China’s Blue Team

It seems that China finally had their come to Jesus moment.  They realize the value in having a cyber warfare command.  They have formed a blue team composed of 30 technology-savvy officers and soldiers. Does that strike anyone else as odd?  A nation of 1.35B and their central planning government decides to only allocate 30 people to cyber defense.

You can read the full article on China’s new Blue Team here.

Night Dragon

Puff the Magic, err I mean McAfee’s “Night Dragon” is what they’ve named tools, techniques, and network activities used in continuing attacks since November 2009 targeted against global oil, energy, and petrochemical companies.

Again, it seems like the same old story.  Web servers sitting in the DMZ with harmless SQL injection vulnerabilities (sarcasm) are pwned and then used to pivot into the internal corporate network.  Seek and exfiltrate high value data using remote access tools such as Gh0st and zwShell (think SubSeven, Netbus etc).  Game over.  Again, attribution leans towards our friends from the East (hence the ‘Dragon’ you jackass).

This could be a catalyst from McAfee’s PR/marketing department so be warned.  I’d love to see some Anon-LoLz member in Kansas bouncing through China, planting Mandarin comments in src before compiling shell code, and working 9-5 China time hours getting everyone in a tizzy over this APT threat….

Preventing future internet traffic misroutes….

Remember back in April of 2010 when for 18 minutes internet traffic was mistakenly misrouted through China’s state run telecom agency?  According to this H article, the European internet registry (RIPE) who manages assignment of IP addresses along with AfriNIC, LACNIC and APNIC have implemented a PKI certificate based solution to confirm the legitimacy of internet traffic routes.

Unfortunately, ARIN who manages the internet registry for North America will not be ready to deploy this technology until Q2 of 2011.  Better late than never…

Podcast about ICANN, root dns servers, Chinese domination and more!

I try to catch the weekly NPR Technology podcast.  This week there’s an interesting segment about ICANN, VeriSign and their root nameservers, as well as China’s desire to wrestle control of the internet.  You can get the podcast here: http://podcastdownload.npr.org/anon.npr-podcasts/podcast/1019/126006147/npr_126006147.mp3

*You need to advance to 5:00minutes into the podcast for this segment (unless you want to listen about Cuban bloggers)