Category Archives: human rights

Cyber-Spies Intercepted Sensitive Files, Emails From Nortel: Report – Security – News & Reviews – eWeek.com

Attackers breached Nortel and had free rein to spy on its internal network and communications from 2000 to 2009, according to an internal report. As usual, China is the prime suspect.

Chinese hackers allegedly breached telecommunications company Nortel in 2000 and these cyber-spies gained access to reams of sensitive technical documents, as well as internal communications and email, for nearly 10 years, according to a report in The Wall Street Journal.

The attackers, suspected of being based in China, breached the network using stolen credentials and installed spying software deep within the company’s networking environment to gain access to all documents and communications, the Journal reported Feb. 14. The breach appears to date as far back as 2000, Brian Shields, the former senior advisor for systems security at Nortel who led the internal investigation, told the paper.

via Cyber-Spies Intercepted Sensitive Files, Emails From Nortel: Report – Security – News & Reviews – eWeek.com.

Advertisements

Rule stiffens penalties for Chinese hackers

BEIJING – Starting on Thursday, hackers who broke into 20 or more computers will face jail terms of up to seven years, according to a new judicial interpretation issued jointly by the China’s Supreme People’s Court and Supreme People’s Procuratorate.

People who hack from 20 to 100 computers, or steal from 10 to 50 user names and passwords for online-payment or stock accounts, will get at least three years in prison. And those who hack even more computers or steal more passwords will face jail terms of up to seven years.

The latest rule, an interpretation made to deal with online crimes, which were added to the Criminal Law in 2009, also applies to Chinese hackers who steal information from foreign computers, said Zhou Guangquan, a member of the National People’s Congress’s law committee and a professor in criminal law at Tsinghua University.

via Rule stiffens penalties for hackers.


Korea – Chinese Hackers Infatuated with Koreans’ Personal Info

Chinese computer hackers are apparently hell-bent on obtaining Korean nationals’ personal information, with the number of thefts growing larger.

Alarmingly, Internet users can easily obtain the credit card details of more than 5,000 Koreans by simply downloading a “Korean resident registration number generator” on a Chinese website.

And when browsing “Korean name and identity number” on Baidu, China’s biggest Web portal, nearly 1.4 million results pop up, many of them containing a database showing the personal details of thousands of Koreans.

via The Chosun Ilbo (English Edition): Daily News from Korea – Chinese Hackers Infatuated with Koreans’ Personal Info.


China Attacks USA 4 years ago

Four (4) years ago Scientific America wrote an article about “China Cyber Attacks Signal New Battlefield is Online”. In 2011 we have seen a surge in China’s hacking but why did we not prepare for this when we knew about it for so long. In 2007 they hacked the UK, France and the US. In the article it stated, “China’s military goals are to improve its ability to wage information warfare”. See China Cyber Timeline.

The Chinese were ahead of us back in 2007 and we did nothing about our cyber security. We are arresting young people with no criminal records living in the basements of mom and dad for hacking. How many Chinese have we arrested for hacking, what’s our US-China Trade Statistics? US-China -273.1?  I understand in 2007 we were fighting a war to stop Iraq from deploying WMD (Weapons of Mass Destruction). 

We found no WMD in Iraq, but the Chinese were working on offensive cyber weapons to cripple business, communication, power grids and financial services in the USA and this cyber weapon is not classified as a WMD.

Let me get it straight the Chinese have been working in cyberspace since 2007 to learn how to re-route the world’s internet traffic thru it’s borders and steal terra-bytes of data. While we develop a kill switch to cut off the entire Internet by the President. I understand KISS (Keep it Simple Stupid) If someone is attacking you thru cyberspace we simply kill all the connection to the outside world. Quarantine the infected systems and then reboot and the USA is back online, cut of from the rest of the world an isolationist dream. This sounds so much like the cold-war fatalistic dogma.

USCyberlabs

why_hackers_attack_diagram

We can do better than this and everyone can help. If we want to stay on top of cyberspace we need a baseline security standard to be applied to all .gov .edu and all critical C&C (Command & Control) infrastructure. Once the baseline is set we need to adapt and be proactive in our cyber security to be changed quickly to be adaptable to new threats. We need to develop cyber-monitoring capabilities to be able to see cyber attack vector profiles and react quickly. We also need a National disaster recovery plan to ensure recovery in case of an attack. I might ad a cyber forensic team to analyze the attacks and find the bad guys. Last but not least a comprehensive plan to go after the Nation, State, group, corporation or individuals that caused us harm.

