ban, the Global Times, a Chinese daily close to the government, reported Wednesday.
Feb 18
Javierseo budget, internet marketing, search engine marketing, search engine optimization, sem, seo
iCrossing released a paper on how important first impressions are. Here is an excerpt from their research page:
A brand’s position on search engine result pages (SERPs) is critical to driving site traffic. iCrossing analyzed natural search results for non-branded keywords for 10 clients and found that more than 95 percent of all site traffic from search engines comes from page-one results … Our findings also validate the trend towards longer keyword search strings by users and that there are opportunities for marketers to improve their page-one rankings by optimizing for keywords that show up lower in the results. In order to compete for today’s sophisticated online consumers, brands must have a deep understanding of how users arrive at their website, and the tools and know-how to optimize their site to stay in front of the consumer at every step of the purchase cycle.
The original PDF is available at http://www.icrossing.com/articles/The-Importance-of-Page-one-Visibility.pdf. (local copy) It starts off with “in order to compete for today’s sophisticated online consumers, brands must have a deep understanding of how users arrive at their website,” which is something most people who tinker with SEO will eventually state, but it has fun eye-candy charts, and is essentially a decent piece of propaganda to validate your SEO budget to higher-ups.
Feb 18
Times Enemyseo China, insecure news, news, Taiwan
2 China Schools Said to Be Tied to Online Attacks
By JOHN MARKOFF and DAVID BARBOZA
Published: February 18, 2010
SAN FRANCISCO — A series of online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, say people involved in the investigation.
They also said the attacks, aimed at stealing trade secrets and computer codes and capturing e-mail of Chinese human rights activists, may have begun as early as April, months earlier than previously believed. Google announced on Jan. 12 that it and other companies had been subjected to sophisticated attacks that probably came from China.
Computer security experts, including investigators from the National Security Agency, have been working since then to pinpoint the source of the attacks. Until recently, the trail had led only to servers in Taiwan.
If supported by further investigation, the findings raise as many questions as they answer, including the possibility that some of the attacks came from China but not necessarily from the Chinese government, or even from Chinese sources.
Tracing the attacks further back, to an elite Chinese university and a vocational school, is a breakthrough in a difficult task. Evidence acquired by a United States military contractor that faced the same attacks as Google has even led investigators to suspect a link to a specific computer science class, taught by a Ukrainian professor at the vocational school.
The revelations were shared by the contractor at a meeting of computer security specialists.
The Chinese schools involved are Shanghai Jiaotong University and the Lanxiang Vocational School, according to several people with knowledge of the investigation who asked for anonymity because they were not authorized to discuss the inquiry.
Jiaotong has one of China’s top computer science programs. Just a few weeks ago its students won an international computer programming competition organized by I.B.M. — the “Battle of the Brains” — beating out Stanford and other top-flight universities.
Lanxiang, in east China’s Shandong Province, is a huge vocational school that was established with military support and trains some computer scientists for the military. The school’s computer network is operated by a company with close ties to Baidu, the dominant search engine in China and a competitor of Google.
Within the computer security industry and the Obama administration, analysts differ over how to interpret the finding that the intrusions appear to come from schools instead of Chinese military installations or government agencies. Some analysts have privately circulated a document asserting that the vocational school is being used as camouflage for government operations. But other computer industry executives and former government officials said it was possible that the schools were cover for a “false flag” intelligence operation being run by a third country. Some have also speculated that the hacking could be a giant example of criminal industrial espionage, aimed at stealing intellectual property from American technology firms.
Independent researchers who monitor Chinese information warfare caution that the Chinese have adopted a highly distributed approach to online espionage, making it almost impossible to prove where an attack originated.
“We have to understand that they have a different model for computer network exploit operations,” said James C. Mulvenon, a Chinese military specialist and a director at the Center for Intelligence Research and Analysis in Washington. Rather than tightly compartmentalizing online espionage within agencies as the United States does, he said, the Chinese government often involves volunteer “patriotic hackers” to support its policies.
Spokesmen for the Chinese schools said they had not heard that American investigators had traced the Google attacks to their campuses.
If it is true, “We’ll alert related departments and start our own investigation,” said Liu Yuxiang, head of the propaganda department of the party committee at Jiaotong University in Shanghai.
But when asked about the possibility, a leading professor in Jiaotong’s School of Information Security Engineering said in a telephone interview: “I’m not surprised. Actually students hacking into foreign Web sites is quite normal.” The professor, who teaches Web security, asked not to be named for fear of reprisal.
“I believe there’s two kinds of situations,” the professor continued. “One is it’s a completely individual act of wrongdoing, done by one or two geek students in the school who are just keen on experimenting with their hacking skills learned from the school, since the sources in the school and network are so limited. Or it could be that one of the university’s I.P. addresses was hijacked by others, which frequently happens.”
At Lanxiang Vocational, officials said they had not heard about any possible link to the school and declined to say if a Ukrainian professor taught computer science there.
A man named Mr. Shao, who said he was dean of the computer science department at Lanxiang but refused to give his first name, said, “I think it’s impossible for our students to hack Google or other U.S. companies because they are just high school graduates and not at an advanced level. Also, because our school adopts close management, outsiders cannot easily come into our school.”
Mr. Shao acknowledged that every year four or five students from his computer science department were recruited into the military.
Google’s decision to step forward and challenge China over the intrusions has created a highly sensitive issue for the United States government. Shortly after the company went public with its accusations, Secretary of State Hillary Rodham Clinton challenged the Chinese in a speech on Internet censors, suggesting that the country’s efforts to control open access to the Internet were in effect an information-age Berlin Wall.
A report on Chinese online warfare prepared for the U.S.-China Economic Security Review Commission in October 2009 by Northrop Grumman identified six regions in China with military efforts to engage in such attacks. Jinan, site of the vocational school, was one of the regions.
Executives at Google have said little about the intrusions and would not comment for this article. But the company has contacted computer security specialists to confirm what has been reported by other targeted companies: access to the companies’ servers was gained by exploiting a previously unknown flaw in Microsoft’s Internet Explorer Web browser.
Forensic analysis is yielding new details of how the intruders took advantage of the flaw to gain access to internal corporate servers. They did this by using a clever technique — called man-in-the-mailbox — to exploit the natural trust shared by people who work together in organizations.
After taking over one computer, intruders insert into an e-mail conversation a message containing a digital attachment carrying malware that is highly likely to be opened by the second victim. The attached malware makes it possible for the intruders to take over the target computer.
John Markoff reported from San Francisco and David Barboza from Shanghai. Bao Beibei and Chen Xiaoduan in Shanghai contributed research.
Feb 16
Times Enemynews news, politics, US DoD
Gay Guardsman Still Drills With Unit
February 13, 2010
Stars and Stripes
A New York National Guard Soldier who last year announced his homosexuality on national television is again drilling with his unit, The New York Times reported Friday.
Lt. Dan Choi, who has been away from his unit since coming out publicly last March, said he participated in exercises last weekend at the urging of his commander, Lt. Col. John Andonie.
The unit, the 1st Battalion, 69th Infantry Regiment, is preparing for a possible deployment to Afghanistan in 2012.
“I’m more out, I think, than anybody,” Choi said in an interview with the Times.
After telling MSNBC television host Rachel Maddow that he was gay, Choi was recommended for discharge at a hearing last June. The Pentagon must make a final decision on his status.
President Barack Obama in his State of the Union address earlier this month called for a repeal of the military’s ‘don’t ask, don’t tell’ law prohibiting gays from serving openly. Defense Secretary Robert Gates and Joint Chiefs Chairman Gen. Mike Mullen then declared support for the effort and Gates called for a yearlong study into how best to repeal the law.
Choi, a 28-year-old Arabic linguist, served in Iraq previously with the 10th Mountain Division. Since last year, he has been performing administrative duties rather than formal drilling with his Guard unit. But a spokesman for the unit confirmed to the Times that he had participated in recent drills and said he would continue to do so until he was discharged.
“We do not have an issue with it,” said the spokesman, Lt. Col. Paul Fanning. “It’s a deeply personal thing. To us a Soldier is a Soldier is a Soldier.”
Andonie, the commander, declined to be interviewed.
Kick him out.
Feb 15
Times EnemyChina, security China, insecure news
China leads the world in hacked computers, McAfee study says
By Ellen Nakashima
Washington Post Staff Writer
Monday, February 15, 2010
More private computers were commandeered by hackers for malicious purposes in China in the last quarter of 2009 than in any other country, including the United States, according to a new study by an Internet security company.
These “zombie” computers are often grouped into “botnets,” or armies of infected computers that can be used to send spam e-mail or attack Web sites, according to McAfee, a Silicon Valley security firm. The company, which said it collects information about Internet-based threats that target more than 100 million computers in 120 countries, said that in the last three months of 2009, about 1,095,000 computers in China and 1,057,000 in the United States were infected.
Those numbers are in addition to 10 million or so previously infected computers in each country, McAfee said.
