Category Archives: White Hat

Black Hat Google Hacking Goes After China – www.esecurityplanet.com

Search engines aren’t just for finding Web content, they can also be valuable tools for security research.

At Black Hat 2010, researchers from Stach and Liu released Google and Bing tools called GoogleDiggity and BingDiggity. Those tools enable researchers to leverage those search engines to find security vulnerabilities in websites and applications. For Black Hat 2011, the researchers are back and this time they’re expanding their tools providing new capabilities to find and indentify security risk with the help of search engines.

“This year we’re adding a whole host of tools including a Windows desktop application as well as an iPhone app,” Stach and Liu security researcher Francis Brown said.

via Black Hat Google Hacking Goes After China – www.esecurityplanet.com.

Advertisements

Should we be afraid of Chinese hackers? …Or lost cyber war

“Our nation’s intellectual capital, industrial secrets, and economic security are under daily and withering attack.” –Stephen Spoonamore (expert in the field of electronic data security and digital network architecture.)

“China’s big goal in the 21st century is to become world number one, the top power,” -Liu Migfu. (People’s Liberation Army (PLA) Senior Col., “The China Dream” book).

“Political power flows from the barrel of a gun.” – Mao Zedong (former Chairman of the Communists Party of China)

“Educate and inform the whole mass of the people… They are the only sure reliance for the preservation of our liberty.”– Thomas Jefferson”

via Secure Cyber: Should we be afraid of Chinese hackers? …Or lost cyber war (Part I).


Hackers Linking Geeks and Wonks to Respond to National Security Incidents | Atlantic Council

There are many reasons why cyber conflict is considered an awkward and destabilizing national security problem. One of the more overlooked is the gap between the technical elite and senior politicians and policymakers, a disconnect that could become tragic during fast-moving cyber conflicts.   While this gap is shrinking in the United States, the United Kingdom, and Russia, it still is very significant elsewhere. China in particular needs to create better ways to connect their national security decision-makers with their technical incident responders – linking geeks and wonks – to help ensure technical incidents do not escalate out of political control.

via Cyber Statecraft: Linking Geeks and Wonks to Respond to National Security Incidents | Atlantic Council.


Deep Packet Inspection (DPI): U.S. Government Market Forecast 2010-2015 | dPacket.org: Deep Packet Inspection ( DPI ) Community

The U.S. government-related IP traffic will quintuple from 2010 to 2015. US-China cyber confrontation is nothing new but Chinese hacking attacks and Obama’s new hardball policy shift with China (US arms sale to Taiwan and invitation of the Dalai Lama to the White House) will likely add fuel to the fire of cyber war. Deep Packet Inspection is the only currently available technology capable to provide security of IP traffic at ever growing rates that has inherent traffic management capabilities. Recently massive growth in data processing power and new cyber threats have spurred the deployment of DPI technologies in the U.S. Government agencies. These are conclusions of a new Market Research Media report “Deep Packet Inspection (DPI): U.S. Government Market Forecast 2010-2015″.

 

Government Market

 

In 2009, we’ve seen a palpable shift from reactive approach to cyber security to proactive and attitude change of federal CIO’s with regard to Deep Packet Inspection (DPI). While technological advantages of the DPI technology leave no doubt about its significant role in cyber security, lawful interception and data leakage protection, the perception of DPI as “postal employees opening envelopes and reading letters inside” and privacy concerns hurdle its deployment.

Market Research Media conducted a survey to understand the Deep Package Inspection technology deployment in the U.S. Government agencies, present and future growth trends. We interviewed 230 IT executives, 100 in the federal agencies and 130 in the leading federal IT subcontracting companies. Most of the respondents interviewed have a key influence on DPI deployment or recommend cyber security solutions in their organizations/agencies. The third of the respondents are staff providing technical support for the cyber security solutions in use. The survey results and research data are summed up in this new report.

Given the severity of recent Chinese hacking attacks and the potential catastrophic consequences of critical networks disruption, DPI technology is in a favorable position to emerge as a major line of cyber defense for years to come. The U.S. Government Deep Packet Inspection market is projected to grow at a CAGR of 36% from 2010 to around US$ 1.8 Billion by 2015. The market will see a few good years of explosive growth in all segments before going flat.

