Category Archives: Cyber Policies

01/9/12

Compliance Security Balancing Act

gAtO sAy – as we seen with just script kiddies (anonymous and such) causing serious data breach in corporate world, the c-suite is finally waking up to the fact that lack of cyber security can ruin your company instantly. Look at the current Stratfor hack and release of customer credit cards and let’s not forget the donations that the hackers made.

If this was a criminal organization do you know how many billions of dollars they could of charged their customers without them knowing anything. Stratfor found out about the hack from the Twitter-sphere. “If data loss continues on this current trend, it will cost the U.S economy alone $290 billion by 2018” said  cyber security expert Kevin West announced in a recent Forbes guest column.

This equates to 1.6 percent of GDP. mUcHo $$$

That’s only the hard side of the coin if you look at the IP (intellectual property) that is being lost by U.S organization this alone will make every company less valuable every year until the diminishing returns forces the collapse of the US economy or pulls us out of the world markets altogether.

Compliance will make our company safe from hackers -wRoNg

Business is business and unless your saving money or a revenue stream, management will vote down doing the right thing, even legislative doesn’t help, look at HIPPA with over 200 security points if you do a risk assessment you can get away with doing the minimum and still be regulatory compliant.

u gOt hAcKeT - pLaY mE a sOnG

However, a number of organizations are learning that data security and data compliance may not be complementary, but competing priorities. Simply assuming that achieving data compliance equates to optimal cyber security could be a misguided philosophy and leave you open for an attack.

According to PCWorld, complex and conflicting compliance mandates may be jeopardizing overall data protection efforts. Several of the most notable victims of data breaches in 2011 actually had consistently successful audit records. As a result, the new era of data protection may call for distinct compliance and cyber security strategies -gAtO oUt

Read More ..> http://www.proformative.com/news/1467254/balancing-data-security-compliance

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2012/01/string-instruments-1-121x300.jpgDigg ThisSubmit to reddit
01/6/12

How Can Iran Censor Cyberspace

How does Iran censor cyberspace? -iranian cyber army

gAtO tHiNk the same software that we might use to prevent our children from looking at porn on the Internet is basically the same software that is “sold to regimes everywhere”, but instead of entering pornography-related terms, you put in terms like student union, protest or democratization. or Deep Packet Inspection which I’ll explain later.

** Some of the best commercial grade censorship software sold “to regimes everywhere” comes from Nokia-Siemens and out of Silicon Valley **

The gathering of information as well as covert action against computer networks that occurred in Iran in 2011 can be expected to continue and grow during 2012. Iranian counter-action in the form of a stepped-up cyber and sabotage campaign of their own citizens and against American installations in the Gulf will continue

** Control over the flow of information is a key issue for Iran — home to most Internet users in the Middle East with more than 36 million people of the 75 million populace. **

June 2009 Was the first time Iran Internet was turned off – Following the controversial re-election of President Mahmoud Ahmadinejad in June 2009, the country was cut off for about 24 hours.

Iran-Cyber-Guard Network

The Iranian government asked the three (3) largest Internet service providers to shut down, the problem was they didn’t bother with the smaller ones and a few activists with satellite phoneswere ready and connections to Internet service were providers thru friend and activist in Europe, Dubai or Cyprus.

The technical underground is available to the younger people and they are spreading the word, the pictures, the videos and news from the world that they matter, their voices are being heard. gAtO tHiNk that is the best example of “power to the people” in cyberspace.

** What the west has yet to learn is, there are not many Muslim countries which have a population as networked as that of Iran. :—: The good news is that the more Iran uses cyberspace the more vulnerable they will become **

Instead of using landlines, some Iranian bloggers have taken to using satellite dishes to access the Internet, but they are increasingly being destroyed by special police units. Some of the problems that the Iranian government is facing is that Universities often have their own distinct connections to one another Universities. Major trading houses or major financial centers also sometimes have backup connections.

