Category Archives: Cyber Study

Cyber Revenge Against Japan?

The world has grown wearily accustomed to the concept of cyberspace being mankind’s newest battleground. So while the Japanese defence establishment was understandably unsettled by the recent cyber attacks against arms company Mitsubishi Heavy Industries (MHI)—which first occurred in August but were only disclosed this week—the phenomenon will have struck governments and corporations that have experienced similar attacks as nothing particularly new.

The specifics of the attack on MHI and other Japanese entities remain unclear. While the Japanese media has attempted to trace the attack back to China—the usual suspect in these cases—its origin has not been publicly confirmed. Certainly, Beijing denied that it was involved, as it always does, despite admitting earlier this year to the existence of a PLA cyber warfare unit known as the Blue Army.

via Cyber Revenge Against Japan? | Flashpoints.


Glass Dragon: China’s Cyber Offense Obscures Woeful Defense | threatpost

Contrary to the image of China as a nearly invincible cyber powerhouse, Beresford says in an interview with Threatpost Editor Paul Roberts, that the fast-growing nation suffers from woeful cyber security practices at home that leave, literally, thousands of networks and databases vulnerable to even trivial, remote attacks. Beresford, who publicized holes in domestic Chinese SCADA systems in


Dillon Beresford Security Consultant


September, 2010, said the country’s aggressive cyber offense abroad, he said, is in stark contrast to an almost total lack of basic cyber defense at home that has left both classified and unclassified government networks vulnerable to attack and compromise.

Dillon Beresford, a security researcher

via Glass Dragon: China’s Cyber Offense Obscures Woeful Defense | threatpost.

Cyber War Games: U.S. Versus China



Cyber warfare is one form of espionage that is currently being waged between the U.S. and China. In the event of a full-scale conflict, how would this war be fought, and who would win the war? – David Wise (of big think) an intelligence expert does an excellent job of explaining the 5th Battlefield CyberSpace.  David explains who has an upper hand in this US vs China Cyberspace battle. The United States is well aware of it’s own vulnerable infrastructure our electric grid, our communication networks and aviation grid. We as other governments are a highly industrialized society. China is becoming more and economic power so they in turn are vulnerable. China has been involved in hacking over 33 different companies in the US. The US is doing some of it’s own hacking we we don’t hear about it because were dam good.  (The State department released that CHina’s SCADA system has major security problems).

David does make it clear that we don’t know who these hacker are sometimes a kid playing in his bedroom or a national government in Estonia making belive there in CHina or any other place. It easy to hide in the internet. This makes it difficult to say “Yes” it the Chinese government doing this and that we can’t be sure. David and I agree that dealing with China a communist country is difficult. China is a growing economic power base it need Cyberspace to grow. China is enjoying the money and its need to keep the Internet open to do business, this will also enable it’s people to become free in cyberspace.

This is an excellent Video David Wise is great. –my 2 cents- gatomalo

big_Think Youtube Channel See More >

Made in China has a new meaning – Trojan IC Chips that allow Cyber Attack.

By     – July 9, 2011

Department of Homeland Officials acknowledge on Thursday that some foreign-made components in American electronics devices have been found to be pre-design to allow cyber-attacks.

After repeated questioning by Rep. Jason Chaffetz, R-Utah, Schaffer admitted that officials are aware of such tampering. The question of so-called “supply chain” security is controversial, given that many electronic components are manufactured overseas, but it is still unclear how pervasive the problem may be.

“Counterfeit products have created the most visible supply problems, but few documented examples exist of unambiguous, deliberate subversions,” the White House’s Cyberspace Policy Review says.

As corporations send more  manufacturing to China the Chinese are putting a little something extra in our electronic devices like “Trojan Chips” that spoofs our security. Vulnerabilities could be introduced in the course of manufacturing equipment or create counterfeit goods. This vulnerability is more dangerous because it’s hardwired into the physical infrastructure. If computer servers and routers that run our internet have these “Trojan Chips” installed all the security measures you throw at it is worthless the back door is wide open.

China and Cybersecurity: Trojan Chips and U.S.–Chinese Relations May 5, 2011

Now imagine these servers and routers installed in our banks, power grids, governments and our phones-communications infrastructure. The country that operates these devices can at anytime confuse them and watch everyone go crazy or just turn them off. If my daughter cannot use her cell phone which is glued to her hand she would go crazy. If somebody can turn off or scramble the routers that control the financial district in lower Manhattan Wall Street would be in shambles and so would the world financial services all over the world.

