Microsoft Cleans Up After Chinese Hack Of Google, Obama Turns The Other Cheek

Microsoft to release patch for IE hole on Thursday

Microsoft said on Wednesday that it will release on Thursday a patch to fix the latest hole in Internet Explorer that was used in the China-based attack on Google and for which an exploit has been released on the Internet since last week.

The company plans to release the patch as close to 10 a.m. PST on Thursday as possible and host a public Webcast at 1 p.m. PST, according to the security advisory.

Microsoft continues to see limited attacks and has only seen evidence of successful attacks against Internet Explorer 6, according to Jerry Bryant, senior security program manager at Microsoft.

“This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical,” he said in a statement.

“It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized,” Bryant said. “We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released.”

Vulnerable software is IE 6 on Microsoft Windows 2000 and IE 6, 7, and 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, Microsoft said.

So, while China continues its relentless, covert cyberwar against U.S. and other Western commercial, government, and military targets, stealing information and secrets and causing economic and national security damage to our computer networks, guess what the Obama administration has decided to do, against the advice of U.S. intelligence officials and experts?

China removed as top priority for spies

The White House National Security Council recently directed U.S. spy agencies to lower the priority placed on intelligence collection for China, amid opposition to the policy change from senior intelligence leaders who feared it would hamper efforts to obtain secrets about Beijing’s military and its cyber-attacks.

The downgrading of intelligence gathering on China was challenged by Director of National Intelligence Dennis C. Blair and CIA Director Leon E. Panetta after it was first proposed in interagency memorandums in October, current and former intelligence officials said.

The decision downgrades China from “Priority 1” status, alongside Iran and North Korea, to “Priority 2,” which covers specific events such as the humanitarian crisis after the Haitian earthquake or tensions between India and Pakistan.

The National Security Council staff, in response, pressed ahead with the change and sought to assure Mr. Blair and other intelligence chiefs that the change would not affect the allocation of resources for spying on China or the urgency of focusing on Chinese spying targets, the officials told The Washington Times.

White House National Security Council officials declined to comment on the intelligence issue. Mike Birmingham, a spokesman for Mr. Blair, declined to comment. A CIA spokesman also declined to comment.

But administration officials, speaking on the condition of anonymity, said the new policy is part of the Obama administration’s larger effort to develop a more cooperative relationship with Beijing.

See also:
Microsoft Security Bulletin Advance Notification for January 2010
New IE hole exploited in attacks on U.S. firms
Microsoft Scrambles to Patch Browser
Microsoft patching “Google hack” flaw in IE tomorrow
Microsoft Security Bulletin MS10-002 Coming Thursday for IE Zero-Day
Microsoft to issue “Google attack” browser patch
Microsoft to issue emergency IE patch Thursday
Microsoft will issue emergency IE patch on Thursday
China removed as top priority for spies
China no longer top priority for intelligence gathering: White House
‘China no longer top priority for intelligence gathering’
China: Still an Intelligence Priority

Relax, don’t worry, the country is in the very best of hands.

/Obama’s NSC, more than a dozen morons stuffed in a four passenger clown car

Advertisements

Peek A Boo, China Is Waging Undeclared War On You

Is your computer acting squirrelly, your internet connection spotty? It might not be Microsoft after all, it could be Chinese military sponsored hackers.

Congressional commission focuses on China’s cyberwar capability

In war and possibly in peace, China will wage cyberwar to control the information flow and dominate the battle space, according to a new report compiled for a congressional commission.

Chinese military strategists see information dominance as the key to overall success in future conflicts and will continue to expand the country’s computer network exploitation capabilities, according to the report, titled “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation.” The report was prepared for the U.S.-China Economic and Security Review Commission under contract by Northrop Grumman’s Information Systems Sector.

In a conflict, China will likely target the U.S. government and private industry with long-term, sophisticated computer network exploitation and intelligence collection campaigns, the report concludes. U.S. security agencies can expect to face disciplined, standardized operations; sophisticated techniques; high-end software; and a deep knowledge of the U.S. networks, according to the report (PDF).

The strategy employed by the People’s Liberation Army–China’s military organization–is to consolidate computer network attacks with electronic warfare and kinetic strikes, creating “blind spots” in enemy systems to be exploited later as the tactical situation warrants, according to the report. The strategy, which has been adopted by the world’s other technologically inclined armies, is referred to by the PLA as “Integrated Network Electronic Warfare,” the report stated.