Most of this technology exist a lot of it is open-source (free) with a few modifications it can provide a basic infrastructure framework to build on. We need to break the ties to political special interest government contracts to corporation. We need to be adaptable our technology to the changing cyber sphere faster that we have been. We do this by training our future cyber warrior with programs like the Air Force Cyber Patriot Program. There are 10 of thousans if not more of security savvy people here in the good old USA. These people have no real certificate or college degree in Information Security (but who reallybut they know hacking and security. I bet they would volunteer to help America build the tools and infrastructure that’s needed. You have no idea what the open-source community can do, when you get the best geeks in the country to solve a problem.

Once we have everything in place and it works, let’s share the basic model with the world. Let’s prove democracy in cyberspace can work. Let’s show the world we are leaders again. America is still one of the leaders of the free world, let’s work together in cyberspace and help cyber freedom-free speech democracy become real.

us cyber labs


Abraham Lincoln said ”of the people, by the people and for the people” It worked for America why not apply this right to “Cyberspace”.

The Arab Spring this year was history the first cyber revolution. The Libyan people have been freed from tyranny and unjust at the hands of Gaddafi without a conventional army, it has change the world. The people of the Arab States with the use of cyberspace, Twitter, Facebook, Crowd Map, computers, game console’s, cell phones, satellites and other technology made their voices heard. The dreamers that created social networks companies must feel very proud they have changed the world as we know it. Does anyone know how many lives were saved during the first cyber revolution? The destruction of conventional modern war even an internal revolution leaves scars on the country, infrastructure but most important, it leaves a scar on the people and children’s very soul. I know I was one. Our technology, cyberspace, the Internet, the Web saved a generation of children from the cruelty and horrors of war. We American should be proud of the world we help create we saved lives. We also scared the people in power. When a regiene is toppeled by people using nothing more than a cell phones leaders get a little bit worried and maybe the’ll do a better job. 

As I watch the political debate about the Debt Ceiling Bill and the lack of do nothing but toot my own “political” horn. This political game is why the Chinese are almost ahead of us in cyber space and stealing our stuff and manufacturing electronic components with backdoor to the Internet. Wake up American let’s educate our public officials to the freedom of speech on the Internet, lets VOTE. Let’s make sure our Senators and Congressman understand and educate them on Cyber Security (I can supply some links –write me). I’m a veteran and I don’t like wars, but if you’re going to put me in the warzone (Let me borrow this from Ms. Palin) “Don’t Retreat, Instead Reload”. Civilian Militia now live in Cyberspace look at the Jester’s war against Lulzsec the current  Hacktivist cyber war. (Ex-Military “Good Hacker” Identifies LulzSec Leader “Sabu”). This war is live on social networks feeding news organizations around the world. LOL  

Cyberspace belongs to the people. We the people need to keep it free and open, let’s not wait another 4 years to be better at information warfare.

My 2© cents – gatoMalo_at_uscyberlabs_dot_com

http://USCyberLabs.com/blog/

http://ChinaCyberWarfare.wordpress.com

http://HacktivistBlog.wordpress.com/

via China’s Cyber Attacks Signal New Battlefield Is Online: Scientific American.2007

via US Cyber Labs – Blog.


Officials in China to monitor public wi-fi use

 

.

A green tea, a laptop … and someone monitoring you. Photo: Colleen Kinder/New York Times

BEIJING: New regulations that require bars, restaurants, hotels and bookstores to install costly web-monitoring software are prompting many businesses to cut internet access and sending a chill through the capital’s game-playing, web-grazing literati who have come to expect free wi-fi with their lattes and green tea.

The software, which costs businesses about $US3100 ($2840), provides public security officials the identities of those logging onto the wireless service of a restaurant, cafe or private school and monitors their web activity.

Those who ignore the regulation and provide unfettered access face a $US2300 fine and the possible revocation of their business license.

”From the point of view of the common people, this policy is unfair,” said Wang Bo, the owner of L’Infusion, a cafe that features crepes, waffles and the companionship of several dozing cats. ”It’s just an effort to control the flow of information.”