How can we fight this problem, simple put America back to work we need to do our own manufacturing especially in high technology sector. Before (10 years ago) we controlled the knowledge but other countries like China,Russia and others have stolen the technology and some have a good manufacturing base thanks to US companies and tax payer.

Our government needs to tax and go after the companies that allow profits to come before our country’s citizens safety and security. Despite the risk, the White House plan does not aim to blame specific suppliers. “A broad, holistic approach to risk management is required rather than a wholesale condemnation of foreign products and services,” it recommends.

Schaffer was one of four top administration officials on hand Thursday to testify about the White House policy proposal, which calls for more information-sharing between private industry and government agencies and modifying the Federal Information Security Management Act to require continuous monitoring of government networks.

Ranking member Elijah Cummings, D-Md., voiced concern that the information-sharing provision could open the door to abuse.

“I agree that we should encourage information-sharing between industry and government, but we also have to be careful that personally identifiable information is appropriately protected and shared with the government only when necessary,” Cummings said. Cummins also said  “It is important that the official responsible for implementing FISMA [the Federal Information Security Management Act] have the authority to task all civilian departments and agencies with implementation of the federal security standards,”

I love Elijah Cummings, D-Md but FISMA should be the baseline of government cyber security policy. On top of that we need the help of our citizen cyber warriors to step up to the plate and help America. One thing that China does right is it


Nationalize it’s Cyber Groups to help China. We need to do a better job with our hackers like Anonymous and #antisec there are people in those groups that will help our government if we simply ask them. It’s kinda nice to be respected for what you know and do these people have no university degree’s they learn on their own and I respect that. These cyber warrior are our future, so let’s treat them a little better. I may not agree with them on some points but I agree that if you do not protect your users information you need a wake up call to do the legal and right thing and spend the money and protect  your customers information (DATA). Hay I hear that there are a lot of people unemployed – put America back to work as Cyber Warrior – America what a wonderful country I love it.


Chinese Cyber Blue Team is Here to Stay | China’s economic development and social stability

The Chinese PLA (Peoples Liberation Army) now has a cyber “Blue Team” that can use cyber space as the new frontier for warfare.

The US and China defense policies are changing. The (Cyber Blue Team, 2011) is based in Jinan, China where there are 12 Universities and a high tech zone and boast 6 million people. It’s also the headquarter of the PLA. The squad is aimed at carrying out attacks on other countries Internet. (Li Li, 2011), a military expert at the National Defense University said, “China’s Online Blue Army is currently at its fledging period.  (Zhang Shaozhong, 2011), a military expert from the PLA said, “Just like the army and air forces, the ‘online blue army’ is a historical necessity. The reason is very simple. “We must adapt to the new types of warfare in the information era. The ‘online blue army’ is of great strategic significance to China’s economic development and social stability,” Teng Jianqun, a research fellow at the China Institute of International Studies, said.

The Internet has the potential to transform Chinese  (Jones E-Library, 2011) society and politics. Cyber Space is the next front lines for military operations.

Consider the US (US cyber attack Iraq, 2003) prior to invasion the US froze Saddam Hussein’s bank account and disable the country’s financial and communication system before a shot was ever fired. Cyber Warfare is a first strike capabilities weapon and it can be a deterrent if used wisely. China wants’ to be able to do the things it’s cyber brothers can do and who could blame them. The truth be told China has a bad cyber infrastructure and we are hacking them all the time. DHS (disclosed china secrets, 2011) the US told the world that China had some major security holes. Now the whole hacking communities (lulzsec and anonymous) know about China’s problems. This is a shot at the bow of the Chinese government to stop hacking the US or we are going to hack you.

It is a fact that Russia and others are quietly going about cyber intelligence and espionage but they are good so nobody hears about them but they are out there. When China get’s it’s Cyber Blue Team going strong we will not hear a sound about China then the Cyber warfare has really started and there is no way back. The Internet is here to stay and to government like China this an essential weapon to be a world player in cyber space.



