It is nice to see that President Obama can be so magnanimous to a brother politician in desperate need… (I guess he had lots of practice with people like al-Maliki, Karzai, Zardari, and the likes)

PS. I wonder if President Obama quibbled “trust me” to PM Hatoyama to reassure him that thing would be OK?

The reports document a complex ecosystem of cyber espionage and crime that systematically targets and compromises computer systems around the world (Afghanistan, India, Russia, all the way to Zimbabwe), and organizations (an alphabet soup of acronyms from the U.N. to NATO, and lots of NGOs). The reports point out an ever enlarging ecosystem of crime and espionage taking root in cyberspace. Much of the reports easily point to China – with its stated aim to advance China’s economy via any means – seen as the obvious culprit (currently).

The reports and the recent plethora of exploit revelations indicate that China is well ahead with the deployment of its INFINT, with the likely assistance from its global HUMINT network.

Consequently and in addition to these two reports, with their stated aims of INFINT (Information Intelligence), we need now a report studying the great HUMINT network China deployed worldwide and its connection to their INFINT. For a start, China has citizens in just about every center of higher learning around the world – from the National Technological University of Argentina to the University of Zagreb – not to mention governments, companies, and so on. These post-graduate and graduate students learn the best a country has to offer; and, often contributing to local organizations as interns. However, the end game is to return home with a solid body of knowledge (BoK) readily usable to advance China – nothing wrong with that, especially since they pay full price, often inflated, for the education and the take home BoK.

Premise: How many of these ‘students/interns’ leave little gift in computers (and throughout networks) they have access to during their stay?

What is extremely interesting in both reports is that they reveal the harbinger of things to come. However, in my opinion I think that much of the complaints among the industrialize countries regarding China’s cyberspace activities may be a little sour grape… The “Free World” needs a villain, always – the USSR is dead; long live the PRC!

Note 1: INFINT (Information Intelligence) – information gathering in cyberspace by compromising computer systems – the term is more reflective of the current cyberspace activity than SIGINT (Signal Intelligence) the predominate mean of information gathering in the not so distance past and still going strong with its COMINT (communications intelligence) and ELINT (electronic intelligence) elements in some part of the “physical” world.

Note 2: Currently, there is not a single country among the current 192 United Nations (UN) member states without a Chinese community (excluding diplomats).

From the Durrani Empire (1747-1826) on the “Afghanis” have known very little peace from war with the Sikhs (starting in 1760s), the Uzbeks (from 1770s), the British (1839~42, 1878~80, 1919), all the way to the Soviet (1979~88) and now the United States (2001~); and the period between these wars, pretty well for the entire Barakzai dynasty (1826-1973) a civil war or another punctuated Afghanistan’s history.

To add oil to the fire – many of the tribes are not only aligned along ethnicity – Pashtun, Tajik, Farsiwan, Qezelbash, Hazara, Uzbek, Aimaq, Turkmen, Baluch (just to name a few) – but kinship, with its endless clans like feuds. This make-up leads to segregation from valley to valley (regions) complicating ever arriving to a just and equitable peace any time soon within Afghanistan (as a nation). The shared Afghan heritage either based on putative common ancestry, history, kinship, religion, language, shared territory, nationality, physical appearance will continue to be corrupt, always dominated by the strongest man (based on guns or money, or both).

However the obvious seem to be lost on politicians that for the greater majority have never worn a pair of combat boots, had them covered in Afghan dust, had their hands and lips crack by the cold nights, the sweat from exertion make their clothes stick to their body, be perpetually thirsty, hungry, tired, and so on. Therefore, they keep sending cannon fodder to a land where the best resource is opium poppy.

Yes, the country has natural resources such as gold, silver, copper, zinc, and iron ore (Southeast); precious and semi-precious stones (Northeast); and significant petroleum and natural gas reserves (North), along with uranium, coal, chromites, talc, barites, sulphur, lead, and salt – but even these untapped resources are regionally distributed and amount to very little in the daily survival of most Afghanis.

