06/12/13

Government use of Cyber Weaponized Exploits

gAtO rEaD- The government is buying hackers exploits – not to stop these sophisticated cyber exploits but to use these tools against it’s own people- they are using the tools to infiltrate computer networks worldwide, leaving behind spy programs and cyber-weapons that can disrupt data or damage systems.network

The core problem: Spy tools and cyber-weapons rely on vulnerabilities in existing software programs, and these hacks would be much less useful to the government if the flaws were exposed through public warnings. So the more the government spends on offensive techniques, the greater its interest in making sure that security holes in widely used software remain unrepaired. So your computer is vulnerable and the governments knows it and will not disclose this information, but use it against you to place cookies,RAT’s or other spyware into your computer -maybe- I trust our government don’t you?

If you got nothing to hide, you should not be worried… right????

So our Tax dollars are going to Hackers and cyber criminals that sell these exploits all over the world. As a tax payer I don’t like this part at all. But the worst part is by us taking the lead of cyber offensive cyber tools -example.. Stuxnet – it is a plan book for other countries to do the same. So what we do in cyberspace has become socially acceptable to do in cyberspace and then we bitch about China. I don’t get it – mEoW

Officials have never publicly acknowledged engaging in offensive cyber-warfare, though the one case that has beenmost widely reported – the use of a virus known as Stuxnet to disrupt Iran’s nuclear-research program – was lauded in Washington. Officials confirmed to Reuters previously that the U.S. government drove Stuxnet’s development, and the Pentagon is expanding its offensive capability through the nascent Cyber Command.

Then you have the Prism disclosure and PoW- US Cyber Agents Disrupt Publication of Popular Al Qaeda Magazine – This means that Obama’s cyber military is potentially capable of more targeted attacks, specified at damaging particular pieces of information or infrastructure. I wonder where they got those vulnerabilities? maybe some bad guys—/Nato_cyber_plat

What worries me is as the U.S engages in these attacks our enemies are learning what is acceptable in cyberwar. So we must be careful not to lose the fact that everyone is watching what we do and how we treat cyberspace and others governments will follow, defensive and offensive, they are learning from the best the U.S. Government -gAtO oUt

ref: http://www.reuters.com/article/2013/05/10/us-usa-cyberweapons-specialreport-idUSBRE9490EL20130510

 

http://www.businessinsider.com/us-cyber-agents-disrupt-inspire-magazine-2013-6

 

 

11/13/12

CYber Investigation over General Patraeus

CYber Investigation over General Patraeus

gAtO rEaD – NO CRIME committed- that the investigation for the top CIA general was because someone sent an eMail that said” I saw you touching the Generals leg at Dinner -Stop It” Yeah so one lady said to another lady – STOP MESSING WITH MY MAN – Pow – ZAP they get a court order to go thru someones eMail.

So if we take this premise that Judges will sign -COURT ORDERS to search your emails and any other emails that link it because of a jealous lover. It looks to gAtO that they have to much POWER – or the FBI is gonna search everyones emails now – legally. Court Ordered

This should send shock waves thru our industry – everyone is now warned that anyone’s email can be open to LE anytime and just about for any reason. I trusted the system, I trusted the Judges but lack of a crime should of not happened. There was NO CRIME committed the investigation turned out. But it has now taken down the reputation of 2 generals. NO CRIME

Now these are 2 famous generals what chance do mere mortals have that our eMails are going to be court order to investigate why simply because they can now. This shows to me the lack of justice or the erosion of justice that is coming down the cyber pipelines. If this is now a wake up call for security professionals to wake up and smell the coffee. Your email will be next unless we support less government control of our digital rights.

Freedom of Speech in cyberspace is a right not a privilege -gAtO oUt

http://www.cbsnews.com/8301-18563_162-57548694/fbi-role-in-petraeus-investigation-questioned/

mEoW

10/25/12

The deep Dark Web -Book Release

gATO hApPy

AVAILABLE @ AMAZON - http://www.amazon.com/dp/B009VN40DU

AVAILABLE @SmashWords website  @http://www.smashwords.com/books/view/247146

I learned that I hate WORD: – but it’s the general format for publishing  - text boxes- get imbedded and you can’t format to EPUB or .mobi or anything – solution after going lOcO gAtO - was copy and paste into txt editor – save as RTF then copy paste back into a new WORD document and then reformat everything from scratch – and copy over the pictures – as you can tell I had fun-..-ugh mEoW F-F-F-F as much fun as a hairball but if it get’s the message out “FREEDOM OF SPEECH IN CYBERSPACE” then we done our job, anyway I hope you read it - Thank you Pierluigi a best friend a security gAtO ever had - gATO oUt