Chinese Hacker-CYber Timeline: June 23, 2011

Created by: veteran4life:-

This timeline covers almost all of 2010 – to get a full up to date time-line email me : This time-line opened my eye’s and helped connect the dots like 2003 Microsoft opens up source code to China (Titan Rain-starts part of Moonlight Maze operations-) to get MS-Office sold. The Chinese do not like any code that they did not create, all code has back-doors and the west will use it to destroy China, or so goes the Chinese paranoia. – Cyber Chronology


Chinese Hacker-Cyber Timeline 1994 -2010


Major Incident
1994 -1996 Formation, Expansion and Exploration –
  • The Green Army (China’s first hacker group) is formed
  • China Eagle Union’s preliminary web design registered as Chinawill and title “Voice of the Dragon”.
  • Anti-Chinese riots in Indonesia ignites retaliation from Chinese hackers and provide the catalyst for the creation of the “Red Hacker Alliance
  • Moonlight Maze – The name Moonlight Maze refers to an incident in which U.S. officials accidentally discovered a pattern of probing of computer systems at The PentagonNASA,United States Department of Energy, private universities, and research labs that had begun in March 1998 and had been going on for nearly two years. Sources report that the invaders were systematically marauding through tens of thousands of files — including maps of military installations, troop configurations and military hardware designs. The United States Department of Defense traced the trail back to a mainframe computer in the former Soviet Union but the sponsor of the attacks is unknown and Russia denies any involvement. Moonlight Maze is still being actively investigated by U.S. intelligence (as of 2003).[1]
  • Cyber conflict between People’s Republic of China’s and Taiwan over “Two State Theory”
  • Commercialism is introduced into the Green Army
  • August- Taiwanese and Chinese Hacker War- ERUPTS
  • Denial of Nanjing Massacre leads to attack on Japanese web Sites
  • Taiwanese elections spark conflict with mainland hackers
  • November – Chinese Hacktivist threaten DDOS on Taiwan National Day
  • Hacker activity marking the anniversary of the firstSino-US Hacker war squashed by the Chinese government. Chinese hacktivist appear to goUnder Ground.
  • Beginning of “reckless desire” within the alliance the Green Army falls apart from financial disputes
  • Honker Union of China founded by Lion
  • China Eagle Union founded by Won Tao
  • Javaphile founded by CoolSwallow and Blhuang

  • The Red Hacker Alliance attacks Japan over incident
  • The Japanese Web Site hit over Prime ministers visit to controversial monument.
  • April- First “Sino-US Hacker War” erupts after US EP-3 and PLA F-2 Collided and US crew Detained
2002 Attack on Taiwanese company Lite-On by Javaphile


  • Titan Rain – was the U.S. government‘s designation given to a series of coordinated attacks on American computer systems since 2003. The attacks were labeled as Chinese in origin, although their precise nature (i.e., state-sponsored espionagecorporate espionage, or randomhacker attacks) and their real identities (i.e., masked by proxy, zombie computer, spyware/virus infected) remain unknown. The activity known as ‘Titan Rain’ is believed to be associated with an Advanced Persistent Threat.
  • August- Reports of Chinese hackers against Taiwanese government and commercial sites.
  • The Chinese government grants licenses to open Internet cafe chains to just 10 firms, including three affiliated to the Ministry of Culture, one linked to the politically powerful Central Committee of China Youth League and six state-owned telecoms operators.
  • Microsoft opens up source code to China to get MS-Office –


  • Chinese hackers hit Japan government web site over dispute over Diaoyu Island.
  • July Chinese hacker attacks against Taiwan continues
  • November- Media reports of attacks against several US military installations.


  • Honker Union of China reforms
  • December- In early December 2005 the director of the SANS Institute, a security institute in the U.S., said that the attacks were “most likely the result of Chinese military hackers attempting to gather information on U.S. systems.”[1]
  • March- Several attacks from sites in allegedly in China against multiple sites in Japan.
  • August- Media reporting of Chinese Espionage condemned “Titan Rain
  • September- According to media staff in Taiwan National Security Council is targeted via social engineering e-mails.
  • China purchases over 200 routers from an American company, Cisco Systems that allow the government more sophisticated technological censoring capabilities. In October, the governmentblocks access to Wikipedia.


