Operation Cleaver : IRAN a greater Cyber Threat then US/China????

1.    There has been a series of decisive and significant reveals in past few weeks in the field of Cyber Security. REGIN, APT28, Wirelurker and now comes another important report by the name of Operation Cleaver. The report is available here.Some time about a year back in September 2013,the ping pong blame of cyber attacks between Iran-US were made public vide US carrying out proven credentials of IRAN being part of attack in their Navy room. A screen shot of a report then is seen below :

 2.    Now, a US cyber security firm Cylance says it has evidence to prove that the same team has infiltrated not just the Navy, but also various top companies across the globe within the past two years. This report sheds light on the efforts of a coordinated and determined group working to undermine the security of at least 50 companies across 15 industries in 16 countries.

3.  Iran till date has never been considered quite as much of a serious cyber threat to the US as China and Russia have been in recent years. This could prove to be a mistake vide proofs given in this report.The report indicates that state sponsored cyber groups in Iran can be just as severe or even way ahead in terms of offered danger to few countries. Few key points of interest are mentioned below :

-  Victims include companies in the oil and gas sector, the energy industry, airports and the transportation sector, government and defence, and the telecommunications and technology industries.

-   Report believes all the revelations are just the tip of the ice berg and damage extends much ahead of contours identified.

-   About 10 of the victims are based in the US and include a major airline, an energy company, a medical university, and an automobile manufacturer.

-   Many of the other firms targeted by the group are based in Middle Eastern countries like Kuwait, the United Arab Emirates, Saudi Arabia, and Qatar. Cylance also found a significant number of victims in Canada, Germany, England, France, India, Israel, Pakistan, and Turkey.

-  Unlike their Russian and Chinese counterparts, which tend to grab IP and financial data where they can, the Iranian group has mostly avoided stealing such data.

-  The group is scoping networks and conducting reconnaissance as if in preparation for a major assault at some point in the future.

-   Technical capabilities of the Operation Cleaver team rapidly evolve faster than any previously observed Iranian effort.

- 

After What's APP : Now WeChat threat!!!!

1.  Few backs earlier I wrote a post about Security Issues in Whatsapp here. Now exactly on the same lines there is a proven issue on Wechat....

2.  WeChat gained an immediate success the moment it was launched few months back in India.Every one was so happy to adopt it in their respective androids but it seems that the application is not so secure as hackers have been able to bypass the security mechanism to decrypt the messages sent using the app and China could be potentially spying on Indian citizens...
 

3.   Rest ditto from Parity news at http://www.paritynews.com/2013/08/26/2487/wechat-is-a-threat-to-national-security-claim-researchers/

According to a couple of young researchers, Jiten Jain and Abhay Agarwal, the free messaging app doesn’t employ the best of encryption and security technologies, which leaves personal information of its users vulnerable to theft. To prove their point the researchers went onto demonstrate the ease with which the messages sent using WeChat can be decrypted, indirectly indicating that foreign governments could be doing the same thing for spying and surveillance purposes.

The researchers were discussing the potential risks to privacy of users because of surveillance techniques employed by service provides across the globe at The Hackers Conference in New Delhi India on August 25. The researcher duo claimed that app from Chinese Internet Giant Tencent is threat to national security.

Jain and Agarwal claimed that not only can the Chinese government access the chat logs, but they can also access each and every detail about users stored in their smartphones – ranging from contact lists, messages, calls, geographic locations, etc.

One of other points raised at the conference was that the Indian Government is not able to successfully utilize the vast potential of security researchers in India. The Government has failed to secure its websites never mind the security of the whole nation. Researchers present at the conference stressed for the need of raising awareness about security within government establishments and masses in general.

Researches urged the government to strengthen the security of its websites as well as digital data by grooming in-house security experts as well as by availing help from industry experts present in India.

4.   In fact the duo did not hold back to say that it is a severe national threat...and I agree to their view...but who cares!!!!elections are coming...we are not even bothered about so many internal threats...external is out of purview!!!!!SAD.

DRDO HACKED : NO....YESS...NO...YESS!!!!goes on...

1.    Now nothing new about this news....its just another hacking news among-st the millions of hacking news and scrolls daily....but it has become an eye popper because it has the word DRDO in it..... that's the Defence Research and Development Organisation.

2.   Though DRDO straight away denies it that it can never happen(whats the basis behind is a well guarded secret...)...but Pawan Duggal,a known Cyber Expert says that never in the history of "India Hacked" past has such voluminous data transferred and resided in servers outside the country borders.....video down here

and more details at http://zeenews.india.com/videos/china-hacks-drdo-systems_20156.html

and http://www.dnaindia.com/india/report_drdo-s-website-hacked-antony-orders-probe_1810730

and http://www.indianexpress.com/news/china-hacks-into-sensitive-drdo-computers/1087499/

and http://timesofindia.indiatimes.com/india/DRDO-computers-hacked/articleshow/18955837.cms

3.    The hacking is suspected to have been carried out by Chinese hackers and there are fears that some sensitive information could have been compromised.When asked about it, Defence Minister A K Antony said, "Intelligence agencies are investigating the matter at this stage and I do not want to say anything else."

