Does anyone remember this story from April 2009? Computer Spies Breach Fighter-Jet Project Computer spies have broken into the Pentagon’s $300 billion Joint Strike Fighter project — the Defense Department’s costliest weapons program ever — according to current and former government officials familiar with the attacks… In the case of the fighter-jet program, the intruders were able to copy and siphon off several... 

A Chinese national was convicted this week of smuggling and other charges over his efforts to acquire sensitive military and NSA-encryption gear from eBay and other internet sources. Chi Tong Kuok, of Macau, told Defense Department and Customs investigators that he had been “acting at the direction of officials for the People’s Republic of China,” according to a government affidavit in the case. “Kuok indicated he and... 

A spy network targeting government networks in India and other countries has been pilfering highly classified and other sensitive documents related to missile systems, the movement of military forces and relations among countries, according to a report released Tuesday. It also grabbed nearly a year’s worth of personal correspondence from the Dalai Lama’s office, even after reports published last year indicated …  Read More →

Beijing, China – April 1, 2010 – The Chinese government announced that effective immediately all US based technology firms and associated products and services will be banned from all Chinese government and state-run agency IT environments. The ban is expected to include critical infrastructure, such as military, finance, utilities, and healthcare as well as education,  Read More →

BEIJING (Reuters) – China warned Google against flouting the country’s laws on Friday, as expectations grow for a resolution to a public battle over censorship and cybersecurity. The chief executive of Google, Eric Schmidt, said this week he hoped to announce soon a result to talks with Chinese authorities on offering an uncensored search engine in China. “Google has made its case, both publicly and privately,” said China’s... 

The Chinese government is imposing new internet restrictions demanding personal-website operators to acquire central-government permission to operate their sites. The latest censorship measure, which covers .cn domestic domains, comes as Google is trying to convince Chinese censors to ease up. Google said 43 days ago it would undertake a self-imposed exile from China if the government does not back off from requiring it to censor search results.... 

BEIJING (Reuters) – U.S. government analysts believe a Chinese man with government links wrote the key part of a spyware program used in hacker attacks on Google last year, the Financial Times reported on Monday. The man, a security consultant in his 30s, posted sections of the program to a hacking forum where he described it as something he was “working on,” the paper said, quoting an unidentified researcher working for the... 

NEW YORK (Reuters) – Recent cyber attacks on Google and other American corporations have been traced to a top Chinese university as well as a school with ties to the Chinese military, The New York Times reported on Thursday, citing people involved in the investigation. Those people told the Times that the Chinese schools involved are Shanghai Jiaotong University and the Lanxiang Vocational School. They said the attacks may have started... 

I was not surprised to read China’s hawks demand cold war on the US in the Times Online. [A]lmost 55% of those [in China] questioned for Global Times, a state-run newspaper, agree that “ a cold war will break out between the US and China ”… An independent survey of Chinese-language media for The Sunday Times has found army and navy officers predicting a military showdown and political leaders calling for China to sell more arms to... 

Some of you may remember me mentioning the 2008 SANS WhatWorks in Incident Response and Forensic Solutions Summit organized by Rob Lee. I provided the keynote and really enjoyed listening to the presentations, which Rob has graciously made available at http://files.sans.org/summit/forensics08/ . One of the presentations, by Mandiant consultant Wendi Rafferty and then-Mandiant consultant (now GE-CIRT incident handler) Ken Bradley, was titled... 

There’s finally some good reporting on advanced persistent threat appearing in various news sources. A new Christian Science Monitor story, one by Federal Computer Week , and one by Wired are making progress in raising awareness. Unfortunately, there’s plenty of Tweeting and blogging by people who refuse to understand what is happening or are not capable of understanding what is happening. From now on, rather than repeat myself trying... 

In December 2007 I wrote Predictions for 2008 . They included 2) Expect greater military involvement in defending private sector networks; 3) Expect increased awareness of external threats and less emphasis on insider threats; and 4) Expect greater attention paid to incident response and network forensics, and less on prevention. All three of those predictions are being fulfilled by the Google v China incident as demonstrated by this Washington... 

It’s been three weeks since Google announced that a sophisticated and coordinated hack attack dubbed Operation Aurora recently targeted it and numerous other U.S. companies. Until now we’ve only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few... 

In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat . No sooner than I had posted those thoughts do I read this: Beijing ’strongly indignant’ about U.S.-Taiwan arms sale The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that…  Read More →

The aftershocks of Google v China continue to rumble as more companies are linked to the advanced persistent threat . Mark Clayton from the Christian Science Monitor wrote a story titled US oil industry hit by cyberattacks: Was China involved? I found these excerpts interesting. At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a...