It is unclear whether the new measures will be strictly enforced or applied beyond the swathe of central Beijing where they are already in effect. But they suggest that public security officials, unnerved by turmoil in the Middle East and North Africa partly enabled by the internet, are undaunted in their efforts to ramp up controls.

At public cybercafes, which is where China’s working poor have access to the internet, customers must hand over state-issued identification before getting on a computer.

The new measures, it would appear, are designed to eliminate a loophole in ”internet management” as it is called, one that has allowed laptop- and iPad-owning college students and expatriates, as well as the hip and the underemployed, to while away their days at cafes and lounges surfing the web in relative anonymity.

It is this demographic that has been at the forefront of the microblogging juggernaut, one that has revolutionised how Chinese exchange information in ways that occasionally frighten officials.

The Dongcheng Public Security Bureau did not respond to requests for comment, but according to its publicly-issued circular, the measure is designed to thwart criminals who use the internet to ”conduct blackmail, traffic goods, gamble, propagate damaging information and spread computer viruses”.

During a survey of more than a dozen businesses, none said they were prepared to purchase the software, which is designed to handle 100 users at one time.

via Officials in China to monitor public wi-fi use.


China: Losing The War Against The Internet « The Birth of Hacktivist

July 25, 2011: China’s surging economic, and military, power has a fatal flaw. Several decades of enforcing the  ”one child” policy has prevented China’s population from spiraling out of control over the last few decades. But it also means that there will be too many old people and too few workers in another decade, and for several decades after that. Meanwhile, the shortage of young workers is already here, as the first “one child” generations come of age. These workers demand more money, and attention. Wages are moving up rapidly, and there’s still a shortage of workers. There’s also a shortage of skilled people in the armed forces. Plenty of low skilled or inept volunteers, but not the ones that are most needed, and in demand.

via China: Losing The War Against The Internet « Documenting The Birth of Hacktivist.


China Number One in Internet Use—And Abuse | China | Epoch Times

Domestic Internet use grows alongside censorship and aggressive cyberattacks abroad.

People at an internet cafe in Beijing, China in May 2011. China now has 485 million citizens capable of accessing the Web, more then any other country.

Set to surpass every other country in Internet users, China now has 485 million citizens capable of accessing the Web, the China Internet Network Information Center reported on July 19. This figure reflects growth of over 27 million people since the end of 2010 and a growth spurt of 36 percent for the 12 months.“The 28th Statistical Report on Internet Development in China,” also estimated that 500 million Chinese will be online by the end of 2011, making it number one globally.Weibo, for example, has become the favorite site of Chinese netizens.

And despite that users are subject to a slew of censorship restrictions, in the first half of 2011 its users increased from 63 to 195 million, an increase of 208 percent in six months. The overall percentage of netizens who use Weibo rose from 13.8 to 40 percent.Other areas of rapid growth were: 318 million now with mobile access and 195 million who use microblogs.Yet China’s Internet remains heavily censored. The most recent example is this month’s deliberate lid put on news of former Party.

boss Jiang Zemin’s apparent death. Online searches for his name, which is the character for “River,” or for the mere numeral “301,” which designates a military hospital for Party officials, turn up empty on Weibo.Statements by Chinese and US officials over the past two years have highlighted the stark differences in the two countries’ approaches to the Web.America sees the Internet as a resource for innovation and free expression, while the Chinese regime believes that heavily policing and deleting content is necessary to its rule. Common agreement cannot even be reached on the simple phrase “protecting computer networks,” given that sharing information in China is often a political question, and “protecting” networks can be another euphemism for censorship.Simultaneously, while the Communist Party has developed a heavy-handed approach to containing and controlling the domestic Internet, they have also incubated an environment where Chinese hackers readily reach out to strike at other countries—particularly the United States. Many analysts suspect that the attacks from China are led and organized by the state, because of their sophistication and persistent nature.On July 14, a US Deputy Defense Secretary speaking on cyber-security stated that cyber-attacks have risen sharply this past decade. In March alone, a foreign intelligence service was able to steal 24,000 files from a US defense contractor; the US did not say which country stole the materials, but in every other major case of its kind it has been China.Analysts in the field believe that the Communist Party has a branch of its military dedicated to launching these cyberespionage operations.