This Book covers the main aspects of the fabulous and dangerous world of -“The Deep Dark Web” . We are just two cyber specialists Pierluigi Paganini & Richard -gAtO- Amores, with one passion and two souls we wanted to explain the inner working of the deep dark web. We have had a long collaboration in this efforts to document our findings we made infiltrations into the dark places inaccessible to many to give a you the reader a clear vision on the major mystery of the dark hidden web that exist today in the Tor Onion network..

The Web, the Internet, mobile cell devices and social networking has become commonly used words that identify technological components of daily Internet user’s experience in the cyberspace. But how much do we really know about cyberspace? Very, very little, Google / Yahoo / Bing only show us 20% of the Internet the other 80% is hidden to the average user unless you know were to look.

The other 80% of the Internet is what this book is about the “Deep Dark Web”, three words with millions of interpretations, mysterious place on the web, the representation of the hell in the cyberspace but also the last opportunity to preserve freedom of expression from censorship. Authorities and corporation try to discourage the use of this untapped space because they don’t control it. We the people of the free world control this network of Tor -Onion Routers by volunteer around the world.

The Deep Dark Web seems to be full of crooks and cyber criminals, it is the hacker’s paradise, where there are no rule, no law, no identity in what is considered the reign of anonymity, but this is also the reason why many persecuted find refuge and have the opportunity to shout to the world their inconvenient truths.

The Deep Dark Web is a crowded space with no references but in reality it is a mine of information unimaginable, a labyrinth of knowledge in the book we will try to take you by the hand to avoid the traps and pitfalls hopefully illuminating your path in the dark.

Cybercrime, hacktivism, intelligence, cyber warfare are all pieces of this complex puzzle in which we will try to make order, don’t forget that the Deep Dark Web has unbelievable opportunity for business and governments, it represents the largest on-line market where it is possible to sell and acquire everything, and dear reader where there is $money$  you will find also banking, financial speculators and many other sharks.

Do you believe that making  money in Deep Web is just a criminal prerogative? Wrong, the authors show you how things works in the hidden economy and which are the future perspectives of is digital currency, the Bitcoin.

This manuscript proposes both faces of the subject, it illustrates the risks but also legitimate use of anonymizing networks such as TOR adopted by journalist to send file reports before governments agents censored his work .

Here are some question we may answers to:

How many person know about the cyber criminals and their ecosystem in the deep web? 

How many have provided information on the financial systems behind the “dirty affairs”? 

How the law enforcement and governments use Dark Web?

Let’s hold your breath and start the trip in the abyss of knowledge to find answers to the above questions. We hope that with this book you can learn something new about – The Deep Dark Web.

06/25/12

System D- Bitcoin’s Underground Economy

bitcoins - system D gatomalo2

In Crypto-curency we trust. – I hate math but I like money – mAyBe sI-nO

gATO wAs- reading Forbes -Jon Matonis article about the shadow economy and bitcoins. The Bitcoin market is $10 Trillion and growing the crypto-currency is surpassing everyones imagination and why is that. System D is the answer, what is System D? It is a shorthand term that refers to a manner of responding to challenges that requires one to have the ability to think fast, to adapt, and to improvise when getting a job done. This can be applied to hackers, Anonymous, hacktivist and of course the Tor-Onion network.  They are all System D and growing because of it.

System D is a slang phrase pirated from French-speaking Africa and the Caribbean. The French have a word that they often use to describe particularly effective and motivated people. They call them débrouillards. To say a man is a débrouillard is to tell people how resourceful and ingenious he is. The former French colonies have sculpted this word to their own social and economic reality. They say that inventive, self-starting, entrepreneurial merchants who are doing business on their own, without registering or being regulated by the bureaucracy and, for the most part, without paying taxes, are part of “l’economie de la débrouillardise.” Or, sweetened for street use, “Systeme D.” This essentially translates as the ingenuity economy, the economy of improvisation and self-reliance, the do-it-yourself, or DIY, economy.