The report answers the following questions:

  • Why pay any attention at all to the U.S. Government DPI market?
  • What segments of the U.S. Government DPI market are poised for fast growth?
  • What are key trends in DPI deployment?
  • Will legal hurdles and privacy concerns impede DPI deployment in government networks and DPI use for surveillance & monitoring purposes?
  • What are drivers and inhibitors of the U.S. Government DPI market?
  • What are market opportunities in providing DPI solutions for Government sector?

The report provides detailed year-by-year (2010 – 2015) forecasts for the following U.S. Government market segments:

  • Deep Packet Inspection software, hardware, and services, including installation, support and personnel training;
  • Deep Packet Inspection applications for security, Sigint (Signals Intelligence) and network management;
  • Deep Packet Inspection market by Defense/Civilian agencies;
  • Deep Packet Inspection market by Landline/Mobile networks.

via Deep Packet Inspection (DPI): U.S. Government Market Forecast 2010-2015 | dPacket.org: Deep Packet Inspection ( DPI ) Community.


Lockheed Martin hacked, cyber crime steps up to major leagues – International Business Times

 

Lockheed Martin just recently admitted that it was hacked on May 21, 2011.  It managed to stop the “tenacious” attack before any critical data was stolen.

Back in October 2008, Lockheed Martin launched its cyber-defense operations.  It bragged that it wanted a piece of the red-hot cyber security industry.

 

Warfare

It’s shocking, therefore, that hackers are now bold enough to target a company that specializes in defending against them.

The cyber security industry is worth $40 billion in 2010, according to Federated Networks, a player in that industry. After several incidents in the last two years, however, it’ll probably get even bigger.

In late 2009, Google and other high profile tech companies like Adobe Systems were hacked fromChina.  The purpose of the attack was reportedly to steal intellectual information and access certain Gmail accounts.

In late 2010, a loose-organized internet vigilante group called Anonymous organized an attack on Visa and MasterCard for their anti-Wikileaks stance.  The attacks brought down the two companies’ websites.

In April 2011, Sony‘s PlayStation Network was hacked, forced to shut down for weeks, and user credit card numbers were likely stolen.  Sony was hacked by either internet vigilantes affiliated with Anonymous or thieves looking to steal credit card numbers.

These instances of hacking teach us two things: hacking can do serious damage to society and it’s surprisingly easy to perpetrate.

Hacking Google, for example, means gaining access to the most private information of individuals.  Hacking tech companies in general means gaining key intellectual information, which is their lifeblood.

Hacking defense contractors like Lockheed Martin is a matter of national military security.

The hacking of MasterCard and Visa demonstrates the utter unpreparedness of major corporations.  It shows that a group of rule-breaking enthusiasts can trump Fortune 500 companies.  In the physical/real world, something like that would be unimaginable.

Corporations, governments, universities, and consumers in general aren’t prepared for cyber attacks.

Many experts had predicted the rising importance of cyber security ever since it became clear that cyberspace would be an integral part of modern society.

Hackers, however, haven’t really done too much damage until the last two years because criminals and other rule-breakers (e.g. unscrupulous government agencies) didn’t seriously incorporate cyber attacks into their repertoire.

Now, they have and are finally giving hacking the organizational backing it needs to do some serious damage.  In other words, hacking has changed from being a crime perpetrated by loose-organized operators for petty gains to an operation backed by major crime syndicates and other powerful organizations for more nefarious and impactful purposes.

Society at large, therefore, needs to beef up its cyber security.  It needs to resemble the robustness of security in the physical world.

The US, for example, has a network of police force at every single municipality and state to deal with local criminal threats.  On the national level, it has the FBI and a standing army.

As cyber crimes have moved to the major leagues, cyber security needs to do the same.

 

Lockheed Martin hacked, cyber crime steps up to major leagues – International Business Times.


Demonizing China — A perspective on the Bizarre World Order

Demonizing China


There’s no doubt that since the fall of the Soviet Union, the West’s senior morons have been looking for some sort of external threat. China is now the focus of a classic scenario: An external enemy to shift focus from the failures of the society.
For those who remember the situation during the collapse of the USSR, and the “world’s only superpower” subsequently falling to bits into its present almost unbelievably obscene delusional state, history has done what it always does- replay the lesson. The USSR went bankrupt. The US is technically bankrupt.