The prevalence of botnets is a sign of how vulnerable computer networks are to infiltration, a subject of increasing international debate as companies and governments seek to defend their computer systems from intruders.
Last month, Google announced that its networks had been penetrated by attacks originating in China. The Chinese government denied any involvement, saying that hacking in is against the law. There was no indication that the attack involved botnets, experts said.
In a Jan. 21 speech about Internet freedom, Secretary of State Hillary Rodham Clinton advanced the notion of cyberspace as a “global networked commons” and urged the creation of “norms of behavior” among states. Echoing a key principle behind NATO, she said: “An attack on one nation’s networks can be an attack on all.”
She declared that “countries or individuals that engage in cyberattacks should face consequences and international condemnation.”
Some experts have said that Clinton’s call for accountability and norms is complicated by the fact that the United States has so many infected computers. “The government could crack down on botnets, but doing so would raise the cost of software or Internet access and would be controversial,” Jack Goldsmith, a professor at Harvard Law School, wrote in a recent opinion piece in The Washington Post. “So it has not acted, and the number of dangerous botnet attacks from America grows.”
Indeed, Stewart A. Baker, a cyber expert and former assistant secretary for policy at the Department of Homeland Security, said he would like to see a few leading nations develop “effective national norms aimed at eliminating zombie computers.” Companies could be encouraged or required to comply, he said.
One Internet service provider has begun a voluntary service to notify customers when their computers have been infected by bots, viruses and other online threats. Philadelphia-based Comcast, which has 15 million non-commercial customers, began the program last fall. Such initiatives, some experts said, could start to clear out the “noise” in the networks and could help in identifying higher-order threats that could compromise critical computer systems.
One reason computers in China are so vulnerable to botnets may be that software piracy is common and computer users often have not updated the patches on their machines, said George Kurtz, McAfee’s worldwide chief technology officer.
In fact, the number of zombie computers in a country says more about the vulnerability of the computers than about who infected them, Baker said. A nation that might want to use botnets as part of an attack probably would want to have its own computers bot-free and commandeer computers in other countries, he said.
China has steadfastly denied that it supports or engages in hacking and that it penetrates U.S. firms’ computers to steal technology and trade secrets to help state companies — whether by bots or any other tool.
Such “remarks are groundless,” Peng Bo, an official with the Internet bureau under the Information Office, said in remarks to the New China News Agency. “In fact, China is the country worst hit by worldwide hackers.”
Experts say that the United States, which is highly networked and dependent on the Internet for commerce and the running of industry, is the most vulnerable of all countries to cyberattack.
At the same time, the United States is considered the most worrisome potential aggressor, according to McAfee, which in a separate recent survey of 600 technology and security executives of firms around the world found that 36 percent feared the United States and 33 percent feared China as potentially attacking their industries. Russia ran a distant third, at 12 percent.
The result “might simply be a reflection of the raw capabilities and frankly the raw size of U.S. intelligence agencies,” retired Gen. Michael V. Hayden, former director of the CIA and of the National Security Agency, said in the report, which was produced in conjunction with the Center for Strategic and International Studies. The United States also has been engaged in a protracted debate about how to organize its attack and defense capabilities, which may have created an “echo chamber” for concerns about such abilities, the report noted.
That report, issued last month, also found that 59 percent of the executives surveyed said they believed that representatives of foreign governments had already been involved in denial-of-service attacks (the disabling of a Web site by bombarding it with requests for access) and network intrusions to control or steal data from “critical infrastructure” industries in their countries.
Feb 13
Times EnemyChina, security China, insecure news
Cyberattacks from China threaten world’s businesses
Few firms admit they are targets
By Joe McDonald • Associated Press • February 13, 2010
BEIJING — Google’s accusation that its e-mail accounts were hacked from China landed like a bombshell because it cast light on a problem that few companies will discuss: the pervasive threat from China-based cyberattacks.
The hacking that angered Google Inc. and hit dozens of other businesses adds to growing concern that China is a center for a global explosion of Internet crimes, part of a rash of attacks aimed at a wide array of targets, from a British military contractor to banks and chemical companies to a California software maker.
The government denies it is involved. Speaking recently in Paris, China’s foreign minister, Yang Jiechi, said China itself “is the victim of pirate attacks” and the international community must fight the phenomenon together.
But experts say the highly skilled attacks suggest the Chinese military, which is a leader in cyberwarfare research, or other government agencies might be breaking into computers to steal technology and trade secrets to help state companies.
“Chinese hacking activity is significant in quantity and quality,” said Sami Saydjari, president of the consulting firm Cyber Defense Agency and a former U.S. National Security Agency official.
Officials in the United States, Germany and Britain say hackers linked to China’s military have broken into government and defense systems. But attacks on commercial systems receive less attention because victims rarely come forward, possibly for fear it might erode trust in their businesses.
Google was the exception when it announced Jan. 12 that attacks hit it and at least 20 other companies. Google says it has “conclusive evidence” the attacks came from China but declined to say whether the government was involved.
Google cited the attacks and attempts to snoop on dissidents in announcing that it would stop censoring results on its China-based search engine and leave the country if the government does not loosen restrictions.
Only two other companies have disclosed they were targets in that attack — software maker Adobe Systems Inc. and Rackspace Inc., a Web hosting service.
Mikko Hypponen, chief research officer at Finnish security software maker F-Secure Corp., said his company has detected about two dozen attacks originating from China each month since 2005.
“There must be much more that go completely undetected,” he said.
Hypponen said a large British military contractor with which his company worked discovered last year that information had leaked for 18 months from one of its computers to an Internet address in the Chinese territory of Hong Kong. He said similar attacks on military contractors were found in Germany, the Netherlands, Sweden and Finland.
Saydjari said other researchers have told him of dozens of U.S. companies that have been attacked from China but said he could not disclose their names or other details.
A key source of the skills required might be China’s military. China’s army supports hacker hobby clubs with as many as 100,000 members to develop a pool of possible recruits, according to Saydjari.
“China has a strategic goal of becoming the world-dominant economic power within this century. Certainly one way to do that faster is to steal industrial secrets,” he said.
There are no estimates of losses attributable to hacking traced to China, but antivirus supplier McAfee Inc. says intellectual property worth an estimated $1 trillion was stolen worldwide through the Internet in 2008.
Separately, a Los Angeles law firm says it was hit Jan. 11 by an attack that appeared to originate in China after it filed a lawsuit for CyberSitter LLC, a software maker that accuses the Chinese government of stealing its code for use in a Web-filtering system.
The firm Gipson Hoffman & Pancione said e-mails sent to its lawyers contained malicious software designed to extract information from their computers.
Security firm Mandiant Corp. has dubbed such attacks — which allow repeated thefts over months or years — an “advanced persistent threat” and says each one it has studied over the past five years involved theft of information related to U.S.-China corporate acquisitions, negotiations or military acquisitions.
“The scale, operation and logistics of conducting these attacks — against the government, commercial and private sectors — indicates that they’re state-sponsored,” the company said in a report in January.
But even if an attack is traced to China, experts need to examine the computer used to be sure it was not hijacked by an attacker elsewhere. Consultants say security for many Chinese computers is so poor that they are vulnerable to being taken over and used to hide the source of attacks from elsewhere.
In the Google case, confirming the source would require China’s cooperation, and Beijing has yet to respond to Secretary of State Hillary Rodham Clinton’s appeal for an investigation.
“The ‘smoking gun’ proof is very hard to put together,” said Graham Cluley, a researcher for Sophos, a British security software company.
China’s Industry Ministry said in a statement that any suggestion that the government is involved in any Internet attack “is groundless and aims to discredit China.”
But China is no stranger to government-directed industrial espionage on a vast scale. Intelligence experts say that since the 1970s, Beijing has carried on a quiet campaign to acquire foreign technology and other secrets by using Chinese businesspeople, students and scientists who travel abroad as part-time spies.
China, with the world’s largest population of Web users at more than 384 million, also has a history of hacking. In 1999, Web surfers defaced U.S. government sites after the mistaken U.S. bombing of Beijing’s embassy in Belgrade, Serbia, killed three Chinese. Nationalists have attacked Web sites in Japan and Taiwan, the self-ruled island claimed by China.
More recent cases have shifted from vandalism to theft of government or trade secrets.
Last March, a Canadian group, the Information Warfare Monitor, said it found a China-based ring stole sensitive information from thousands of computers worldwide. Targets included the communications network of The Associated Press. The government did not respond to the report’s details but said it opposes computer crime and criticized the researchers for suggesting otherwise.
China has also ordered vendors that sell computer security technology to government agencies to reveal how it works under rules that take effect May 1. Foreign companies operating there worry that might compromise systems used by banks and others to protect customer information and trade secrets.