Essentially, bitcoin is the ‘System D’ of currencies — global, decentralized, and non-state sanctioned. In todays world were Greece, Spain and the U.S economy are falling apart we now have a currency that is not controlled by one governments it’s control by the people, and the powers that be the bankers are really pissed off.  This is why the “deep dark web” is being vilified. You hear about Silk Roads selling drugs and all kind of scary thing but in reality the black market is only a small portion of the dark web, but Bitcoins are a big part in it’s e-commerce and it’s not traceable that the bad part and the good part. You at home can set up a Bitcoin miner on your computer and start mining Bitcoins at home with a spare computer. It’s like a solar power cell on your roof top, or a windmill you can be in control of things again.

But the real issue is control! The bankers have no control of this new emerging economy. The 1% fear that if we the people start using this new currency we will diminish their power, their wealth and they can’t have that. Bitcoins are barley 3 years old and you hear everywhere that only criminals use it, it’s part of the bad guy’s and another fact that escapes people since it’s a crypto thing and we are talking about MATH they can only generate bit coins till 2030 so this is not the solution for a currency but at least we know where the end lies and we can make it better when nobody is in control.

History tell’s us that the robber (banker) barons use the same trick to spread rumors and crash the stock market in the early 1920, then they put in laws to get every one to sell their gold so they control it. We did have a currency based on Gold but they wanted this power and they payed the politicians off and got all our gold. Now they see this new currency and since it’s not under their control they want you to think it’s a bad thing.

Now a $10 Trillion dollar market will get these bankers up and ready for bear if they want to keep their power based and scaring the masses will not work when you can buy Bitcoins at any 7/11 or WallMart you can see that smart merchants are now accepting Bitcoins for the goods and services these early adopters will see themselves grow financially and hedge their bets on what is a winning worldwide currency. Governments will also go after this new markets because bankers have politicians in their pockets but this tidal wave of the new fiat currency will become de-facto very soon. Just in the last few months it has gone from $4.25 USD to today 6/25/2012 $6.28 according to mtgox.com one of the new traders in this new economy. That’s about about a %30 percent increase—/ now that’s a better rate than anyone can give you on your investmentCa$hing -mEoW- mEoW gAtO lIke that….//

So what does it mean to the average person well if you have Bitcoins in your portfolio you will make a killing as Bitcoins are expected to go to almost $30 USD by Christmas time 2012. gAtO predicts maybe $20-25 by the end of year but I lost my tail in the stock market in 2008 what do I know. Well I know that In that time frame I had no control of the market and today because I am active in this field of Cyberspace and cryptology I can see the patterns and I trust Bitcoins better than USD or EUROs. ViVa System D: – gAtO oUt

Read more Forbes -Could Bitcoin Become the Currency of System D?http://www.forbes.com/sites/jonmatonis/2012/03/19/could-bitcoin-become-the-currency-of-system-d/
06/20/12

NATO and Cyber WarFare

“The world has changed. Now we’re living in the era of cyber weapons”, said Eugene Kaspersky whose laboratory uncovered the virus, or cyber weapon, believed to have been used by the United States and Israel to attack Iran’s nuclear programme. From criminal activity, to international terrorism and inter-governmental warfare, he fears the worst and called for an international treaty to combat it at the Reuters Global Technology, Media and Telecoms summit held in London recently.

NATO Secretary General Anders Fogh Rasmussen while on a visit to Australia this week said that NATO and its partners face increasingly complex and unpredictable security challenges. He pointed to terrorism, cyber attacks and piracy as examples of the global security challenges that both NATO and Australia face. He said that a cyber attack disrupted the Parliament House website two years ago and that Australian government departments and ministerial offices are regularly subjected to similar attacks. In recent months financial institutions have been targeted as well. “I am convinced that our cooperation should also encompass maritime security and cyber security”, the Secretary General said.
NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) was formally established in May 2008 in order to enhance NATO’s cyber defence capability. Based in Tallinn, Estonia, the Centre is an international effort that currently includes Estonia, Latvia, Lithuania, Germany, Hungary, Italy, Poland, Slovakia, Spain, the Netherlands and USA as Sponsoring Nations.
23 NATO and six partner nations were involved in Cyber Coalition 2011, NATO’s main yearly cyber exercise. Assistant Secretary General for Emerging Security Challenges, Ambassador Gabor Iklodysaid:
I am delighted to see so many participants joining us for NATO’s major annual cyber coalition exercise. The number of players and observers is growing every year. This demonstrates the high importance that Allies and partners attach to achieving better protection against rapidly increasing cyber threats and also confirms NATO’s recognition as a key player in cyber defence. 
In February 2012, a 58 million Euro contract was awarded to establish a NATO Cyber Incident Response Capability (NCIRC), to be fully operational by the end of 2012. A  Cyber Threat Awareness Cell is also being set up to enhance intelligence sharing and situational awareness. In March the NATO Consultation, Command and Control Agency (NC3A) was awarded the contract for upgrading NATO’s cyber defence capabilities. Private industrial companies will enable the NCIRC to achieve full operational capability.
On 26 April, Spiegel Online reported that ‘NATO Faced with Rising Flood of Cyberattacks’. “Each day, we are seeing up to 30 significant attacks on our digital networks or on individual computers, mostly by way of emails infected by spyware and sent to individual NATO employees,” said Lieutenant General Kurt Herrmann from NCSA, which was founded in 2004 and has been operational since 2005. A further expansion of NC3A is anticipated next year. It was two years ago, that NATO officially identified the danger of cyber attack against member states as a strategic threat.
Earlier this month, 400 experts from all over the world gathered in Tallinn for the fourth International Conference on Cyber Conflict (CyCon 2012) organised by the NATO Cooperative Cyber Defence Centre of Excellence. The conference topic was Military and Paramilitary Activities in Cyberspace, and focused on aspects of law and policy, strategy and technology.
Author of ‘Virtual War’ and University of Toronto professor Michael Ignatieff writes in the Financial Times that:
Virtual technologies make it easier for democracies to wage war because they eliminate the risk of blood sacrifice that once forced democratic peoples to be prudent…Drones and cyberwar technologies are so cheap that it will be impossible to keep them under the lock and key of the sovereign. The age of the super-empowered, and therefore super-dangerous, individual has arrived.
Our cybersystems are now under constant attack and it is in responding to these attacks that they become more secure. States will have to allow the global community of coders and engineers who built and maintain the internet the freedom to keep the malware at bay and keep the system open for the rest of us….The new technologies are so easy and cheap to produce that the best international law and state action can hope for is to generate a limited set of shared norms to prohibit their most harmful uses.
NATO Policy on Cyber Defence, ‘Defending the Networks’ is available on the alliance’s website. It states that:
The 2010 NATO Strategic Concept highlighted the need to “develop further our ability to prevent, detect, defend against and recover from cyber-attacks…”. Threats are rapidly evolving both in frequency and sophistication. Threats emanating from cyberspace – whether from states, hacktivists or criminal organisations, among many others – pose a considerable challenge to the Alliance and must be dealt with as a matter of urgency.

A NATO Concept on Cyber Defence was first drafted for Defence Ministers in March 2011, which formed the conceptual basis of the revised NATO Policy on Cyber Defence. The Policy itself was then developed and approved by the NATO Defence Ministers on 8 June.

Cyber threats transcend state borders and organisational boundaries. Their vulnerabilities and risks are shared by all. Recognising the truly global nature of cyberspace and its associated threats, NATO and Allies will work with partners, international organisations, academia and the private sector in a way that promotes complementarity and avoids duplication. NATO will tailor its international engagement based on shared values and common approaches. Cooperation in the field of cyber defence could encompass activities including awareness-raising and sharing of best practices.
NATO is in the process of drafting an international law manual which will address concerns surrounding the prospect of cyber warfare, and how member states can best cooperate to mitigate mounting threats to network security. Publication is expected by the end of 2012. Colonel Ilmar Tamm, Director of the NATO Cooperative Cyber Defence Centre of Excellence said:
“Various states have managed to agree on laws that govern borders, international sea and air space, even outer space – but now we are faced with the task of adapting or creating laws and precedents for cyberspace…” 
Speaking at CyCon 2012, Major General Jaap Willemse, Assistant Chief of Staff Command, Control, Communication, Intelligence, Allied Command Transformation said that NATO is not considering launching a barrage of computer-based attacks. There are huge political, legal and diplomatic objections.”…”NATO does not have the doctrine, command and control, educational support or other factors needed to run an offensive capability.”
Reference — http://www.natowatch.org/
06/5/12

Iran Cyber Problems -bad antivirus software

Iran Cyber Problems

gAtO mOnItOrEd – Iran Tor-Relays last night they had blocked all public relays so nobody could use the ToR network. Of course as long as you have private unlisted ToR relay people from Iran could still use the ToR network on the Internet. On the other side of Iran’s Cyber Warfare the Flame cyber worm – is still kicking ass and taking names in Iran. U.S and Israel have accepted the role of chief cyber warrior of the Stuxnet, DuQu and Flame. Some of the first cyber weapons ever made and deployed on a covert mission’s. Do you think that this cyber weapons did not use ToR networks to hide their C&C server never to be found??? So here we have a country suppressing ToR communication  (and suppressing Flame, DuQu and StuxNet C&C ToR Communication) and being attacked by 2 of the largest countries in the world. gAtO would call this cyber warfare. 

cyber war profiteers –> Who stands to make the most business ($$$) in this cyber warfare. We in the west have Norton, McAfee and other’s to protect our computers and business and government computer enterprise systems – but they cannot do business with Iran- We just had Symantec pull out of a deal with China’s Huawei because of a U.S-DOD contracts-/ a friend pointed to eset.com as the number one anti-virus software distributor to Iran./ When the Iranian government want’s to protect their computers they turn to Eset corporation for their enterprise cyber security support and service. So who are they?

Alexa the number one SEO company – http://www.alexa.com/siteinfo/eset.com – shows Iran is their number one customer—. Why? Eset is based out of the Slovak Republic , Bratislava the capital of Slovakia. It’s not silicone valley – I never heard of a high tech center and educated cyber security experts from that side of the world—  We know this area more for cyber criminals but now this little company out in the middle of know-where has some interesting customer. Those countries that nobody wants are becoming their cyber customers, and it looks like Eset is a growing business.

Eset – Contact info: – http://www.eset.com/us/about/contact/ – They have offices in Czech Republic, Singapore, Argentina and the U.S.A – —/$#@! – So the company that is providing the anti-virus software for Iran has offices in America, with American business as customers- gAtO don’t like that much that is why I mentioned it.

Anti-virus software controls every aspect of the safety and security of your computer, your anti-virus software has deep ties to your computers. So this little anti-virus company is now a world player. It could also be our allied and work with us.

From a business point of view – First of all I would fire them. If I was the Iranian government, Stuxnet, DuQu and Flame the same MO and my anti-virus software does not catch it -new business but, oh well if Iran fires them who else would step into this position. This show to gAtO that the old weapon dealers have turn to legit, cyber counter weapons dealers/

customers metric’s: Imagine the statistics from Eset on Iranian government sites? 

As a security researcher I just don’t like that Eset is in the U.S.A if they get American customers they can maybe sell their stats to Iran. Security companies like anti-virus have a lot of power. Just a simple update and the new spy-ware can get in and turn on your camera or just record your speech in your house or office. I would stay away from Eset anti-virus software solution – just for me gAtO oUt…

Reference:

Iran Top Sites : http://www.alexa.com/topsites/countries;0/IR

Bratislava: http://en.wikipedia.org/wiki/Bratislava

Alexa-Eset – http://www.alexa.com/siteinfo/eset.com

Eset about page -  http://www.eset.com/us/about/contact/ .

WhoIs - http://whois.domaintools.com/eset.com

Registrant:

ESET, spol. s r.o.

Peter Pasko

Einsteinova 24 Aupark Tower, 16th Floor

Bratislava,   85101

SK

Phone: +421.232244111

Email: sysadmin@eset.com

 

Registrar Name….: Register.com

Registrar Whois…: whois.register.com

Registrar Homepage: www.register.com

 

Domain Name: eset.com

Created on…………..: 2001-04-18

Expires on…………..: 2013-04-18

 

Administrative Contact:

ESET, spol. s r.o.

Anton Zajac

610 W Ash St, Ste 1900 Suite 1900

San Diego, CA 92101

US

Phone: +1.6198765404

Email: sysadmin@eset.com

 

Technical  Contact:

ESET, spol. s r.o.

Anton Zajac

610 W Ash St Suite 1900

San Diego, CA 92101

US

Phone: +1.6198765404

Email: sysadmin@eset.com

 

DNS Servers:

e.ns.lanechange.info

ns4.lanechange.net

ns2.lanechange.net

ns3.lanechange.net

ns1.lanechange.net

05/27/12

How to Exit the Matrix -and prevent Identity theft

How to Exit the Matrix -and prevent Identity theft

gATO tHiNkInG – about the how easy Identity theft in the web has become, so I search for some stat’s:

Non-delivery of payment or merchandise. Scams impersonating the FBI. Identity theft.

These were the top three most common complaints made to the joint FBI/National White Collar Crime Center’s Internet Crime Complaint Center (IC3) last year, according to its just-released 2010 Internet Crime Report.Why is this, because as you surf in the web you leave all kinds of information about what sites you visited, what you looked at and your information is being sold, diced and sliced and you have no power to stop it, or do you.

What if I was to offer you a way to do your business online and not leave all this information for merchant’s and criminals.. The ToR -Network is your solution: once inside the matrix/deepWeb you can still cruise the same clearWeb sites like Amazon and iTunes stores but now with complete anonymity. You are in control of you data more that ever before. It takes a few extra steps, if it was easy everyone would do it but then they would also have total control of their personal data.

Privacy and anonymity have been poop to the point of non-existence in recent years. Our personal, private information is stockpiled and sold to the highest bidder like so much inventory at a warehouse. National Security Letters are written to make countless requests for records from our search engines, libraries, and book stores with no court oversight. Email and especially searchable data is practically unprotected from anyone who might ask to have it. All our electronic communications are tapped. Massive governmental data mining schemes are being built to record everything we publish on the web. In many workplaces, employers spy on and control their employees’ Internet access, and this practice is widely considered to be acceptable.

The ToR network is a network that provides anonymity (your Identity is safe-secure) were you use it in the surface web or the deep web or the dark web it’s up to you–The Dark Web is not the Deep Web

These are dark times. The Fourth Amendment has all but disappeared, thanks to the Wars on Drugs, Porn, and Terror, in New York they are trying to pass a law to prevent people from commenting online as “anonymous” using the cyber-bully as a way to make everyone give out their personal information before they can post acommnet on a website-how the chip at our rights. Any practicing trial lawyer will tell you that you can no longer rely on unreasonable search to be the basis for excluding evidence, especially for digital evidence in the hands of a third party. Likewise the First Amendment has been shredded with exceptions and provisos, and is only truly available to those with the money to fight costly (and usually frivolous) court battles against large corporations. In short, you can say what you want so long as it doesn’t affect corporate profits.

How we got to a legal state where this all this activity is the accepted norm, I’m not quite sure. It seems to stem from an underlying assumption that our function at work and at home is that of a diligent slave – a single unit of economic output under the direct watch and total control of our superiors at all times; that we should accept this surveillance because we should have nothing to hide from our benevolent overlords who are watching us merely to protect us from evil.

The Deep Web is not the Tor Network. But you need the ToR network to get to the Dark Web.  The Dark Web is not the Black Market but a small part of the Dark Web. 


Ok gAtO has gone overboard but there is truth in what I say as others have said before me. Now if we could do something about non-delivery of payment or goods– you can use the ToR-network and not go into the deep web just use the technology to make yourself more secure and and have anonymity but surf the clearWeb.  If you use the ToR network you can eliminate most of these information leak’s and you can have more control of your data– try it, you may like it - gATO oUt

reference: ToRproject.org
parts form the hidden wiki  – http://kpvz7ki2v5agwt35.onion/wiki/index.php/How_to_Exit_the_Matrix
05/24/12

China Cyber-Warfare Capabilities

Cyber Espionage and Cyberwarfare Capabilities.

In 2011, computer networks and systems around the world continued to be targets of intrusions and data theft, many of which originated within China. Although some of the targeted systems were U.S. government-owned, others were commercial networks owned by private companies whose stolen data represents valuable intellectual property. In the hands of overseas competitors, this information could diminish commercial and technological advantages earned through years of hard work and investment. Intrusions in 2011 occurred in key sectors, including companies that directly support U.S. defense programs.

Authoritative writings and China’s persistent cyber intrusions indicates the likelihood that Beijing is using cyber network operations (CNOs) as a tool to collect strategic intelligence. In parallel with its military preparations, China has increased diplomatic engagement and advocacy in multilateral and international forums where cyber issues are discussed and debated. Beijing’s agenda is frequently in line with Russia’s e&orts to promote cyber norms under a UN framework. In September 2011, China and Russia were the primary sponsors of an Information Security Code of Conduct that would have governments exercise sovereign authority over the %ow of information in cyberspace. China has not yet accepted that existing mechanisms (such as the Law of Armed Con%ict), apply in cyberspace. However, China’s thinking in this area may evolve as its own exposure increases through greater investment in global networks.

Technology Transfer, Strategic Trade Policy, and Military Modernization. 

The PRC continues to modernize its military by incorporating Western (mostly U.S.) dual-use technologies, which have also assisted its overall indigenous industrial, military industrial, and high-technology sector development. One of the PRC’s stated national security objectives is to leverage legally and illegally acquired dual-use and military-related technologies to its advantage. China has a long history of cooperation between its civilian and military sectors and openly espouses the need to exploit civilian technologies for use in its military modernization. In this context, the cumulative e&ect of U.S. dual-use technology transfers to China could also make a substantial material contribution to its military capabilities. For example, interactions with Western aviation manufacturing !rms may also inadvertently provide bene!t to China’s defense aviation industry. “rough its advisory role within the U.S. export control process, DoD will continue to identify and mitigate risk, and seek to prevent critical advanced technologies exports to China that could be diverted to unauthorized end-use or to third-country end-users of concern, or contribute to overall modernization of China’s military and defense industrial base.

Espionage.:

Chinese actors are the world’s most active and persistent perpetrators of economic espionage. Chinese attempts to collect U.S. technological and economic information will continue at a high level and will represent a growing and persistent threat to U.S. economic security. “e nature of the cyber threat will evolve with continuing technological advances in the global information environment.

Sensitive U.S. economic information and technology are targeted by intelligence services, private sector companies, academic/research institutions, and citizens of dozens of countries. China is likely to remain an aggressive and capable collector of sensitive U.S. economic information and technologies, particularly in cyberspace.

Civil-Military Integration. :

China’s defense industry has bene!ted from China’s rapidly expanding civilian economy, particularly its science and technology sector. Access to foreign advanced dual-use technology assists China’s civilian economic integration into the global production and research and development (R&D) chain. For example, with increasing globalization and integration of information technologies, companies such as Huawei, Datang, and Zhongxing, with their ties to the PRC government and PLA entities, pose potential challenges in the blurring lines between commercial and government/military-associated entities.

05/10/12

MarkMonitor Internet Kill Switch or Wiretapping?

The Internet Kill Switch; With Global Wiretapping Capability?

One company to rule them all
One company to find them;
One company to bring them all
And in the darkness bind them

Recently run any whois queries on Google? No? How about Facebook? MSN, or
Hotmail? Yahoo? You might be surprised, comparing the results.

Nice, innit? See the “Last Updated” part also.

Domain Name: google.com
Updated: 4 hours ago - Refresh

Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Status: clientDeleteProhibited, clientTransferProhibited, clientUpdateProhibited, serverDeleteProhibited, serverTransferProhibited, serverUpdateProhibited

Expiration Date: 2020-09-14
Creation Date: 1997-09-15
Last Update Date: 2011-07-20

The brand-protecting, anti-piracy company MarkMonitor Inc. has had all these
DNS names under its control for several months now.

They also control the Wikimedia name services, even though that doesn’t show
up on the Wikimedia.org whois record. There are many others. Apple.com falls
under their jurisdiction, as does ubuntu.com. Nokia.com? Yep, under
MarkMonitor. See a pattern here?

MarkMonitor also is a trusted Certificate Authority; they have, in essence,
the means to fabricate safe-looking SSL connections for you, to whichever host
they want. Your browser will not sound any warnings of possible
man-in-the-middle attacks.

MarkMonitor is a company that can own most people’s “Internet” in minutes. It
now controls all three top free e-mail providers directly, and I suppose it’s
safe to say, most currently active social media sites too.

See for yourself. Whois yahoo.com, whois google.com, whois gmail.com, whois
facebook.com, whois fbcdn.com, whois hotmail.com, whois msn.com… the list
seems endless.

How’d all this happen?

This company has acquired complete access to monitor, eavesdrop, censor and
fake any user of these popular Internet services in about one year (2011). In
almost complete silence. For several of the sites, it also provides “firewall
proxy” services, which means it is actually paid to intercept all
communications. In and out.

The situation reminds me of Joseph Lieberman’s 2010 initiative to create an
“Internet kill switch” for the U.S.

The government only needs to control this one company, and most social media,
most free e-mail, most search engines will be under its control. Not to mention
most operating systems, for both computers and mobile devices.

Not only inside U.S., but globally. One company to rule them all.

I, for one, would like to ask; WTF is going on? How did these guys, this
relatively small domain-hogging and pirate-chasing company, get the resources
to simply acquire the DNS records of all the most popular Internet services?
How can this be so totally ignored by the media, and even privacy advocates?
Even conspiracy theorists seem to be completely ignoring the situation.

Secure communication is an illusion

Only one company to rule them all? As if all this doesn’t sound bad enough,
the problem is far more widespread. MarkMonitor could easily act as a global
“kill switch” for the sites under its rule. But as it turns out, most anyone
with some resources could just as easily impersonate MarkMonitor itself.

Because, as one might have noticed in the past few months, the whole SSL
certificate scheme is broken. Not in a technical sense – there’s no known
inherent weakness in the algorithms. But the whole SSL protection is based on
trust, and that trust has failed us.

According to several sources, SSL CA certs are routinely given out to anyone
willing to pay for them. As The Register points out in its analysis on
TrustWave spying scandal:

“Those defending Trustwave suggested that other vendors probably used the same
approach for so-called “data loss prevention” environments – systems that
inspect information flowing through a network to prevent leaks of commercially
sensitive data.”

“In fact Geotrust was openly advertising a ‘Georoot’ product on their website
until fairly recently.”

http://www.theregister.co.uk/2012/02/14/trustwave_analysis/

Oh, so the ability to impersonate anyone is normal day-to-day practise for big
business? Just imagine what government agencies must be doing – for example in
Sweden, where the military intelligence organisation FRA has the mandate to
monitor all traffic across borders.

Who can seriously claim they trust all the hundreds of different CA companies,
several of which have been caught red-handed with selling out their customers’
security, or covering up very serious breeches (up to and including their root
certificates being stolen).

http://nakedsecurity.sophos.com/2011/04/06/eff-uncovers-further-evidence-of-ssl-ca-bad-behavior/

MarkMonitor is a “brand-protecting” company. Traditionally its business has
been reserving domains to protect brands. You buy its service, it makes sure
that nobody else can have “mybrandsucks.com”.

Also, they’re an anti-piracy outfit. Their entire business is based on
protecting IP.

http://www.marketwatch.com/story/markmonitor-to-exhibit-at-internet-tech-policy-exhibition-and-reception-to-be-held-on-capitol-hill-2012-01-24

Just saying, someone should probably question them and their customers. Why
does Google, who always “do things themselves”, externalise these vital parts
of its network? How come all the competing phone and OS vendors, who sue each
other all the time, suddenly trust this one company?

And then there’s all those competing social media companies, who practically
thrive on what others call “IP theft”, including their users sharing text,
images, music, videos and links?

Big questions. Defy common sense. Need answers.

03/27/12

Huawei Spying on Customer

Huawei - Mitt Romney's Bain Capital sold out 3Com to the Chinese

gAtO wRoTe - about the Chinese company Huawei (Shenzhen, China-based company) a long time ago with it’s ties to Rick Perry the governor of Texas and ex-Presidential bid and Mitt Romney’s company Bain Capital that sold out 3Com and sold our national secrets to them. Now it finally falls on Australia to take the first step WHEN electoral fortunes are fading a good “reds under the beds” story can boost political stocks, but the row about Chinese telecommunications equipment supplier Huawei being barred from supplying equipment to the National Broadband Network puts a new twist on an old tactic. Generally it’s the Right that beats the red peril drum. Here in Australia it’s a Labor government claiming the NBN is too vital a piece of national infrastructure to be put at risk by buying equipment from China.

Huawei, which is second only to Sweden’s Ericsson in telecom equipment sales, was blocked on Monday from bidding on a $36 billion Australian national broadband contract. Security firm Symantec (SYMC, Fortune 500) ended in November because of Symantec’s concerns that its relationship with Huawei would prevent it from getting a sensitive U.S. government security contract.

Will this be the tipping point were we America stands up and see’s pass the profits and starts with looking at our nations cyber security survival. We hear that DHS and NSA and everyone is pushing for dollars $$ to fix our infrastructure but when will we start to stop the Chinese from stealing our intellectual capital that has made America great. Politicians need to take a look at what is the real problem like Rick Perry allowing dozens of Chinese companies to set up shop in Texas and claiming that they have such a great employment record at the cost of our national security.

gAtO is sad that we see the veterans of our great country without a job when we could be investing in Cyber Security training our young veterans in this field. Veterans have vital experience but as gAtO has found out personally the VA has a problem with allowing our veterans to get an education in this vital field of Internet Security. I like China don’t get me wrong and some of the accusation about China I suspect is nothing more that a scare tactic to get funding for political pet project. But if we start to training our veterans and anyone who wants this training we will not lose the cyber war- gAtO oUt