Afghanistan cannot be fenced off and simply ignored or become the subject of endless rhetoric like in Palestine or meaningless resolution like Iraq – thus, it is too soon for any politicians to think that they will find a politically expedient solution to the region based on their schedule. This endeavour has to go all the way to the end. This festering wound has to be bandaged and nursed to health; in end that will take courage that few current politicians have – As Winston Churchill had pondered at the close of World War II, “America, it is a great and strong country, like a workhorse pulling the rest of the world out of despond and despair. But will it stay the course?” I like to add – or simply cut and run before the next election…

Maybe one true leader will have an epiphany and stay the course regardless of what America does – bring a different unifying perspective to this land and safeguard it no matter what – and more importantly give meaning to all the lives of yesterday, today, and tomorrow.

PS. Solutions to the Karzai brothers problem exist, such as accidents, many of them costing less than US$100 (price of 50 cal bullets from stray sniper shots)

Hey dreaming is free, and in colour!

References:

• Afghanistan: Why Karzai Is Pushing Back Against the U.S.
• Afghan woman seeks help when Karzai comes to town
• Editorial: Karzai’s outburst is indeed troubling

Based on the scale and logistics of the detected (known) APT operations, these professionals are more likely state or terrorist organization sponsored. However, I would be surprise if they were not some operations backed by well-funded organized crime organizations. (For an organized crime organization, APT would be part of a long-term business plan with clear ROI.)

According to people knowledgeable about this, APT teams aim is to compromise networks and systems for gaining access to information and set-up so that they can keep coming back. According to the media, what makes APT frightful is that regardless of the countermeasures put in place to thwart attacks; these people have the resources and knowledge to work around those countermeasures.

As I have been saying, systems infiltration has been, is, and will be around for a long time – granted that they many are routed in old programme like the AUSCANZUKUS signals intelligence (SIGINT) collection and analysis network Echelon and evolved (or is it intelligently designed) into “Dynamically Unique Metrics Based Analysis for Secure Systems” or DUMBASS programmes. It is not surprising that cold war era methodology to still state and defence secrets would find it was into the hands of those seeing financial gains from financial institutions, ecommerce retailers, or just about anyone with a cyberspace presence.

The uncomfortable inconvenient truth is that in most organization with a cyberspace presence top management is more concern with their take home package than the cyber security of their ICT infrastructure; the people in charge of the ICT infrastructure are busy make life easier for themselves; and, the general population (users) just could not be bothered with having to jump trough a few simple hoops to avoid oops. (Biometrics, encrypted data (like EFS), mandatory UTM, and opt-in intelligence agencies supported blacklist, etc.)

Security is always an afterthought, like condoms! Therefore, DUMASS programmes to redistribute wealth, knowledge, and anything else of value will flourish – my only astonishment is that we learn very little but new rhetoric and acronyms from our security laps…

References:

Wired: The Advanced Persistent Threat Attack

TMCNet: Espionage via APT or Advanced Persistent Threat Widespread

SCMA Magazine: State of the Hack – Addressing the Advanced Persistent Threat

ZDNet: Advanced Persistent Threats: Should your panties be in a bunch, and how do you un-bunch them?

(And lots more…)

DUMBASS reference from AEON Security Blog

What can I say but thank you Google.

Hey, wake-up! Google’s actions in China are purely self-serving – the pretentious Googlelites could not get things there way so they had a tantrum, took their toys, and went hope – boohoo!

Google commonly censors and/or alter search results to comply with many countries’ laws or government requests (i.e., Germany and France: Nazi memorabilia, anti-Semite statements, etc.) – yet, we do not ear Google breaking laws, threatening to pullout, and political dribble about Google’s “a remarkable, historic and welcomed action.”

Simply put Google found itself in a market it could not dominate, adequately compete in, and likely loose money – so it moved on.