The emphasis on information warfare has forced the PLA to recruit from a wide swath of the civilian sector, according to the report. As is the case with the U.S. military and its new Cyber Command, the PLA looks to commercial industry and academia for people possessing the requisite specialized skills and pasty pallor to man the keyboards. And although it hints broadly at it, the report offers no evidence of ties between the PLA and China’s hacker community.

The U.S.-China Economic and Security Review Commission reports and provides recommendations to Congress on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China.

China Expands Cyberspying in U.S., Report Says

The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing.

The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are “straining the U.S. capacity to respond,” the report concludes.

See also:
Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation
Evidence Points To China In Cyber Attacks
Report: China building cyberwarfare capabilities
Security report finds Chinese cyberspying threat growing
U.S. report says China engages in cyber warfare
China fingered in cyberattack on mystery high tech co.
‘Huawei continues to receive preferential funding from China’s army’, says US Commission
United States-China Economic and Security Review Commission

/I sure hope Obama and company are putting at least as much time and energy into fighting this undeclared cyberwar with China as they are prosecuting their childish, whiny, crybaby media war against Fox News

North Korea And Friends Want To Play Computer Games

I can only hope we’re winning this game and not playing nice while doing it.

U.S., South Korea Targeted in Swarm Of Internet Attacks

U.S. and South Korean authorities yesterday were investigating the source of attacks on at least 35 government and commercial Web sites in the two countries, officials said.

In the United States, the attacks primarily targeted Internet sites operated by major government agencies, including the departments of Homeland Security and Defense, the Federal Aviation Administration and the Federal Trade Commission, according to several computer security researchers. But The Washington Post’s site was also affected.

South Korea’s main spy agency, the National Intelligence Service, said in a statement that it thought the attacks were carried out “at the level of a certain organization or state” but did not elaborate. The South Korean news agency Yonhap and the JoongAng Daily, a major newspaper in Seoul, reported that intelligence officials had told South Korean lawmakers that North Korea or its sympathizers were prime suspects. A spokesman for the intelligence service said that it could not confirm the report.

The attacks were described as a “distributed denial of service,” a relatively unsophisticated form of hacking in which personal computers are commanded to overwhelm certain Web sites with a blizzard of data. The effort did not involve the theft of sensitive information or the disabling of crucial operational systems, government and security experts said. But they noted that it was widespread, resilient and aimed at government sites.

Earlier this year, a number of South Korean news organizations reported that North Korea was running a cyberwarfare unit targeting military networks in South Korea and the United States. And North Korea, along with other countries, is known to be looking into U.S. cybersecurity capabilities and vulnerabilities, said Daniel T. Kuehl, an expert on information warfare at National Defense University.

See also:
US and S Korea fall victim to cyber-attack
US officials eye North Korea in cyber attack
North Korea a suspect in cyber attacks in US
North Korea may be behind White House cyberattack
Cyber Attack Finds More Targets
The U.S.-South Korea Cyberattack: How Did It Happen?
How a Brute-Force Cyberattack Works
National Intelligence Service
National Intelligence Service (South Korea)
National Defense University
National Defense University
Why Are We Not Stomping North Korea’s Guts Out?

Gee, with all their belligerent shenanigans lately, you’d think North Korea was really anxious to get their asses kicked.

/the question is, will we oblige them?

Powered By Microsoft Windows

With Bill Gates and crew protecting our ATMs with Windows, just thank God your bank accounts are insured by the FDIC up to $250,000.

ATM Vendor Halts Researcher’s Talk on Vulnerability

An ATM vendor has succeeded in getting a security talk pulled from the upcoming Black Hat conference after a researcher announced he would demonstrate a vulnerability in the system.

Barnaby Jack, a researcher with Juniper Networks, was to present a demonstration showing how he could “jackpot” a popular ATM brand by exploiting a vulnerability in its software.

Jack was scheduled to present his talk at the upcoming Black Hat security conference being held in Las Vegas at the end of July.

But on Monday evening, his employer released a statement saying it was canceling the talk due to the vendor’s intervention.

“Juniper believes that Jack’s research is important to be presented in a public forum in order to advance the state of security,” the statement read. “However, the affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected. Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack’s presentation until all affected vendors have sufficiently addressed the issues found in his research.”

In the description of his talk on the conference web site, Jack wrote that, “The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software. This presentation will retrace the steps I took to interface with, analyze, and find a vulnerability in a line of popular new model ATM’s. The presentation will explore both local and remote attack vectors, and finish with a live demonstration of an attack on an unmodified, stock ATM.”

