Finally Fingering The Usual Suspects

I’m shocked, shocked to find that gambling is going on in here!

Intell report says China, Russia stealing US secrets

After years of suspicions and mounting evidence, the United States has formally called out China and Russia on cyber espionage, accusing the countries of stealing U.S. economic and technology secrets. China quickly denied the accusation.

In a report, “Foreign Spies Stealing U.S. Economic Secrets in Cyberspace,” the Office of the National Counterintelligence Executive also said U.S. allies have used online methods to help themselves to sensitive information, although the report does not name those countries. 

Read the report:
Foreign Spies Stealing U.S. Economic Secrets in Cyberspace 

See also:
In a world of cybertheft, U.S. names China, Russia as main culprits
Foreign cyber thieves stealing U.S. trade secrets, agency warns
China Singled Out for Cyberspying
US calls out Russia and China over hacking attacks
U.S. finally acknowledges Chinese and Russian cyberthreat
DNI Report on Economic Cyberespionage
US Report Cites Growing Economic Cyber Espionage
Report: Russia and China are top thieves of U.S. technology
Here’s The U.S. Government Report That Openly Calls Out China On Economic Cyberspying
US Official Singles Out China, Russia on Cyber-Spying
China, Russia top offenders in cyber stealing: US
US report blasts China, Russia for cybercrime
China hits back over US claims of online spying
China scorns U.S. cyber espionage charges

Gee, what have I been posting here for years now? It’s not like the massive, out of control Chinese and Russian cyberspying has been some sort of well kept secret. Oh well, I suppose better late than never, at least now the United States government is actually, publicly acknowledging the problem.

/and now I ask again, what are we going to do about the problem, can we please stop being the world’s cyberdoormat and speed bump on the superhighway to stolen intellectual property?

Advertisements

When Chinese RATs Attack

Oh, hey, look what China did, again. Isn’t this supposed to be an act of war now?

Massive Global Cyberattack Targeting U.S., U.N. Discovered; Experts Blame China

The world’s most extensive case of cyber-espionage, including attacks on U.S. government and U.N. computers, was revealed Wednesday by online security firm McAfee, and analysts are speculating that China is behind the attacks.

The spying was dubbed “Operation Shady RAT,” or “remote access tool” by McAfee — and it led to a massive loss of information that poses a huge economic threat, wrote vice president of threat research Dmitri Alperovitch.

. . .

Analysts told The Washington Post that the finger of blame for the infiltration of the 72 networks — 49 of them in the U.S. — points firmly in the direction of China.

See also:
Revealed: Operation Shady RAT
McAfee’s Operation Shady RAT exposes national cybersecurity lapses
McAfee discovers massive series of cyber attacks
Hacking Campaign Targets U.S. Government, Signs Point to China
Operation Shady RAT: five-year hack attack hit 14 countries
China Suspected Of Shady RAT Attacks
Q+A: Massive cyber attack dubbed “Operation Shady RAT”
Operation Shady RAT: A frightening web of global cyber-espionage
Operation Shady RAT smells like Chinese hacking
All cursors point to China in global hack attack that threatens nations
China accused of biggest ever global cyber spying attacks
Hackers Based in China Attack UN, Olympic Networks, Security Firms Report
Operation Shady RAT and the cyberhacking
APT Attackers Used Chinese-Authored Hacker Tool To Hide Their Tracks

Why did it take a private security company to uncover the largest case of cyberspying in world history and why aren’t we doing something about it?

/does China have to steal every last piece of sensitive and secret computer data we possess before we start taking this threat seriously?

The Cyberwar Rages 24/7

Corporations’ cyber security under widespread attack, survey finds

Around the world, corporations’ computer networks and control systems are under “repeated cyberattack, often from high-level adversaries like foreign nation-states,” according to a new global survey of information technology executives.

The attacks include run-of-the-mill viruses and other “malware” that routinely strike corporate defenses, but also actions by “high-level” adversaries such as “organized crime, terrorists, or nation states,” a first-time global survey by the Center for Strategic and International Studies (CSIS) in Washington has found. More than half of the 600 IT managers surveyed, who operate critical infrastructure in 14 countries, reported that their systems have been hit by such “high-level” attacks, the survey concludes.