I am not fan of censorship of any kind, but let us face it cyberspace is a wild frontier that chafe politicians and nationalists everywhere – people incapable to imagine a self-regulated space in no need of their controls. Their psychosis, which normally insure that their mouth gets in gear before their brain get anywhere near, their need to control leads to some form or another of suppression to satisfy their delusions of persecution.

(If you want to read more abut Internet Censoring Countries start here.)

As for the hacking (by governments) – well folks welcome to the ‘big brother’ factor, which goes tongue and groove with paranoia and small minded politicians and nationalists! (By criminals) Well the Internet is big business for many organizations and easy picking for criminals. The Internet will never be 100% safe, we just have to learn to protect ourselves better.

(One would not walk into a dark alley in a cede neighbourhood alone or step on a battlefield naked… commonsense is a key word here.)

In addition, there is no reason to condemn Microsoft and others for staying and abiding by Chinese laws, just as they do elsewhere.

Like the old Hebraic proverb says – ברומא התנהג כרומאי (In Rome act like a Roman)

What Google should have done is stay in China and used some of the googleions to support projects like to advance cyberspace freedom and choice:

The Information Warfare Monitor is a joint project of the Citizen Lab and the SecDev Group, (Ottawa Ontario). The aim of the Information Warfare Monitor is to monitor and analyze the exercise of power in cyberspace.

The OpenNet Initiative is a partnership with The Berkman Center for Internet & Society at Harvard Law School and The SecDev Group. The aim of the ONI is to document patterns of Internet censorship and surveillance worldwide.

The aim of Opennet.Asia is to engage academic, policy, and civil society stakeholders in each of the countries of the regions concerned by surveillance and censorship to build institutional capacity and networked resources to conduct research and public policy advocacy around those issues.

PsiLab is a joint activity of the Citizen Lab and Psiphon, oriented around advanced research of circumvention technologies, threat analysis, and the consideration of political and legal issues surrounding their use in denied environments.

If the People and Soldiers Unite as One, All Enemies Under Heaven Will Disappear

MessageLabs Intelligence identified the number one source of malicious emails – Shaoxing, Zhejiang province in eastern China. Shaoxing is the birthplace of the pragmatic Zhou Enlai（周恩来） and a Third Department facility training and operation location.

In its March 2010 report, MessageLabs Intelligence traced 12 billion emails and found that almost 30 per cent of malicious emails were sent from China and 21.3 per cent came from the city of Shaoxing. They said key targets for the hackers were experts in Asian defense policy and human rights activists, suggesting state involvement.

Cyber-espionage uses emails sent in small volumes with legitimate-looking attachments or documents to fool the user into letting a malicious code infect their computer. According to the report, “The ultimate aim . . . is to gain access to sensitive data or internal systems by targeting specific individuals or companies.”

Researchers succeeded in tracing individual computer registration numbers to find the true source of the attacks. Previously hackers in China had been able to camouflage themselves behind servers in Taiwan and Hong Kong.

The findings show China was the source of 28.2 per cent of global targeted attacks. It was followed by Romania with 21.1 per cent, presumed to be mostly attempts at commercial fraud. The US was third, followed by Taiwan and then Britain, with 12 per cent of attacks.

While China improves it’s SIGINT and IMINT capabilities and continues to use its HUMINT intelligence collection to advance its economic position globally. Through the Third Department of the General Staff Department of the Central Military Commission, its national agency responsible for managing China’s strategic SIGINT program, China continues to modernize its intelligence gathering capabilities to obtain access to advanced technologies and gain economic advantages.

Its SIGINT efforts are an integral part of its multipronged approach to intelligence gathering with the use of open source information gathered through its HUMINT activities – using students and businesspeople scattered at around the globe, scientific researchers on exchanges, attending conferences, and seminars worldwide, and the New China News Agency – to gather tidbits of intelligence. China is demonstrating that it knows where to focus its efforts to gain economic advantage while keeping its INT well exercised for other activities.

