Black Hat Google Hacking Goes After China – www.esecurityplanet.com

Search engines aren’t just for finding Web content, they can also be valuable tools for security research.

At Black Hat 2010, researchers from Stach and Liu released Google and Bing tools called GoogleDiggity and BingDiggity. Those tools enable researchers to leverage those search engines to find security vulnerabilities in websites and applications. For Black Hat 2011, the researchers are back and this time they’re expanding their tools providing new capabilities to find and indentify security risk with the help of search engines.

“This year we’re adding a whole host of tools including a Windows desktop application as well as an iPhone app,” Stach and Liu security researcher Francis Brown said.

via Black Hat Google Hacking Goes After China – www.esecurityplanet.com.

Glass Dragon: China’s Cyber Offense Obscures Woeful Defense | threatpost

Contrary to the image of China as a nearly invincible cyber powerhouse, Beresford says in an interview with Threatpost Editor Paul Roberts, that the fast-growing nation suffers from woeful cyber security practices at home that leave, literally, thousands of networks and databases vulnerable to even trivial, remote attacks. Beresford, who publicized holes in domestic Chinese SCADA systems in

 

 

September, 2010, said the country’s aggressive cyber offense abroad, he said, is in stark contrast to an almost total lack of basic cyber defense at home that has left both classified and unclassified government networks vulnerable to attack and compromise.

Dillon Beresford, a security researcher

via Glass Dragon: China’s Cyber Offense Obscures Woeful Defense | threatpost.

China Attacks USA 4 years ago

Four (4) years ago Scientific America wrote an article about “China Cyber Attacks Signal New Battlefield is Online”. In 2011 we have seen a surge in China’s hacking but why did we not prepare for this when we knew about it for so long. In 2007 they hacked the UK, France and the US. In the article it stated, “China’s military goals are to improve its ability to wage information warfare”. See China Cyber Timeline.

The Chinese were ahead of us back in 2007 and we did nothing about our cyber security. We are arresting young people with no criminal records living in the basements of mom and dad for hacking. How many Chinese have we arrested for hacking, what’s our US-China Trade Statistics? US-China -273.1?  I understand in 2007 we were fighting a war to stop Iraq from deploying WMD (Weapons of Mass Destruction). 

We found no WMD in Iraq, but the Chinese were working on offensive cyber weapons to cripple business, communication, power grids and financial services in the USA and this cyber weapon is not classified as a WMD.

Let me get it straight the Chinese have been working in cyberspace since 2007 to learn how to re-route the world’s internet traffic thru it’s borders and steal terra-bytes of data. While we develop a kill switch to cut off the entire Internet by the President. I understand KISS (Keep it Simple Stupid) If someone is attacking you thru cyberspace we simply kill all the connection to the outside world. Quarantine the infected systems and then reboot and the USA is back online, cut of from the rest of the world an isolationist dream. This sounds so much like the cold-war fatalistic dogma.

why_hackers_attack_diagram

We can do better than this and everyone can help. If we want to stay on top of cyberspace we need a baseline security standard to be applied to all .gov .edu and all critical C&C (Command & Control) infrastructure. Once the baseline is set we need to adapt and be proactive in our cyber security to be changed quickly to be adaptable to new threats. We need to develop cyber-monitoring capabilities to be able to see cyber attack vector profiles and react quickly. We also need a National disaster recovery plan to ensure recovery in case of an attack. I might ad a cyber forensic team to analyze the attacks and find the bad guys. Last but not least a comprehensive plan to go after the Nation, State, group, corporation or individuals that caused us harm.

Most of this technology exist a lot of it is open-source (free) with a few modifications it can provide a basic infrastructure framework to build on. We need to break the ties to political special interest government contracts to corporation. We need to be adaptable our technology to the changing cyber sphere faster that we have been. We do this by training our future cyber warrior with programs like the Air Force Cyber Patriot Program. There are 10 of thousans if not more of security savvy people here in the good old USA. These people have no real certificate or college degree in Information Security (but who reallybut they know hacking and security. I bet they would volunteer to help America build the tools and infrastructure that’s needed. You have no idea what the open-source community can do, when you get the best geeks in the country to solve a problem.

