Category Archives: US- D.Homeland Security

03/27/12

Huawei Spying on Customer

Huawei - Mitt Romney's Bain Capital sold out 3Com to the Chinese

gAtO wRoTe - about the Chinese company Huawei (Shenzhen, China-based company) a long time ago with it’s ties to Rick Perry the governor of Texas and ex-Presidential bid and Mitt Romney’s company Bain Capital that sold out 3Com and sold our national secrets to them. Now it finally falls on Australia to take the first step WHEN electoral fortunes are fading a good “reds under the beds” story can boost political stocks, but the row about Chinese telecommunications equipment supplier Huawei being barred from supplying equipment to the National Broadband Network puts a new twist on an old tactic. Generally it’s the Right that beats the red peril drum. Here in Australia it’s a Labor government claiming the NBN is too vital a piece of national infrastructure to be put at risk by buying equipment from China.

Huawei, which is second only to Sweden’s Ericsson in telecom equipment sales, was blocked on Monday from bidding on a $36 billion Australian national broadband contract. Security firm Symantec (SYMC, Fortune 500) ended in November because of Symantec’s concerns that its relationship with Huawei would prevent it from getting a sensitive U.S. government security contract.

Will this be the tipping point were we America stands up and see’s pass the profits and starts with looking at our nations cyber security survival. We hear that DHS and NSA and everyone is pushing for dollars $$ to fix our infrastructure but when will we start to stop the Chinese from stealing our intellectual capital that has made America great. Politicians need to take a look at what is the real problem like Rick Perry allowing dozens of Chinese companies to set up shop in Texas and claiming that they have such a great employment record at the cost of our national security.

gAtO is sad that we see the veterans of our great country without a job when we could be investing in Cyber Security training our young veterans in this field. Veterans have vital experience but as gAtO has found out personally the VA has a problem with allowing our veterans to get an education in this vital field of Internet Security. I like China don’t get me wrong and some of the accusation about China I suspect is nothing more that a scare tactic to get funding for political pet project. But if we start to training our veterans and anyone who wants this training we will not lose the cyber war- gAtO oUt 

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
10/20/11

Anonymous Is Interested In PLC’s & SCADA?

From Infosce Island this great article came up this is gAtOmAlO’s 2 cents on it.

https://www.infosecisland.com/blogview/17479-Anonymous-SCADA-Lulz-DHS-and-Motivations.html

Anonymous has shown that it’s MO is just trash and dump to brag & “the lulz”, nothing more nothing less. That anyone can attack a SCADA and say it’s Anon I just don’t think it would work. As their arrest have shown these are mostly kiddies except for the leaders Sabu (later covered). Yes an attack on SCADA can be tried by any bad Nation actor but if caught it would set a precedence for what kind of attacks are OK for any Nation to try. The United States weighed launching a cyber-attack to disrupt Libyan air defenses before the start of an air campaign but they stopped because it would set a level of expectation in any forward coming battle.

Anon -or- Occupy Wall Street - gAtO -sMiLe

As to skills from the Anon’s YES they can. These kiddies are focused and they have no lives except online. Just like if you give a kid a guitar they will play it while in the toilet until they get that riff or note. Now some of the Anon are adults and these are the more astute in who, what & were to attack but the basic skill set is there. If you can learn Phython, ruby -Rails you can learn Step7 commands.

As to Sabu I really think he was a spook or a professional. How you can get that level of talent in a crewz and still command respect from a bunch of young people that took talent and he is still free.

That someone (bad actors) may try it, possible but I think just like you said it’s not there MO to do this. It would be bad for the movement and if someone does attack and then blames them. Well I think that the Anon’s will get really mad and do some damage. Some of these kiddies as I called them are growing up and they understand that maybe they did something right or good. Maybe they just think that they can make a difference. I know that Security people are being hired left and right because of this so for some it good. Remember FEAR will get you budget $$$ that may be why DHS is doing it.