So to ease the dilemma that the poppy fields will likely generate much needed revenues for the Taliban SAG should be planning realistic replacement crops and/or industries instead to just ignoring this conundrum until it is OK to start eradication again (after they unlikely win the hearth and minds of the offending farmers) – kind of disinfecting a wound after you stitched it. It may be simpler to connect the Afghans with an extended NAOMI study (North American Opiate Medication Initiative) where heroin-assisted therapy benefits people suffering from chronic disease.

Another option would be for governments to purchase the harvest outright from Afghan opium poppy farmers – the price at the end of the supply chain is certainly affordable when compare to the cost of suppression at the street end (opium and heroin); thus keeping all things in balance in Afghanistan.

Personally, I always though of poppies as commemorating the sacrifices of members of the armed forces and of civilians in times of war – at the end of the day it is better to turn a blind eye so that Afghanistan’s poppy fields do not give rise to another poem like Lieutenant Colonel John McCrae’s In Flanders Fields…

Reference:

http://www.nytimes.com/2010/03/21/world/asia/21marja.html?scp=1&sq=poppy%20field&st=cse

Reference:

http://bbvm.wordpress.com/2010/02/21/justice-lawyers-try-to-define-cyber-war/

Another demonstration that many ‘conservative’ governments paranoiac needs to control all information flow… or maybe they want to keep better tab on their Al Queda membership!

http://www.google.com/hostednews/afp/article/ALeqM5i7NxlHItbx2fl-LqFf9SAqD9c1QA

Again , this is not big deal most ME and many Asian countries monitor and/or keep copies of text messages (SMS, emails, twitters, etc.) – as demonstrated when two Emirates airlines cabin crew were ordered jailed for three months in Dubai over sexually explicit text messages. Of course the loudest complains against this practice comes from the U.S.A. – were one recalls that the U.S. government, with assistance from major telecommunications carriers including AT&T, engaged in a massive program of surveillance of domestic communications and communications records of millions of ordinary Americans (people).

References:

http://www.canada.com/technology/story.html?id=2695216 – Emirates airline crew members face jail over sexual text messages

http://www.eff.org/issues/nsa-spying – NSA Spying

The main part of the paper provides an overview of China’s content filtering, surveillance and information warfare policies and practices. This overview is followed by a consideration of issues for Canada. Like many other countries, Canada depends on economic exchange with China and is home to a large and growing Chinese Diaspora community that can be vocal critics of China’s human rights policies. Canada is also the home of some of the leading research and development projects on Internet censorship, surveillance and information warfare that, at times, are antagonistically linked to China. The conclusion considers some of the challenges and opportunities for Canadian interests and presents three recommendations for Canadian policy.

Dr Deibert’s paper is a good and timely read.

http://www.canadianinternationalcouncil.org/download/resourcece/archives/chinapapers/chinapapersno7deibertpdf?attachment=1

Dr Deibert is a Director, The Citizen Lab, Munk Centre for International Studies, University of Toronto. His academic website at http://deibert.citizenlab.org/ is a great source of knowledge.

Typically, using the stolen credential of people authorized to manage bank accounts the attackers will initiate a string of transfers (hopes) to a final destination were the funds can be withdrawn soonest (cashed in). Even if the bank manages to trace the transfers, there are simply no funds to recover.

This trend will certainly continue to increase as banks continue to encourage their clients to go on-line – as on-line banking save banks significant cost of doing business, but in most case actually show real revenue. Unfortunately, too many banks fail to devote any portion of their new found ROI into realistic security measures, including employees and clients education; this compounded with simply pitiable security measures taken by the majority of their online banking clients.

Online accounts related fraud is a multi-billion euro business – simply too good a revenue stream for criminal not to invest efforts and money in.

http://uk.finance.yahoo.com/news/online-bank-fraud-doubles-in-two-years-tele-3f0e4cea61be.html?x=0

http://www.compareprepaid.co.uk/cards/videos/03/2010/bank-fraud-on-the-rise/

Experts say that it is currently averaging nearly a million attacks a month since going online, without any incident (success) to date. The ministry deflected all the attacks with its security measures in-place (FW, WAF, IDS, EB1, etc.). However, I doubt very much that the MOD would tell anyone if it was hacked!

Note: According to the MOD, it had over 3.1 billion page viewed to date (first six months).

http://www.reuters.com/article/idUSTRE5AI0SP20091119

http://english.peopledaily.com.cn/90001/90776/90786/6816970.html

http://www.dailytech.com/China+Defense+Ministry+Targeted+by+Cyber+Attacks+2+Million+Times/article16891.htm

http://www.chinadaily.com.cn/china/2009-11/18/content_8995678.htm

http://www.digitaltrends.com/computing/china-defense-ministry-targeted-by-mass-cyber-attacks/

http://www.physorg.com/news177759440.html

http://www.networkworld.com/news/2009/111809-china-defense-ministry-site-fends.html

According to the Japanese Local Authorities Systems Development Center report describes that servers managed by nearly 200 prefectural and municipal governments across Japan (and likely national-level ministries), and other government affiliated organizations, can easily be compromised.

About 1,400 local entities – mainly prefectural and municipal governments – belong to the center, a foundation operated under the jurisdiction of the Internal Affairs and Communications Ministry. Each year, it surveys these local entities regarding server safety and other matters. However, until now it has never publicly released information on how local governments manage their servers.

In fiscal 2008, the center investigated 3,467 servers operated by 647 local entities. The result showed that 193 entities, or 30 percent of those investigated, continue to use problematic servers.

Of these entities, 70 had so many server-related problems the center concluded they needed to urgently improve their operational environments.

The 495 servers contain residents’ personal information, but use an old cryptographic system in which defects were detected more than a decade ago.

Furthermore, 27 servers loaded with basic software are still being used without updated security measures after the support period provided by a software company expired more than five years ago.

In both cases, the center pointed out that the use of such servers was problematic.

According to a post-survey questionnaire, despite being fully aware that local residents’ personal information could be leaked, 54 entities of those with security problems, said they had no plans to improve their operational environments, with some saying they could not afford to do so, while others said the matter was of no importance (the later being my all time favorite, having heard it so often over the last 10 years).

Elsewhere, many governments are trying to establish Voluntary Breach Disclosure regulations. (Australia, Canada, New Zealand, United States) Currently there is no common way for organizations to safely and confidentially share data about attacks they suffer, nor is there necessarily much incentive to do so.

Aside from the obvious privacy concerns and worries about damage to their public images in the event of a publicly disclosed hack. Many organizations have reservations about sharing their breach information with law enforcement because it is often more of a one-way street than an information-sharing arrangement. They supply their attack information to the authorities and more often than not never hear back from them.

But that soon could change, at least in the United States. FBI director Robert Mueller last week in a keynote address at the RSA Conference 2010 said while today it’s the exception rather than the rule for organizations to report cyber-attacks to the bureau, he promised some big changes that could allay privacy concerns. “We will minimize the disruption to your business. We will safeguard your privacy and your data. Where necessary, we will seek protective orders to preserve trade secrets and business confidentiality. And we will share with you what we can, as quickly as we can, about the means and methods of attack,” Mueller told attendees.

Well that would be a definite step in the right direction and an impetus for other to follow.

Source: Voluntary Breach Disclosure Rare But Valuable by Kelly Jackson Higgins, Dark Reading

As for Singapore, in the last year I was in SIN 14 times, but this was my first time in downtown in a long time. Given a free weekend, I walked about town and even managed to find nature among all that concrete.

In Jakarta, time was precious and rain abundant – being the rainy season. Nevertheless, some of my local colleagues took time to drive me about town on an overcast, but rain free, Sunday. I took in the sites (or was it sight) and a few pictures. The highlight of the day was being mobbed by munchkins while visiting a museum.

PS. On blogging, it is not so much as not having time as not having the discipline to blog in a consistent manner, sorry.