Jack did not disclose the ATM brand or discuss whether the vulnerability was found in the ATM’s own software or in its underlying operating system. Diebold ATMs, one of the most popular brands, runs on a Windows operating system, as do some other brands of ATMs.

Diebold did not respond to a call for comment.

Earlier this year, Diebold released an urgent alert (.pdf) announcing that Russian hackers had installed malicious software on several of its Opteva model ATMs in Russia and Ukraine. A security researcher at SophosLabs uncovered three examples of Trojan horse programs designed to infect the ATMs and wrote a brief analysis of them. Last month another security research lab, Trustwave’s SpiderLabs, provided more in-depth analysis of malware used to attack 20 ATMs in Russia and Ukraine of various brands.

According to SpiderLabs, the attack required an insider, such as an ATM technician or anyone else with a key to the machine, to place the malware on the ATM. Once that was done, attackers could insert a control card into the machine’s card reader to trigger the malware and give them control of the machine through a custom interface and the ATM’s keypad.

The malware captured account numbers and PINs from the machine’s transaction application and then delivered it to the thief on a receipt printed from the machine in an encrypted format or to a storage device inserted in the card reader. A thief could also instruct the machine to eject whatever cash is inside the machine. A fully loaded ATM can hold up to $600,000.

It’s unclear if the talk Jack was scheduled to give addresses the same vulnerability and malware or a new kind of attack.

See also:
Juniper Nixes ATM Security Talk
ATM vendor gets security talk pulled from conferences
Researcher barred from demoing ATM security vuln
Jackpotting ATM Machines courtesy of the Jolly Roger
Barnaby Jack
Barnaby Jack
Embedded Problems
Exploiting Embedded Systems, Blackhat 2006 (Barnaby Jack)
Black Hat ® : The World’s Premier Technical Security Conference
Black Hat ® Technical Security Conference: USA 2009
Juniper Networks
SophosLabs
SpiderLabs — About Us — Trustwave
Diebold

Jackpotting ATMs, kind of like playing a slot machine where you win first time, every time and it pays out in twenties.

/all I can say is that I’m sure glad Barnaby Jack is one of the good guys

Hacking Back At The Chinese And Russians, The White Hat Cavalry

Gates Creates Cyber-Defense Command

Defense Secretary Robert M. Gates issued an order yesterday establishing a command that will defend military networks against computer attacks and develop offensive cyber-weapons, but he also directed that the structure be ready to help safeguard civilian systems.

In a memo to senior military leaders, Gates said he will recommend that President Obama designate that the new command be led by the director of the National Security Agency, the world’s largest electronic intelligence-gathering agency. The current NSA director, Lt. Gen. Keith B. Alexander, is expected to be awarded a fourth star and to lead the cyber-command.

Gates or his deputy had been expected to announce the command in a speech a week ago. Analysts said making the announcement by memo is in keeping with the Pentagon’s effort to tamp down concerns that the Defense Department and the NSA will dominate efforts to protect the nation’s computer networks.

“Is it going to be the dominant player by default because the Department of Homeland Security is weak and this new unit will be strong?” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “That’s a legitimate question, and I think DoD will resist having that happen. But there are issues of authorities that haven’t been cleared up. What authorities does DoD have to do things outside the dot-mil space?”

The command will be set up as part of the U.S. Strategic Command, which is responsible for commanding operations in nuclear and computer warfare. Gates directed that the command be launched by this October and be fully operational by October 2010.

In a speech last week, Deputy Defense Secretary William Lynn stressed that the command’s mission would be to defend military networks. However, he said, “it would be inefficient — indeed, irresponsible — to not somehow leverage the unrivaled technical expertise and talent that resides at the National Security Agency” to protect the federal civilian networks, as long as it is done in a way that protects civil liberties.

See also:
Military Command Is Created for Cyber Security
Pentagon approves creation of cyber command
Defense Secretary Orders Cyberspace Command
Gates approves creation of new cyber command
US Creates Military Cyber Command to Defend Computer Networks
Pentagon: New cyber command focuses on military network
US sets up anti-computer-hacking unit
Cyberspace: The New Battlefield
Welcome to the National Security Agency – NSA/CSS
National Security Agency
National Security Agency
U.S. Strategic Command
Strategic Command
United States Strategic Command
Air Force Cyber Command
Air Force Cyber Command (Provisional)
Navy Cyber Defense Operations Command (NCDOC)
Welcome to Fort George G. Meade
Fort George G. Meade
Center for Strategic and International Studies ( CSIS )
Center for Strategic and International Studies

/since you insist on [expletive deleted] with our networks, we’ll [expletive deleted] with yours, and we’re better at it