 

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
10/11/11

Our Predator Drones Hacked Again?

The shadow cyber war have actualize. – gAtO first wrote this about Oct. 11,2011 but now it comes back to haunt us again. This time the took down the CIA RQ-170.

On May 31, 2011 Washington moved to classified an attack to essential infrastructure via cyberspace could be as damaging as any kinetic attacks on US soil. Pentagon officials disclosed to the Wall Street Journal that any hacker threatening US security by attacking its nuclear reactors, pipelines or public networks such as mass transport systems. “If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” an official said. But they go ahead and hack a top secret CIA/AF drone flight center. These “drones” are some of our most essential tools in our modern offensive cyber or conventional arsenal.

Do we have a retaliatory virus attacks on U.S Predator drones?  

Predator drones hacked in Iraq operations

Are we in a cyber war? If you infect my top secret complex and install an unstoppable key logger that controls my  main offensive warfare capabilities. To perform CIA and U.S. military unmanned drone aircraft operations in Afghanistan, Somalia, Pakistan and other conflict zones. “We keep wiping it off, and it keeps coming back” said one U.S Military source “We think it’s benign. But we just don’t know.” Another military spokesman said to Wired, “We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks“.

The virus was first detected two weeks ago and is thought to be logging every keystroke made as US-based drone pilots remotely fly overseas missions. The drones have not been grounded as military officials claim that confidential information has not been compromised.
As you might expect military officials are attempting to downplay the significance of the computer virus attacks. They state that they do not yet know whether the virus was placed in the drone’s software by a targeted attack or if it is a piece of malware that somehow entered the network by accident. Military officials do admit that they do not know how far the virus has spread throughout the drone network.

 

IT security field is full of clueless people… A perfect example of a lemon market (Gutmann). Part of the problem is high demand for IT security, and over-reliance on certifications. Demand is even higher for personnel with secret or higher clearance… and it seems that in some cases if a candidate for a position has the clearance, then knowledge, expertise and other such “nonsense” are deemed optional.  A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions… They think it’s “benign”! I bet Stuxnet also seemed pretty “benign” for while.

And they are running GCS on Windows… Yeah, yeah, I am aware of the common criteria EAL for Windows. I have seen a warship’s main computer running on Windows :) How crazy is that? Of course a $26 software causes the problem…

The interesting aspect of this is that the operators are doing what I’ve always predicted American soldiers would do – fighting through the problem. Sure, they’re bringing systems down and rebuilding them, but they’re still operating. This can be both good and bad – good if you need to accomplish the mission but bad because it’s hard to bring down all of the systems at once to prevent cross-infection (I do wonder why they don’t patch the Windows vulnerability – could it be that the SPO didn’t plan for patching?)

The Creech folks are facing the same problem an oil refinery had when nimda hit them. The refinery would have had to shut down at the cost of millions of dollars if they had lost “view” of the process. However, the operator consoles (HMI) were the last source of re-infection. Eventually, they isolated all but one HMI, fixed the isolated systems, and then swapped those for the one that was probably still infected. Since that’s the logical path, I’m sure the Creech folks are trying it – but they apparently have not yet succeeded.

Long ago, in the DARPA IA program, an epidemiologist pointed out the strange anomaly between real-world infections and cyber-world infections. In the real world there is a rapid rise of number of infections until the infection vector is saturated, then either treatment or immunity develops and the number of infections slowly trails off with time to near zero. Cyber-world infections follow a similiar pattern until the trail off stage when the curve maintains a significant value above zero in the tail end. Anyone who monitors firewalls and IDS knows that there are still machines out there somewhere trying to infect others with blaster and nimda and every other major malware.

Once again, we see that key loggers are notoriously difficult to identify and eradicate. By far the most effective way of neutralising the effects of key loggers is techniques that ensure they receive either no data or false data. Unless you track 100% of system changes after each and every session..