A Sky News reporter went to China in May and discovered that China employs a large army of computer hackers, as a paramilitary resource capable of generating over a billion cyberattacks monthly, with the US Defense Department fending off several million every day.A recent editorial in the Wall Street Journal places China front and center in concerns over cyberattacks against the United States. Richard Clarke, the author, writes: “…thegovernment of China is systematically attacking the computer networks of the U.S.government and American corporations. Beijing is successfully stealing research and development, software source code, manufacturing know-how and government plans.”

He referred to “systematic penetrations of one industry after another” by Chinese hackers, and suggests that hackers from China—undoubtedly with the backing of, or perhaps under the aegis of the state—have planted “digital bombs” in the American electrical grid
.

via China Number One in Internet Use—And Abuse | China | Epoch Times.


U.S. and China face vast divide on cyber issues | Reuters

(Reuters) – For two years, academic experts from the United States and China have quietly held talks on cyber-security, straining to establish rules of the road in a realm that has proven a persistent irritant between the world’s two largest economies.

The informal discussions have yielded modest progress in areas such as cooperation to combat Internet fraud, where both Beijing and Washington have an incentive to work together, according to participants.

But mostly, the talks appear to have exposed a wide gap between the United States and China over almost everything virtual: policing computer networks, moderating cyber warfare, even controlling information.

China’s contrasting view of cyber security was made clear as soon as the United States began discussing the need to protect computer networks, James Mulvenon, a China expert at the Defense Group Inc, told a recent Washington conference.

China wanted to talk about censorship. “The Chinese came back immediately and said no, no, no, we want to talk about information security, which is both protecting the network and policing the content on the network,” Mulvenon said.

“Right from the outset, we were talking past one another,” he added.

Digital attacks and cyber snooping on U.S. technology firms and government agencies including the Pentagon, many of them believed to have originated in or been routed through China, have pushed cyber-security up the list of thorny issues troubling Sino-American relations.

While Beijing denies it, U.S. officials and experts suspect China’s hand was behind the hacking and phishing of web-search giant Google Inc. this year and last, as well as intrusions into Pentagon networks.

On Thursday, the Pentagon is due to release its formal cyber-security strategy.

Unlike nuclear, chemical and biological weaponry, or trade wars, there are no existing international treaties that cover cyber-war, computer espionage or hacking.

Former Secretary of State Henry Kissinger, an architect of the U.S. opening with China in the 1970s, told a Thomson Reuters event last month that a high-level agreement between the two sides is needed. “If you take it case by case it will lead to accusations and counter-accusations,” he said.

UNOFFICIAL TALKS FIRST

But so far, there has been relatively little official movement.

The annual cabinet-level U.S.-China Strategic and Economic Dialogue included cyber security for the first time this year, but the session was just 90 minutes long, cut in half by translation and produced no breakthroughs.

The unofficial talks between experts began after China approached the United States with concerns that hacker intrusions were stoking bilateral tension, said James Lewis, a cybersecurity expert who leads the U.S. side of the talks.

The U.S. group and experts from the state-affiliated China Institutes of Contemporary International Relations have covered four areas: law enforcement, trade, military issues and espionage.

Five group meetings and three smaller informal meetings have made headway in the law enforcement area, said Lewis, of the Center for Strategic and International Studies, a Washington think tank.

In one instance, the FBI helped China’s law enforcement agencies by staging raids in New York on Chinese in the United States who were defrauding people back home, he said.

“It’s slow, but I think there’s a little bit of progress,” said Lewis, adding that the goal is to eventually hand the conversations over to official negotiating teams.

SAME WEB, DIFFERENT DREAMS

But the military and espionage tracks have been hard going, highlighting what analysts say is a huge U.S.-China perception gap over values, capabilities, interests — and even basic definitions of deterrence and cyber security.

Analysts say China’s People’s Liberation Army believes its ability to attack U.S. cyber infrastructure compensates for its conventional military weakness compared to the United States.

“I’m quite skeptical of the likelihood that any effective understanding of offensive operations can be reached with the Chinese government,” said Stewart Baker, a former U.S. Department of Homeland Security official, now at the law firm Steptoe & Johnson.

China’s eagerness to acquire foreign technology also has inspired cyber intrusions that anger trade partners.