A large majority, 59 percent, said they believed that foreign governments or their affiliates had already been involved in such attacks or in efforts to infiltrate important infrastructure – such as refineries, electric utilities, and banks – in their countries.

Such attacks, the survey said, include sophisticated denial-of-service attacks, in which an attacker tries to so overwhelm a corporate network with requests that the network grinds to a halt.

But they also include efforts to infiltrate a company. Fifty-four percent of the IT executives said their companies’ networks had been targets of stealth attacks in which infiltration was the intent. In two-thirds of those cases, the IT managers surveyed said company operations had been harmed.

The IT managers also believed that these “stealthy” attacks were conducted by “nation states” targeting their proprietary data, says the survey’s main author, CSIS fellow Stewart Baker, in a phone interview. Mr. Baker is a cybersecurity expert formerly with the Department of Homeland Security and National Security Agency.

“It’s all the same kind of stuff – spear-phishing, malware, taking over the network and downloading-whatever-you-want kind of attack,” he says. “Over half of these executives believe they’ve been attacked with the kind of sophistication you’d expect from a nation state.”

The CSIS report describes such attacks as “stealthy infiltration” of a company’s networks by “a high-level adversary” akin to a “GhostNet,” or large spy ring featuring “individualized malware attacks that enabled hackers to infiltrate, control and download large amounts of data from computer networks.” The GhostNet attacks, which Canadian researchers attributed to Chinese state-run agencies, bear similarities to recent attacks on Google and other high-tech companies, Baker says. Google attributed attacks on it to entities in China.

Read the report:
In the Crossfire: Critical Infrastructure in the Age of Cyber War

See also:
In the Crossfire: Critical Infrastructure in the Age of Cyber War
Report: Critical Infrastructures Under Constant Cyberattack Globally
Utilities, Refineries and Banks Are Victims of Cyber Attacks, Report Says
Critical Infrastructure under Siege from Cyber Attacks
Critical Infrastructure Vulnerable To Attack
Critical Infrastructure Security a Mixed Bag, Report Finds
Report shows cyberattacks rampant; execs concerned
Key infrastructure often cyberattack target: survey
Critical infrastructure execs fear China
SCADA system, critical infrastructure security lacking, survey finds

Ironically, the more dependent we become on interconnected network technology, the more vulnerable we become too.

/so keep your fingers crossed and your computers patched against hacking and intrusion, at least you can do your part to avoid being part of the problem

Microsoft Cleans Up After Chinese Hack Of Google, Obama Turns The Other Cheek

Microsoft to release patch for IE hole on Thursday

Microsoft said on Wednesday that it will release on Thursday a patch to fix the latest hole in Internet Explorer that was used in the China-based attack on Google and for which an exploit has been released on the Internet since last week.

The company plans to release the patch as close to 10 a.m. PST on Thursday as possible and host a public Webcast at 1 p.m. PST, according to the security advisory.

Microsoft continues to see limited attacks and has only seen evidence of successful attacks against Internet Explorer 6, according to Jerry Bryant, senior security program manager at Microsoft.

“This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical,” he said in a statement.

“It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized,” Bryant said. “We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released.”

Vulnerable software is IE 6 on Microsoft Windows 2000 and IE 6, 7, and 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, Microsoft said.

So, while China continues its relentless, covert cyberwar against U.S. and other Western commercial, government, and military targets, stealing information and secrets and causing economic and national security damage to our computer networks, guess what the Obama administration has decided to do, against the advice of U.S. intelligence officials and experts?

China removed as top priority for spies

The White House National Security Council recently directed U.S. spy agencies to lower the priority placed on intelligence collection for China, amid opposition to the policy change from senior intelligence leaders who feared it would hamper efforts to obtain secrets about Beijing’s military and its cyber-attacks.

The downgrading of intelligence gathering on China was challenged by Director of National Intelligence Dennis C. Blair and CIA Director Leon E. Panetta after it was first proposed in interagency memorandums in October, current and former intelligence officials said.

The decision downgrades China from “Priority 1” status, alongside Iran and North Korea, to “Priority 2,” which covers specific events such as the humanitarian crisis after the Haitian earthquake or tensions between India and Pakistan.