Once we have everything in place and it works, let’s share the basic model with the world. Let’s prove democracy in cyberspace can work. Let’s show the world we are leaders again. America is still one of the leaders of the free world, let’s work together in cyberspace and help cyber freedom-free speech democracy become real.

Abraham Lincoln said ”of the people, by the people and for the people” It worked for America why not apply this right to “Cyberspace”.

The Arab Spring this year was history the first cyber revolution. The Libyan people have been freed from tyranny and unjust at the hands of Gaddafi without a conventional army, it has change the world. The people of the Arab States with the use of cyberspace, Twitter, Facebook, Crowd Map, computers, game console’s, cell phones, satellites and other technology made their voices heard. The dreamers that created social networks companies must feel very proud they have changed the world as we know it. Does anyone know how many lives were saved during the first cyber revolution? The destruction of conventional modern war even an internal revolution leaves scars on the country, infrastructure but most important, it leaves a scar on the people and children’s very soul. I know I was one. Our technology, cyberspace, the Internet, the Web saved a generation of children from the cruelty and horrors of war. We American should be proud of the world we help create we saved lives. We also scared the people in power. When a regiene is toppeled by people using nothing more than a cell phones leaders get a little bit worried and maybe the’ll do a better job. 

As I watch the political debate about the Debt Ceiling Bill and the lack of do nothing but toot my own “political” horn. This political game is why the Chinese are almost ahead of us in cyber space and stealing our stuff and manufacturing electronic components with backdoor to the Internet. Wake up American let’s educate our public officials to the freedom of speech on the Internet, lets VOTE. Let’s make sure our Senators and Congressman understand and educate them on Cyber Security (I can supply some links –write me). I’m a veteran and I don’t like wars, but if you’re going to put me in the warzone (Let me borrow this from Ms. Palin) “Don’t Retreat, Instead Reload”. Civilian Militia now live in Cyberspace look at the Jester’s war against Lulzsec the current  Hacktivist cyber war. (Ex-Military “Good Hacker” Identifies LulzSec Leader “Sabu”). This war is live on social networks feeding news organizations around the world. LOL  

Cyberspace belongs to the people. We the people need to keep it free and open, let’s not wait another 4 years to be better at information warfare.

My 2© cents – gatoMalo_at_uscyberlabs_dot_com

http://USCyberLabs.com/blog/

http://ChinaCyberWarfare.wordpress.com

http://HacktivistBlog.wordpress.com/

via China’s Cyber Attacks Signal New Battlefield Is Online: Scientific American.2007

via US Cyber Labs – Blog.

Are spymasters targeting hacktivists? | TG Daily

Government advisor and chair of the International E-crime Congress, Simon Moores, recently warned that foreign sovereign powers like China could exploit such hacktivist networks for cyber espionage.

 

via Are spymasters targeting hacktivists? | TG Daily.

China: Losing The War Against The Internet « The Birth of Hacktivist

July 25, 2011: China’s surging economic, and military, power has a fatal flaw. Several decades of enforcing the  ”one child” policy has prevented China’s population from spiraling out of control over the last few decades. But it also means that there will be too many old people and too few workers in another decade, and for several decades after that. Meanwhile, the shortage of young workers is already here, as the first “one child” generations come of age. These workers demand more money, and attention. Wages are moving up rapidly, and there’s still a shortage of workers. There’s also a shortage of skilled people in the armed forces. Plenty of low skilled or inept volunteers, but not the ones that are most needed, and in demand.

via China: Losing The War Against The Internet « Documenting The Birth of Hacktivist.