Hackers based in China have been accused of trying to steal everything from Google’s valuable search algorithm to manuals for U.S. satellites to gigabytes of proprietary business information from Western energy companies.

But China’s spymasters, paradoxically for a centrally controlled government, do not keep a tight leash on hackers and others that they train, said Lewis, whose group will hold its next round of unofficial cyber-security talks later this year.

Lewis said he was skeptical that Beijing was directing the high-value intellectual property theft or could stop it.

“They do train people and they do use proxies but that doesn’t mean that everyone is under their control,” he said.

Even if the United States could verify that China was behind malicious cyber activity and Beijing had the capacity to rein it in, negotiations toward a cyber treaty might require concessions Washington would be loathe to put on the table.

Jack Goldsmith, an international law and cyber-security expert at Harvard Law School, says China and other countries would likely demand U.S. restraint in areas such as intelligence gathering and encouraging political activists who challenge curbs on Internet freedom.

“Until the United States gets serious about which concessions that are attractive to our adversaries it is willing and able to make, American talk of a cyber-arms agreement is empty,” Goldsmith wrote recently.

via U.S. and China face vast divide on cyber issues | Reuters.


U.S. questioned China about Change.org attack ( – Internet – Security – Government )

The U.S. State Department questioned the Chinese government about a cyberattack that had temporarily shutdown Change.org after the site held a petition urging Chinese authorities to release artist Ai Weiwei from custody.

The U.S. State Department questioned the Chinese government about a cyberattack that had temporarily shut down the website Change.org after the site hosted a petition urging Chinese authorities to release artist Ai Weiwei from custody.

U.S. deputy assistant secretary Daniel Baer raised concerns about the attack in April with China’s foreign ministry, according to an official letter sent from the State Department to U.S. Rep. Rosa DeLauro. Change.org obtained a copy of the letter and released it on Tuesday.

The nature of those talks is still unclear. The U.S. Embassy in Beijing said it had no current information on the matter and deferred to the State Department. China’s foreign ministry has yet to respond to a request for comment.

Change.org, an online petitioning platform, was the victim of a distributed denial of service(DDoS) attack originating from China on April 17. The attacks nearly brought down the site for days.

DDoS attacks can do this by using hundreds or thousands of hacked computers to drive enough traffic to a website. The data will become so overwhelming that the site will become inaccessible to normal users.

Change.org said the DDoS attacks from China are still ongoing and continue to bring down the site intermittently. The FBI is investigating the case, said Benjamin Joffe-Walt, an editor with Change.org.

Change.org said the DDoS attack was its first. The site’s founder Ben Rattray believed the incident was connected to an online petition calling for the release of Chinese artist Ai Weiwei, who is still under arrest. When the attack occurred in April, the petition had attracted about 100,000 people. Now the petition has more than 142,000 signatures.

Ai Weiwei’s arrest followed the detainment of other human rights activists in China after online postings were made starting this February calling for a Jasmine revolution against the Chinese government. Since then, Authorities have increased their censorship of the Web, and have been quick to block searches for sensitive words relating to protest actions.

China has been named the country of origin for several other cyber attacks. This month, Google said it had disrupted a targeted phishing campaign meant to break into the Gmail accounts of government officials, political activists and military personnel. Google said the cybercampaign had originated from Jinan, China.

Previously, the search giant was the victim of another attack coming out of China back in 2009 that was aimed at accessing the Gmail accounts of Chinese human rights activists.

China, however, has denied it sponsors any cyber attacking, and claims that the country is also a victim of hacking attempts.

via U.S. questioned China about Change.org attack ( – Internet – Security – Government ).


Beijing has a “Web Propaganda Army” in Internet | China Military Power Mashup

2011-05-12 (China Military News cited from AFP and written by Pascale Trouillaud) — China, which employs an army of censors to police the Internet, has also deployed legions of “web commentators” to get the government’s message out — in a crafty but effective way.

With nearly half a billion people surfing the net in China, more than half of them using microblogs, the Internet has quickly become a vital forum for debate in the world’s most populous country — and a major sounding board.

That fact has obviously registered with the country’s Communist leaders, who pay careful attention to the conversations that unfold online despite the heavy government restrictions on what can and cannot be discussed in cyberspace.

via Beijing has a “Web Propaganda Army” in Internet | China Military Power Mashup.