  • British MPs targeted. (Guardian, Smash and Grab, the High Tech Way)
  • June- Chinese hackers strike at Taiwan MoD.
  • July- Media Report US State Department is recovering from a damaging cyber attack
  • August- Official State hostile cyber force have downloaded up to 20tb (Terra Byte = 1024 Gigabytes = 1 Terabyte -20 terabytes of data)
  • August- Claims of Congressional Computers being hacked are made
  • November- US Naval War College computers infrastructure reportedly attacked.
  • January-  a group of former senior Communist party officials in China criticize the internet censorship, warning that it could “sow the seeds of disaster” for China’s political transition.
  • February-  Google agrees to block websites, which the Chinese Government deems illegal in exchange for a license to operate on Chinese soil. The search engine responds to international criticism by protesting that it has to obey local laws.
  • May-  Chinese Internet users encountered difficulties when connecting to Hotmail, Microsoft’s popular email service. Microsoft says the break in service is caused by technical problems, but there is widespread speculation that the incident is linked to state censorship. In the last week of May, Google and many of its services also became unreachable.
  • July-  researchers at Cambridge University claim to have broken through the Great Firewall of China – the government imposed blocks on large portions of the web.
  • November-  the Chinese language version of Wikipedia is briefly unblocked before being shut down again the same month.


  • WASHINGTON —  The Chinese government hacked a noncritical Defense Department computer system in June, a Pentagon source told FOX News on Tuesday.
  • Pentagon investigators could not definitively link the cyber attack to the Chinese military, the source said, but the technology was sophisticated enough that it indicated to Pentagon officials — as well as those in charge of computer security — that it came from within the Chinese government.
  • 2007 German Chancellery compromised and China accused of being the perpetrator. (Der Spiegel, Merkel’s China Visit Marred by Hacking Allegations)
  • 2007 US Pentagon email servers compromised for an extended period. Cost to recover $100 million. Paul, Ryan. “Pentagon e-mail taken down by hackers.” Ars Technica. 22 June 2007 )
  • 2007 Oak Ridge National Laboratory targeted by Chinese hackers (Stiennon, Haephratic Technique Used to Crack US Research Lab)
  • June- OSD (Office of the Secretary of Defense) Computers attacked via malicious e-mail.
  • August- Reports emerge of cyber attacks of Germany.
  • September- Reports emerge of cyber attacks of UK.
  • September- Reports emerge of cyber attacks of NZL (New Zealand).
  • October-US Nuclear Labs targeted by malicious e-mail.
  • December- MI5 Issues warring on Chinese Cyber Attacks
  • January- Hu Jintao, the Chinese president, pledges to “purify” the Internet. He makes no specific mention of censorship, saying China needs to “strengthen administration and development of our country’s Internet culture.”
  • March- access to the LiveJournal, Xanga, Blogger and Blogspot blogging services from within China become blocked. Blogger and Blogspot become accessible again later the same month.
  • June-  American military warn that China is gearing up to launch a cyber war on the US -plans to hack US networks for trade and defense secrets.


  • March- Reports emerge on cyber attacks on Australia.
  • May- Reports emerge on cyber attacks on India.
  • May- Reports emerge on cyber attacks on Belgium
  • May- US commerce Secretary laptop investigation for data infiltration.
  • June- US elections campaign hacking reported.
  • November- Hacking of White House Computers alleged.
  • November- Massive intrusion on NASA systems released.
  • December- French Embassy Web site attacked in protest over meeting with Dali Lama
  • April-  MI5 writes to more than 300 senior executives at banks, accountants and legal firms warning them that the Chinese army is using Internet spyware to steal confidential information.
  • June- Hu Jintao, the Chinese president, makes his first tentative steps online by answering questions on a web forum.
  • August- China faces widespread criticism for Internet censorship in the run-up to the Beijing Olympics. The government surprises critics by lifting some of the restrictions, making the websites of human rights organizations such as Amnesty International accessible for the first time.


  • March- GhostNet – China’s large-scale cyber-spying -China’s global cyber-espionage network GhostNet penetrates 103 countries. A vast Chinese cyber-espionage network, codenamed GhostNet, has penetrated 103 countries and infects at least a dozen new computers every week, according to researchers.
  • 2009 Three largest resource companies in Australia, including Rio Tinto compromised.(Rio Tinto hacked at time of Hu arrest)
  • 2009 Google Aurora attacks target user data and source code. (McAfee blog)
  • April- Compromise of systems across 103 countries by Chinese cyber spies while Chinese govvernment denies invollment in GhostNet.
  • April- Daily attacks reported against German government.
  • April- The Chinese government denies reports of hacking the Australian Prime Ministers e-mail
  • April- Reports emerge of Chinese hackers targeting South Korea official with social engineered e-mail.
  • March-, Bill Gates weighs into the Internet censorship row, declaring that “Chinese efforts to censor the Internet have been very limited” and that the Great Firewall of China is “easy to go around”. His comments are met with scorn by commentators on the web.
  • March-, the government blocks the video-sharing website YouTube after footage appearing to show police beating Tibetan monks is posted on the site.
  • June-, China imposes an information black-outin the lead up to the anniversary of the Tiananmen Square massacre, blocking access to networking sites such as Twitter as well as BBC television reports.
  • June-, China faces a storm of criticism over plans to force all computer users to install Green Dam Internet monitoring software. The plan is dropped in August.
  • June-Lord West, the British security minister,warns that Britain faces the threat of a “cyber cold war” with China amid fears that hackers could gain the technology to shut down the computer systems that control Britain’s power stations, water companies, air traffic, government and financial markets.
  • August-, the US Government begins covertly testing technology to allow people in China and Iran to bypass Internet censorship firewalls set up by their own governments.
  • December-, the government offers rewards of up to 10,000 Yuan (£888) to users who report websites featuring pornography. The number of pornographic searches rockets.



via cyber.amoreswebdesign.com_AmoresWebDesign -Cyber BlogAmoresWebDesign -Cyber Blog » Cyber Security & Warfare Blog.

Haephrati technique used to crack US research lab | ZDNet

June-2007 – Timeline
Haephrati technique used to crack US research lab | ZDNet.

China Cyber Attack Fallacies

2) Hong Kong (Wharf TT Ltd)

4) Beijing (China Unicom)

Google recently announced a spear phishing campaign that had been going on for over a year and which appears to originate from Jinan, China that targeted the personal Gmail accounts of hundreds of various persons of interest, presumably to the Chinese government.
The proof to support the headline was that Chinese IP addresses were involved. What both Google and Siobhan Gorman, who reported on the story for the Wall Street Journal, failed to disclose was that other countries IP addresses were used as well, including South Korea and the United States. Copies of the spoofed emails, along with the originating IPs, were disclosed back in February on the Contagio blog. Of the six IP addresses used in the military and government employee phishing scheme, two were from Hong Kong, two were from Beijing, one was from Seoul, and one was from New York:
2) Hong Kong (Wharf TT Ltd)
4) Beijing (China Unicom)

In 2010, Telegeograhy rated China Telecom (55 million customers) and China Unicom (40 million customers) as the two largest ISPs in the world, serving 20 percent of all broadband customers on earth. And neither company restricts its customer base to residents of the Peoples Republic of China. Anyone can buy server time on any of these mainstream Chinese ISPs:China Telecom;China Mobile;China Unicom; andHiChina Zhicheng Technology Ltd.
Payment per year ranges from 5,000 yuan to 25,000 yuan ($770 to $3,860), and can be made via bank online transfer, domestic and international wire, Alipay (China’s Paypal), and even cash in certain cities such as Beijing and Guangzhou. In other words, no matter where in the world you live, you can lease server time and set up an email account that will resolve to China. And if you use it to phish the Gmail accounts of your targets, youve hit the gold standard of mis-direction because theres almost no alternative analysis done anymore when it comes to attacks that geolocate to an IP address in China.
Google may have chosen to focus on the two IP addresses that resolved to Jinan, the capital of Shandong Province, because its home toLanxiang Vocational School, which was associated with the Google attacks of December 2009 to January 2010 and because it has a PLA regional command centre. The problem with this is that Jinan is a high-tech industrial zone with more than 6 million people and more than a dozen universities. Sourcing an email to Jinan is like sourcing a fruit shipment to California’s Central Valley. It wasnt good evidence back in January, 2010 and its no better now.
There are at least a dozen foreign governments that I can think of who have a vested interest in reading the personal email accounts of US China policy makers, military leaders, government officials, etc. and all of them are standing up Cyber Commands and enjoy the benefit of their own nationalistic hacker crews from time to time.
None of this rules China out as the responsible party, of course. Im simply arguing for a higher bar of evidence before making the leap that China did it. One alternative method, for example, is to try to answer why the spear phishing attack was done. Once you have a clear grasp as to why, you can move on to creating a list of those who would benefit, and then look for reasons that might exclude each member of that list. The discipline of alternative analysis has been a difficult one to adopt even among those who do it for a living within the intelligence community because our individual perceptions are highly biased in favour of something called mirror-imaging; i.e., we imagine that everyone sees things as we do.
Another obstacle to alternative analysis is fear: the feat of being wrong; of looking silly; of taking an unpopular stand and suffering the consequences; and so on. Now that the Pentagon has determined that a cyber attack may be sufficient to justify a kinetic response, its imperative that corporate leaders like Google, government leaders like the US Secretary of State, and influential media exercise more due diligence before leaping to conclusions that may have harmful, possibly irreversible, international repercussions.

via China Cyber Attack Fallacies.

Brainstorming on China – Notes to Myself

Read more:

Veteran4life This new hit on the IMF involved significant reconnaissance prior to the attack, and code written specifically to penetrate the IMF. We got G-Mail accounts of government officials then RSA hacked and the attack on Lockheed Martin. Connect the Dots people be aware of what is going on around. We got Wikileaks, Anonymous, LulzSec all a distraction to the real Cyber War.

Is it China I just don’t get it. Here is a picture of my madness.

Lockheed Martin hacked, cyber crime steps up to major leagues – International Business Times


Lockheed Martin just recently admitted that it was hacked on May 21, 2011.  It managed to stop the “tenacious” attack before any critical data was stolen.

Back in October 2008, Lockheed Martin launched its cyber-defense operations.  It bragged that it wanted a piece of the red-hot cyber security industry.



It’s shocking, therefore, that hackers are now bold enough to target a company that specializes in defending against them.

The cyber security industry is worth $40 billion in 2010, according to Federated Networks, a player in that industry. After several incidents in the last two years, however, it’ll probably get even bigger.

In late 2009, Google and other high profile tech companies like Adobe Systems were hacked fromChina.  The purpose of the attack was reportedly to steal intellectual information and access certain Gmail accounts.

In late 2010, a loose-organized internet vigilante group called Anonymous organized an attack on Visa and MasterCard for their anti-Wikileaks stance.  The attacks brought down the two companies’ websites.

In April 2011, Sony‘s PlayStation Network was hacked, forced to shut down for weeks, and user credit card numbers were likely stolen.  Sony was hacked by either internet vigilantes affiliated with Anonymous or thieves looking to steal credit card numbers.

These instances of hacking teach us two things: hacking can do serious damage to society and it’s surprisingly easy to perpetrate.

Hacking Google, for example, means gaining access to the most private information of individuals.  Hacking tech companies in general means gaining key intellectual information, which is their lifeblood.

Hacking defense contractors like Lockheed Martin is a matter of national military security.

The hacking of MasterCard and Visa demonstrates the utter unpreparedness of major corporations.  It shows that a group of rule-breaking enthusiasts can trump Fortune 500 companies.  In the physical/real world, something like that would be unimaginable.

Corporations, governments, universities, and consumers in general aren’t prepared for cyber attacks.

Many experts had predicted the rising importance of cyber security ever since it became clear that cyberspace would be an integral part of modern society.

Hackers, however, haven’t really done too much damage until the last two years because criminals and other rule-breakers (e.g. unscrupulous government agencies) didn’t seriously incorporate cyber attacks into their repertoire.

Now, they have and are finally giving hacking the organizational backing it needs to do some serious damage.  In other words, hacking has changed from being a crime perpetrated by loose-organized operators for petty gains to an operation backed by major crime syndicates and other powerful organizations for more nefarious and impactful purposes.

Society at large, therefore, needs to beef up its cyber security.  It needs to resemble the robustness of security in the physical world.

The US, for example, has a network of police force at every single municipality and state to deal with local criminal threats.  On the national level, it has the FBI and a standing army.

As cyber crimes have moved to the major leagues, cyber security needs to do the same.


Lockheed Martin hacked, cyber crime steps up to major leagues – International Business Times.