** Ali Hakim Javadi, Iran’s deputy minister for communications and information technology **

If Iran shuts down the Internet, the price wouldn’t just be political (€€€-$$$). Were Iran to disconnect its oil industries from global information flows, the impact on those industries’ ability to deliver what little they can sell would be enormous. When Hosni Mubarak shut off the Internet in Egypt during the protests there, the impact was disastrous. The five days offline cost the Egyptian economy an estimated €250 million.

Another problem for Iran is other countries are helping the dissidents hide in cyberspace, the US is working on developing the ability to send digital packets that are invisible and are only interpretable for other machines that you set up on the network that know what to look for. It’s called a dark Web infrastructure.

** Tor Project is another source that enables anyone to be anonymous in cyberspace and gain access to otherwise blocked sites **

One way that Iran may be able to control cyberspace in Iran is Deep Packet Inspection (DPI) (also called complete packet inspection and Information eXtraction – IX -). The idea is to slow down the Internet traffic so much that you can use a program to inspect each piece of information that comes and goes.

President Ahmadinejad has indicated he wants to provide an alternative, a so-called intranet (internal network Iranians only) which will allow Iranians to communicate among themselves, as the song said recording “every word you said”. China has the best example of a national network that is relatively disconnected from the rest of the global information infrastructure. The Chinese have built software that basically mimics anything we develop in the West and embed surveillance algorithms deeply into them. But I’d be very surprised if the Iranians were able to launch all of this.

** It’s a lot easier to say “you have a cyber army and have defenses to do battle in cyberspace” and let them prove other wise. We are talking about diplomatic bull-shit -mEoW -mEoW gOsE gAtO**

Proxy servers are one of the things that activists have put to work for themselves. So when the state tries to shut down the Internet or when you learn that an authoritarian regime is watching particular sites or trying to disable YouTube or Twitter, proxy servers are very helpful as ways of getting around some of those barriers. They open doors where other doors have been shut.  Gaming consoles such as PlayStation or Xboxes can be turned into devices for sending out information without having to go through Internet exchange points. Learn from the young they know the technology and they will out live you anyway.

As long are there are ways for freedom of speech to get out it’s OK “the world is watching you now”. gAtO oUt

References:

http://www.gatewaygulf.net/teleport.php

http://en.wikipedia.org/wiki/List_of_Internet_exchange_points

http://www.payvand.com/news/11/dec/1273.html

http://en.wikipedia.org/wiki/Deep_packet_inspection

 

 

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2012/01/iran_cyber_army.jpgDigg ThisSubmit to reddit
12/30/11

Anonymous Hacks Again Hackmas Gift 4 Charities

UPDATE: 12-30-2011 (CentOS) is the OS that the Victims of the Duqu worm -Diagram -(son of Stuxnet).

Anonymous hacks Security Firm Stratfor Global Intelligence

Provides strategic intelligence on global business, economic, security and geopolitical affairs.

gAtO sMiLe - Hackers Breach the Web Site of Stratfor Global Intelligence. gATo did a goole search on Stratfor_com. As you can see the site as of Sunday night (12-25-2012) 2310 hundred hours it’s still down. The part that got gAtO 2 sMiLe is that the other links from google point to “default- error page”.  For a security firm they have done everything WRONG that they could after the HACK.

These error pages from a Google search gives away the OS  ((CentOS) Server) that they are using the Version of  (Apache/2.2.15)  also the the nomenclature they use in their Directory structure. This is a wealth of information to give any hacker to start hacking then next time (there will be a next time 4 Stratfor ) . A security firm should at least have a disaster recovery plan well Stratfor Global Intelligence has none.

Example: From Google click on Careers, ABOUT Stratfor, Geopolitical Weekly or any othe rpage and you get an error page with all kinds of information for any hacker during information gathering before the hack. 

From a simple google search:

(CentOS) Server

 

 

 

 

They use CentOS: – Check out their bug report page: -http://bugs.centos.org/view_all_bug_page.php

stratfor.com/subscibe error code show lots of Information about any site. A good web designer would of hiding this information to keep a hacker from knowing my information

This site list the bug reports for Cent(OS). A wealth of information for a hacker.

Apache/2.2.15

http://httpd.apache.org/security/vulnerabilities_22.html

You can see that if you need to hack Apache just scan for CVE-2022-3368 and CVE-2011-3348 and these are for version 2.21 and 2.2.22 they are running 2.215. To gAtO it looks like they may not of done proper Patch management to keep up with updates.

 

 

“Anonymous” claimed Sunday to have stolen thousands of credit card numbers and other personal information belonging to clients of U.S.-based security think tank Stratfor

 

I read that they did not encrypt their subscribers credit card so a few people have made charitable contribution from their credit cards on .stratfor. Why do companies that have credit and personal information not encrypt them. This is a no brainer, if I have customers information and I’m a security company why is my website so bad and open to hacking so easily.

 

Anonymous said the client list it had already posted was a small slice of the 200 gigabytes worth of plunder it stole from Stratfor and promised more leaks. It said it was able to get the credit card details in part because Stratfor didn’t bother encrypting them – an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.

 

Hours after publishing what it claimed was Stratfor’s client list, Anonymous tweeted a link to encrypted files online with names, phone numbers, emails, addresses and credit card account details.

 

Anyway gAtO just wanted to point some of these things out I just don’t understand it why these big shot Security firms scream so loud about hackers, maybe because they do such a bad job that they think that laws may help them but this damage of reputation may bring this company down.

The problem that gAtO has found is these big shots thing that they hire anyone that has a security clearance or a certification. These people have no real knowledge of what a hacker does but what’s in the book. When you read it from a book today it’s outdated before it’s been printed and the hackers are on to newer stuff. Companies cannot think if they are compliant and within regulatory that will stop a hacker, they think that just because it has n0t happened before and it looks impossible to you the hackers know all the same in-the-box stuff that everyone else does. So you better understand were the new information is coming from and keep learning every day. Cyberspace is not going to stop evolving so security people better not stop and, they need to always keep an open mind and think of the impossible and protect you data. It may be what keeps your company from going under with just one hack

gAtO_oUt

Directory Structure: just add strafer.com/xxx

/weekly/friedman_on_geopolitics

/analysis/20111028-mexicos-cartels-draw-online-activists-ire

Not Found

The requested URL /analysis/20111028-mexicos-cartels-draw-online-activists-ire was not found on this server.

Apache/2.2.15 (CentOS) Server at www.stratfor.com Port 80

Not Found

The requested URL /careers was not found on this server.

Apache/2.2.15 (CentOS) Server at www.stratfor.com Port 80

Not Found

The requested URL /weekly/20111212-russias-plan-disrupt-us-european-relations was not found on this server.

Apache/2.2.15 (CentOS) Server at www.stratfor.com Port 80

Read More:

http://www.huffingtonpost.com/2011/12/25/anonymous-stratfor-hack-hackers-hacking_n_1169268.html

http://www.nytimes.com/2011/12/26/technology/hackers-breach-the-web-site-of-stratfor-global-intelligence.html?_r=1&hp

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2011/12/stratford_main_home_page.tiffDigg ThisSubmit to reddit
10/28/11

Biggest Cyber Threat Military or Economic?

Is the biggest cyber threat military or economic?

Discussion -

• • • • gAtO-tHiNk tAnK —: While we were developing stuxnet for Iran -warfare cyber weapon. The Chinese were robbing our intellectual properties and these actions are the reason the US is in the economic mess were in. Corporate espionage is treated differently but it translate to money and economic power. In the old days the CIA would have a country fight each other and when that happens you forget your real enemies. Us -vs-them. Look at Occupy Wall Street and the Tea party. Through cyber manipulation and buying technologies when you couldn’t hack them is the reason the BRIC nations are the new leaders in the world power base. So to answer your question the bigger cyber threat would be economics warfare. You just can’t justify sending in a nuclear missile because some government contractor is DDoS’ing your competition. Proportionality of attacks.

• • • • gAtO other sAy’S: —

gAtO lOcO mAyBe sI - nO

• Military and economy are married since ever; the biggest cyber threat comes from inside and hits both. MIC is a weak concept.

• We cannot have a military without an economy, we cannot protect our economy without our military.

Individual defence destroys the individual, collective defense protects the collective of individuals.