We are constantly being attacked from everywhere -by everyone, what one attack vector won’t find, another attack vector will, it becomes a numbers game.
These were directed campaign to get the key-logger install in a secure facility. That’s good Social Engineering. That open’s up another can of worms. You gone tell me it was “Lady Gaga” on a thumb drive again.
Windows :D Let’s let the defense boy’s use a PS3 (more secure) to fly these drones, better than a windows box, without a mirror of the OS as a fallback plan. Disaster Recovery Boy’s and girls. It’s becoming a SNL comedy skit, but it ain’t funny D: The last year it’s been all China, that is the question.

I’ll back away from the soapbox now.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
08/10/11

Politico’s Playing The Fiddle While Cyber America Burns Down

China Prepares for Cyber Warfare- The Ministry of National Defense (MND) looks like the main leaders of China’s cyber warfare C&C. “The Executive Yuan has made tremendous efforts in beefing up government units’ ability to counter cyber-attacks,” said Wang Te-pen (???), a major general at the MND’s Communications and Information Security Department told at a regular briefing yesterday in Taipei.” Under the supervision of the Executive Yuan, Wang said the MND also fortified its anti-online infiltration capacity.

Of course this tough guy attitude from China comes after McAfee opened the “Shady Rat Attack” report. As they say everyone was attacked except China. I know their needs to be a MAC address and a TCP/IP and geo-location but as I track China for my Timeline it’s clear the Chinese did it. As I wrote previously we knew China was doing this 4 years ago and now it becomes real why now. We could have prevented trillion of dollars in Intellectual property alone if we would have done something 4 years ago. Would of, Should off, Could off and the list goes on as our cyber national security goes down in flames because our representatives don’t have to courage to lead and stop following.

From the Chinese point of view they saw our political infighting and with all the T-Bills they have and a -273% trade deficit with America. Why wouldn’t China be bold right now and take what they want. Our leaders are stuck in this infighting it’s like “Nero playing the fiddle while Rome burned down”. We have the power Net-Citizens to change all this. Get the twitter accounts and Facebook connections out and VOTE. Let’s become leaders of the free world again. Let’s make the hard choice because cyberspace is here to stay we can’t let the threats outweigh the freedoms.

Read More ..>

 

http://www.chinapost.com.tw/taiwan/local/taipei/2011/08/05/312335/MND-closely.htm

 

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
08/3/11

2011 The Year of the Hack and Our Report Card from GAO – Not Good

2011 ”The Year of the Hack” and our report card from the GAO is not good. GAO reports “Continued Attention Needed”. But the bad part is they want to take some U.S. Citizens cyber freedoms away.

In a new report 7-26-2011 by the GAO (U.S. Government Accountability Office) office wants private companies like Google, Yahoo, Bing and others to share their information about users with the U.S. government. The GAO has identified protecting the nation’s cyber critical infrastructure as a government wide high-risk area.

  • Strengthening public-private partnerships, particularly for information sharing;
  • Protecting the nation’s cyber critical infrastructure as a government wide high-risk area.

If the Obama administration follows the course given by the GAO American will lose some of our freedoms in cyberspace. When you give the government the right to see your digital footprint in cyberspace without evidence of foul play. We then have become one of the bad guy’s. American cyber freedom will echo all over the world so we of all people must make sure we are free of monitoring by our government when we are on the Internet.

Yes I understand the FBI carnivorous, NSA Echelon, Room 641A and the IAO (Information Awareness Office) programs and other nastiest that the U.S. Government has spying on it’s own citizens. We can VOTE for cyber freedoms. We can make the Internet safe and free for not only us but for the people of the world.

We Net Citizens of the world must fight to protect cyberspace from to much protection by our government.