Feb 13
JavierChina, rants and raves China, imposters, posers, rants
I just read an article by Roger A. Grimes entitled, Is the Chinese Government Really Behind Cyberattacks?: Circumstantial evidence alone should not condemn Beijing of sponsoring hacking of U.S. companies. From the subtitle I was interested in what angle this guy was going to take, so i read on … only to be sadly disappointed in identifying yet another poser.
In his article, Roger states that “the first public allegation of Chinese military hacking was back in 2005 with the Titan Rain project.” This was where I realized this guy was an imposter. The weird thing about this claim of 2005 being the first public allegations against the Chinese military is that Roger later mentions the plethora of results when searching for hacking originating from China. Perhaps he did not read the results, or maybe he was just lazy and stopped after finding something from 2005?
If you want some allegations, ask Taiwan. Or ask the United States Congress about Taiwan and China. Here is a wonderful excerpt from the statement made by Vincent Wei-cheng Wang, Ph.D.Associate Professor of Political Science University of Richmond, Richmond, Virginia, at the “Hearing on Military Modernization and Cross-Strait Balance,” before the U.S. China Economic and Security Review Commission, One Hundred Eighth Congress, Second Session, February 6, 2004.
[ http://www.uscc.gov/hearings/2004hearings/transcripts/04_02_06.pdf ]
In recent years some well-versed military theorists and writers in the PLA have been exploring new concepts of war that call into question, if not invalidate, these two dictums. Of particular note is their fascination with asymmetric warfare strategies that make offense a more attractive option to the weaker party. One publication that has attracted considerable attention inside and outside China is Unrestricted Warfare. Reflecting upon war in the age of technological integration and globalization, the authors discuss a new type of war—unrestricted warfare (chaoxian zhan)— that transcends all boundaries and limits, and promote expanding combat beyond the battlefield to include such other facets as computer warfare, international terrorism, biological and chemical warfare, and economic and financial warfare (caveat: some of their recommendations, such as state-sponsored terrorism, are fundamentally at odds with China’s stated policy).
IW exemplifies unrestricted warfare and lends credence to the concept of asymmetric war. It challenges the conventional Clausewitzian view that ‘‘violence is the essence of war’’ by luring the initiators of IW into thinking that they can achievetheir political objectives without much sacrifice. The Chinese view IW as a superior choice for attaining classic strategist Sun Tzu’s adage: ‘‘To subdue the enemy without fighting is the acme of skill.’’ It also gives developing nations like China an allure to compensate for their military inferiority vis-a`-vis the United States, because they can make up technological backwardness with superior strategies—the notion of overcoming the superior with the inferior. The Chinese also hope to exploit the apparent paradox that the strong American ‘‘information society’’ also poses a potentially weak side to a determined adversary to achieve Sun Tzu’s highest stage of ‘‘winning the war without fighting.’’ China’s approach toward IW thus fits a pattern that is emblematic of many of its previous reform endeavors—‘‘to retain Chinese teaching as the root and only use Western teaching selectively’’ (Zhongxue weiti, Xixue weiyong). China is developing ‘‘information warfare with Chinese characteristics’’ by integrating traditional Chinese stratagems into modern IW. This strategyposes a challenge to the Western-dominated IW paradigm.
The July 2002 Pentagon report to Congress states that China ‘‘views information operations/information warfare (IO/IW) as a strategic weapon . . .’’ and ‘‘is particularly sensitive to the potential asymmetric applications IO/IW can have in any future conflict with a technologically superior adversary.’’ It points out that China’s military is developing strategies and tactics to use ‘‘surprise, deception, and shock’’ in any opening military campaign, while ‘‘exploring coercive strategies’’ designed to bring Taiwan to terms quickly.
The strategic considerations of China’s interest in unconventional forms of warfare (and devotion to IW in particular) could introduce instability into the Taiwan Strait. Since the end of the Cold War, China’s double-digit growth rate in the 1990s have allowed China to substantially increase its military spending and to use itsnew wealth to acquire advanced weapons and technologies. The PLA is following Deng’s advice to develop ‘‘selective pockets of excellence.’’ Consequently, IW is playing a very important role in this strategic view of military modernization.
As an example of retooling, China has now given its vast 1.5 million-strong reserve force, which in the past was charged with supporting PLA forces in defense against any foreign intervention, with an IW/IO mission. To answer Jiang Zemin’s1991 call for building common telecom systems for both military and civilian use, China has attempted to implement a ‘‘people’s war’’ with IW reserve force.
The advent of IW has introduced a new element into the cross-Strait military situation by presenting China with a potentially credible military option vis-a`-vis Taiwan.
The Pentagon report states that despite Beijing’s professed commitment to apeaceful unification with Taiwan, the Chinese leadership has shown an increasing willingness to consider the use of force to achieve unification. The report argues ‘‘Beijing’s primary political objective in any Taiwan-related crisis . . . likely would be to compel Taiwan authorities to enter into negotiations on Beijing’s terms and to undertake operations with enough rapidity to preclude third-party intervention.’’ It also seems to concur with the view of some analysts that the PLA’s offensive capabilities improve as each year passes, providing Beijing with an increasing number of credible options to intimidate or actually attack Taiwan. With the exception of ballistic missiles, IW seems the most promising option for achieving Beijing’s political objectives. Indeed, the PRC has made considerable efforts toward making IW a real option.
Certain PLA officers have promoted IW as an effective weapon to subdue Taiwan and to deter possible American intervention. Military publications study the various forms IW can be waged in a combined amphibious battle (e.g., command and control war, intelligence war, network war, communication war, and electronic war).
Further, the Chinese military has begun to put these ideas into practice. In the summer of 2001, the PLA for first time began the war game exercises in the Taiwan Strait with information warfare aimed at electronically paralyzing enemy communications and command systems. Also for the first time, a new electronic warfare unit was deployed over the Strait. In exercises the following year, the PLA incorporated even more sophisticated items of IO/IW.
In sum, the PLA seeks to gain information domination in any conflict with Taiwan by attacking Taiwan’s information networks and command and control centers, as well as by conducting propaganda and political warfare. The purpose is to incorporate Taiwan by ‘‘subduing the enemy without actually fighting’’ a` la Sun Tzu, and by denying possible American military intervention.
This trend presents a new challenge to Taiwan and U.S. defense officials. Most analysts have hitherto: (1) dismissed Chinese invasion threat due to the high threshold for success (due to logistical difficulties, Taiwanese resistance, and international intervention); (2) argued that Taiwan’s smaller military can maintain a qualitative edge until at least 2005; (3) questioned whether Beijing has realisticmilitary options vis-a`-vis Taiwan despite both the PRC’s consistent refusal to renounce the use of force and occasional saber-rattling against Taiwan; and (4) held that a probable, albeit not guaranteed, U.S. military intervention (in the case of an unprovoked attack on Taiwan) serves to deter Beijing—i.e., the so-called policy of strategic ambiguity.
From the Chinese standpoint, IW seems to have lowered the threshold for a likely successful military campaign against Taiwan and increased the utility of an offensive strategy. IW seems to hold promise for ‘‘winning the battle without fighting’’ (Sun Tzu’s adage) and ‘‘overcoming the superior with the inferior’’ (Mao’s guerrilla strategy). Properly executed IW may—along with such other coercive weapons as missile strikes and a naval blockade—help bring Taiwan to its knees and deny American intervention. Such perceptions may cloud decision-making and make China more likely to use force. The application of information technology in international conflicts such as cross-Strait tensions may thus result in more instability.
How seriously should American decision-makers take the PRC’s IW endeavors? There is no question that the Chinese military is keenly interested in studying IW. At the present moment the PLA’s interest is primarily academic; its IW capabilities are far from operational (weaponized). The modernization of the Chinese armed forces has so far lagged behind doctrinal development.
Nevertheless, China’s IW forays will benefit from two factors—one old and one new. Historically, China has more than once surprised Western analysts by indigenously developing weapons systems that the West tried hard to deny to China (e.g., atomic bombs in 1964 and nuclear warhead miniaturization technology in 1999). Prudence thus cautions against dismissing the possibility that China may succeed in developing ‘‘IW with Chinese characteristics.’’ Whether a modern IW doctrineguided by proven historical stratagems will surpass the Western model remains to be seen, however.
Most importantly, the future of China’s IW development hinges on the country’s economic ascendancy in general and its rise as a major global IT player in particular. Thanks in large measure to investments by Taiwanese IT firms on the mainland, the PRC has recently overtaken Taiwan as the world’s third largest IT hardware producer and is poised to overtake Japan in the next decade if current growth trends continue. In addition, China’s online population is experiencing exponential growth: from 200,000 in 1997, to 16.9 million in July 2000, and to 45.8 million in July 2002, making China one of the largest and fastest-growing Internet markets. However, viewed from another indicator—Internet penetration rate (i.e., online population as a percentage of total population), China remains sparsely wired. As of July 2002, only 3.58 percent of its population was online, up from 0.001 percent six years ago. Compared to the United States, Japan, and even Taiwan, China clearly has a long way to go before it can claim to be a true information power.
China’s mixed record as an IT society in an increasingly globalized economy—i.e., being a giant in absolute terms and with tremendous upside potential, while also being a dwarf in relative terms—will affect the degree of success of China’s further inroads in IW. The PLA’s immersion in both IW and RMA, notwithstanding, it is hard to imagine a superb IW fighting force detached from a society characterized by relatively low technology and connectivity. A strong IT base gives rise to a strong IW capability.
If you can read that excerpt and still believe allegations against China first came out in 2005, then your sanity and intellectual prowess should be questioned.
As a side note, reading statements like the one above made by Vincent Wei-cheng Wang are both frightening and inspirational. God bless America.
Beyond this hearing by the United States Congress, there are some very interesting reads available from the RAND Corporation.
As to finger pointing, this is how it works … one group has something done to them so they look at the evidence and those around them and begin to point their fingers. There are different ways to point one’s fingers. When the group is trying to figure out who-done-it, they might point their fingers in several directions. As the group is narrowing down the suspects, the finger pointing becomes more confident and possibly open. Eventually, the finger(s) will point at one suspect or organization. With so many groups and so many incidents to figure out there have been and remains a lot of finger pointing. Looking at the patterns, heads are also pointing as people are looking at China. I find it humorous to mention this, but even Google Trends has some interesting data that ultimately points at China, not that Google might be biased or anything….
All in all, it is complete lunacy to say the first allegations against the Chinese were those made in regards to Titan Rain, in 2005. Roger A. Grimes is an egoist and an imposter. To say it another way, to another crowd, Roger A. Grimes is a hack. InfoWorld, though never a big source of mine for information, does have a reputation, and with the junk coming out of Roger, InfoWorld is quickly losing my respect.
I wonder what we could pull up if we played with the word “hack” and toss in phreaking exploits, then scour around for stories from history…
Feb 13
Times EnemyChina, security China, insecure news
Worries grow about America’s cyber security
Feb 13, 2010 (The Kansas City Star – McClatchy-Tribune Information Services via COMTEX)
– The deputy secretary of defense says “the cyber threat” is the one thing that keeps him up at night.
The director of national intelligence says such attacks pose a severe menace to the “fragile system behind the country’s information infrastructure.” The president says, “America’s economic prosperity in the 21st century will depend on cyber security.” This is not some hypothetical danger, they point out, but a war that has been joined already. No less a digital dominator than Google has felt the need to enlist the National Security Agency to help it ward off Chinese hackers.
And yet our networked sky has not fallen.
No electronic mischief has sunk Wall Street’s computers. No Internet sabotage has stilled our power plants. No illicit flip-switching in Beijing has released torrents from our dams.
“There’s a little more Hollywood in some of these dire scenarios than reality,” said John Pike, the chief defense analyst at GlobalSecurity.org.
“That said,” he continued, “I like to hope that someone is looking at air traffic control and other things that get scary when someone starts messing around with the controls.” Indeed, the professionals who puzzle over and prioritize the hazards to national security don’t dismiss the potential of cyber warfare.
They also agree that keeping terrorists out of motherboards will require diligence from government and industry, that it will demand more money from taxpayers and consumers.
What remains less clear, or at least in debate, is whether worries about cyber terror resonate more like Chicken Little or Paul Revere.
“This is a lot of hype,” said Owen Cote, the associate director of the security studies program at the Massachusetts Institute of Technology.
He sees competing agencies trying to outdo each other in their alarms amid competition to seize control of the responsibility, and the funding, of America’s cyber defenses.
At the same time, many warn that a nearly invisible cyber arms race already is under way. It’s a war with many fronts. Rival governments are trying to outsmart and outmuscle each other’s network defenses. Criminals have employed hacking as a way to steal and extort. Terrorist groups use the Internet to plan and organize, and spy agencies use it to monitor and quash those Web-based maneuvers.
“Global digital warfare is expected to intensify in the near future,” said a report from the Jamestown Foundation, a national security think tank.
That report played out a growing virtual arms war between the United States and China over which country could develop the power to keep hackers at bay from its networks while building the tools to foul the other’s electronic webs in some future conflict.
China, said the Jamestown analysis, “is devoting unprecedented resources to strengthening its already formidable cyber warfare prowess.” It cites two reasons.
First, a simple desire to keep pace with what Beijing perceives as Washington’s push to dominate cyber battlefields of the near future.
Second, China has problems of its own. Besides what it sees as anti-Chinese propaganda from the West — information that it has been roundly criticized for censoring — some 40,000-plus Web sites in the country were crashed in 2009 and 18 million of its computers were rendered useless by viruses.
“The Internet,” said a top official in Beijing,” has become a major vehicle through which anti-China forces are perpetrating their work of infiltration and sabotage.” American officials speak in the same strong terms. One estimate suggests hackers attempt to penetrate Defense Department computers 300 million times a day. A single hack into a NASA computer cost $1.5 million. Losses to American banks through the penetration of their computers are estimated in the billions of dollars.
The Pentagon has added more than $100 million for cyber security in its next budget, and a turf war has broken out between the Defense Department and the NSA over who ultimately will oversee the country’s electronic defenses.
“Cyber defenders right now have to spend more and work harder than the attackers do,” Dennis Blair, the director of national intelligence, told a congressional committee recently. “And our efforts, frankly, are not strong enough to … deal with that reality.” In the report it prepares every four years on defense priorities, the Pentagon concluded that U.S. government and corporate “networks are infiltrated daily by a myriad of sources … ranging from small groups of individuals to some of the largest countries in the world.” Deputy Defense Secretary William Lynn said late last year, “The consequences for our military, and indeed for our whole national security, could be dire.” The United States almost certainly is designing its own cyber weapons. A recent survey of 600 information technology executives from 14 countries ranked the United States just ahead of China as the country with the greatest ability to launch cyber attacks.
Analysts say they assume that there are regular debates whether to knock down violent Islamist Web sites or to instead watch them to gain intelligence about an elusive foe.
“You always have the question of when do you use the capability,” said Clifford Neuman, the director of the University of Southern California Center for Computer Systems Security. “The answer is never simple.” Others even equate the escalating stakes to those at play between the United States and the Soviet Union in the early years of the Cold War. Surely, mounting cases hint heavily at damaging electronic subterfuge with geopolitical overtones.
The Web site of the Russian newspaper Novaya Gazeta came back to life this month after what its editor described as a “well-organized and powerful” attack. The paper is a bold critic of the Moscow government.
Search giant Google began talking last month about pulling out of China — the surrender of a gargantuan market over angry accusations that Beijing pilfered software code and snooped on the Gmail accounts of dissidents.
A few months before, that same Chinese government cracked down on a hacking academy that advertised “guaranteed successful attack tools.” The school had 12,000 subscribers, and 170,000 people took its online courses before the November shutdown.
Attacks on computer networks of South Korean government agencies and the Pentagon last summer were widely, but inconclusively, blamed on North Korea.
The year before, corporate and government Web sites in the former Soviet republic of Georgia were traced to Moscow.
The year before that, Estonian networks were hit in a similarly suspicious way.
Those incidents have given rise to fearful scenarios: –Assaults on cell phone networks would do more than frustrate text-mad teenagers. Increasingly more commerce communication is going mobile, and it’s easy to picture a not-too-distant future when the Internet is delivered as much by wireless smartphone or iPad as any other means.
–Power grids already go brown and even black from their own internal weaknesses. Certainly a successful attack on a heavily populated area could create a great hardship and even trigger civil unrest.
The difficulty would be in infiltrating systems with deliberate redundancies and with built-in mechanisms intended — although hardly foolproof — to minimize the chances of outages rippling across the map.
–About 7,000 planes are in the air over the United States at any given time. Imagine if the air traffic controllers who keep them from colliding or touching down on the same runways suddenly lost contact.
But the Federal Aviation Administration has designed backup systems, and some analysts say the very absence of a successful terrorist hack on such an obvious target may speak to the agency’s defenses.
–Except perhaps for day laborers and a few others who take a day’s pay in cash, all our financial assets are really just a series of ones and zeros in computer banks. What better way to send America into crisis than clever software that tosses our accounts into chaos? Experts say it’s already happening — that banks are regularly hacked and write off their losses as the cost of doing business.
The head of Britain’s top investigative agency recently warned companies negotiating in China to assume that hacking likely has revealed their bottom lines to the folks on the other side of the bargaining table. That very perception could undercut China’s trade with the West.
Antivirus maker McAfee Inc. has estimated that in 2008 companies lost at least $1 trillion worldwide in intellectual property to hackers.
“A group of hackers turning the United States into a Third World economy? That’s nonsense. But we’re already paying for this,” said James Lewis, a security researcher at the Center for Strategic and International Studies. “The question is how you get people to take more precautions. No one’s saying there’s a silver bullet out there to stop this.” Indeed, it’s generally assumed that everyone will have to pay more — either as a consequence of hacks or the sustained efforts to ward them off.
“This is a total system problem. You can’t trust all of the hardware. You can’t trust the software. You can’t trust the communications. And you can’t always trust the people working for you,” said Peter Neumann, the principal scientist at the digitally oriented think tank SRI International. “If there’s one weak link, that’s all it takes. A few weak links can completely undo you.” Cote, the MIT defense analyst, concedes that hackers can do real damage.
Still, he finds it hard to imagine the sort of attack that could bring a superpower to its knees.
Consider the U.S. military’s Secret Internet Protocol Router Network, or SIPRNet. It’s like the Internet, but you can’t get there from here. It’s a physically separate system with strict rules that prohibit so much as a memory stick going from one of its computers to a private laptop. Experts call that “putting air” between networks.
“A tried and true axiom of American politics is that if you have a collective problem,” Cote said, “you have to scare people into taking action.” To reach Scott Canon, call 816-234-4754 or send e-mail to scanon@kcstar.com.
Feb 12
Javiersite news SEOMire.com, wordpress
Looking for a new Wordpress Theme … or an old one, but just something other than the K2 we have had for a while.
As was our desire with K2, we want simplicity. Of course, the geek may come out and with it feature creep, but we should be able to justify the noise. Hopefully we can keep it simple stupid.
Feb 12
Times EnemyChina China, politics
Some articles were putting Obama and the Dalai Lama on a similar level, this is just nonsense. Here are a few articles about this latest Chinese issue.
Obama’s plans to meet Dalai Lama
Saibal Dasgupta, TNN, 12 February 2010, 07:29pm IST
BEIJING: China on Friday reiterated its warning to the US president Barack Obama that meeting the Dalai Lama would cause serious damage to Sino-US relationship. The Chinese foreign ministry issued the renewed warning after the White House in Washington announced a firm date for the meeting between the Tibetan leader and Obama.
The Obama’s scheduled meeting with the Tibetan leader on February 18 has some implications for India’s foreign policy besides making it even more difficult for Beijing to convince the world that he is a dangerous separatist bent on splitting China.
“China urges the US… to immediately call off the wrong decision of arranging for President Obama to meet with the Dalai Lama… to avoid any more damage to Sino-US relations,” foreign ministry spokesman Ma Zhaoxu said. “We urge the US side to fully understand the high sensitivity of Tibet-related issues, and honour its commitment to recognise Tibet as part of China and to oppose ‘Tibet independence’,” he added.
The US aircraft carrier, the USS Nimitz, is scheduled to visit Hong Kong next week. It remains to be seen if Beijing will refuse permission for the visit, something it has done with similar defense visits in the past.
During the meeting, Obama is expected to discuss the failure of a recent meeting between Dalai Lama’s envoys and Chinese officials on the issue of Tibetan autonomy. Washington announced the date a day after the US envoy in Beijing publicly criticized China for sending a dissident writer to jail for 11 years.
The Obama administration has in recent weeks tried to disprove assumptions by several pundits that it would try to be extra nice with Chinese leadership in order to get their support for his economic recovery package. Beijing is the biggest holder of US treasury bills and is capable of buying a lot more.
Washington recently caused red faces in Beijing by announcing its intention to sell $6.4 billion worth of arms including anti-missile missiles to Taiwan. China regards Taiwan as part of its territory and often threatened to hit the island with missiles in order to acquire it.
The controversy over the operations of Google, which complained of censorship in China, has also soured the relationship between the two countries.
While announcing the date of the meeting, US spokesman Robert Gibbs used phrases that are calculated to rattle the Chinese leadership. “He’s a spokesman for Tibetan rights. The president looks forward to an engaging and constructive meeting,” Gibbs said.
The Chinese foreign ministry recently said that the Dalai Lama does not represent the Tibetan people and his sole purpose is to mislead the people in Tibet.
China to Obama: Cancel Dalai Lama meeting
BEIJING (AP) — China’s foreign ministry has urged the United States to immediately cancel plans for President Obama to meet with the Dalai Lama next week, warning the move could further hurt ties.
Ministry spokesman Ma Zhaoxu issued the remarks Friday, hours after Washington announced Obama would meet with the Tibetan spiritual leader at the White House on Feb. 18.
China accuses the Dalai Lama of pushing for Tibetan independence and believes that shunning the exiled Tibetan monk should be a basic principle of international relations.
Ma says the US should cancel the meeting “so as not to cause further damage to Sino-US relations.”
Obama has been under intense pressure to meet with the Dalai Lama after putting off a meeting in October.
China decries Barack Obama’s plan to meet Dalai Lama
updated at 06:53 GMT, Friday, 12 February 2010
China has again urged the United States to cancel a planned meeting between President Barack Obama and the Tibetan spiritual leader, the Dalai Lama.
The two men will meet at the White House on 18 February, US spokesman Robert Gibbs has confirmed.
He said the Sino-US relationship was mature enough to disagree while finding common ground on international issues.
China had already said that such a meeting would seriously undermine relations with the United States.
Mr Gibbs said the Dalai Lama was “an internationally respected religious leader”.
“He’s a spokesman for Tibetan rights. The president looks forward to an engaging and constructive meeting,” he said.
“We think we have a mature enough relationship with the Chinese that we can agree on mutual interests, but also have a mature enough relationship that we know the two countries are not always going to agree on everything.”
China reacted quickly to the announcement through its Foreign Ministry spokesman Ma Zhaoxu.
“We firmly oppose the Dalai Lama visiting the United States and US leaders having contact with him,” Mr Ma said.
“We urge the US side to fully understand the high sensitivity of Tibet-related issues, and honour its commitment to recognise Tibet as part of China and to oppose ‘Tibet independence’,” he added.
“China urges the US… to immediately call off the wrong decision of arranging for President Obama to meet with the Dalai Lama… to avoid any more damage to Sino-US relations.”
China, which took over Tibet in 1950, considers the Dalai Lama a separatist and tries to isolate the spiritual leader by asking foreign leaders not to see him.
The Dalai Lama fled Tibet in 1959 after a failed uprising against Chinese rule and has since been living in India.
Tense ties
The US has already moved carefully on the issue. Mr Obama avoided meeting the Dalai Lama in Washington last year ahead of his own first state visit to Beijing.
But on that trip he told his Chinese hosts his meeting with the revered Tibetan Buddhist leader would go ahead.
The meeting this month will take place in the White House Map Room, not the symbolic surroundings of the Oval Office, where Mr Obama normally meets foreign leaders and VIP guests.
President George W Bush also met the Dalai Lama at the White House.
The planned meeting comes soon after China expressed strong displeasure at the sale of $6.4bn (£4bn) worth of US weapons to Taiwan.
Beijing regards Taiwan as a Chinese territory to be reunified by force if necessary.
Another source of tension is internet censorship, following the announcement by the search giant Google that it might pull out of China following what it said had been a “sophisticated and targeted” cyber attack from inside the country.
However, the US wants Chinese support in the United Nations regarding sanctions against Iran over its nuclear programmes.
Mr Obama has also given signs of getting tougher on the long-standing dispute over China’s currency, which some traders feel is kept artificially strong.
The US aircraft carrier, the USS Nimitz, is scheduled to visit the former British territory of Hong Kong next week. China has refused permission to similar visits in the past but appears to be allowing this one to go ahead so far.
State Department spokesman PJ Crowley said the visit was an important part of the US “outreach and engagement with the Chinese people” as well as a a key element of the military-to-military relationship.
Feb 12
Times Enemyrants and raves politics, racism, rants
I have never been a proponent of Black History Month. I believe in true equality. Celebrating “Black” History Month is an astounding display of racism. I defy the “black community” to promote a White History Month, or a “Native American Month,” or some other “race.” It simply will not happen any time soon, at least not until the “black community” gets the chip off its shoulders.
As far as that is concerned, the term Native American holds some logical truth to it. Whereas, terms such as “African American,” or “Mexican American” or other such racist labels are mostly complete nonsense.
How dare you put any other continent, country or creed in front of American! Shame on you! Have some pride in the greatest country on this planet, the same one in which you call home … or do you?
Second, most “African Americans” have never even been to Africa! I have met many Africans who have moved to America, this group may be able to claim this racist title of “African American,” but even then, if they want to go this route, they should reconsider why they are here.
Need i mention the growing population of “Mexican Americans” who do not speak Spanish?
Blah, blah, blah reverse racism must be a right of some sort … God bless America.
Feb 11
Times EnemyChina, security China, insecure news, politics
China Risks Backlash With Iran Sanction Refusal
Thursday, February 11, 2010
BEIJING — China’s refusal to sign on to new sanctions against Iran risks prompting a backlash affecting its increasingly complex interests abroad, experts say.
Recent remarks by President Barack Obama citing China’s opposition, and unusually tough talk from Russia — long a sanctions skeptic — has spotlighted Beijing’s refusal to back such steps as a way of pressuring Iran over its nuclear program.