The USSR spent its entire existence focusing on external threats. From the Revolution onwards, Lenin, Stalin and their successors pursued a gigantic lie until it destroyed the nation. The US seems hell-bent on following that path, recycling the redneck rhetoric of previous generations about external threats.
These are the issues raised to illustrate that the Yellow Peril, that bizarre fantasy of the 19th century, is now being reincarnated as working foreign policy:
1. The Chinese military program- Notwithstanding the fact that the Chinese military has been recorded as buying pigs from local farmers for food. The arsenal of weapons left over from the 70s and 80s, relics unfit for combat outside a sandpit, goes unmentioned while the US continues to spend the equivalent of the GDP of entire countries on its own weapons.
2. The value of the Chinese currency- No other nation in modern history has been subjected to this sort of browbeating, however ineffectual.
3. Sovereign wealth- This is loosely translated as direct or indirect investment by governments. It’s considered unfair, despite 50 years of Western economies having a virtual monopoly on global capital, public and private.
4. Human rights- It’s interesting to note that the West, in the course of “defending” human rights, has been remarkably slow to do anything about actual genocide, dictatorships, and massive abuse of human rights. The West’s own poor, subject to the most common of all human rights abuses, poverty, have rarely if ever been mentioned in the crusade for human rights. Tibet is a case in point. 60 years later, anti-Chinese hot air still replaces actual results. Nothing resembling an achievement in this area is seriously expected.
5. Outsourcing of jobs to China- The very people who outsourced the jobs in the first place and are making billions are pretending to have some sort of credibility when talking about foreign outsourcing.
6. Chinese buying of US bonds- The US bonds, which are funding US spending, should obviously only be bought by Americans. The Chinese are selling them now, not buying them. Why would that be?
7. Chinese espionage stealing technology- Clearly, a country which is manufacturing all the current technology and is up to its armpits in US and Western trained scientists needs to steal technology. Why not just wait for it to get delivered? Congress has now banned scientific collaboration with China for that reason.
8. Chinese backed cyber-attacks- Every government on Earth now has cyber warfare capabilities. Why not the Chinese, and if it’s so much of a threat, why is the publicly available information entirely about unsuccessful attacks?
9. Taiwan- The Chinese equivalent of Hawaii, and not particularly useful as either a target or a cinder. Taiwan also happens to be the original source of the industrial capacity of the PRC, imported direct from there in the 80s. So much for ideology.
10. Chinese foreign investment- A country turning over billions of dollars, and the only one not allowed to invest on the global market? The Chinese have been grabbing foreign assets in much the same way the US did in the post-war era.
So- How’re we going with the Orwellian scenario, at this point? Who is kidding whom?
Meanwhile, freed from the threat of Soviet communism, the West has been free to prove its brilliance with:
1. The 1990s recession
2. The War on Terror
3. Iraq
4. Hurricane Katrina
5. The Iraq contracts
6. The mortgage securities crises
7. The 2008 meltdown
8. US debt
9. US crime
10. Global crime
11. UK debt
12. European debt
13. Japanese stagflation
14. The bio-scientific gap shrinkage thanks to superstitious primitives blocking technology
15. The presumably temporary demise of the US space program, unless there’s some damn 2000 year old non-existent dogmatic superstition about that, too
16. The sudden fall in US life expectancy from 1st to around 24th in the world
17. The general inflation brought about by “user pays/Greed is Good” economics
18. Global corruption at all levels of politics
19. Education, or the lack of same
20. You name it
Here it is folks, Manifest Destiny, 21st century style. Nobody’s got a Chinaman’s chance against the West. Rule Britannia, Allons enfants de la patrie.. etc., etc., The West is the best… Sure, it is. Ask the average 50% of Westerners living on various forms of insult. How many double standards can you fit in to a world view?
China is the distraction. The real game is at home, with its pitiful policies and its even more pitiful adherents to those policies. The external “threat” has its own problems, and plenty of them.
Here’s a thought for those looking for threats- The French Revolution, the template for the rise of modern democracy, didn’t have an ideology. It had the same sort of real-life facts as the Middle East has now- Insane, backward, power mad governments created by unelected factions within their societies and rampaging inequalities, with a healthy dose of poverty.
If the Middle East can get rid of its idiots, why can’t we?

Read more: http://www.digitaljournal.com/article/307091#ixzz1NNPZmO8O

via Op-Ed: Demonizing China — A perspective on the Bizarre World Order.


Federal Government Recruiting Cyber Security Job Candidates – FoxNews.com

While many Americans worry about terrorists attacking transportation systems or national landmarks, experts say the more likely target is at their fingertips.