Businesses do not often see the value of information security until its far too late. they as a whole do not learn from others mistakes unless those mistakes were made by companies in their own space, and unfortunately these days many companies occupy more than one sector so it is easy to make excuses why ‘it wont happen to us’.

The economy is an asset and thus needs to be protected.
The military is an asset and thus needs to be protected.
The health service is an asset and thus needs to be protected.
<Insert asset> is an asset and needs to be protected.

Working together they can protect one anothers backs using collective resources, individually they can fall like dominos. Secure the backbone, pool the resources with the right talent in the right areas with strategists, technical support and physical support and you go a long way to ensuring in the event of a major crisis that you can protect the whole….

Thats my view anyway…… maybe ill include that in my book (more eloquently as I have only had one coffee this morning and am not firing on all thrusters).

• MG Shaw adds a new dimension to the term “Public Private Partnership” in positing that national security interests and the profit interests of firms are intertwined and mutually dependent. This is good to hear. Now…if we can just get more business convinced of this inter-connectedness, we’ll be able to move forward. Those of us in the field have much public education work to do. Stay strong.

• With the preponderance of intellectual capital residing with the private-sector, within this man-made cyber domain, its too bad the private& public-sectors can’t put more emphasis on the ‘how’ versus the ‘what’. Most responsible individuals/firms know ‘what’ the problems are…the intent with public/private-sector collaboration is to figure out ‘how’ to solve the challenges in manageable bites and stop trying to “boil the ocean”. As the new saying goes “better safe than SONY”!

• Riley makes a good point. It’s almost as if we’d rather talk about the problem rather than solve it. Sure, it’s expensive to put another layer of security into our IT architecture, but the technology to stop hackers exists and isn’t that hard to find. And if whining employees don’t like not being able to use Facebook on company computers, nicely tell them to find a new job. Remember the days of private lines and no Internet. We still connected computers on networks before the Internet. It was called private networking. This would solve most of the Internet related cybersecurity challenges.

• Riley and Dan,
I completely agree with you both. However, even our military is now clamoring for Social media access on Government networks. I do believe there is a use for Social media however not every mission requires such access; not to mention the preponderance of users simply want to be social butterflies while at work. As you state for those who require it, purchase a separate internet access and open it wide up. However for the mission critical or business critical efforts lock it down and properly secure it. Unfortunately that good old bottom line matters too much and leaders would rather assume risk than remove it. I would rather pay on the front side than on the backside.

• Seeing as it would take more gas than the Chinese have to mobilize , they have already been out hacking everything they can, I dont think it would be a military like war, economic seems more feesable.

• Most countries treat economic hacking as a less serious attack (with less serious penalties) than a military attack. Most businesses are less IA aware than the military. I would definitely say economic attacks are a bigger long-term cyber threat to nations today. However, if military cyber-security ever drops their guard, the consequences on their readiness and ability to respond will result in more fatalities.

• When we are talking about Cyberwar, we can not say that the economy or the military will be the preferred targets. The more logical target is as always the weakest link in a system.

War is always a military operation, whether or not cyber. Like the Chinese hacked all they could, Americans, Russians and Israelis did and still do.
The effect of new weapon systems, offensive and defensive concepts can only be tested to a certain degree in a virtual environment. At a certain point they have to be used under real operational conditions.
Cyberwar is a holistic war. In a cyberwar we do not have the distinction between “your network” or “their network”, the whole targeted country becomes one sole network. The network will be mapped, vulnerabilities identified and exploited.
The most vulnerable part of a network is always the User, followed by the public sector and the communication media. From there it spreads.
A cyberwar attack first uses the tactics of sabotage, deception and misdirection.
We are still far away from AMF’s on nuclear power plants and such things.

• The Chinese are fighting a long term war for domination. They are sucking up all the rare earth elements, stealing intellectual property through computer warfare, and are starting to get into the copper and hydrocarbon production. However, other countries are engaged in exactly the same thing. We are in a highly competitive environment, and those that don’t step up their game are going to be left in the dust of history.

 • • • • gAtO oUt

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2011/10/security_11_dali-150x150_bw_04.pngDigg ThisSubmit to reddit
10/23/11

Cyber War -No Way Dude

The definition of warfare is more the question. If you still have your head in the cold war sand your mindset is wrong I know I use to think that way, I understand. We have evolved and the dogma of war has change. I’m no historian but we now have 5 domains defined as warfare space. Land, Sea, Air, Space, Cyberspace. Just as we learned warfare in every domain we improve and change our use of that space to accomplish the mission.

Cyber War: Still Not a Thing

“Despite what your congressman may tell you, cyber war might never happen, says a researcher in the Department of War Studies at King’s College London.”

Types of Cyber Attcks

Example when Air warfare first came it was the dirigible not the plane then before the 1st world war one french general stated that planes would never be anything but a fancy, maybe in reconnaissance. The next week pilots began dropping grenade like bombs next they added fins to make then hit there targets better. As we progressed in the Air domain we learned from Geese how to fly in formation to reduce drag and enhance visibility for attacks, we then went to the jet engine and that changed Air warfare to a more strategic offensive and defensive delivery system.

Today we have cyberspace and yes a DDoS, man-in-middle attacks may seem like and big attack wait 3-5 years from now and see the kinds of defensive and offensive weapons we will create for warfare. The Cyber war has only just begun and it will change war like we never thought of today (maybe the terminator like control warbots). Come on Facebook, Crowdmap, Twitter to name a few communication tools have topple Libya’s Moammar Kadafi. That’s a “scary thing for the powers that be“. But the “powers that be” in cyberspace – thats another post.

Cyber Warfare is here NOW! The cold war is over. If you don’t learn and adapt from your enemies you we will lose. It’s your choice.

Read More ..> http://reason.com/blog/2011/10/21/cyber-war-still-not-a-thing?utm_source=dlvr.it&utm_medium=twitter

 

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2011/10/02_Types_of_Network_Attacks_USCyberlabs_02-300x177.pngDigg ThisSubmit to reddit
10/21/11

Minimum Essential Security Controls – Is This a Joke?

For example, FISMA [has] over 200 minimum essential security controls. 27001, when linked to [ISO] 17799, [has] over 150 controls. HIPAA itself had 140-odd data and security and privacy requirements.

And the risk assessment is featured in the compliance mechanism for just that reason. An organization really has no choice but [to] attempt to tackle and implement all of the security and data requirements contained in HIPAA; whereas with a risk-based approach and focusing on the assets and what truly is important to the organization and doing that rack and stack, as you referred to it, [the organization] really only had to address the higher-priority risk items and could be in a position to accept the remaining risk or residual risk as it’suscyberlabs - el gatoMalo known, in a defensible way to say that, “We’ve covered our priority risks. Our budget limitations in terms of personnel and funding prevent us perhaps from implementing some of these controls that are contained within the compliance mechanism. But because we have gone through a complete risk assessment process, have captured the results in a defensible form, that’s okay.” That’s the basis of risk mitigation. It’s not risk elimination — get rid of all of them — but consider them in a prioritized fashion against what the constraints and limitations of the organization are.

http://www.cert.org/podcast/mp3/2/clips/20071113wilson1.mp3

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2011/08/digital_me_02_05-150x150.jpgDigg ThisSubmit to reddit
10/20/11

Anonymous Is Interested In PLC’s & SCADA?

From Infosce Island this great article came up this is gAtOmAlO’s 2 cents on it.

https://www.infosecisland.com/blogview/17479-Anonymous-SCADA-Lulz-DHS-and-Motivations.html

Anonymous has shown that it’s MO is just trash and dump to brag & “the lulz”, nothing more nothing less. That anyone can attack a SCADA and say it’s Anon I just don’t think it would work. As their arrest have shown these are mostly kiddies except for the leaders Sabu (later covered). Yes an attack on SCADA can be tried by any bad Nation actor but if caught it would set a precedence for what kind of attacks are OK for any Nation to try. The United States weighed launching a cyber-attack to disrupt Libyan air defenses before the start of an air campaign but they stopped because it would set a level of expectation in any forward coming battle.

Anon -or- Occupy Wall Street - gAtO -sMiLe

As to skills from the Anon’s YES they can. These kiddies are focused and they have no lives except online. Just like if you give a kid a guitar they will play it while in the toilet until they get that riff or note. Now some of the Anon are adults and these are the more astute in who, what & were to attack but the basic skill set is there. If you can learn Phython, ruby -Rails you can learn Step7 commands.

As to Sabu I really think he was a spook or a professional. How you can get that level of talent in a crewz and still command respect from a bunch of young people that took talent and he is still free.

That someone (bad actors) may try it, possible but I think just like you said it’s not there MO to do this. It would be bad for the movement and if someone does attack and then blames them. Well I think that the Anon’s will get really mad and do some damage. Some of these kiddies as I called them are growing up and they understand that maybe they did something right or good. Maybe they just think that they can make a difference. I know that Security people are being hired left and right because of this so for some it good. Remember FEAR will get you budget $$$ that may be why DHS is doing it.

 

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2011/10/dirty_cyberhippy-150x150.jpgDigg ThisSubmit to reddit
10/20/11

U.S Needs to Change at Cyber Speed

In the last week so far, hackers hit the NYSE (New York Stock Exchange), hackers hit unmanned drones flying covert and military operations around the world. The U.S is still on hold why because  we need to know the legality of retaliation against a cyber attack on another country. You can bet your booties that the U.S has some pretty strong cyber weapons but when can they be used. If we use our new cyber weapons the others will see it and they can learn how to avoid it or plan around them. Just like in conventional weapons we keep the good stuff locked away until the day we need it. But other countries are watching us so if we launch an attack like the one we planned in Syria then other can do the same. By others I mean China, Russia Iran and India. Why include India in this mix is because India is unlike China but the same. India has a wealth of top notch brain power. India is now emerging as a power house in the cyber world. In some instance they are just elementary like a power station with all it’s control hooked up and accessible via a simple Google search.

Virus coming to a Computer near you

India is a great Nation but it’s still has masses of people living in a third world setting while others enjoy the 21st century living. Side by side you have a middle class home next to a shanty town and that cannot stay that way forever. India is a powerful cyber center of the world. It started with call centers and it’s evolve with new companies doing more and more innovation in the cyber arena. China is hitting India left and right for a reason. China has some personal reason for attacking countries like Taiwan but India is just for the technology that they have. More and more cyber experts are coming out of India than ever before. All it takes is one good computer researcher to start the attacks going and then blame whom ever you want.

The U.S needs to stop this slow pace of change and adapt to the cyber realm that swift change is the only thing that can save America in cyberspace.

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2011/10/securitylaptop_010333-150x150.pngDigg ThisSubmit to reddit
09/22/11

Cyber China Spy Threat | Cyber Espionage and Influence

China’s growing spy threat is a great article. It points to everything I have said before.

The top priority of Chinese

•            Industrial espionage aimed at defense industry and high tech sectors

•            Infiltration of critical infrastructure and military targets

•            Nexus of organized cybercrime and terrorist fundraising

•            Monitoring and Disrupting Dissidents

We need to understand the Chinese government mindset to understand them, paranoia, saving face and economic these are the 3 pillars of the new communism in China. Let’s start with paranoia. One of China’s prime paranoia, lack of trust of anything not created in China it must have back doors. Look at all the discussion on the Chinese company Huawei, installing back doors in our telecom infrastructure. We did it to them and nowel gatoMalo they’re paying us back. The Chinese know they are putting backdoors in our electronics because they can, they own our manufacturing. China worked very hard in creating kylin (Unix). They have to use Microsoft because some applications only run on it but it’s too easy to hack and “made in America” didn’t make them happy. This is why Google left; they refuse to give the Chinese the keys to the code.

On the same paranoia crazy train.  One of the top priorities of Chinese espionage efforts—foreign and domestic—is monitoring and disrupting dissidents, according to defectors, experts, and official documents.

Anyone who talks bad about China will pay the price, monitoring, I’m currently on there radar (popular posts, referrers and keywords stats on my blogs & sudden twitter followers, say so much) and so is everyone who write about China especially cyber security.

Let’s talk economics. China has been looked at as a source of cheap labor only, they don’t want our breadcrumbs, they want to become leaders not followers and I can’t blame them. As a nation I want to be seen as a leader in Technology, in Finance not the errand boy of the west. (Saving face). The facts are that the last 10 years China has been using it’s money wisely investing in companies around the world (influence), while America has been bombing people all over the world. They create new alliances we destroy our alliance with drone planes. And to top it off they are going after our political elite. According to experts, China uses bribes, blackmail, women, lavish vacations in China, and other means to compromise officials worldwide. I just wrote about this about our current presidential front runner Rick Perry in bed with the Chinese companies – Huawei just opened it’s door in Texas and so did 12 other Chinese corporations, what do you think there doing in the U.S.( http://uscyberlabs.com/blog/2011/09/11/cyber-warfare-rick-perry-mitt-romney-opening-u-s-cyber-infrastructure-china-huawei/).

Sorry I just had to put down these words after reading the article.

 

Time to get down of the soapbox.

 

Read More -

http://the-diplomat.com/2011/09/19/chinas-growing-spy-threat/5/

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2011/08/chinese-hackers-300x211.jpgDigg ThisSubmit to reddit
09/18/11

The law of Cyber-Warfare | Stuxnet change the face of warfare

When someone is in your network your at war – when someone steal your identity your at war, when someone steals you intellectual property your at war.

Stuxnet change the face of warfare. Cyber warfare is very different from conventional warfare. Missile or aircraft takes time to respond cyber warfare happens in seconds. We live with the UN charter that regulate the actions between states. So if someone launches a distributed denial of service attack, you are not supposed to retaliate with a nuclear missile into an industry complex. It’s issue is one of proportionality.

But what can be done about organized crime and their international cyber operation, – stealing credit card numbers from another country who’s responsibility is it? What do you do about a black hat Chinese or Iranina hackers who have been accused of pirating trade and defense secrets from different countries? And the political aspect of China who is a trading partner, while Iran may be an enemy per say. We are civilized, military targets are permissible under international law, attacks of innocent civilians or non-military targets are prohibited. When a governments goes through a civilian contractors do they lose status as a civilian and become a military target. When a private citizen launches an attack (hack),  what  is the country of origin responsible? Do they arrest them. Look at the current Lulzsec (cyber crewz ) arrest all over the world.

My friend Joel Harding wrote on his blog – http://toinformistoinfluence.com/

gAtOmAlO sAy's -- i LoVe MiSsEs tO PiEcEs -

 

What is cyberwar?

What is an attack in cyberspace?

How do the laws of armed conflict apply in cyberspace?

How do conventional laws apply in a virtual world?

Someone posited that anytime someone penetrated their network, that was considered cyberwar.  I disagree, that would be an intrusion.

Someone said by stealing the information in my network, that would be considered cyberwarfare. I disagree, that would be theft of intellectual property or a cyber crime.

Someone claimed  that denying, degrading or destroying data on a network would be cyberwar.  I admitted, that would be bad, but by no stretch of the imagination would one single incident be considered a cyberwar.  Yes, it honestly would depend on the targeted network.  Doing this on the WhiteHouse.gov domain would definitely be considered an act of war, whereas at tinyminds.com (I made that up) it would probably be a pain in the butt.

But What Mr. Harding fails to understand is that Seante.gov has already been hacked, the CIA was already hacked. So I stand by my remarks – When someone is in your network your at war – when someone steal your identity your at war, when someone steals you intellectual property your at war.

It’s only the response to the act (hack) and the politics and the economics of the actors that make it an actionable matter for the military or a compony or a civilian. Warfare has changed in the last 10 years and cyber warfare is only beginning to show it’s ugly head. The international laws (agree by all) that we have today will need to be a world solution so everyone knows the consequences of starting a war in cyberspace.

My 2© cents – gatoMalo_at_uscyberlabs_dot_com

http://USCyberLabs.com/blog/

http://cyber.uscyberlabs.com

http://ChinaCyberWarfare.wordpress.com

http://HacktivistBlog.wordpress.com/

 

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2011/07/security_gato_05.pngDigg ThisSubmit to reddit