Nikolai Patrushev, the chief of Russia’s Security Council, said Tuesday that Iran’s recent actions “have raised doubts among other nations, and these doubts are quite well-founded.” His comments appeared to indicate that Russia is increasingly warming up to the U.S. sanctions push.
The U.S. and France said Iran’s announcement that it would enrich uranium to 20 percent left no choice but to push harder for a fourth set of U.N. Security Council sanctions to punish Iran’s nuclear defiance. Iran said Tuesday it had started enrichment under U.N. supervision.
However, China — which relies on Iran for energy supplies — maintains that now isn’t the right time to discuss such measures and that the door to negotiations with Tehran remains open. As a permanent member of the Security Council, along with the U.S., Russia, Britain and France, China is in a position to veto any new measures.
The opposition is part of an increasingly assertive — even aggressive — Chinese diplomacy that is drawing growing concern from Washington and in Europe.
Among steps taken, Beijing this month threatened to withhold cooperation on international issues of concern to the U.S. in retaliation over Washington’s approval of a $6.4 billion arms sale to Taiwan, the self-governing island that China considers a part of its territory.
Western analysts warn, however, that such a stance risks denting China’s international reputation, damaging relations with the European Union, and triggering muscular reprisals from Washington, for whom the Middle East is a foreign policy linchpin.
Among possible responses, Washington could decide to sell Taiwan even more weaponry, such as fighter aircraft that the island has requested, wrote Ralph Ralph Cossa, president of the Pacific Forum CSIS think tank, in a a recent foreign policy brief
Meanwhile, Washington could dial back its willingness to ensure Chinese interests in Iraqi oil contracts and Afghan copper mining if Beijing is seen as obstructing U.S. efforts on the crucial Middle Eastern diplomatic landscape, said Georgia Tech expert John Garver.
“How can Beijing expect the U.S. to respect China’s interests, when Beijing violates U.S. vital interests?” Garver said.
World powers fear the Iranian nuclear program might be a cover for building atomic weapons. Iran says the program is peaceful and aims to generate power for its growing population.
Conflict over Iran would almost certainly send world oil prices soaring, inflicting pain on China’s economy at a time when the government is spending hundreds of billions of dollars to stimulate growth. If the U.S. and others were to deploy sanctions on their own, Chinese companies that deal with Iran could find themselves barred from business in other nations.
China depends on oil- and gas-rich Iran for 11 percent of its energy needs and last year became Tehran’s biggest trading partner, according to Iranian figures. Trade volume reached at least $36.5 billion, the Iran-China Chamber of Commerce reported, with Iran mainly importing consumer goods and machinery from China and exporting oil, gas, and petrochemicals.
Chinese companies also have major investments in Iranian energy extraction and the construction of roads, bridges and power plants.
Beijing’s main concern over sanctions is that they will go too far, ultimately harming those economic ties, said Yin Gang, an expert on Iran at the Chinese Academy of Social Sciences.
“China has economic and trade relations with Iran, so it’s natural that China would not want to see regional security and its own national interests affected due to excessive sanctions,” Yin said.
In addition, Beijing believes past measures to punish Iran have been largely ineffective, said retired diplomat Hua Liming.
“China and the international community have all seen that the sanctions have not changed Iran’s decision to carry on the nuclear program,” Hua said.
“On the contrary, sanctions will take the already complex and tense situation in the Middle East to a more dangerous stage, which is something China does not wish to see,” he said.
Feb 10
Times Enemysecurity insecure news
Hacker ‘Mudge’ gets DARPA job
February 10, 2010 4:00 AM PST
by Elinor Mill
Peiter Zatko–a respected hacker known as “Mudge”–has been tapped to be a program manager at DARPA, where he will be in charge of funding research designed to help give the U.S. government tools needed to protect against cyberattacks, CNET has learned.
Zatko will become a program manager in mid-March within the Strategic Technologies Office at DARPA (Defense Advanced Research Projects Agency), which is the research and development office for the Department of Defense. His focus will be cybersecurity, he said in an interview with CNET on Tuesday.
One of his main goals will be to fund researchers at hacker spaces, start-ups, and boutiques who are most likely to develop technologies that can leapfrog what comes out of large corporations. “I want revolutionary changes. I don’t want evolutionary ones,” he said.
He’s also hoping that giving a big push to research and development will do more to advance the progress of cybersecurity than public policy decisions have been able to do over the past few decades.
“Not much has changed” with regard to strengthening the U.S. cybersecurity position, he said. “As a society, we have a larger dependence on being wired in, yet the government only focuses on particular areas.”
The connectedness of commercial, government, and military networks makes the situation even more dire, he said. “I’m going to argue that they’re all pretty much intertwined now and we’ve seen how vulnerable some of those sectors are now. That’s unacceptable,” Zatko said. “I aim to fix that.”
The current state of technology isn’t working adequately, for the government or commercial companies, he said. For instance, the current defense mechanisms need to change so they can block attacks, instead of responding to them, he added.
“I don’t want people to be putting out virus signatures after a virus has come out,” he said. “I want an active defense. I want to be at the sharp pointy end of the stick.”
Zatko cut his security chops as a teen-age hacker in the 1980s and managed to stay one step ahead of the law. He ran the L0pht hacker space during the 1990s, where he invented anti-sniffing technology that became the first remote promiscuous system detector used by the Defense Department. He also pioneered work on buffer overflows, which are a basis for many computer network attacks.
“L0pht turned the industry on its head,” he said. “You didn’t have security response teams at major organizations like Microsoft or Intel until we came along.”
He started the corporate information security group at BBN Technologies in the 1990s, was chief executive at L0pht Heavy Industries when the hacker space decided to incorporate, and founded security consultancy @Stake, which was later acquired by Symantec. Since 2004, he’s been back at BBN, working as division scientist and technical director for the company’s National Intelligence Research and Applications department.
Zatko has also done his fair share of work for the government. He was appointed to the Information Assurance sub-committee out of the Executive Office of the President, named as a subcommittee member to the Partnership for Critical Infrastructure Protection and testified several times before Congressional committees. The main hacker character in the book Breakpoint by former U.S. cybersecurity guru Richard Clarke is believed to be based on him.
He’s not the only self-described hacker to embrace public service. Jeff Moss, founder of the Black Hat and Defcon conferences, joined the Homeland Security Advisory Council last summer.
One of the reasons Zatko decided to take the job is that the new DARPA director, Regina Dugan, is entrepreneurial and is looking to engage more with academics, following years of DARPA being closed to nongovernmental researchers for national security reasons, he said. “Now they are running more programs out of DARPA that are not classified beyond what they need to be, so it will enable more people to have visibility into them,” he added.
Another lure of the job was the budget he will have. Zatko said he doesn’t know exactly how much of the $3.5 billion a year DARPA spends to fund research he will oversee but said it’s likely to be a “good chunk.”
From his many years doing penetration testing and working to break security systems, he understands what it takes to try to defend networks and how to come up with innovative solutions to break through barriers and get around obstructions.
“I’ve got a track record of doing novel things on both the offense and defense side,” he said. “In the commercial world I wasn’t able to take those to fruition because often the market drivers and the money drivers were at odds. You don’t want to put yourself out of business. But now, I want to put myself out of business.”
Feb 10
Times EnemyChina, security China, insecure news, ISN
‘Aurora’ Attacks Still Under Way, Investigators Closing In On Malware Creators
Researchers find ‘markers’ associated with authors of Aurora malware used in attacks against Google, others
Feb 10, 2010 | 02:27 PM
By Kelly Jackson Higgins
DarkReading
The targeted attacks that hit Google, Adobe, and other U.S. organizations are still ongoing and have affected many more companies than the original 20 to 30 or so reported by Google and others.
Security experts who have worked on forensics investigations and cleanup of the victim organizations from the attacks that originated out of China say they are also getting closer to identifying the author or authors of the malware used to breach Google and others.
“The attack called Operation Aurora is larger than just [the attacks acknowledged at the] 30 companies. That attack is still in operation and is much larger,” says Greg Hoglund, founder and CEO of HBGary, which today published a report on Operation Aurora that recaps where things stand with the investigation.
He and other forensics firms say they have no direct evidence implicating the Chinese government in the Aurora attacks, but that doesn’t mean other investigators or officials have it and just aren’t sharing it publicly, Hoglund says. HBGary has found trails left behind in the Aurora code by its creators that are “very specific to the developer who compiled the malware,” Hoglund says, and it has Chinese language ties.
HBGary has identified registry keys, IP addresses, suspicious runtime behavior, and other data about the Aurora malware and its origins using the firm’s latest analysis tool, he says.
Hoglund says HBGary was able to identify “markers” specific to the way the Aurora developer wrote the malware. But he says his firm did not include this in its new report. “This is not in the report because we don’t want him to know what we know about his coding,” he says. “[It] is algorithmic in nature.”
The Aurora “knock-off” malware based on the publicly released Aurora IE exploit and Metasploit’s Aurora exploit wouldn’t carry these markers, he says, so investigators would be able to identify whether it was from the same attacker or attackers that hit Google, Adobe, and others.
“We’re really just getting started in tracing him,” Hoglund says.
Kevin Mandia, CEO of forensics firm Mandiant, also says his firm’s investigators are getting close to exposing the creators of the Operation Aurora malware. “We feel like we know a couple of them in their coding — we recognize their trademarks … down to the person.”
Mandiant, which has been in the business of investigating these targeted, persistent attacks — also known as advanced persistent threats (APTs) — has seen the handiwork of these groups of attackers before. “The groups behind these [Aurora] attacks have hacked hundreds of companies” in previous targeted attacks, Mandia says. “At one time we saw over 200 victim [organizations hit by targeted attacks],” he says.
He says attacks that steal intellectual property typically funnel the goods via IP addresses based in China. But Mandia says he doesn’t know if the Chinese government is involved in the recent attacks or other APT attacks, though some trends with these attacks raise questions. “We see patterns that just make us curious. If you’re doing merger and acquisition work in China, you’re targeted,” Mandia says. “We’ve seen when we respond to client sites [that were attacked] a lot of legal counsel, external counsel, and C-level executives [targeted] in M&A with China.”
Meanwhile, HBGary today released a free tool for downloading that scans and removes the Aurora malware from Windows machines. Hoglund calls it an “inoculation shot.”
Still, Hoglund and other security experts note that the attackers didn’t use only the Internet Explorer 6 exploit. One source with knowledge of the attacks says the attackers aren’t using just phishing emails to deliver their exploits, either. “I know they are not” relying on just the IE exploit via email, the source says.
About 80 percent of APT attacks use custom malware, Mandia says. “We recently took over 1,800 programs we’ve collected since 2008 that are all part of APT … and ran it through AV, and only 24 percent of the malware triggered antivirus,” he says. “Over a year ago, none of it was triggering AV.”
Mandia says that while some Aurora and other APT victims continue to be hammered by attackers sending new malware variants to the already-infected machines, these types of targeted attacks aren’t letting up. “There’s just another patch of victims somewhere else now,” Mandia says.
“Aurora is a wake-up call,” says Peter Schlampp, vice president of marketing and product management for forensics firm Solera Networks. “Companies are waking up to the fact that they’ve under-invested in the area of security around surveillance and monitoring and forensics to get to the bottom of what happened.”
Feb 09
Javiersite news SEOMire.com
SEO Spam article archived on SEO Mire.com. I wanted to archive the article, but since it was from 2006 it immediately disappears. This post should nudge some SE’s as to its existence.
Feb 09
Times EnemyChina China, insecure news, ISN, spying
Dongfang "Greg" Chung leaves Federal Courthouse in Santa Ana in 2009
Chinese-born engineer gets 15 years in spying for China
Dongfan ‘Greg’ Chung, who worked with Boeing and Rockwell International, was accused of providing information on the space shuttle and Delta IV rocket.
By Patrick J. McDonnell
February 9, 2010
A Chinese-born aerospace engineer who had access to sensitive material while working with a pair of major defense contractors in Southern California was sentenced Monday to more than 15 years in prison for acquiring secret space shuttle data and other information for China.
U.S. District Judge Cormac J. Carney in Santa Ana imposed a 188-month prison term on Dongfan “Greg” Chung, 73, a naturalized U.S. citizen who lives in Orange.
Carney declared that he could not “put a price tag” on national security and sought to send a signal to China to “stop sending your spies here,” according to the U.S. attorney’s office.
Chung, who worked at Boeing’s Huntington Beach plant, denied being a spy and said he was gathering documents for a book, not for espionage. His attorneys argued that much of the material was already available on the public record.
At his sentencing, Chung professed his love for the United States, even as prosecutors depicted him as a spy who would compromise U.S. national security.
“Giving China advanced rocket technology is not in the United States’ national interest,” said Assistant U.S. Atty. Greg Staples. “There is a voracious appetite for U.S. technology in China.”
Whether loyalty to his homeland or financial gain was Chung’s motive remained unclear. The case is one of a number of prosecutions that have shed light on alleged Chinese efforts to gain access to U.S. technology and research through espionage.
Chung was the first suspect tried with attempting to help a foreign nation under the terms of the 1996 Economic Espionage Act, passed to help prevent pilfering of sensitive economic information. Chung chose to have the case heard by the judge rather than a jury.
Chung was convicted last year on charges of economic espionage and acting as an agent for more than three decades while employed by Rockwell International and Boeing Co.
When Chung was convicted, Carney said the case revealed Chung’s “secret life” as a “spy” for China. The case against him arose from an investigation into another engineer, Chi Mak, who worked in the United States and obtained sensitive military information for China. Mak and several relatives were convicted of providing defense information to China, the U.S. attorney’s office said. Carney sentenced Mak to more than 24 years in prison in 2008.
Federal authorities said Chung stole restricted technology and trade secrets, including data related to the space shuttle and the Delta IV rocket.
“This case demonstrates our resolve to protect the secrets that help protect the United States, as well as the important technology advancements developed by scientists working for companies that provide crucial support to our national security programs,” acting U.S. Atty. George S. Cardona said Monday in a statement.
Chung held a “secret” security clearance when he worked at Rockwell and Boeing on the space shuttle program, authorities said. He retired in 2002 but the next year returned to Boeing as a contractor, a position he held until September 2006, the U.S. attorney’s office said.
Between 1985 and 2003, Chung made trips to China to deliver lectures on technology involving the space shuttle and other programs, the government said. During those trips, Chung met with Chinese government officials, including military agents, U.S. authorities said.
patrick.mcdonnell@latimes.com
Copyright © 2010, The Los Angeles Times
#---------------------
Read the SACR 08-00024-CJC Memorandum of Decision, taken from fas.org.
#---------------------
US jails Beijing’s space science spy Greg Chung Dongfan
February 10, 2010 12:00AM
LOS ANGELES: A Chinese-born aerospace engineer has been jailed for more than 15 years after being convicted of selling technology related to the US space shuttle program to China.
Greg Chung Dongfan, 73, was convicted last year of stealing trade secrets from Boeing and Rockwell during a three-decade career in which he was also working as a Chinese agent, a justice department statement said yesterday.
Federal judge Cormac Carney jailed Chung for 188 months at a hearing in Santa Ana, outside Los Angeles, telling the former engineer it was not possible to “put a price tag” on national security.
Judge Carney said the stiff sentence was intended to send a message to the Chinese government: “Stop sending your spies here.”
Chung was found guilty of conspiracy to commit economic espionage, six counts of economic espionage to benefit a foreign country, one count of acting as an agent of the People’s Republic of China and one count of making false statements to the FBI.
A native of China and a naturalised US citizen, Chung held a “secret” security clearance when he worked at Rockwell and Boeing on the space shuttle program, according to prosecutors.
He retired from the company in 2002 and returned to Boeing as a contractor the following year until 2006.
Prosecutors alleged Chung stole Boeing trade secrets relating to the shuttle and the Delta IV rocket.
“Mr Chung betrayed his adopted country and endangered our national security,” acting US attorney George Cardona said.
“This case demonstrates our resolve to protect the secrets that help protect the United States, as well as the important technological advancements developed by scientists working for companies that provide crucial support to our national security programs.”
The case against Chung was uncovered during an investigation into another Chinese espionage case involving the sale of sensitive military information to China.
AFP
Feb 08
Times Enemysecurity China, insecure news, politics
China Flag Patch
The poor souls at Black Hawk Safety Net had to be in the Chinese radar at a time when China needs to act tough. I say “act,” because that is pretty much what China is doing. Again, anyone who has been keeping an eye on China’s forays into cyberwarfare activities can easily spot this pathetic tough-guy stance China seems to be taking. From my perspective this is politics, smoke and mirrors.
Fast Company mentions if this one site has such a huge audience that there must be other sites like it still in operation. As ironic as it may seem, some quick Google searches will sift some of these out.
If you are bored, it is sometimes fun to read DNS records and the likes … 3800cc.com.
China is going to continue to act like the little kid who knows they were caught doing something wrong but is hoping they can fake it long enough for people believe their innocence. Which is to say, publicly, China will be in forced denial, an all too common tactic used in international relations.
A question which has been bouncing around my head is why is the media so surprised by this whole Google-China deal? This level of ignorance reminds me of nearly a decade ago when the American public was surprised by the terrorist attacks of September 11th.
Feb 04
Times EnemyChina, news, security China, insecure news, news, Taiwan
Google Asks Spy Agency for Help With Inquiry Into Cyberattacks
By JOHN MARKOFF
Published: February 4, 2010
SAN FRANCISCO — Google has turned to the National Security Agency for technical assistance to learn more about the computer network attackers who breached the company’s cybersecurity defenses last year, a person with direct knowledge of the agreement said Thursday.
The collaboration between Google, the world’s largest search engine company, and the federal agency in charge of global electronic surveillance raises both civil liberties issues and new questions about how much Google knew about the electronic thefts it experienced when it stated last month that it might end its business operations in China, where it said the attacks originated. The agreement was first reported on Wednesday evening by The Washington Post.
By turning to the N.S.A., which has no statutory authority to investigate domestic criminal acts, instead of the Department of Homeland Security, which does have such authority, Google is clearly seeking to avoid having its search engine, e-mail and other Web services regulated as part of the nation’s “critical infrastructure.”
The United States government has become increasingly concerned about the computer risks confronting energy and water distribution systems and financial and communications networks. Systems designated as critical infrastructure are increasingly being held to tighter regulatory standards.
On Jan. 12, Google announced a “new approach to China,” stating that the attacks were “highly sophisticated” and came from China. At the time, it gave few details about the attacks other than to say that a theft of its intellectual property had occurred and that a primary goal of the attackers had been to gain access to the Gmail accounts of Chinese human rights activists.
In reaching out to the N.S.A., which has extensive abilities to monitor global Internet traffic, the company may have been hoping to gain more certainty about the identity of the attackers. A number of computer security consultants who worked with other companies that experienced attacks similar to those of Google have stated that the surveillance system was controlled from a series of compromised server computers based in Taiwan. It is not clear how Google determined that the attacks originated in China.
A Google spokeswoman said the company was declining to comment on the case beyond what it published last month. An N.S.A. spokeswoman said, “N.S.A. is not able to comment on specific relationships we may or may not have with U.S. companies,” but added, the agency worked with “a broad range of commercial partners” to ensure security of information systems.
The agency’s responsibility to secure the government’s computer networks almost certainly was another reason Google turned to it, said a former federal computer security specialist.
“This is the other side of N.S.A. — this is the security service that does defensive measures,” said the specialist, James A. Lewis, a director at the Center for Strategic and International Studies. “It’s not unusual for people to go to N.S.A. and say ‘please take a look at my code.’ ”
The agreement will not permit the agency to have access to information belonging to Google users, but it still reopens long-standing questions about the role of the agency.
“Google and N.S.A. are entering into a secret agreement that could impact the privacy of millions of users of Google’s products and services around the world,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a Washington-based policy group. On Thursday, the organization filed a lawsuit against the N.S.A., calling for the release of information about the agency’s role as it was set out in National Security Presidential Directive 54/Homeland Security Presidential Directive 23 , a classified 2008 order issued by President George W. Bush dealing with cybersecurity and surveillance.
Concerns about the nation’s cybersecurity have greatly increased in the past two years. On Tuesday, Dennis C. Blair, the director of national intelligence, began his annual threat testimony before Congress by saying that the threat of a crippling attack on telecommunications and other computer networks was growing, as an increasingly sophisticated group of enemies had “severely threatened” the sometimes fragile systems behind the country’s information infrastructure.
“Malicious cyberactivity is occurring on an unprecedented scale with extraordinary sophistication,” he told the committee.
The relationship that the N.S.A. has struck with Google is known as a cooperative research and development agreement, according to a person briefed on the relationship. These were created as part of the Federal Technology Transfer Act of 1986 and are essentially a written agreement between a private company and a government agency to work together on a specific project. They are intended to help accelerate the commercialization of government-developed technology.
In addition to the N.S.A., Google has been working with the F.B.I. on the attack inquiry, but the bureau has so far declined to comment publicly or to share information about the intrusions with Congress.
Jan 31
Times EnemyChina, security China, insecure news
China bugs and burgles Britain
A restricted report by the security service MI5 describes how China has attacked UK companies in a concerted hacking campaign
David Leppard
From The Sunday Times January 31, 2010
THE security service MI5 has accused China of bugging and burgling UK business executives and setting up “honeytraps” in a bid to blackmail them into betraying sensitive commercial secrets.
A leaked MI5 document says that undercover intelligence officers from the People’s Liberation Army and the Ministry of Public Security have also approached UK businessmen at trade fairs and exhibitions with the offer of “gifts” and “lavish hospitality”.
The gifts — cameras and memory sticks — have been found to contain electronic Trojan bugs which provide the Chinese with remote access to users’ computers.
MI5 says the Chinese government “represents one of the most significant espionage threats to the UK” because of its use of these methods, as well as widespread electronic hacking.
Written by MI5’s Centre for the Protection of National Infrastructure, the 14-page “restricted” report describes how China has attacked UK defence, energy, communications and manufacturing companies in a concerted hacking campaign.
It claims China has also gone much further, targeting the computer networks and email accounts of public relations companies and international law firms. “Any UK company might be at risk if it holds information which would benefit the Chinese,” the report says.
The explicit nature of the MI5 warning is likely to strain diplomatic ties between London and Beijing. Relations between the two countries were damaged last month after China’s decision to execute a mentally ill British man for alleged drug trafficking.
Earlier this month the United States demanded that China investigate a sophisticated hacking attack on Google and a further 30 American companies from Chinese soil.
China has occasionally attempted sexual entrapment to target senior British political figures. Two years ago an aide to Gordon Brown had his BlackBerry phone stolen after being picked up by a Chinese woman who had approached him in a Shanghai hotel disco.
The report says the practice has now extended to commercial espionage. It says Chinese agents are trying to cultivate “long-term relationships” with the employees of key British companies: “An undercover intelligence officer may try to develop a friendship or business relationship, often using lavish hospitality and flattery.
“Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurise individuals to co-operate with them.”
The warning to British businessmen adds: “Hotel rooms in major Chinese cities, such as Beijing and Shanghai, which are frequented by foreigners, are likely to be bugged … hotel rooms have been searched while the occupants are out of the room.”
It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.”
China has repeatedly denied spying on Britain and the West. Its London embassy did not comment.
In 2007 Jonathan Evans, the director-general of MI5, had written privately to 300 chief executives of banks and other businesses warning them that their IT systems were under attack from “Chinese state organisations”.
There have been unconfirmed reports that China has tried to hack into computers belonging to the Foreign Office, nine other Whitehall departments and parliament.
Last year a report by Whitehall’s joint intelligence committee said China may be capable of shutting down critical services such as power, food and water supplies. But the latest document is the most comprehensive and explicit warning to be issued by the UK authorities on the new threat. Entitled The Threat from Chinese Espionage, it was circulated to hundreds of City and business leaders last year.
The growing threat from China has led Evans to complain that his agency is being forced to divert manpower and resources away from the fight against Al-Qaeda. His lobbying helped to prompt the Cabinet Office to set up the Office of Cyber Security, which will be launched in March.
Jan 29
Times Enemysecurity insecure news, power plants
A Daily Tech article reports Power Plants Report Increase of Foreign-Based Attacks.
The article is below:
Power Plants Report Increase of Foreign-Based Attacks
Michael Barkoviak – January 29, 2010 6:20 AM
Cyber attacks against power plants and other vital infrastructure may be higher than previously believed
A new study [PDF] that interviewed power plant operators and other “critical infrastructure” indicates more than 50 percent of all U.S. power plants have had to deal with an increase in cyber attacks.
Security company McAfee funded the research, speaking with 600 IT managers and executives from 14 different nations.
Around 54 percent of those interviewed said some type of network “stealthy infiltration” took place, with the same number of executives noting they faced massive denial-of-service attacks on their networks at one point in time.
The threat of cyber attacks scare most computer users to be worried about potential data and bank theft — but security experts and government analysts note cyber attacks could be a national security issue as well.
Brazil had several high-profile blackouts in late 2009, which allegedly are tied to cyber attacks against the country’s IT infrastructure. Brazilian officials denied cyber terrorism caused the outages, but it’s a major issue now that the 2016 Summer Olympic Games will be held in Rio de Janeiro.
The threat of cyber attacks are even more serious now with China, North Korea, and Russia either hiring hackers directly to launch attacks, or are funneling money to hacker groups.
These types of issues will be handled by Howard Schmidt, President Barack Obama’s hand-picked cyber czar, who will worth with security experts in an effort to keep the country safe from state-sponsored attacks.
The FBI and Secret Service also are attempting to combat cyber terrorism, especially if the attack appears to be coordinated by a foreign government.
Jan 28
Times Enemysecurity insecure news, nmap, open source, port scanning
Did I mention there was an update? Bug fixes are good, but a little annoying at times. Check out the changelog since 5.20.
To download nmap check out the same bat url.
Jan 28
Javiersite news SEOMire.com
For a while the idea of leaving SEOMire.com a pure SEO site, or to allow various types of posts to be published here has been tossed around. It is frustrating to me, and must be to anyone reading this blog, to have so few posts to read, especially about SEO. So, after pondering the pro’s and con’s, the decision to open SEOMire.com up to “other topics” was made.
It is hoped that this decision is looked upon as an improvement to SEOMire.com rather than otherwise.
Older Entries Newer Entries
RSS