With more and more people, businesses, and government agencies conducting their business online, cyberspace has become especially tantalizing, and protecting it, increasingly urgent.

Jim Wunderman, president of the Bay Area Council which represents the interests of several hundred companies, puts it bluntly.

“The next major threat to our country probably won’t come by land, sea or air. It’s going to come from cyberspace, and we better be ready for it,” he said.

“It” includes attacks by so-called “cyber militias,” widely believed to be supported by governments in China and Russia, to the random bad actor intent on shutting down critical infrastructure, like power plants, electric grids, and bank ATM’s.

To fend off such attacks, the federal government is looking for more help. Department of Homeland Security Secretary Janet Napolitano is making her pitch to university students across the country. She recently spoke at MIT and UC Berkeley, hoping to lure those who can help protect public and private sectors.

“We need a strong, innovated group of people who are willing to take on the incredible challenge that the protection of cyber space demands,” Napolitano said.

Many believe the government’s recruiting effort comes in the midst of a national emergency. “We’re already under attack in the cyber world,” says retired Major Gen. Dale Meyerrose, a cyber expert with the Harris Group. “I’ve seen several studies that say American businesses lose a trillion dollars a year through cyber crime.”

The challenge is finding the right talent, in the right numbers, as quickly as possible.

“The CIA says there’s only about 1,000 people operating in our country right now who truly have the technical capacity to serve in the field and protect our critical infrastructure where there’s actually need for probably 30,000 of these people,” says the Bay Area Council’s Wunderman.

According to a recent Bay Area Council poll, more than 70 percent of Americans say cybersecurity is a national security issue, and two-thirds are looking to Washington to do more to protect computer networks and Internet users.

This week, the White House released it’s cybersecurity plan, and Congress has been debating several bills for years. It’s complex, and the debate isn’t likely to end soon. But supporters hope that eventually, there will be clear, standardized protocols in the event of an attack, and better strategies to reduce cyber threats.

As the Department of Homeland Security seeks to broaden its authority over cybersecurity, it’s set aside $24-million to train scientists, engineers and analysts, and create a diverse workforce of high tech and policy professions to help protect the nation’s digital border.



Read more: http://www.foxnews.com/politics/2011/05/13/federal-government-recruiting-cyber-security-job-candidates/#ixzz1MHErzBBP

via Federal Government Recruiting Cyber Security Job Candidates – FoxNews.com.


U.S.-China Cyber War Scenario in the Eyes of a Chinese Student – James Fallows – Technology – The Atlantic

This winter, I cut my European trip short to be back in snow-covered Boston for an intensive course at Harvard Kennedy School on cyber security, taught by Richard Clarke and Eric Rosenbach. I loved this course because for one, Mr. Clarke, former anti-terrorism czar for Bush I, Clinton and Bush II, gave us the course-book — his Cyber War — for free. More importantly, I was in the company of a very diverse group of students, many of whom have courageously served the country in two wars and have a much better real-world understanding of the security issues than I would ever have. I have studied international law and taken courses on international affairs, but cyber war is an entirely new and different subject.

via U.S.-China Cyber War Scenario in the Eyes of a Chinese Student – James Fallows – Technology – The Atlantic.


Web too Vulnerable to Potential Attack, Study Suggests | PCWorld

The report revealed that 40 percent of the IT executives surveyed felt that there was in their industry lately. However, nearly 30 percent of the same group of executives said their company networks are unprotected and 40 percent believe that a “major” cyber attack may be imminent within the next year.

The report also noted that the threats to critical infrastructure have increased compared to last year even as efforts to protect the infrastructures have not increased in any way. The new study is a follow-up of last year’s study which already noted that critical infrastructures were not as protected as expected.

Power Grids

via Web too Vulnerable to Potential Attack, Study Suggests | PCWorld.


Top 10 hacks of all time | Alexander Liddington-Cox | Commentary | Business Spectator

Efforts to stop hackers from breaking into the most sensitive corporate and government databases don’t seem to be working, with tech-related breaches on the rise. According to the latest annual report from Verizon on the subject, incidents of data breaches are at an all-time high and hacking is behind most of them. Hacking doesn’t just tarnish an organisation’s reputation but can burden them with an enormous cost. For hackers there’s a mix of fame and felony charges that awaits them and in some cases, fortune with a career as an internet security consultant. But who wins the fame? What are the top 10 hacks of all-time?

via Top 10 hacks of all time | Alexander Liddington-Cox | Commentary | Business Spectator.