Commenting on the issue, DRDO spokesperson Ravi Gupta said, "As per our information, no computer or network of the DRDO has been compromised."(Offcourse they have records to prove that all sentries and guards were on duty at the moment hackers claim they hacked DRDO....pun intended SIR!!!!!)

4.     Today things in context of Cyber Security at national level stand at a very critical juncture...infact I feel that juncture is past now....we are already late...but still we read and hear that Cyber Security Policy of India will arrive soon.....(i know cut paste also takes time....pun intended!!!!!)..READ HERE

5. India I am sure will keep busy with hiding elephants......jantar mantar.......elections...2014....italy guards.....bhagwan etc etc...but if the priorities don't change the order soon...India will be backed up and downloaded in some other country sooon....it will be veri sad...we are one of the leaders in IT industry....specially software but we have not been able to exploit this potential for in house strengthening...we are all concerned for individual growth...vo subah kabhi to aaayegi....vo subah kabhi to aaayegi!!!!!

Internet Freedom : ULTRASURF

1.     While I have earlier talked about TOR,Anonymous OS etc and maintaining privacy on Internet...likewise there is no dearth of such options on the net.Another hugely respected :-) and proven software is ULTRASURF.This software is available at http://ultrasurf.us/ offcourse as a free download. :-).
 

2.   This was originally created to help internet users in China find security and freedom online and has subsequently grown to become one of the world's most popular anti-censorship, pro-privacy software, with millions of people using it to bypass internet censorship and protect their online privacy.

3.    Among other features,few as I felt important are jotted below :

- Protect your privacy online with anonymous surfing and browsing.
 

-  Hides your IP address,clears browsing history, cookies,and more.

-  Using industry standard, strong end-to-end encryption to protect  data transfer from being seen by third parties.

-  Bypasses internet censorship to browse the internet freely.

- Only supports Windows OS.

- Works with IE like TOR with Mozilla.

-  One interesting thing is that the company keeps logs bare minimum information for anti blocking purposes. They  keep your logs for maximum of 30 days to comply by the exisiting law protocols of the hosting country.

4.  More at   http://ultrasurf.us/

CHINA CAUGHT ON WRONG FOOT in its own MARCH

1. Across the globe ,across all the cyber attacks investigated one thing that comes out common is the source of attack ie CHINA.As always China has been always denying all claims and has been doing reverse propoganda of actually deep rooted spoofing and involvement of other countries.But recently it was caught on the wrong foot in front of the international nietizens....

2.   Below is the extract straight from FEDERAL COMPUTING WEEK penned as China provides smoking gun against itself in cyberattacks by John Breeden II

" But now, thanks to China itself, I have proof that the People’s Liberation Army does attack the United States, and likely does so on a regular basis.

China’s claims of innocence have come crashing down because of an apparent mistake in editing in a documentary on the country’s own state TV that should never have gone live. The PLA presentation demonstrated its military capabilities. Amid all the tanks and planes, the propaganda piece showed a mere four seconds inside the group's cyber warfare center.Without narration, one has to think that the cybersecurity part of the piece was only put into the video by accident, a technical background shot placed between segments for a bit of extra color. However, those four seconds are both telling and damning to the Chinese lie that they don’t attack the United States.

Here is the incredible part: During those four seconds, we clearly see a Chinese soldier use a drop-down list to choose from preset target websites around the world. Then he actually attacks a website in Alabama.

In this case, the website was setup to support Falun Gong, a spiritual movement outlawed in China that practices meditation and a philosophy that emphasizes moral responsibility.

Even though all the targets shown in the four-second video were Falun Gong sites around the world, the fact that they were in a drop-down menu is telling and appalling. You don’t set up drop-down menus with attack buttons unless you plan to use them. And the Chinese military did push the attack button in the video, so apparently it has no problem pulling the trigger.

So to all you people who wanted to know where my smoking gun was, watch the video. It’s clear to me that we are under attack from China right now.

It’s time for China to own up to what it is doing. Or it’s time for the United States to do something about it."

3. The video link is shown below for info of all.Watch it carefully!!!!

4. Thanks http://fcw.com

INSPIRED FROM INDIA : CHINAs ATTEMPT ON TAKING ON CORRUPTION

1.    In recent last few months,a lot has been happening in India in form of anshans,demonstrations,dharna's to bring back the black money freezing in swizz banks and to reduce corruption...so far so good...the spark happened and is now gradually bowing to the Government which ensure and loves STATUS QUO.....atleast thier wasy of working confirms this....instead of supporting the movement...they took the key persons involved head on and now in another about a week or so we will be back to STATUS QUO...

2.    But China's esurient Internet users are taking a leaf from India's anti-corruption drama by opening websites so citizens can confess, sometimes in pitiless detail, to buying off officials.Several Chinese confess-a-bribe websites, including "I Made a Bribe" (www.ibribery.com), have been inspired by an Indian website "I paid a bribe" (ipaidabribe.com)......china ranks 78th in the corruption list whereas we list at the 87th rank...m sure it is much worse.....apna nahee to kisi aur ka to bhala hoga........jai ho INDIAAAAAAAAAA

3.     Thanks http://www.reuters.com

IT meets HIGH TECH TAPS : Renshui Faucets

1. Water Taps with in-built chips , the Renshui high-tech faucets, allows customised control of the flow and temperature of the water . All it takes is a simple touch and one can change these parameters to prepare a perfectly tailor-made lovely bath.The water’s temperature is also displayed on the cool body of this faucet that’s totally different in style and form.

2. With a simple touch, one can go from hot to cold water, on or off. Another great feature is the intelligent light, which shows the water’s temperature to cut down the risk of scalding accidents. All these features come wrapped in a contemporaneous design that will add sleek , style in additions to reducing your wallet weight.

3. Thanks http://www.trendir.com/

XINGYUN : World's Fastest Computer

1. "Experts say one second of its work may take a whole day for a dual-core personal computer"

2. Such is the astonishing ..or I say beyond imagination power of this officially disclosed SUPERCOMPUTER named "Xingyun" from China that runs at more than one quadrillion (one thousand million million) calculations per second.

3. XINGYUN is now the server of ‘Dawn 6000’ which has been jointly developed by Dawning Information Industry Co. Ltd, Chinese Academy of Sciences Calculation Institution and the South China Supercomputing Centre. It has been developed for DNA sequencing and for cloud computing.

4. Perhaps there is no end to improvement.....tomorrow will come up with much much higher speeds then XINGYUN......wait and watch.....

Microsoft choose to stay in China: Why not?

1. Just a day after I mentioned that Bing will be seen smiling on Google's exit from the dragon land, Microsoft have released a official statement on this. Brief Extract from http://infotech.indiatimes.com/News-Internet-We_will_stay_in_China_Microsoft/articleshow/5448256.cms reproduced below :

Microsoft Corp has no plans to pull out of China, its chief executive has said, playing down concerns about recent cyber attacks and censorship raised by rival Google Inc.

The company's stance indicates the world's largest software maker is not likely to support its fierce rival in its battle with China and rebuffs broad US political backing for Google.

"There are attacks every day. I don't think there was anything unusual, so I don't understand," Microsoft CEO Steve Ballmer told Reuters after a meeting on modernizing government services at the White House.

"We're attacked every day from all parts of the world and I think everybody else is too. We didn't see anything out of the ordinary."

CHINA & GOOGLE

1. The long tug of war between these two respective giants is finally coming to an end...and the end means the end of GOOGLING in china.The fact that any person can choose to access anything at any time, and usually at no cost is too uncomfortable an idea for the Chinese thinking tank and they have been busy implementing moves and measures to constrain people's access to the internet for about last two years that i have read across in various articles and snips.

2. I can see the smile on the Bing's face now....no Googling means more chance of a Binging and likely revival of few earlier search engines...remember AltaVista generation about 10 years back.

3. Now China's logic behind this!!!!!we all know when we google what happens...i had given on post at http://anupriti.blogspot.com/2009/12/google-binged-my-100th-post.html .This reason is valid though.Extract produced from Google's blog at http://googleblog.blogspot.com/2010/01/new-approach-to-china.html is reproduced below :

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.

4. Who's is correct then? It is just a matter of perspective and convenience of the mind.

Green Dam Youth Escort : What's that?

1. The title suggests that it has got something to do with college unions doing thier bit contribution in saving some water or fighting over some water dam issue.But its nothing like that.It is the name of a firewall which is a first of its kind official government imposed content-control software developed in the People's Republic of China (PRC). Under a directive from the Ministry of Industry and Information Technology (MIIT) , it is mandatory to have either the software, or its setup files accompanied on a compact disc or pre-installed on all new personal computers sold in mainland China, including those imported from abroad. 

2. The firewall software is to be made a mandatory pre-requisite for new computers sold in the country, as a meaure to help stamp out pornography and other vile elements on the Web. The move thus has been widely criticised by industry groups and officials as rash, politically intrusive, technically ineffective and commercially unfair.Few of the features of the software are enumerated below :

• Designed to work with Microsoft Windows operating systems,the software is specifically aimed at restricting online pornography but could be used for other purposes.
• Green Dam Youth Escort automatically downloads the latest updates of a list of prohibited sites from an online database, and also collects private user data. 
• Green Dam recognizes pornographic images by analyzing skin-coloured regions, complemented by human face recognition. The software is incapable of recognizing pictures of nudity featuring black- or red-skinned characters but sensitive enough to images with large patches of yellow that it censors promotional images of the film Garfield: A Tail of Two Kitties. 
• The software's misrecognition of "inappropriate contents" in applications including Microsoft Word can lead it to forcefully close those applications without notifying the user, and so cause data losses.
• The software runs only on Microsoft Windows x86, so Microsoft Windows x86-64, Mac and Linux users are ignored. Even on Microsoft Windows, the software is known to interfere with Internet Explorer and Google Chrome, and is incompatible with Mozilla Firefox.
• Some computers sold in China already come with parental-control software, but it isn't government-mandated.
  

3. The latest good news for the chinese people is that for the time being the compulory shipping and installation by the user has been put on hold.

4. Thanks http://www.circleid.com and off course wiki like always!!!!