Cyber War Games: U.S. Versus China

 

 

Cyber warfare is one form of espionage that is currently being waged between the U.S. and China. In the event of a full-scale conflict, how would this war be fought, and who would win the war? – David Wise (of big think) an intelligence expert does an excellent job of explaining the 5th Battlefield CyberSpace.  David explains who has an upper hand in this US vs China Cyberspace battle. The United States is well aware of it’s own vulnerable infrastructure our electric grid, our communication networks and aviation grid. We as other governments are a highly industrialized society. China is becoming more and economic power so they in turn are vulnerable. China has been involved in hacking over 33 different companies in the US. The US is doing some of it’s own hacking we we don’t hear about it because were dam good.  (The State department released that CHina’s SCADA system has major security problems).

David does make it clear that we don’t know who these hacker are sometimes a kid playing in his bedroom or a national government in Estonia making belive there in CHina or any other place. It easy to hide in the internet. This makes it difficult to say “Yes” it the Chinese government doing this and that we can’t be sure. David and I agree that dealing with China a communist country is difficult. China is a growing economic power base it need Cyberspace to grow. China is enjoying the money and its need to keep the Internet open to do business, this will also enable it’s people to become free in cyberspace.

This is an excellent Video David Wise is great. –my 2 cents- gatomalo

big_Think Youtube Channel See More > http://www.youtube.com/watch?v=ri20T5Dlggg

China Number One in Internet Use—And Abuse | China | Epoch Times

Domestic Internet use grows alongside censorship and aggressive cyberattacks abroad.

People at an internet cafe in Beijing, China in May 2011. China now has 485 million citizens capable of accessing the Web, more then any other country.

Set to surpass every other country in Internet users, China now has 485 million citizens capable of accessing the Web, the China Internet Network Information Center reported on July 19. This figure reflects growth of over 27 million people since the end of 2010 and a growth spurt of 36 percent for the 12 months.“The 28th Statistical Report on Internet Development in China,” also estimated that 500 million Chinese will be online by the end of 2011, making it number one globally.Weibo, for example, has become the favorite site of Chinese netizens.

And despite that users are subject to a slew of censorship restrictions, in the first half of 2011 its users increased from 63 to 195 million, an increase of 208 percent in six months. The overall percentage of netizens who use Weibo rose from 13.8 to 40 percent.Other areas of rapid growth were: 318 million now with mobile access and 195 million who use microblogs.Yet China’s Internet remains heavily censored. The most recent example is this month’s deliberate lid put on news of former Party.

boss Jiang Zemin’s apparent death. Online searches for his name, which is the character for “River,” or for the mere numeral “301,” which designates a military hospital for Party officials, turn up empty on Weibo.Statements by Chinese and US officials over the past two years have highlighted the stark differences in the two countries’ approaches to the Web.America sees the Internet as a resource for innovation and free expression, while the Chinese regime believes that heavily policing and deleting content is necessary to its rule. Common agreement cannot even be reached on the simple phrase “protecting computer networks,” given that sharing information in China is often a political question, and “protecting” networks can be another euphemism for censorship.Simultaneously, while the Communist Party has developed a heavy-handed approach to containing and controlling the domestic Internet, they have also incubated an environment where Chinese hackers readily reach out to strike at other countries—particularly the United States. Many analysts suspect that the attacks from China are led and organized by the state, because of their sophistication and persistent nature.On July 14, a US Deputy Defense Secretary speaking on cyber-security stated that cyber-attacks have risen sharply this past decade. In March alone, a foreign intelligence service was able to steal 24,000 files from a US defense contractor; the US did not say which country stole the materials, but in every other major case of its kind it has been China.Analysts in the field believe that the Communist Party has a branch of its military dedicated to launching these cyberespionage operations.