My 2© cents – gatoMalo_at_uscyberlabs_dot_com

http://USCyberLabs.com/blog/

http://ChinaCyberWarfare.wordpress.com

read More ..> http://chinacyberwarfare.wordpress.com/2011/08/01/why-is-china-really-going-after-facebook-globalpost/

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
07/25/11

US Military Cyber Warfare Team

As a veteran I can tell you the military has many rules, regulation, chain of command but when it comes to developing Cyber Warrior this all has to change. Most hackers have no rules or regulation and when someone comes in the room they do not jump up and salute. Our military is so rigid that it may be hard to really get the right talent to do the job. You can train people how to use Net-Tools to do recon on the enemy, but as China has stated there is no dogma in warfare. We must be flexible, adaptable and must be able to think like a hacker.  Hackers have no rules when you need to do something you do it, if you need software you can’t wait 3 months and make 12 requisitions you need it NOW.Cyber Hippy

When your hacking the moment of opportunity sometimes happens in seconds not weeks and months, so the rigid structure of the military will have to adapt or fail.

As to military offensive cyber capabilities Air Force Chief of Staff Gen. Norton Schwartz a four-star told the House Appropriations defense subcommittee that it is “conceivable” that the service could have taken out Libya’s SA-5 surface-to-air missiles using cyber weapons rather than iron bombs or missiles. I am sure our Military can do lot’s in the way of offensive strike but I’m talking about Cyber-Espionage, Cyber Intelligence gathering. Sneaking in silently and sitting deep inside the war room of China or Russia without getting caught that is the talent we need. Persistent attacks are the brute force way of getting the job done but the silent and slow hacks are the ones that we need to get the information.

How long will it take to get a real Cyber Military team ready and working that’s hard to say maybe years. We need this talent now not a year from now. Maybe one solution is to work with hacktivist and other cyber talented people and learn from them what it takes and learn what really works. In cyberspace we need to think outside the box to get the job done. One solution is to use real hackers to do some of the work, some of these hackers can be converted to the Military but just don’t ask them to do 10 push-ups or salute.

We have many talented people here in the US they are our Civilian Cyber Militia, lets use these people to help us. Some are just as patriotic as anyone but just cannot take the rigid structure of the military. We as a Nation need to work together because everyone is going after the US in cyberspace, let’s fight back anyway we can. This is of National Importance if we loose our technological edge in cyberspace the only thing we have is left is the best Pizza delivery in the world.

gatoMalo_at_uscyberlabs_dot_com

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
07/1/11

Richard Clarke: Obama Lags vs. China Cyber War

The Obama administration is failing in its duty to protect the country from the threat of a Chinese cyber attack, former counter-terrorism czar Richard Clarke warned in a Wall Street Journal Op-Ed.

“Congress hasn’t passed a single piece of significant cyber security legislation,” wrote Clarke, who served under both President Bushes and President Clinton.

Government officials know that the Chinese government is “systematically attacking the computer networks of the U.S. government and American corporations,” and therefore it has a duty to do something about it, Clarke wrote.

“Three years ago, the head of the British Security Service wrote to hundreds of corporate chief executive officers in the U.K. to advise them that their companies had in all probability been hacked by the government of China,” he wrote. 

via Richard Clarke: Obama Lags vs. China Cyber War.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
06/29/11

Chinese Cyber Warfare Threat to be Analysed at Cyber Warfare Europe as Rhetoric… — LONDON, June 29, 2011 /PRNewswire/ –

As China-based organisations are increasingly accused of launching cyber warfare attacks, LtCol USMCR (RET) Bill Hagestad from the US Marine Corps, will be discussing the intent and scale of the threat from China at Cyber Warfare Europe 2011.

Recently reported network attacks on Lockheed Martin and attempted hacking of the Google email database for senior US military personnel and Chinese human rights activists have been linked to China, raising tensions between the US and China as both countries begin to accelerate their cyber warfare strategies.

As part of the Pentagon‘s formal cyber strategy, it announced in plain terms that cyber attacks do indeed constitute an act of warfare.

In a recent interview with the Wall Street Journal, a US military official stated that cyber attacks could be met with a kinetic response. He was allegedly quoted as saying, “If you shut down our power grid, maybe we will put a missile down one of your smokestacks”.