The National Security Council staff, in response, pressed ahead with the change and sought to assure Mr. Blair and other intelligence chiefs that the change would not affect the allocation of resources for spying on China or the urgency of focusing on Chinese spying targets, the officials told The Washington Times.

White House National Security Council officials declined to comment on the intelligence issue. Mike Birmingham, a spokesman for Mr. Blair, declined to comment. A CIA spokesman also declined to comment.

But administration officials, speaking on the condition of anonymity, said the new policy is part of the Obama administration’s larger effort to develop a more cooperative relationship with Beijing.

See also:
Microsoft Security Bulletin Advance Notification for January 2010
New IE hole exploited in attacks on U.S. firms
Microsoft Scrambles to Patch Browser
Microsoft patching “Google hack” flaw in IE tomorrow
Microsoft Security Bulletin MS10-002 Coming Thursday for IE Zero-Day
Microsoft to issue “Google attack” browser patch
Microsoft to issue emergency IE patch Thursday
Microsoft will issue emergency IE patch on Thursday
China removed as top priority for spies
China no longer top priority for intelligence gathering: White House
‘China no longer top priority for intelligence gathering’
China: Still an Intelligence Priority

Relax, don’t worry, the country is in the very best of hands.

/Obama’s NSC, more than a dozen morons stuffed in a four passenger clown car

Peek A Boo, China Is Waging Undeclared War On You

Is your computer acting squirrelly, your internet connection spotty? It might not be Microsoft after all, it could be Chinese military sponsored hackers.

Congressional commission focuses on China’s cyberwar capability

In war and possibly in peace, China will wage cyberwar to control the information flow and dominate the battle space, according to a new report compiled for a congressional commission.

Chinese military strategists see information dominance as the key to overall success in future conflicts and will continue to expand the country’s computer network exploitation capabilities, according to the report, titled “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation.” The report was prepared for the U.S.-China Economic and Security Review Commission under contract by Northrop Grumman’s Information Systems Sector.

In a conflict, China will likely target the U.S. government and private industry with long-term, sophisticated computer network exploitation and intelligence collection campaigns, the report concludes. U.S. security agencies can expect to face disciplined, standardized operations; sophisticated techniques; high-end software; and a deep knowledge of the U.S. networks, according to the report (PDF).

The strategy employed by the People’s Liberation Army–China’s military organization–is to consolidate computer network attacks with electronic warfare and kinetic strikes, creating “blind spots” in enemy systems to be exploited later as the tactical situation warrants, according to the report. The strategy, which has been adopted by the world’s other technologically inclined armies, is referred to by the PLA as “Integrated Network Electronic Warfare,” the report stated.

The emphasis on information warfare has forced the PLA to recruit from a wide swath of the civilian sector, according to the report. As is the case with the U.S. military and its new Cyber Command, the PLA looks to commercial industry and academia for people possessing the requisite specialized skills and pasty pallor to man the keyboards. And although it hints broadly at it, the report offers no evidence of ties between the PLA and China’s hacker community.

The U.S.-China Economic and Security Review Commission reports and provides recommendations to Congress on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China.

China Expands Cyberspying in U.S., Report Says

The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing.

The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are “straining the U.S. capacity to respond,” the report concludes.

See also:
Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation
Evidence Points To China In Cyber Attacks
Report: China building cyberwarfare capabilities
Security report finds Chinese cyberspying threat growing
U.S. report says China engages in cyber warfare
China fingered in cyberattack on mystery high tech co.
‘Huawei continues to receive preferential funding from China’s army’, says US Commission
United States-China Economic and Security Review Commission

/I sure hope Obama and company are putting at least as much time and energy into fighting this undeclared cyberwar with China as they are prosecuting their childish, whiny, crybaby media war against Fox News

Hacking Back At The Chinese And Russians, The White Hat Cavalry

Gates Creates Cyber-Defense Command

Defense Secretary Robert M. Gates issued an order yesterday establishing a command that will defend military networks against computer attacks and develop offensive cyber-weapons, but he also directed that the structure be ready to help safeguard civilian systems.

In a memo to senior military leaders, Gates said he will recommend that President Obama designate that the new command be led by the director of the National Security Agency, the world’s largest electronic intelligence-gathering agency. The current NSA director, Lt. Gen. Keith B. Alexander, is expected to be awarded a fourth star and to lead the cyber-command.

Gates or his deputy had been expected to announce the command in a speech a week ago. Analysts said making the announcement by memo is in keeping with the Pentagon’s effort to tamp down concerns that the Defense Department and the NSA will dominate efforts to protect the nation’s computer networks.

“Is it going to be the dominant player by default because the Department of Homeland Security is weak and this new unit will be strong?” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “That’s a legitimate question, and I think DoD will resist having that happen. But there are issues of authorities that haven’t been cleared up. What authorities does DoD have to do things outside the dot-mil space?”

The command will be set up as part of the U.S. Strategic Command, which is responsible for commanding operations in nuclear and computer warfare. Gates directed that the command be launched by this October and be fully operational by October 2010.

In a speech last week, Deputy Defense Secretary William Lynn stressed that the command’s mission would be to defend military networks. However, he said, “it would be inefficient — indeed, irresponsible — to not somehow leverage the unrivaled technical expertise and talent that resides at the National Security Agency” to protect the federal civilian networks, as long as it is done in a way that protects civil liberties.

See also:
Military Command Is Created for Cyber Security
Pentagon approves creation of cyber command
Defense Secretary Orders Cyberspace Command
Gates approves creation of new cyber command
US Creates Military Cyber Command to Defend Computer Networks
Pentagon: New cyber command focuses on military network
US sets up anti-computer-hacking unit
Cyberspace: The New Battlefield
Welcome to the National Security Agency – NSA/CSS
National Security Agency
National Security Agency
U.S. Strategic Command
Strategic Command
United States Strategic Command
Air Force Cyber Command
Air Force Cyber Command (Provisional)
Navy Cyber Defense Operations Command (NCDOC)
Welcome to Fort George G. Meade
Fort George G. Meade
Center for Strategic and International Studies ( CSIS )
Center for Strategic and International Studies

/since you insist on [expletive deleted] with our networks, we’ll [expletive deleted] with yours, and we’re better at it

Hacking The Hackers

Vast spy system loots computers in 103 countries

A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.

In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.

The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware.

Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London, and New York.

The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.

Intelligence analysts say many governments, including those of China, Russia and the United States, and other parties use sophisticated computer programs to covertly gather information.

The newly reported spying operation is by far the largest to come to light in terms of countries affected.

This is also believed to be the first time researchers have been able to expose the workings of a computer system used in an intrusion of this magnitude.

Still going strong, the operation continues to invade and monitor more than a dozen new computers a week, the researchers said in their report, “Tracking ‘GhostNet’: Investigating a Cyber Espionage Network.” They said they had found no evidence that United States government offices had been infiltrated, although a NATO computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated.

The malware is remarkable both for its sweep–in computer jargon, it has not been merely “phishing” for random consumers’ information, but “whaling” for particular important targets–and for its Big Brother-style capacities. It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room. The investigators say they do not know if this facet has been employed.

The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined. Working with the Tibetans, however, the researchers found that specific correspondence had been stolen and that the intruders had gained control of the electronic mail server computers of the Dalai Lama’s organization.

The electronic spy game has had at least some real-world impact, they said. For example, they said, after an e-mail invitation was sent by the Dalai Lama’s office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities.

The Toronto researchers said they had notified international law enforcement agencies of the spying operation, which in their view exposed basic shortcomings in the legal structure of cyberspace. The FBI declined to comment on the operation.

See also:
Canadian researchers uncover vast computer spying operation
China-based spies target computers across globe
Massive Chinese computer espionage network uncovered
GhostNet: Turning Computers into Giant Bugs
International Phishing Operation – GhostNet
Researchers: Cyber spies break into govt computers
Munk Centre for International Studies
Tracking GhostNet: Investigating a Cyber Espionage Network
Ronald J. Deibert
Nart Villeneuve
Rafal Rohozinski
Spear Phishing and Whaling Attacks Reach Record Levels

/yesh, I’m sure the Chinese government has absolutely nothing do do with this