Related Articles

• Grass-Roots Software Challenges China’s Internet Censorship

A Sky News reporter went to China in May and discovered that China employs a large army of computer hackers, as a paramilitary resource capable of generating over a billion cyberattacks monthly, with the US Defense Department fending off several million every day.A recent editorial in the Wall Street Journal places China front and center in concerns over cyberattacks against the United States. Richard Clarke, the author, writes: “…thegovernment of China is systematically attacking the computer networks of the U.S.government and American corporations. Beijing is successfully stealing research and development, software source code, manufacturing know-how and government plans.”

Related Articles

• China Leads the Way in Internet Censorship—and Others are Catching on

He referred to “systematic penetrations of one industry after another” by Chinese hackers, and suggests that hackers from China—undoubtedly with the backing of, or perhaps under the aegis of the state—have planted “digital bombs” in the American electrical grid
.

via China Number One in Internet Use—And Abuse | China | Epoch Times.

U.S. questioned China about Change.org attack ( – Internet – Security – Government )

The U.S. State Department questioned the Chinese government about a cyberattack that had temporarily shutdown Change.org after the site held a petition urging Chinese authorities to release artist Ai Weiwei from custody.

The U.S. State Department questioned the Chinese government about a cyberattack that had temporarily shut down the website Change.org after the site hosted a petition urging Chinese authorities to release artist Ai Weiwei from custody.

U.S. deputy assistant secretary Daniel Baer raised concerns about the attack in April with China’s foreign ministry, according to an official letter sent from the State Department to U.S. Rep. Rosa DeLauro. Change.org obtained a copy of the letter and released it on Tuesday.

The nature of those talks is still unclear. The U.S. Embassy in Beijing said it had no current information on the matter and deferred to the State Department. China’s foreign ministry has yet to respond to a request for comment.

Change.org, an online petitioning platform, was the victim of a distributed denial of service(DDoS) attack originating from China on April 17. The attacks nearly brought down the site for days.

DDoS attacks can do this by using hundreds or thousands of hacked computers to drive enough traffic to a website. The data will become so overwhelming that the site will become inaccessible to normal users.

Change.org said the DDoS attacks from China are still ongoing and continue to bring down the site intermittently. The FBI is investigating the case, said Benjamin Joffe-Walt, an editor with Change.org.

Change.org said the DDoS attack was its first. The site’s founder Ben Rattray believed the incident was connected to an online petition calling for the release of Chinese artist Ai Weiwei, who is still under arrest. When the attack occurred in April, the petition had attracted about 100,000 people. Now the petition has more than 142,000 signatures.

Ai Weiwei’s arrest followed the detainment of other human rights activists in China after online postings were made starting this February calling for a “Jasmine revolution“ against the Chinese government. Since then, Authorities have increased their censorship of the Web, and have been quick to block searches for sensitive words relating to protest actions.

China has been named the country of origin for several other cyber attacks. This month, Google said it had disrupted a targeted phishing campaign meant to break into the Gmail accounts of government officials, political activists and military personnel. Google said the cybercampaign had originated from Jinan, China.

Previously, the search giant was the victim of another attack coming out of China back in 2009 that was aimed at accessing the Gmail accounts of Chinese human rights activists.

China, however, has denied it sponsors any cyber attacking, and claims that the country is also a victim of hacking attempts.

via U.S. questioned China about Change.org attack ( – Internet – Security – Government ).

The Alarming Growth of Global Cyber Menace – Hacking | Asian Tribune

When gmail accounts of some of the US state officials were hacked two weeks ago, the Defence Department categorized any serious cyber attack, as an act of war. Since Google had tracked down the source of the attack to a certain province in China, it was all too clear that the Pentagon was not beating about the bush while taking the cyber threat seriously. The gmail attack came hot on the heels of another high-profile attack – Lockheed Martin Corporation, the high-tech defence firm.Having been annoyed by implicit accusation, China hit back at Google by warning that the company would face the music, if it accused the Chinese government of covert involvement.

The disturbing cyber nuisance did not end there. The servers of

Sony

, the entertainment giant, were subjected to two successive hacking within a matter of days. On the first occasion – the more serious one – the accounts of millions of had been hacked into and then details were stolen; the servers of

Nintendo

suffered the same fate. On June 3, the servers of

Codemasters

, the largest UK game publisher, were hacked. The hackers did not spare even the

National Health Service

of the UK; there has been a breach of security in some servers, according to media reports.

The spate of attacks has pushed millions of online users, not necessarily the folks who play games, into a state of perpetual anxiety. Since the hackers have been able to stay a few rungs above the security experts along the learning curve, it’s high time the threat was treated as something against the whole online community, not just selected strata of it.

The companies, which have been affected, are counting the cost in terms of loss of both revenue and reputation. Although, they assure the customers of better security mechanisms in future – and when the horse had left the barn, of course – restoring customer confidence is going to be an uphill struggle for the companies in question.

According to the details that came out so far, the hacking had been performed by duping the customers into web pages which looked identical to what they normally had been familiar with; once signed in, they had been taken for a ride, to say the least.

So, the companies affected implied that the customers should not have done that; well, how do ordinary folks distinguish between a real one and a fake one, when they look almost similar? The explanations have not gone far enough to address the serious side of the issue; all they can say is warning the public to be on their guard at all times – and they already are.

These high profile hackings are not the works of adventurous individuals, carried out in their bedrooms as a way of fighting boredom. Nor are they the works of teenagers, who could spare hours on computers in typing in endless combinations of characters into login names and passwords, in the hope that one of them would make them lucky by pure chance – one day. The nature of sophistication clearly shows the involvement of highly organized individuals – perhaps, with a substantial technical background – who are prepared to break hell lose, if they can get away with it.

The two groups, which are at the forefront of hacking, are Anonymous and LulzSec. The former claims to be a ‘leaderless structure’ while the latter introduces itself as the ‘world’s leaders in high-quality entertainment at your expense.’ Who can disagree with them?

Anonymous has been in the habit of hacking into government websites in order to teach them a ‘lesson’; it was at its peak of activities, known as ‘hacktivity’, when Wikileaks were coming out in dribs and drabs. LulzSec, meanwhile, claims that since fun is restricted to Fridays, they are going to extend it beyond that – and to the weekend. Whether what is fun for LulzSec, is certainly fun for everyone, remains to be seen in the days ahead!

In addition, there are clumsy hackers too. I keep getting an email from one such stupid hacker, who is in the habit of urging me to collect a parcel from a well-known courier service while clicking on a link provided. However, he could not completely conceal the tentacles of idiocy: the ‘To’ field of the email consists of a chain of email addresses, not just mine. So, I decided to keep getting the emails for academic purposes, without diverting them into a spam folder.

If a user can be duped by such an email, then of course, big companies cannot be blamed for mistakes of that kind. In short, users have to be a bit responsible too while login into similar-looking web sites and opening unsolicited emails.

As the menace of hacking reached fever pitch, some countries in South East Asia have started cracking down on potential hackers – finally. The arrests have been made in Malaysia, Indonesia and Taiwan. However, this is just the tip of the colossal iceberg.

The geography of the places where hackers were found, the time taken before the action being carried out and the abundance of other regional criminal activities, do not paint a serene picture for the online community in particular, and the law-abiding global citizens in general.

If the governments in question keep treating the threat as trivial or non-existent, the trend can easily give a cumulative nasty shock for all of us at an unexpected time – something from which we may not recover without paying a heavy collective price.

via The Alarming Growth of Global Cyber Menace – Hacking | Asian Tribune.

The Alarming Growth of Global Cyber Menace – Hacking | Asian Tribune

When gmail accounts of some of the US state officials were hacked two weeks ago, the Defence Department categorized any serious cyber attack, as an act of war. Since Google had tracked down the source of the attack to a certain province in China, it was all too clear that the Pentagon was not beating about the bush while taking the cyber threat seriously. The gmail attack came hot on the heels of another high-profile attack – Lockheed Martin Corporation, the high-tech defence firm.Having been annoyed by implicit accusation, China hit back at Google by warning that the company would face the music, if it accused the Chinese government of covert involvement.

The disturbing cyber nuisance did not end there. The servers of

Sony

, the entertainment giant, were subjected to two successive hacking within a matter of days. On the first occasion – the more serious one – the accounts of millions of had been hacked into and then details were stolen; the servers of

Nintendo

suffered the same fate. On June 3, the servers of

Codemasters

, the largest UK game publisher, were hacked. The hackers did not spare even the

National Health Service

of the UK; there has been a breach of security in some servers, according to media reports.

The spate of attacks has pushed millions of online users, not necessarily the folks who play games, into a state of perpetual anxiety. Since the hackers have been able to stay a few rungs above the security experts along the learning curve, it’s high time the threat was treated as something against the whole online community, not just selected strata of it.

The companies, which have been affected, are counting the cost in terms of loss of both revenue and reputation. Although, they assure the customers of better security mechanisms in future – and when the horse had left the barn, of course – restoring customer confidence is going to be an uphill struggle for the companies in question.

According to the details that came out so far, the hacking had been performed by duping the customers into web pages which looked identical to what they normally had been familiar with; once signed in, they had been taken for a ride, to say the least.

So, the companies affected implied that the customers should not have done that; well, how do ordinary folks distinguish between a real one and a fake one, when they look almost similar? The explanations have not gone far enough to address the serious side of the issue; all they can say is warning the public to be on their guard at all times – and they already are.

These high profile hackings are not the works of adventurous individuals, carried out in their bedrooms as a way of fighting boredom. Nor are they the works of teenagers, who could spare hours on computers in typing in endless combinations of characters into login names and passwords, in the hope that one of them would make them lucky by pure chance – one day. The nature of sophistication clearly shows the involvement of highly organized individuals – perhaps, with a substantial technical background – who are prepared to break hell lose, if they can get away with it.

The two groups, which are at the forefront of hacking, are Anonymous and LulzSec. The former claims to be a ‘leaderless structure’ while the latter introduces itself as the ‘world’s leaders in high-quality entertainment at your expense.’ Who can disagree with them?

Anonymous has been in the habit of hacking into government websites in order to teach them a ‘lesson’; it was at its peak of activities, known as ‘hacktivity’, when Wikileaks were coming out in dribs and drabs. LulzSec, meanwhile, claims that since fun is restricted to Fridays, they are going to extend it beyond that – and to the weekend. Whether what is fun for LulzSec, is certainly fun for everyone, remains to be seen in the days ahead!

In addition, there are clumsy hackers too. I keep getting an email from one such stupid hacker, who is in the habit of urging me to collect a parcel from a well-known courier service while clicking on a link provided. However, he could not completely conceal the tentacles of idiocy: the ‘To’ field of the email consists of a chain of email addresses, not just mine. So, I decided to keep getting the emails for academic purposes, without diverting them into a spam folder.

If a user can be duped by such an email, then of course, big companies cannot be blamed for mistakes of that kind. In short, users have to be a bit responsible too while login into similar-looking web sites and opening unsolicited emails.

As the menace of hacking reached fever pitch, some countries in South East Asia have started cracking down on potential hackers – finally. The arrests have been made in Malaysia, Indonesia and Taiwan. However, this is just the tip of the colossal iceberg.

The geography of the places where hackers were found, the time taken before the action being carried out and the abundance of other regional criminal activities, do not paint a serene picture for the online community in particular, and the law-abiding global citizens in general.

If the governments in question keep treating the threat as trivial or non-existent, the trend can easily give a cumulative nasty shock for all of us at an unexpected time – something from which we may not recover without paying a heavy collective price.

via The Alarming Growth of Global Cyber Menace – Hacking | Asian Tribune.