An article in the Chinese-language Liberation Army Daily, which was also published on China’s Ministry of Defence website, stated that, “the U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak.”

Even though it is unlikely that all-out cyber warfare will break out, the heightened tensions between the US and Chinaincreasingly dominate the cyber battlespace. At Europe’s pre-eminent Cyber Warfare event,  LtCol USMCR (RET) Hagestad will look at the China cyber warfare threat within the context of China’s history and explore the intent behind China’s cyber warfare capabilities. His session will include the:

  • Definition of the Chinese cyber threat
  • Organization of China’s PLA Cyber Command, key personalities
  • The 8 Pillars of the PLAs Cyber Warfare Strategy - mapping East to West
  • Specific case studies of cyber attacks by the PLA
  • Interests and Intent of the PLA Cyber Command


The timely post-conference seminar has already generated major interest from senior military professionals and is fast-becoming one of the major highlights of Europe’s premier Cyber Warfare event. If you would like to attend LtCol USMCR (RET) Hagestad’s post-conference workshop or learn more about Cyber Warfare Europe, visit http://www.cyberwarfare-europe.com.

via Chinese Cyber Warfare Threat to be Analysed at Cyber Warfare Europe as Rhetoric… — LONDON, June 29, 2011 /PRNewswire/ –.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
06/21/11

U.S. to Probe Alleged Chinese Hack of Senior Officials’ Gmail Accounts – ABC News

 

 

 

 

The U.S.government is “very concerned” about Google’s claim that the personal email accounts of senior U.S. officials and military leaders might have been breached in a phishing attack originating in China, Secretary of State Hillary Clinton said today.

“These allegations are very serious,” she told reporters, adding that the FBI will investigate the matter. “We take them seriously. We are looking into them.”

Google said Wednesday it had evidence of a phishing attack – in which users are tricked into revealing their passwords or into clicking on a link that can infect their computer with a virus — that appeared to target specific individuals to access their email accounts.

“We recently uncovered a campaign to collect user passwords, likely through phishing,” the company said on its official blog. “This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”

Clinton declined to provide additional information about the incident, citing the sensitivity of the ongoing investigation, but said Google notified the State Department of what it had found prior to the public announcement.

“The goal of this effort seems to have been to monitor the contents of these users’ emails,” Google said, adding that it had disrupted the efforts and notified the victims and government authorities.

The Chinese government has denied any involvement in the attack. Such allegations are “groundless and with an ulterior motive,” a Foreign Ministry official reportedly said.

One cabinet-level official is among those affected by the phishing campaign, the Washington Post reported today. The Post also cited unnamed officials as saying that while no government email accounts were breached, a trove of emails was accessed and they are unable to tell whether any official business was discussed using the personal email accounts.

The incident is unlikely to be the last such cyber attack, Clinton said, warning that the U.S. government must be ready for the next one.

“We know this is going to be a continuing problem and therefore we want to be as prepared as possible to deal with these matters when they come to our attention,” she said.

Clinton was careful not to accuse the Chinese government of any wrongdoing, but the incident will do little to ease recent tensions between Beijing and Washington.

In an effort to begin to smooth things over, Clinton and Treasury Secretary Timothy Geithner hosted senior Chinese officials in Washington last month for high-level talks. Military leaders from both sides followed up with talks of their own and outgoing Defense Secretary Robert Gates arrived today in Singapore where he will meet with his Chinese counterpart during an annual defense conference.

Separately, the Pentagon is soon expected to publish a report stating that a cyber attack could be considered an act of war, just like a conventional offensive, and therefore could merit a military response.

“A response to a cyber incident or attack on the U.S. would not necessarily be a cyber response; all appropriate actions would be on the table if we are attacked in cyber,” Pentagon spokesman Col. David Lapan told reporters Tuesday.

 

 

U.S. to Probe Alleged Chinese Hack of Senior Officials’ Gmail Accounts – ABC News.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit