Pages

Monday, April 19, 2010

What is Antivirus RAP Testing And Why Is It Important?

Why am I still a fan of Sunbelt's VIPRE Antivirus+Antispam software?

 As I mentioned in my blog earlier, VIPRE has numerous advantages over competitors, and another independent testing has proven the value of this software. In fact, I have replaced all of free and commercial anti-malware products on my home network, recommended to all my friends and several small business owners, and installed VIPRE. I have no regrets.
 You might know that Virus Bulletin is the world's most prestigious antivirus lab. They have been testing antivirus products for years. Apart from their VB100 certification, they have another interesting test called RAP. It's for "Reactive and Proactive", and helps you form an impression of the heuristic -and- generic proactive detection capability of security software products - in particular how well products perform against malware that appears after vendors have submitted their products to Virus Bulletin for testing. They create a quadrant a few times a year, and compare all products they have tested. And as you see, VIPRE does EXCELLENT in this test in April 2010, compared to all the other products out there. Top right in the quadrant is highest quality. http://www.sunbeltsoftware.com/alex/gblog/rap_detections_2.jpg

 As I have noted in another blog (The cyber-gangsters' "weapons" and the state of Internet security), there is no anti-virus program that can protect your PC from 100% of all malware, however, it should be an important part of your defense system, and it is where Sunbelt Software’s VIPRE engine (as one among the top AV products for reactive and proactive detection) shines. Virus Bulletin's RAP Testing measures products' reactive and proactive detection abilities against the most recent malware that has emerged around the world. The test measures virus/malware detection rates utilizing 4 specific sets of malware samples (look at the axles X and Y). The first three test sets reflect malware first seen in each of the three weeks prior to product submission. Shown results reflect how quickly product developers react to the steady flood of new malware emerging every day across the world. The last test set consists of malware samples first seen in the week after product submission. This test set is used to measure products' ability to detect new and unknown viruses proactively, using heuristic and generic techniques.

 You can read more (and see the comparison charts as well) at RTEK 2000 web site. I recommend VIPRE products based on my own experience and my own testing against competitors. Get VIPRE (pronounced "viper") now. I bet that small fee for this commercial product will pay off handsomely.

Friday, March 26, 2010

This isn't a pattern of failure. It's a surrender cult.

To add to my previous article about Chinese hackers (U.S. is losing power as the world leader), I recommend you to read the article from New York Post.  Especially, I like: "Here's the US-Israeli-Palestinian relationship in simple terms: You run a business. And you have a brother who's worked with you for decades. A group of corrupt "partners" with criminal records, notorious for flouting every deal they've made, promises to make you rich. All you have to do is kill your brother."

There is more! This is the first paragraph of the " Bibi’s Predicamentarticle from the Commentary Magazine:
"It should be clear by now that President Obama intends to pursue the “peace process” in the same way that he pursued health care — by ramming it down his opponent’s throat, in this case, Israel’s."
He lives Israel no choice but to bomb Iran's nuclear installations.

"Surely something must be terribly wrong with a man who seems to be far more concerned with a Jew building a house in Israel than with Muslims building a nuclear bomb in Iran ."
Columnist Burt Prelutsky , LA Times
 
What can I say? I wish it didn't happen in my lifetime.  I am so, so sorry for my country... :-(

Tuesday, March 9, 2010

Should we be afraid of Chinese hackers? ...Or lost cyber war (Part III)


PART I
PART II
PART III

PART III


Why U.S. is losing steam

In addition to the full access to Windows OS that proved to be vulnerable to endless exploits, China chooses FreeBSD as basis for secure OS. The Washington Times recently reported that "China has developed more secure operating software for its tens of millions of computers and is already installing it on government and military systems, hoping to make Beijing's networks impenetrable to U.S. military and intelligence agencies." What a bold move! No wonder that many security specialists are seriously concerned that China rapidly getting the leading edge over U.S.
Congress discussed this issue recently but what's the result? Recall Obama's visit to China (read above). Is our government insane? Not at all! As always, money rules the world. When it comes to make a decision the corporate lobbying wins over common sense.

Even worse! The U.S. Government often downplays cyber attacks on our infrastructure. As Ed Giorgio (in 60 Minutes Report on US Cyber Security (November 7, 8 & 9, 2009)) noted, there are at least 10 "reasons why cyber intrusions are ignored, denied, or not reported by government." No doubts, they will be denied by the government officials but here they are:
  1. It is downright embarrassing to admit that you do not have very good cyber defenses and it will severely hurt your brand.
  2. The targeted organization frequently has no solution to the problem as was the case when DHS "lied" to congress. In government and the military, you cannot report a problem you don't have a solution for.
  3. The administration might be worried about international political fallout because it impacts other delicate issues with China, Russia, Israel, France, etc.
  4. We don't want to open a can of worms and admit that we too have an offensive capability which we work hard to keep secret.
  5. We fear the unwanted oversight and attention.
  6. If we are forced to address the problem by making us reprogram resources from high priority mainstream mission programs which are already behind on.
  7. The bureaucracy doesn't want to be forced to hold somebody accountable and perhaps take adverse action.
  8. Adding security may get in the way of mission operations and reduce our effectiveness (like not being allowed to use a flash drive).
  9. Recognizing the problem would expand the set of stakeholders who you have to work with to solve the problem. No bureaucrat wants that as it causes a loss of control.
  10. We are skeptics and just plain don't believe it's a big problem and that's it has been blown out of proportion.
"Security? What security? What are you talking about? It's not my responsibility!"

As David Osborne and Ted Gaebler indicate:
"It is hard to imagine today, but a hundred years ago bureaucracy meant something positive. It connoted a rational, efficient method of organization - something to take the place of the arbitrary exercise of power by authoritarian regimes. Bureaucracy brought the same logic to government work that the assembly line brought to the factory. With the hierarchical authority and functional a specialization, they made possible the efficient undertaking of large complex tasks."

Since the word "bureaucracy" became a synonym to the word "government" (verify it with MS-Word grammar!) what can you expect these days? Efficiency? Smart decisions? Logical solutions? Forget-about-it!

When the highly qualified computer investigator decided to track the Chinese hackers and passed his amazing discoveries to the FBI that praised his work, as a result he was facing charges against his activity. "...they are so afraid of taking risks that they wasted all this time investigating me instead of going after Titan Rain" [very sophisticated attack - read below] - said the computer investigator.

Do you have any comments? Are you surprised? Do you see the elements of "political correctness" here?

At the same time, Chinese government is not under pressure from its corporations and it ignores any "political correctness" that has overpowered United States. China improves the security of its army (PLA) using a hardened FreeBSD operating system. Considering also more than 100 information infrastructure attacks per minute on the US Department of Defense originated from China and keeping in account that most of the DOD computers are Windows-based, now we have a clear picture: it's the face of an enemy.

Whether it's current or future enemy hard to say but I think that at this moment it is a virtual one, the enemy that is invisible, the enemy that is hard to catch. As I mentioned earlier, tracking virtual enemies can be quite a challenge to U.S. spy hunters.The FBI officials are uncompromisingly pursuing the possibility that the Chinese government is behind many cyber attacks (especially not widely discussed Titan Rain attack - "the most pervasive cyber-espionage threats that U.S. computer networks have ever faced.") considering how well it was organized.

As you may guess, it's almost impossible to determine who exactly was behind the attack: China government, PLA, or someone from private sector (aka patriot hackers) because China has not been cooperating with U.S. investigations of Titan Rain. In accordance to the TIME magazine, "TIME has obtained documents showing that since 2003, the hackers, eager to access American know-how, have compromised secure networks ranging from the Redstone Arsenal military base to NASA to the World Bank… and can be a point patrol for more serious assaults that could shut down or even take over a number of U.S. military networks".

Due to the length of this article I don't want to discuss this issue further but I highly recommend reading about the Titan Rain attack (see the link above) and who discovered it.

Similar developments can be seen on a military front. In April 2009, in Prague, President Obama gave a speech in which he pledged America would work toward a "world without nuclear weapons.". Considering China's military advancements, they have different plans. China's growing revenues helps to become the world's biggest military power, to the point where the U.S. "would not dare and would not be able to intervene in military conflict", for instance in the Taiwan where U.S. has its own interest. Their new ballistic missile is capable hitting a target at sea with the range more than 1,000 miles and could be well used to attack and sink U.S. carriers.

No wonder, the Defense Secretary Roberts Gates has expressed his concern, too: "Investments in cyber and anti-satellite warfare (by China), anti-air and anti-ship weaponry, and ballistic missiles could threaten America's primary way to project power and help allies in the Pacific - in particular our forward air bases and carrier strike groups." while the U.S. administration (faced with huge budget deficit) seized financing for upgrade of aged nuclear arsenal. All of it will lead to the reduction of our military capabilities giving China a leading edge.

History often repeats itself. You are witnessing the process of losing the world dominance by one country and shifting the power to another one.



The lost cyber war

During 2008-2009, U.S. government and military organizations reported about 200 breaches including breaches of more than 70 million records in 2009 comparing to a total of fewer than 3 million in 2008. Do you see the trend? Did our government initiatives and billions of taxpayers' money spent on improving security pay off?

"The great thing about being a pessimist is that you are constantly either being proven right or pleasantly surprised." -- George Will, News commentator.

Consider me a pessimist but I don't see the light in the end of the tunnel.

I'd love to be wrong but I guarantee that there will be greater need in more security practitioners than we have now. Cyber security became a survival skill for any organization.

Senior government officials overseeing the nation's cyber defenses told a Senate panel that agencies are doing more to coordinate their far-ranging efforts, but that even in the best-case scenario, the hackers are often one step ahead. "The harder we can make the general network environment, the easier it's going to be to detect [threats]," said Richard Schaeffer, director of the National Security Agency's Information Assurance Directorate. "We believe that if one institutes best practices, proper configuration, good network monitoring ... a system ought to be able to withstand about 80 percent of the commonly known attacks."

What about the rest 20%?



What's the situation with resistance to cyber crime?

The painful experience of the last several years, lost data, productivity, new security standards imposed by the government, humongous amount of money spent on improvement of IT security raised a red flag for many organizations. I can't say that we do nothing to fight cyber crime but as I mentioned above we are always one step behind the hackers. Let's see what's going on these days.

In February 2009, President Obama launched a 60-day investigation into cyber-security, promising to improve U.S. Internet defense. I don't know what was done after the investigation except the creation of one or more departments with more bureaucrats but the situation did not change much. I have been reading articles about new Federal law propositions, new security requirements, new initiatives, however, all of it proved to be close to useless not only at the U.S. level but also on the international level. According to InformationWeek news reports, the American and Russian governments were engaged in talks to make Internet a more secure medium and limit certain types of cyber-weapons but talks haven't progressed far due to a difference in philosophy.

Many organizations and companies who work on defense against Chinese hackers have recognized that it's close to impossible to catch and prosecute hackers who operate abroad and especially in China. Since no international legal agreement exist, even if the hacker will be traced to a particular person, it will be impossible extradite him to the U.S. considering the relationships with the communist's government of China. Lately, the relationships became even worse (the hacking of Google's story).

Meanwhile, Chinese hackers are becoming harder to monitor since they communicate and coordinate their attacks through private text-messaging rather than on blogs or Web sites, leaving no traces of their activities. So, what is left? Is there ANY way to protect our networks and data? The only learning how to defend ourselves is the way to go under current circumstances.

Again, I can't say we do nothing because:
  • We educate IT professionals responsible for protection of their IT infrastructure, and we have a number of highly experienced and certified professionals who participate in examining case studies, war-gaming various scenarios, exercises, and implementing global defense solutions.
  • We have created a whole bunch of security-related certifications to certify the expertise of IT pros (CISSP, CEH, Security+, CISA).
  • We have developed multiple government standards to protect the government networks and information.
  • We plug the endless holes in the operating systems, applications, utilities, and databases.
  • We participate in numerous webinars, read whitepapers, magazines and books; discuss the IT security on hundreds of forums.
  • We have plenty of web sites dedicated to data security.
  • We spent (and continue spending) zillions of dollars on anti-malware products and technologies ($7 billion a year).
Yet, we are still facing the same danger to be exposed to sudden cyber-attack or to become the victim of cybercrime because the standards are not perfect and not everyone is following them, the anti-malware products are only 50% effective; there are endless security holes in the operating systems, applications, web browsers, perimeter defense and more. As a result, for instance, according to FBI, an average of over 1 million computers per year is currently being hijacked by botnets; an estimated 90% of Internet access points on corporate networks are inadequately protected; and the cyber-gangsters rip estimated $100 billion worldwide utilizing silent attacks that are invisible to their victims.

What are the latest developments in cyber-defense?

There is interesting information about the new security content protocol specification that has been released by The National Institute of Technology (Special Publication 800-126. "The Technical Specification for the SCAP,"). In accordance to the Government Computer News, "SCAP comprises specifications for the standard organization and expression of security-related information, provides an overview of the protocol and on ways software developers can integrate SCAP technology into their product offerings and interfaces."

In the end of last year, the U.S. Department of Homeland Security (DHS) completed, in cooperation with other government agencies, a draft of national cyber attack response plan that is planned to be tested in September 2010 during Cyber Storm III, a cyber security drill. I am just curious why this information is available online and not restricted to those who has appropriate security clearance...

Northrop Grumman and three universities planned to form a cyber security research consortium to address emergent cyber security issues. Northrop Grumman will fund 10 research projects at MIT, Carnegie Mellon University and Purdue University. Quite a powerful combination! I hope we'll get some positive developments from the best brains in our country.

The Homeland Security seeks new ideas how to protect our networks by creating a Web 2.0 crowd-sourcing portal called IdeaFactory. House leaders have asked the chamber's security officials to implement a new cyber-security training procedure for aides and take extra steps to protect sensitive information from potential hackers and to recommend the technology updated focused on security awareness.

Microsoft detailed new botnet protection, IdM technology at RSA Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group, offers insight into the company's plans to thwart botnets, secure enterprise cloud computing and help individuals better manage their online identities.

Yes, the first step that will be the most effective is to educate computer users about potential threats from highly qualified hackers, what needs to be done and how to operate computers safely.

Here is what one fellow said in his blog:
"I run a computer service shop, and...we drop Avast [anti-virus program] on ALL computers that come in, while simultaneously telling every single customer that it will do nothing to prevent them from brand new threats...and neither will anything else on the market today! Quoting myself, "viruses are a cat-and-mouse game, and antivirus vendors are always the cat doing the chasing." Software firewalls are also junk because any virus that does take root can easily bypass such a program. In reality, the only two things that are needed to keep a secure network are (A) a hardware firewall between you and the Internet and (B) well-educated, cautious, skeptical users. Education seems to fly out the window when an erection or free music is involved… Computers and software stopped being the weakest link over a decade ago. The most commonly exploited security hole on a computer is the device which sits between the keyboard and the chair, not the IP stack or WMF rendering libraries."
Posted by: cryptikonline on: 07/14/09

Step number two should be proactive defense, the type of defense that actively fights hackers with their own weapons. I was glad to find information that there are some white-hat hackers that actually do just that!

In accordance to F-Secure, a white-hat hacker (a good guy) using the avatar 'Catch-Em' hacked into the Pakbugs.com web site (the underground site that re-sells stolen credit cards), compiled a list of registered users with their email addresses and passwords and then posted the list to the Full Disclosure security mailing list. He also forced the web site to shut down for several days, and later (when the web site was online again) activated the DDoS (distributed denial of service attack).

DNSSEC introduced a new encrypted domain technology designed to protect the domain name system from spoofing and other hacks.

Lockheed Martin has formed an information security alliance with several technology providers to focus on self-healing systems to solve some of the information security problems.

There are also some successful operations on the grand scale. Eighty (80) people worldwide were arrested in connection with a major international banking ID phishing scam. "Operation Phish Phry" has been described as the biggest cybercrime investigation in US history.

I'd like to see more news like these ones:
There is a known technique to build "Honeypot" servers that attract hackers by lack of any protection and avert them from sensitive servers that have various layers of protection. Since the hackers usually take the easy route, those servers serve well by not only turning the attention away from important computers but also allow learning how the servers are being hacked and what needs to be done to protect the sites against becoming a part of botnets. For instance, a new open-source honeypot project called Glastopf dynamically emulates vulnerabilities attackers are looking for" and can auto-detect and allow unknown attacks.

Recently introduced technique, perhaps limits the number of security holes in the software by using the application Whitelisting techniques like from Faronics. If any executable file is not on the white list, it's not permitted to run!

On another note, if you have the critical infrastructure with strategic importance, why not isolate it physically from the Internet and use, perhaps, dedicated lines of communication? Not possible? I doubt it. With amount of money wasted on security that does not protect there is always a way to find the method of managing the infrastructure without exposing it to attacks originated from the Internet.


What can we do about cyber-terrorism?

Let's be honest, the facts are against us. Those who defend the networks are faced with a huge range of cyber-weapons to protect the infrastructure. At the same time, the cyber-gangsters can reach the goal by exploiting only a single vulnerability. Cyber-gangsters are usually fanatics who would do anything to cause the mass destruction, whereas security experts are not the fanatics to work tirelessly endless hours.

U.S. Federal agents have thwarted planned terror attacks on Fort Dix, N.J. by uncovering a terror ring in Lackawanna, N.Y. and plots against the nation's financial centers, the World Bank, ten airliners landing in the U.S. (the liquid-bomb plot), JFK airport, the Brooklyn Bridge, the New York subway system, the Los Angeles airport, the Israeli consulate in Los Angeles, and the Prudential Building in Newark, N.J., among others. They fought real terrorists. But how do you fight cyber terrorists?

The Internet is not a secure media. Those security professionals who passed CISSP exam (commonly respected security certification) learned about the model for security policy development or so-called "CIA triad" (Confidentiality, Integrity, Availability). The problem with the Internet security lays in the fact that the Internet was not initially designed for confidentiality or integrity. It was designed for availability and resiliency by providing a packet switched network with alternate paths meshed together. The security services of confidentiality and integrity usually must be implemented at the application and end-point levels (computer, mobile phone, PDA, etc.).

There were some voices to re-design the Internet and to make it more secure. Wouldn't it be great? It makes sense for some of the people who are responsible for security. This drastic measure cannot be taken without the government intervention due to possibly imposed taxes on the Internet usage and huge expenses. As you may guess, this measure will obviously rage many people (including myself, perhaps on this stage) who would oppose it using all available civil rights. I am not talking only about the U.S. citizens but also about world's net-citizens since it must be a common effort after a commonly accepted agreement.

Maybe the future incidents will push more people toward this measure but we must act now - as a government and as individuals - to fully meet the challenge of cyber terrorism. Some methods we may use include:
  1. Implementing strong access control systems to ensure that only authorized individuals can access cyber systems.
  2. Using strong encryption to ensure confidentiality and integrity of information stored, processed, and transmitted on and through cyberspace
  3. Keeping policies up to date, and ensuring they are strictly enforced
  4. Implementing effective detection systems to recognize currently known and future cyber attacks quickly
  5. Closely monitoring all cyber activity by using log files and log analyzers
  6. Implementing a real-time national defense strategy
  7. Deep analysis and forward thinking on possible future technologies and prediction of attacks (based on current trends) that may occur as those technologies are implemented to address the security requirements of the future

1. END-POINT PROTECTIONS FOR ORGANIZATIONS

Here are the "BIG SEVEN" rules that reflect the major steps to be taken to protect the end-points in the corporate and government networks:
  1. Create an Internet use policy and use the web content filtering with scheduled updates.
  2. Train employees on cyber security and enforce it vigorously.
  3. When administer the access rights, reduce privileges as much as possible on a "need-to-know" basis.
  4. Login to the system with administrator rights only when you need to change the configuration or install/remove the applications. Otherwise, login as a regular user with no administrative rights. (Report: 92% of critical Microsoft vulnerabilities mitigated by Least Privilege accounts)
  5. Take care about updating your software (OSs and applications patches) religiously.
  6. Use the best possible Anti-malware product on each piece of hardware. Besides that, implement application "whitelisting", heuristic and behavioral detection additionally to detection by signatures to mitigate zero-day threats.
  7. Consider implementing new technologies such as cloud and virtual computing by centralizing the hardware for distributing the applications down to user's PCs (or terminals).
Using application and OS streaming based on specific needs and storing the images in one, central location will increase the security level and lessen the burden of maintaining the security locally, on each node since all the patches and security protection will be concentrated in one place rather be distributed all over the network - hosted security (assuming that the application/OS streaming will be tightly secured and encrypted).

Such a solution may dramatically lessen the number of attack vectors with many additional benefits. In fact, server versions of Windows typically have a lower infection rate on average than client versions. Servers have a tendency to have a lower effective attack surface (or vectors) than computers running client operating systems because they are more likely to be managed by experienced administrators and to be protected by several layers of security.

2. ANTI-SPAM PROTECTION

MessageLabs Intelligence Top Tips to Stamp out Spam:
  • Protect your email address - using your primary email address anywhere on the web puts it at risk of being picked up by spammers so be careful where you use it
  • Watch out for the checkboxes - when you buy or sign up for something online, opt out of being contacted by third parties, you don't know where your address will end up.
  • Don't use the reply, remove or forward options - acknowledging the spam email using any of these options only validates your email address and can lead to more spam.
  • Use an unusual name - if you use an email address with numbers in it for instance, you are less likely to receive spam. Spammers often use directories of common names to guess email addresses, e.g. ajones@company.com, bjones@company.com, etc.
  • Avoid clicking on any links in spam messages - the addresses of links are frequently disguised and often serve only to confirm your existence to spammers. Same with unsubscribe links.
  • Avoid downloading pictures in spam email - these can identify you as a recipient even if you just view the message in the preview pane. You can view your email as text to prevent this, or you can set your email security to block external images.
  • Use a spam filtering service

3. HOME PC PROTECTION

a) First of all, educate yourself about information security even if you are not involved in the Information Technologies.

b) Consider dedicating one PC exclusively for online banking. Restrict other browsing or services like email of web surfing.

c) Use the combination of the best security utilities. My "four favorites" that I have on EVERY PC that I use at home and recommend to my clients:
In addition, if you download a zipped or executable file from the Internet web site, please use the Virustotal.com web site. Upload your file to that web site and verify it against 32 virus scanners. There is a big chance that only one anti-virus scanner will detect the malicious content. The service is free.

d) Do not expose your personal information on social networking web sites. It's easy to follow the crowd and proudly post your photos and personal information about yourself and your family. Keep in mind that it is exactly what the hackers need to steal your identity.

e) Remember that "there's no patch for human stupidity". Do not click on suspicious e-mails that you don't expect to receive. Do not open e-mail attachments (even such "innocent" as PDF or PPT files) because they may contain the malicious code. In fact, the PDF files, in particular, are responsible for about 80% of all infections in accordance to some sources. Such the files can take a form of fake codec or videos and poisoned search results continue tricking users into on purposely disabling the security programs that they had at the first place.

No Internet security suite can protect you from yourself, so do yourself and the Internet a favor - patch all your insecure applications - it's free with F-Secure and Secunia.

Through a combination of a fully patched OS (operating system) running the latest versions of the software installed, least privilege accounts and a well-configured personal firewall, a big percentage of the malware that penetrates through the client-side will be mitigated well before it reached the antivirus scanner.

f) Sometimes, you may travel (abroad or just out of your office). Please be cautious about public PCs/kiosks:
  • Check how the PC is set up. It shouldn't let you access the system settings such as the control panel and user accounts. It is a case when the less you can do on the PC, the better - it's well-locked down. I would also recommend to look around the PC for any kind of plug-in devices. It can be hardware-based keylogger attached to the keyboard cable or USB port. For more on keyloggers, read the Bright Hub article, "Risky business, using kiosk computers."
  • When you HAVE TO perform online banking and credit card purchases that might leave sensitive information on public PC and have to chance to avoid it (what is highly recommended), uncheck any box offering to remember your information and change your passwords as soon as you are on a PC you know is secure (home/your office). I have setup special access to my online PayPal account using the security fob that generates random digits to be used for passwords. It allows me to access the web site with a different password every time I use it. You may request it from PayPal, too.
  • If you have access to browser options that let you clear the cache and wipe out cookies, you should use them. The best systems warn you that they will clear stored information such as cookies when you exit.
  • If you need to save a file - do not do it to the local drive but rather to Flash drive. Also, you may want to e-mail the file to yourself and then delete it from the public PC. Make sure you emptied Windows Trash can.
  • If you access the Internet through Wi-Fi networks available in public places, remember, there might be hackers that wait for your free, password-free access. Today's Wi-Fi security protocols are proven to be weak and can be easily broken within minutes with a tool freely available on the Internet.




The future of cyber space. Be aware!

Since this is the last chapter of this article, I'd like to summarize my concerns. In accordance to Liu Migfu (People's Liberation Army (PLA) Senior Col., "The China Dream" book), "China's big goal in the 21st century is to become world number one, the top power."

China's population is growing by 21 million a year and currently houses 1.2 billion people that represent 22% of the world's population. At the same time, their territory is only 7%. The law that restricts Chinese citizens to have only one child doesn't work because poverty breeds children in spite of the danger to be put in jail. This limited territory cannot provide enough food for such a dramatically growing population forever. Many poor Chinese citizens will be faced with starvation.

Of course, I am speculating but think about it. What would be the solution to this problem if you are one of the Chinese government officials? The answer is the immigration (legal and illegal) of a large number of people to the every corner of this world. It's the most inexpensive solution that will have the most lasting effect. China thinks in longer terms. The gradual (and peaceful!) takeover of the territory could be a long-term plan. Legal immigrants can buy or open businesses in whichever country they settle in and have the political power earlier or later. The illegal immigrants will flood the businesses with cheap labor. Given enough time, all of it may lead to serious political and economical influence all around the world especially if Chinese immigrants will preserve close ties with their motherland.

I am taking about a peaceful invasion that you cannot fight because it will be a fight against unarmed people. Taking into consideration long-term plans and almost enormous financial resources of China, the Chinese immigrants will be supplied with enough money from the Chinese government to keep the businesses strong. Of course, they will have to repay the loan what will tie them to China even more.

The same financial resources concentrated in the hands of Chinese government can surely be used (and probably are used) to finance the cyber-gangsters who conduct cyber espionage (economic and military), to secretly stockpile the gold and invest in oil-rich regions out of China, to bribe government officials in various countries and to gain the advantage in trade and politics. Just try to arrest any Chinese anywhere in the United States and the Chinese government will raise a hell with the White House. I am taking about boycotts of trade goods and various sanctions. The growing power of China will be used easily to tight our hands. Now, can we arrest any Chinese hacker in China even if he is an originator of the cyber attack?

The trade and cyber war between the People's Republic of China and the United States, in particular, is a war for extraordinary power and wealth for the winner, and therefore China uses all available resources openly or secretly for winning down the road.

Regardless of whether cyber terrorism is a serious threat to safety, our critical infrastructures, or just an annoyance, we must be forward-thinking to meet future challenges regarding cyber security.

As you understand, many countries' governments consider cyber security and cyber- weapons very seriously. Our government, in fact, not only continuously worked on improvement of cyber-security but also successfully used cyber attacks during Iraq war in May 2007 when George W. Bush authorized the NSA attack on the cellular phones and computers that insurgents in Iraq were using to plan roadside bombings. The attack not only prevented successful communication and coordination efforts but also supplied enemy with false information by leading them directly under fire of U.S. soldiers.

There were several cyber tsars to lead the U.S. efforts in cyber defense as well as several major initiatives aimed to improve and protect our infrastructures against cyber attacks. The new reality of computer age is taken so seriously that the Obama administration's former White House chief of cyber-security, Melissa Hathaway, has called for international cyberspace agreements (with similar proposals from Russian government).

However, the chances of such an agreement are quite slim. And here is why. The senior U.S. Army officials identify the wireless communications networks used by insurgents and terrorists as their No. 1 target, and after the Russian government's attempt to propose a treaty limiting the use of cyber-weapons, the State Department has rejected the idea preferring to focus on improving defenses and summon cyber attacks as crimes. In addition, the officials are against any move that could undermine our own cyber security by limiting the options and ability to attack because the advantages of having a cyber-warfare capacity are simply too great in the computer era world.

The cyber-war tactics are also advancing. The United States has already learned that it makes no sense to hit an enemy's infrastructure if it disables an ally's, and possibly America's own since many networks are interdependent. "If nations begin attacking one another's banks and power grids, the next step is exchange of bombs and bullets". In spite of the fact that China rapidly moves to the leading position of cyber-war master, most likely, it has no desire to knock-out Wall Street, because it owns large piece of it. Russia should be hesitant to begin a cyber-attack on the United States because, unlike Estonia or Georgia, the U.S. could quickly response with massive conventional force.

As you see the Cold War still exists but it moved underground or, to be precise, "underwire".

In fact, in accordance to McAfee's annual Virtual Criminology report, many nations are secretly stockpiling tools and techniques in preparation for sophisticated cyber warfare against each other So, expect the cyber-weapons to be enhanced, the cyber-war capacity to be increased and improved, and methods of penetration or DoS attacks to be technologically advanced.

Here is a "dirty 13" prediction for 2010 by Larry Barrett:
  1. Antivirus is not enough
  2. Social engineering as the primary attack vector
  3. Rogue security software vendors escalate their efforts
  4. Social networking third-party apps will fraud targets
  5. Windows 7 will come in the crosshairs of attackers
  6. Fast Flux botnets will increase
  7. URL-shortening services become the phisher's best friend
  8. Mac and Mobile Malware Will Increase
  9. Spammers breaking more rules
  10. As spammers adapt, volume will continue to fluctuate
  11. Specialized malware on the rise
  12. CAPTCHA technology will improve
  13. Instant messaging spam will surge
Russians have an excellent proverb that when being translated to English sounds like this: "Those drowning - save thyself". It can be very well applied to the situations described in this article.

Got computer? Start with security!

Please share this article on your network (Tweeter, Facebook, etc - more social networking links can be found on top of the page in the right corner)

References:

http://community.middlebury.edu/~scs/docs/Lee%20Lai%20To,%20China,%20USA,%20and%20the%20South%20China%20Sea%20Conflicts.pdf
http://english.peopledaily.com.cn/home.html
http://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=e1005399-d98b-4aff-bb60-2c1884949700
The commercial malware industry.
http://blogs.zdnet.com/security/?p=3673
http://blogs.zdnet.com/security/?p=4791&tag=nl.e539
Janczewski, L. & Colarik, A. (2008). "Cyber Warfare and Cyber Terrorism". Page xiii. Information Science Reference, Hershey, New York
http://www.financialsense.com/stormwatch/geo/pastanalysis/2009/0717.html
http://www.microsoft.com/downloads/details.aspx?FamilyID=037f3771-330e-4457-a52c-5b085dc0a4cd&displaylang=en
http://www.cnn.com/2008/TECH/03/07/china.hackers
http://www.popsci.com/scitech/article/2009-04/hackers-china-syndrome
http://money.cnn.com/magazines/fortune/fortune_archive
http://tinyurl.com/llcdcc
http://www.investors.com/NewsAndAnalysis/Article.aspx?id=522689

Friday, February 19, 2010

Should we be afraid of Chinese hackers? ...Or lost cyber war. (Part II)

PART I
PART II
PART III


Average PC user in China or were the hackers are growing...

Internet users in China aged below 25 spend on average 50 percent of their leisure time online, according to this survey. Those surveyed in China demonstrated high levels of social media activity. Nearly 9 out of 10 Chinese respondents indicated that they actively read or contribute to blogs and 85 percent said they participate in chat rooms.

New opportunities for self-expression, communication and interaction in China made the Internet a part of their everyday routines. The number of intelligent 20+ youngsters is increasing. Their computer skills reached sophistication allowing them to gain access to the world's most sensitive sites, including the Pentagon. In fact, some of them claim that they are sometimes paid secretly by the Chinese government -- a claim the Beijing government denies. There is a number that circulates the web (not confirmed data) that the Chinese government pays to up to 50,000 highly skilled military hackers to use the Internet for specific purposes that are defined by the government officials (cyber expert James Mulvenon told a congressional commission in 2008). Considering the population of China, this number may not seem threatening at first.

Sure they don't have a special facility with high-tech equipment; they operate from small apartments. Don't underestimate them - they are hardcore hackers who claim that "no web site is 100% safe". In spite of high level security, every web site has a specific weakness that can be exploited. Some of the hackers are self-educated programmers and some of them came from the People's Liberation Army, either way they know how to approach the task. Carefully studying the web pages, they determine the underlying programs used on a particular web site and then exploit the known weakness or test it to find the new one. The language differences are not the barriers for hacking. Many of them study English to the degree that serves them well in their activities. Young hackers are persistently trying to prove themselves against some of the most secure Web sites in the world.

There are many hacking tools are available on Chinese web sites for free and for a few bucks. For instance, for $150, youngsters can buy decent tools for hacking, design of Trojans or tool to evade anti-virus programs in addition to interactive tutorials and the support through chat or IM, i.e., the infamous software known as Grey Pigeon. Some days ago, the software was used for remote control (similar to GotoMyPC.com) but as it was discovered, it is an ideal tool for hacking that can easily be purchased in China.

Some experts believe many individual hackers are joined together to form small and large groups such as a civilian cyber militia that launch attacks on government and private web sites around the world. Some sites reach more than 10,000 registered users and offer special tutorials (sometimes even interactive) about hacking. There are hacker magazines, hacker clubs and online movie serials about hackers. About 43 percent of elementary-school students say they adore China's hackers and 33 percent say they want to be one! Imagine that future army of hackers.

As the Chinese economy improves, you can see more cars on the streets, plenty of construction sites, and numerous brand names ads and shopping centers. More and more citizens become wealthy, or at least move to the middle class level. Those who still can't find the way to make more money (and the young generation, in particular) try different methods utilizing the computer technology.

For instance, they build the web sites that are selling counterfeit items and attract customers by the low price. Usually, after getting money they either mail cheap imitations or nothing at all.

There is another side of hacking: not for money but to make a political statement.

The young generation knows how the government can suppress the democracy movements (Tiananmen Square), so rather than proceed on the road of democracy many young people (or China's Internet patriots) identify themselves in opposition to the West. These "red hackers" may not be acting on behalf of their government directly but the effect of their activities is the same.

If you'd knew the Mandarin language and tried to Google the word "hacker" using its characters, you'd find hundreds and hundreds web sites dedicated to the Chinese art of computer hacking. Some of the web sites are highly organized with detailed tutorials, history and logs of actual hacking, documentation, links, and even technical support. Some Chinese hackers are being trained at schools like the Communication Command Academy in Wuhan (the capital of Hubei province). Based on some research by the U.S. intelligence, the total number of registered hackers in China is approaching 400,000.

The hackers of all sorts can be found in the organized clubs whose members meet regularly. There are kid hackers, women-only hackers, hacker novices, and, of course, gurus. The most amazing and disturbing is the fact that most of them have the unifying characteristic: nationalism. Most of the Chinese hackers are not the individuals or anarchists but rather "tend to get more involved with politics because most of them are young, passionate, and patriotic." This stylish nationalism of hackers with laptops and Internet connection is dangerous for all countries but it is the most harmful to China itself since their government is inclined not to prosecute hackers unless they attack within the country.

These loose government restrictions are more frightening than state sponsored cyber-warfare. The government perhaps tolerates hackers and sometimes encourages them. Their government might task these hackers in turn gain control of them. Homegrown hackers might just as easily be recruited to write viruses or software for the People's Liberation Army.

If you are interested in learning more about the top Chinese hackers, check out the The Dark Visitor web site (in English).

In 2002, a scholarship student, Peng Yinan and two other hackers broke into the web site of Lite-On Corporation and replaced the Taiwanese firm's home page with the message "[F-ck] Taiwan's pro-independence!" In December 2003, similar message reemerged on the U.S. Navy Chartroom site. "[F%ck] usa.gov," read the defacement, which was signed by coolswallow and four others (the same Peng hacked the FoxNews web site after U.S. invasion into Iraq). In fact, they have not only defaced many web sites in the U.S. but also shared the hacking tool on the Internet.

Web site defacement is a very unpleasant thing when your web site is defaced! I remember when I got a call from California from a man who informed me about a U.S. teenager who hacked several web sites including my company's default web page (with a similar message about the U.S. government). It's good that I have the habit not to use the default page on the Microsoft Internet server (IIS) as a home page but rather any secondary. It saved my company from potential shame.

Based on Peng Yinan's following activities after 2003, I would compare him with infamous hacker Kevin Mitnick with the only a difference that Peng was somehow connected to the Shanghai government and since he was qualified enough, could be paid to do some freelance work. There are speculations that he was permanently hired by the Chinese government since he has disappeared from the hacker's world and that in itself is very disturbing.

The Chinese hackers became so experienced and recognized worldwide that MI5 hired Asian teenage hackers in fight against cyber terrorism in China, Russia and Pakistan.

In spite of the huge Internet activity in China, the country's Internet censoring is well known to the world (didn't KGB do the same with the phone calls and letters?). The government wants to have the control of the information flowing in and out of the country. It's not easy to do without sophisticated technology. It's a fact that Chinese entrepreneurs returning from working in Silicon Valley were requested to provide the filtering technology to China's Internet police. These police are actually very successful not only with censoring the communications but also with quick and effective shutting down the sites that they also do not hesitate to pursue for classified information inside of China or similar rogue sites.



How Microsoft armed Chinese hackers

When it comes to money, many (if not all) companies intend to forget about any possible consequences and lose conscience. Microsoft is not the exclusion. The prospect of a sweet piece of pie (e.g. China market) was reflected in the first move that Microsoft made in 2003 when Microsoft signed source code browsing agreement with China.

With the known weak security of Microsoft's operating systems and with the source code not open to the public, many countries, including China, adopt the open source code Linux operational system, a rival of Microsoft. To avoid it, Bill Gates signed an agreement with the Chinese government stating that the new Source Code Browsing Lab can browse the source code of the Microsoft operating system and engage in information security related research.

Almost 15 years of learning about how to do business with China, Microsoft decided to share the source code as a first significant step in penetration into Chinese market through the cooperation with the communist government. Liu, a member of the political bureau of the CPC Central Committee, said that China has great number of software talents and regarded software sector as one of its backbone industries. As a result, Microsoft offered China and later, 59 other countries the right to look at the fundamental source code for its Windows OS and to replace some sections with their own code. Now when China uses Windows in President Hu's office, or perhaps in its missile systems, it can install its own cryptography.

Let's look at this from another point of view. Microsoft makes money by selling its software to China and China has access to the source code of the operating systems that are used by the majority of the computer users around the world. Imagine that you are the computer hacker. What would you want most of all in order to break into the Windows PC?

You probably heard about "reverse engineering" used by hackers when the program they want to hack is taken apart into pieces in order to build the piece of code used for hacking. It is a very complicated and challenging process and not many hackers are able to do it. With the source code available as a gift from Microsoft, isn't it easier to hack Windows?

For instance, the latest report from Google is troubling: "Google detected a "highly sophisticated and targeted attack" last month which originated from China, and resulted in the theft of intellectual property from the search engine, according to Google's corporate development and chief legal officer David Drummond.

It later transpired that the attack was not limited to Google, but infiltrated 20 other large companies from a wide range of businesses - including the internet, finance, technology, media and chemical sectors." More.

Since the Chinese government directly or indirectly supports its own hackers, they might have access to the source code as well. Let's recall how many times Windows - based OS was hacked. In accordance to Shane Harris, who wrote an article about Chinese hackers, they "pose a clear and present danger to U.S. Government and private-sector computer networks and may be responsible for two major U.S. power blackouts." The U.S. government "officials believe that the intrusion may have precipitated the largest blackout in North American history. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected."

Needless to say, Chinese hackers are surely in the state of war with the U.S. Do you need more proof? Just read the daily news.
"China's big goal in the 21st century is to become world number one, the top power," People's Liberation Army (PLA) Senior Col. Liu Migfu writes in a newly published book, "The China Dream." This dream could rapidly become America's nightmare.




A cyber-war in action?

The U.S. Defense Secretary R. Gates said in a recent speech to the Air Force Association: "Investments in cyber and anti-satellite warfare (by China), anti-air and anti-ship weaponry, and ballistic missiles could threaten America's primary way to project power and help allies in the Pacific - in particular our forward air bases and carrier strike groups." The Pentagon recently admitted that last year many computer networks in the United States, Germany, Britain and France were hit by multiple intrusions, many of them originating from China. However, U.S. officials have been cautious not to directly accuse the Chinese military or its government of hacking because it is difficult to prove.

Due to the nature of botnets (distributed networks of infected computers spread out across the globe) the cyber-defense experts are faced with a problem to prove the origin of a cyber attack. Another reason the U.S. hasn't made any claims against China is previously mentioned necessity to be politically correct. 

When David Sedney, the deputy assistant secretary of defense for East Asia mentioned, "The way these intrusions are conducted are certainly consistent with what you would need if you were going to actually carry out cyber warfare." Beijing hit back at that, denying such an allegation and calling on the U.S. to provide proof. "If they have any evidence, I hope they would provide it. Then, we can cooperate on this issue," said Qin Gang, a spokesman for the Chinese Foreign Ministry, during a regular press briefing... "I am telling you honestly, the Chinese government does not do such a thing".

India's security advisor said that Indian government network was attacked on December 15, 2009, the same day that some US companies reported having been attacked. The attack on the Indian computers came through a maliciously crafted PDF file that arrived from China as an attachment to an email. As always, the Chinese foreign ministry called their claim "groundless".

However, there is some evidence data about China as the base land of various attacks that have slowly come on to surface. For instance, a security researcher says he has found evidence linking the recent attacks on Google to China (January 2010). Analysis of the software used in the attacks revealed that it contained an algorithm from a Chinese technical paper that was published only on Chinese-language web sites. 

Some experts believe that those hackers are not agents of the Chinese state even if they claim to be paid by Chinese government. All of it is quite sensitive information and no one would openly publicize it. However, I believe that with China's goal to achieve world dominance, it fits the picture. Military and economic espionage are an integral part of these carefully planned actions. As our recent Nobel Prize winner Mr. Obama mentioned in his speech, "We must begin by acknowledging the hard truth ... There will be times when nations - acting individually or in concert - will find the use of force not only necessary but morally justified."
Recent events related to the Islamic fundamentalism proved, different people have different morals. In China's goal for world dominance, everything is "morally justified". Chinese communists can be trusted the same way we trust Russian leaders.

In May 2001, several U.S. government web sites were hacked or brought down with DDoS attack by the Chinese. The White House, U.S. Navy, the Interior Department's National Business Center, and more than 1,000 American sites experienced an unprecedented situation of massive offense.

As qualification of Chinese hackers grows, the successive attacks have become more serious. In the past two years, Chinese hackers have intercepted critical NASA files, breached the computer system in a sensitive Commerce Department bureau and launched assaults on the Save Darfur Coalition, pro-Tibet groups and CNN. Sadly, those are just the attacks that have been publicly acknowledged.

What was the cause of these massive and sudden attacks in 2001? As later discovered, it was a coordinated effort of Chinese hackers whose rising Internet-driven nationalism pushed them to declare an anti-American protest after the death of a Chinese pilot who was killed in an accident when a U.S. EP-3 reconnaissance aircraft flying off the southern coast of China had collided with a Chinese F-8 fighter jet. 

In its 2008 report to Congress, the U.S.-China Economic and Security Review Commission called Chinese cyber-espionage a major threat to U.S. technology. "China is aggressively pursuing cyber warfare capabilities that may provide it with an asymmetric advantage against the United States," the commission warned. U.S. defense officials called it "patriotic hacking". Hey, this patriotic thing presents real danger for the most vulnerable targets in our country such as air traffic control, the electric grid and waste facilities, banking and Social Security systems, and it cannot be taken lightly. Whether it was paid by the Chinese government or it was an act of hacker patriotism, our government should take this very seriously. We live in the digital age and all the information that is used in our networks and resides on the servers is at risk.

President Bush correctly understood this issue and before leaving the Oval Office authorized the creation of a National Cyber Security Center under the Department of Homeland Security. The current government proposed $355 million to secure private and public sector cyber-infrastructure.

James A. Lewis who helped develop cyber-security policy recommendations for the Obama administration, a senior member at the Center for Strategic and International Studies (CSIS), shared that concern. He said, "The U.S. government had a number of serious computer incidents in 2007, most of which were attributed to China," he says. "The focus in Washington is on what appear to be state-sponsored activities. That, of course, is only a part of what's going on in China." I wish the U.S. would take cyber-security in relation to China more seriously.

In reiteration for past failure when the U.S. military employed cyber-tactics in Iraq war, the insurgents recently hacked the US Military Drone Surveillance Video (RQ-1, MQ-1 Predator MQ-9 Reaper drones). As it was discovered, they have been doing it for a while (the U.S. military personnel found files on the detained Shiite militant's laptop in 2008). All they had to do is to use the Russian-made SkyGrabber, a program freely available on the Internet for less than $26. The event itself is so shocking that I hope it will be an eye-opener for those U.S. officials who are still blindfolded about cyber-terrorism.

There is a real war in the East region but it's not anymore the war with religious but uneducated mujahidin, but with highly sophisticated in computer technology enemy. I don't think it was done without any "outside" assistance from those who would love to bring the U.S. to the knees but the fact itself is disturbing.

Let me remind you that China's neighbor Russia is "singing the same song" with China pretty often when it comes to vote for sanctions against rogue governments. Generally, both countries veto almost every U.S. proposition and both countries hate the fact that USA is a major power in the world (perhaps, still the major). They are dreaming about shifting the axle of power to their own countries, away from Americans.

Unfortunately, they're not only dreaming but rather are taking multiple, carefully planned steps to overpower U.S. on the military front, economically, and financially by rising of own influence in all corners of the world. We learned from history that when the power players are in the battlefield of a global scale, all methods are good - don't expect that the players will play honestly, especially from the regimes ruled by current and former communists.

With kind permission of an author of the article "Marina Kalashnikova's Warning to the West", Jeffrey. R. Nyquist, I want to share with you the information below. Forgive me for inclusion of quite a large piece of this article but I consider this information is so important that I cannot squeeze it further. 

"Russia has built an alliance of dictators, what Marina Kalashnikova (mentioned above) calls an "alliance of the most unbridled forces and regimes." Extremists of all kinds serve the purpose of breaking the peace, damaging Western economies, and setting the stage for a global revolution in which the balance of power shifts from the United States and the West to the Kremlin and its Chinese allies. "Among the ideas that animate general staff analysts in the Kremlin, there is the idea of diffusion," says Kalashnikova, "It is not that the Kremlin should strive for territorial expansion and the dissemination of its [political] model. The critical thing is power and the fulcrum of an overall strategic context. In that case, even if the Americans appear influential in the post-Soviet countries, Moscow remains in charge. The [Russian] General Staff therefore has successfully expanded Moscow's position beyond and above the old Soviet position in Africa and Latin America." What prevails, she says, is Moscow's "assertiveness and determination without fear of a reaction from the West."

In other words, the West has already been outmaneuvered. The KGB and the Russian General Staff have taken our measure, and they are laughing at us. Our leaders [read the U.S. Government] do not realize the sophistication of their enemy. They cannot see or understand what is happening. They blink, they turn away, continuing to use concepts gifted to them long ago by Soviet agents of influence. As a nation we are confused and disoriented, believing that the world is beholden to the West's money power - and therefore, peace can be purchased.

"The Kremlin has activated a network of extremists in the Third World," wrote Kalashnikova. "[At the same time] Russia has managed to shake off nearly all international conventions restricting the expansion of its military power." In this situation, the only counter to Russian power is American power. Yet the American president is preparing to surrender that power in a series of arms control agreements that will leave the United States vulnerable to a first strike. Placing this in context, nuclear weapons are ultimate weapons, so that the West's superiority in conventional weapons is therefore meaningless. Whoever gains strategic nuclear supremacy will rule the world; and the Russian strategic rocket forces are in place, ready to launch, while America's nuclear forces are rotting from neglect.

The Russian historian sees that the West relies on the greed of Russia's elite to keep the Kremlin in line. But this is a foolish conceit... the Kremlin's logic is ironclad: Let the West keep its worthless currency. Moscow will have weapons, and in the end Moscow and its allies will control everything. The liberal may believe that protests and appeals to humanity are the ultimate trump cards. The financiers may believe that money makes the world go 'round. Let them try to stop a salvo of ICBMs with liberal sentiment and cash. As far as the laws of physics are concerned, their favored instruments cannot stop a single missile.

According to Kalashnikova, "It is clear that the [Kremlin] regime has no restraint and will commit any crime, break any rule, surpass any benchmark in order to consolidate its already illegitimate power..." Even the old KGB chief, Vladimir Kryuchkov, was appalled: "Putin and others have to answer for what they are doing today to the country," he said. But the West sleeps. The West doesn't want to hear about the danger that rises in the East - from the Kremlin and its Chinese allies."


Recent attack simulation by the Pentagon officials reveled that "The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What's more, the military commanders noted that they even lacked the legal authority to respond - especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war." (New York Times).

If you didn't believe in the cyber-wars and attributed them to the movies only, what else can convince you more?



Cyber-espionage

As you may guess, stealing sensitive information from U.S. corporations is a part of a big plan for many Chinese conglomerates and the government. Considering a long history of the economic and military espionage, cyber-hacking is relatively new one, and the U.S. government officials are worried about China plans and actions.

In accordance to Brenner, the U.S. counterintelligence chief, perhaps once the Chinese used the strategic information gathered by cyber-espionage about large the American company during business negotiations. "The delegation gets to China and realizes, 'These guys on the other side of the table know every bottom line on every significant negotiating point.' They had to have got this by hacking into [the company's] systems." Brenner mentioned that even one case like this proves that Chinese will work very hard when they need to achieve the goal. It surely puts the national security (and eventually prosperity of our country) at serious risk.

Chinese target any high-level official, senior officers of the large companies or strategic institutions. Even the contractor working abroad can be the target of cyber-espionage. The laptop, USB memory module, the smart phone or PDA - all of it is under risk. "China is indeed a counterintelligence threat, and specifically a cyber-counterintelligence threat" said Brenner.

The cyber-espionage attempts are very difficult to register and prove since today's cyber world includes botnets that can be easily used let's say by Russians who are masking as Chinese. However, several proven cases of cyber-espionage by Chinese should raise the awareness to a higher level and stop making friends with those who want to overrun us at every corner.

Try to "google" the key phrase "china hackers" in English and you will be surprised with a number of article like these:
  1. Britain could be shut down by hackers from China, intelligence
    Mar 29, 2009 ... China has the ability to shut down Britain's vital services, including food or power supplies, because its companies are involved in ...
  2. Hackers in China break into PCs of Dalai, Indian embassy
  3. International hackers, many from China, are attacking NYPD computers
    Apr 22, 2009 ... A network of mystery hackers, most based in China, have been making 70000 attempts a day to break into the NYPD's computer system, ...
  4. Hackers put China flag on Australian film site - Security- msnbc.com
    Jul 27, 2009 ... Hackers posted a Chinese flag on the Web site of an Australian film festival in an escalation of protests against the planned appearance by ...
  5. China's hackers stealing US defence secrets, says congressional ...
    Nov 20, 2008 ... Beijing's spending on rocket science turns outer space into 'commanding heights' of modern warfare and could chill relations with America, ...
  6. Block China Web Traffic IP Addresses and Chinese Hackers
    Protect your web site from Chinese hackers by preventing traffic from IP address ranges originating in China.
Based on 7 year study, Mandiant describes how Chinese cyber-gangsters launched sophisticated attacks and were able to penetrate the government and corporate computer networks while being practically undetected. They describe so-called advanced persistent threat (APT) model and reveal the fact that the majority of APT attacks attributed to China. The shocking truth: existing anti-malware software was able to detect just 24% of the malware used in the attacks. Mandiant describes several stages of APT attacks:
  1. Reconnaissance (getting the identify of individuals they will target in the attacks);
  2. Intrusion into the network using known methods like phishing;
  3. Establishing a backdoor through injection, registry modification, or scheduled services;
  4. Installing multiple hacking utilities; obtaining user credentials and escalation of privileged access up to the administration level;
  5. Data extraction, encryption, compression, storing on stage servers, and following deletion after successful upload to own network.
  6. Maintaining persistence by adjusting the malware.
While APT-type attacks are usually silent, low profile attacks designed for long-term espionage, the recent attack on Google and 20 other large companies is more like open-war type.


Continue to PART III
Back to PART I

Thursday, February 18, 2010

Should we be afraid of Chinese hackers? ...Or lost cyber war (Part I)

"Our nation's intellectual capital, industrial secrets, and economic security are under daily and withering attack." --Stephen Spoonamore (expert in the field of electronic data security and digital network architecture.)
"China's big goal in the 21st century is to become world number one, the top power," -Liu Migfu. (People's Liberation Army (PLA) Senior Col., "The China Dream" book).
"Political power flows from the barrel of a gun." - Mao Zedong (former Chairman of the Communists Party of China)
"Educate and inform the whole mass of the people... They are the only sure reliance for the preservation of our liberty."-- Thomas Jefferson


Disclaimer.
Please note, I don't pretend to be an expert in politics. I am just sharing my concerns. Thank you in advance if you are ready to spare 20-25 minutes and read this article.


I began sharing my views on politics as the main motivational factor for cyber crime in the first article that I wrote about Russian hackers. Now, let me share my concern about their neighbor to the south, a "rising star of the world economy" China, and growing skills of Chinese computer hackers.

PART I
PART II
PART III

PART I


A "political correctness" storm.

The terms "cyber terrorism" or "information warfare" are derived from political agendas of those who rule the countries or from global conglomerates and large corporations that don't hesitate to use any possible measures to achieve their goal. The information age gave us not only sophisticated computer equipment, software, and gadgets but also something that many of us did not expect. I am talking about malware, cyber war, anti-virus programs, firewalls, computer worms and Trojans, botnets, identity theft, and social engineering. All of it became a part of our lives; whether your life is somehow associated with computers or you touch the keyboard occasionally.

This article is not only about cyber danger from our "friends" but also about what causes this danger and why we have to understand it better in order to protect not only our computer systems but our country and our position in the global economy. So, forgive me about emphasis on politics because I believe that political repercussion on current situation with the information security is enormous.

If you are working in the office (except those lucky enough to work from home), you are facing so-called "office politics" every day. You interact with your fellow co-workers and your lovely (or not so lovely) managers. As you may have already discovered, your wellbeing depends more on the right behavior and ability to navigate the river of office politics than on your technical or other abilities. The same occurs on the global level between the countries and even continents.

Unfortunately for us, many Western countries including USA are running under "political correctness" dogma created and nurtured by the fanatics of liberalism. Brainwashed liberals are people who do not accept even the strongest arguments and facts against their distorted dogma of social justice - the utopia of socialism and communism. Yes, they have ears but they don't want to listen; yes, they have eyes but they don't want to see the facts and reality of this world.

As Marina Kalashnikova, a Moscow-based historian, researcher and journalist, noted "Western establishment avoids uncomfortable truths about the world and themselves". Another Russian-born journalist who actually "tasted" socialism, Svetlana Kunin (IBD) said "When party leaders talk about the "collective good," what they are really talking about is their right to determine what is good for the collective. Government bureaucrats decide what level of sacrifice is needed and who needs to sacrifice. They replace voluntary charity with the forceful redistribution of other people's private property. Why do people born into a free society accept a failed 100-year-old ideology? It seems Americans are simply unaware of modern history. They don't know the theory behind slogans such as "fairness and equality" and "sacrifice for the collective good," much less how it works when implemented. They buy into old utopian slogans masquerading as new progressive ideals for "Hope and Change." More

Do you want to see where the "political correctness" approach leads to? Look at one of the European countries and what they are faced with. When the media is bought by the Islamic radicals from overseas and local hardcore liberals, the core value of democracy disappears and those who use it for their own advantages are well known. For instance, the examples of voices "political correctness" are clearly showing the fear of retribution if any action against rising Islam will be taken.

The "political correctness" is weakening and killing our country too; it's spreading out to all facets of our lives making us vulnerable even inside of our borders where we are faced now with a new enemy -- radical Islamism. We have created a climate in which not only citizens are forced not to speak when their concern is related to radicalized Muslims but also the members of the military who are afraid to raise questions about the bald and blatant Islamist comments. We have learned from the press that no one raised a red flag about what Major Nidal Hassan expressed over many years because it could be interpreted as anti-Muslim prejudice. In turn, the military took no action against a man who loudly advertised his extremist sympathies. Thirteen (13) Americans paid for that with their lives.

The radical Muslim world hates us because our culture (our music, our lifestyles, etc.) is spreading to them and threatening to steal away their power base (which is the hearts and minds of their children). Once their children have access to the Internet they'll discover the wide range of choices outside their culture. Instead, extremist Muslims use the Internet to radicalize young Muslims in Western countries using their personal weaknesses. And while the vast majority of the world's Muslims are not extremists, significant minorities are just that. Worldwide, Muslims believing themselves to be advancing the faith have committed more than 14,000 acts of violence just since 9/11. To name just few: Madrid, London, Bali, Jerusalem, Mumbai, and Amman. The list is long and bloody - and it includes many innocent Muslims.

There are many furious and confused Americans who witnessed the years-long campaign to minimize the threat of radical Islam, to paint Islam as "the religion of peace," and to marginalize critics of the jihad as guilty of "Islamophobia." It's time to learn from the problems concerning Switzerland and many other European countries: "(1) A large Muslim immigration coupled with a low native birth rate; (2) Increasing Muslims efforts to change the national culture over to an Islamic one, starting small but having ambition, and less and less tendency to assimilate and live in tolerance; and (3) Terrorism from radicalization" (New York Times and Wall St. J, 11/30).

Even in China, pro-China and pro-Muslim hackers have clashed online in a series of Web sites defacements since deadly ethnic riots in China's Muslim region last months.

Here is what one of the Internet bloggers, spinedr33, said: "...no President can come out and say "there's a cultural war happening right now... there are 1.6 billion Muslims and a sect of their culture doesn't want to co-exist with Western culture. So they want us dead. To defend our way of life, we have to fight back. Since these are people - and not countries - we're going to have to fight any regime/country that won't help stop their radical citizens. So there's a good chance that we may come into conflict with Iraq, Afghanistan, Iran, North Korea, etc." The best anyone can do is using the euphemism "war on terror." But let's face it- there IS a cultural war going on right now. At least WE'RE willing to call a truce to stop it (the radicals no longer seem able to do so). There's so much more to write, but what's the point? If you don't get it by now, you may never..."

Blind liberalism and ignorance to the reality of this world created the product of this correctness - our President and his ideas of spreading the wealth and social justice policies not only to our country but also on a global level. It began from Obama's apologies for past American behavior, sending peace feelers to our former enemies like Castro brothers and Hugo Chavez, bowing to the Japanese emperor and the Saudi king on his recent visits to Asia and Arab Emirates (we did not notice him bowing to the Queen of England). He has deferred to Russia about missile defense and conveniently "forgot" about human rights, global warming issues, and Tibet to China.

This President aims to kiss the back sides of our enemies pronouncing that America was ignorant and arrogant, and we are better now and ready for cooperation. Cooperation is good but with whom? Israelites also tried numerous times to cooperate but were barraged with rockets in return. This new American approach to solve the world problems by bowing is very much to the taste of Iran that, based on recent events, came to conclusion that America can be simply ignored.

Harold Estes, enlisted in the U.S. Navy in 1934 and served proudly before, during and after WW II, sent a letter to the President and several U.S. Congressman. He said "One of the benefits of my age, perhaps the only one, is to speak my mind, blunt and direct even to the head man. I am amazed, angry and determined not to see my country die before I do but you seem hell bent not to grant me that wish.
I can't figure out what country you are the president of. You fly around the world telling our friends and enemies despicable lies like:
"We're no longer a Christian nation", "America is arrogant" - (Your wife even announced to the world, "America is mean-spirited." Please tell her to try preaching that nonsense to 23 generations of our war dead buried all over the globe who died for no other reason than to free a whole lot of strangers from tyranny and hopelessness.)... Take a little advice from a very old geezer, young man. Shape up and start acting like an American. If you don't, I'll do what I can to see you get shipped out of that fancy rental on Pennsylvania Avenue. You were elected to lead not to bow, apologize and kiss the hands of murderers and corrupt leaders who still treat their people like slaves."
More...

Why am I telling you all this that is not directly related to China? Because everything is politisized and the politics is a complicated matter especially when we are seeing the results of "political correctness".

Let's get back to my concern. Please answer these two questions. What's the difference between the Cuban communists and China communists? Why is it OK to have a business with one communist country but not with the other one? Is it more politically correct? Yes, today's situation with China dictates that we don't have to throw the stones on China since we have a glass roof ourselves. Who should we blame that we raised our enemy with our own hands? We can only ourselves and our own governments.


Political situation in China

Today, the emperors that were born into position through a family dynasty no longer rule China. Rather, the Republic of China currently operates under a communist government (and many U.S. Government officials are intended to forget it), which is divided into several branches. Much like the U.S. executive and legislative branches of the government, the NPC (National People's Congress) holds the power to pass laws and change the constitution, as well as elect members of the State Council and Chinese Supreme Court.

As Chinese describe it, after the end of the Qing dynasty in 1912, China was still maintaining a feudalistic society where a small group of rich landlords had the majority of the country's wealth, leaving masses of peasants in poverty and despair. Imperialism from Europe also humiliated the Chinese people because they were not truly in control of their own country, having been forced into an embarrassment of unfair agreements. Finally, the Chinese Communist Party formed in 1921 with the goal of bringing to an end foreign oppression of China.

Since the establishment of the People's Republic of China in 1949, the government has desperately tried to heal the country's wounds that resulted from years of turmoil. Their first priority is to assure that all Chinese "eat their fill and dress warmly," a task not easy to do considering the country's gargantuan population. This all falls under the Declaration of Human Rights which states that all citizens are entitled to "life, liberty and sustenance" (we see the difference in two countries' situations by comparing this to the United States' principle calling for "life, liberty and the pursuit of happiness.)

Under this socialist government, "freedom of speech, the press, assembly, association, marching and demonstration is officially guaranteed" for Chinese citizens. If you are a citizen of 18 years or older, you have the right to vote for deputies of the National People's Congress. They also have the right to lodge a complaint against officials if their rights are violated. Additionally, the country promises government protection of religious rights. China supports equal rights for all ethnic groups, prohibiting discrimination, including discrimination against women. However, the underlying principle behind today's Chinese government is the socialist idea that "All power in the People's Republic of China belongs to the people." After centuries of being under the control of an emperor and years of subjecting to foreign powers, the Chinese desperately work for a society in which the citizens lead their own country.

Sounds nice? In reality, based on observations, most of the democracy - related rights are being ignored or actually suppressed by the government. So, the slogan "All power in the People's Republic of China belongs to the people" actually is converted to "All power in the People's Republic of China belongs to the people" actually is converted to "All power in the People's Republic of China belongs to the Government". It is a nature of the socialism or communism - driven system. The Chinese government does not allow criticizing their rulers, they hold a tight control on all economical, financial, and political processes, and suppress the freedom of information by applying heavy censoring of Internet and local media (read the news about Obama's visit to China and his meeting with Chinese students).


Growing Economy

"Obama... was impressed with the dynamism of Shanghai, where he held a town hall-style meeting with Chinese youth Monday and which, he said, is "a sign of China's emergence as a great economic power." (AP). In fact, when my friends visited China last year, they also were impressed with a number of construction sites surrounding cities - the result of rapidly growing economy, so far, the third biggest in the world.

I respect the Chinese for their 5000+ years history, their contribution to the world with medicine, sport, the art of drawing and self-defense, their hardworking, dedication, and smart approach to many things in life. The current economic power of China is the result of sweat and blood of ordinary citizens applied every day. This is the simple secret of success. If you would have a chance to look inside of the auditorium of prestigious U.S. colleges that teach math, physics, and mechanical/electrical engineering, you would be surprised to find out that about 85% of students are Asians.

Some of them choose to stay in the U.S. They are the kids of hardworking parents who emigrated from China, who keep Chinese food restaurants with your favorite food, and who save money dollar-to-dollar to give the kids the best possible education. They are also the kids of wealthy Chinese who can afford to educate them in American colleges. Many of them come back to China after graduation as they see the opportunity to prosper in their own country. And many of the technology companies that are sources of national pride in China, for example Baidu.com and Sohu.com, are founded by returnees from the West, and are listed on the stock exchange abroad.

However, do not be blinded by China's economic growth success. A mild form of social-democratic political system in Western Europe has resulted in decline in standard of living weighed down by welfare. A harsher form of socialism in China led to mass misery and murder (Tiananmen Square). Recent events when China's authorities decided to put the Chinese lawyer on trial after he wanted just to follow the criminal law in a case against local mafia, or when the San Francisco layers tried to sue China for $2.2 billion dollars in an Internet-censoring software piracy case and came under cyber attack last month are proof that you can expect anything but democracy from the communist government.


China vs. Russia

Being at a great disadvantage compared to Russia, with a humongous number of poor people and lack of advanced economical infrastructure, China economically overpowered Russia as well as many other countries. It's not the only current communist government's smart politics to attract the foreign capital, not only smart policy to protect it, but also the solid base on workforce that want to live better and don't mind working very hard to achieve their goal. There are several explanations why Russia, the country with the biggest amount of natural resources and territory in the world, the country that had the industrial infrastructure in place, could not repeat the success of China:
  • Stupid politics and total corruption from the top to the bottom;
  • Lack of protection for foreign capitals;
  • Aging population;
  • Search of an "escape goat" instead of honest view on what's wrong with the country and how to fix it;
  • Obsession with drugs (flowing from Afghanistan), especially with alcohol.
I don't want to go into details on how the Russian government is implementing their plan to improve the lives of citizens by acquiring and selling natural resources for personal enrichment. What can you expect from a government that consists from 75% former KGB officers and their buddies and the rest from former criminals to mafia bosses? There were many articles written on this topic by not only the Western journalists but also by Russians themselves. The paradox is that while Russians are gladly accepted all Western goodies (cars, music, clothes, fashion, etc) after the fall of Soviet Union, they are hesitant to accept the true democracy and the country is falling back to the dark age of a cold war.

As one of the investors, Bill Mann mentioned back in 2006: "Investing in another country means that you need to have an understanding about what the people to whom you are entrusting your money think about people like you." Citing the "unpredictability of administrative processes" in Russia, Swedish retail giant, Ikea, froze all its future Russian investments last year because the company faced inflated electricity prices in supposed retaliation for an unwillingness to grease some palms. In a statement that attests the quote above, Ikea's country director conveyed the feeling to an interviewer that "someone somewhere does not like us." More...

Many of the average Russian workers are alcoholics (or, perhaps, huge fans of alcohol) who have no work ethic and motivation to work hard but to spend most of the earned money on alcohol. The paycheck day is very special - the stores that sell vodka see long lines. The next day after the paycheck, many factories and organizations lose 30-40% of people coming to work. A bottle of vodka became nation's currency, a door-opener to the offices of bureaucrats and a payment for various favors

Hard to believe? Consider this. The Russian Federal Organization' web site for alcohol regulations published the project of a new regulation to establish a minimal price for vodka since the "samogonka" (or hard liquor prepared at home) competes with the commercially available vodka. Russia is getting good revenue from sold vodka (38.2 rubles per bottle) considering the fact that, in 2008, vodka sold in Russian Federation in the amount of 1,760,000,000 liters! Add to that an estimated 20-24% of that amount of self-made alcohol and you will end up with 2,147,200,000 liters a year or more than 90 liters per person (!) including children.

Just consider these three sarcastic Russian anecdotes: "Kids from the Yaskovichi village knew very well that they will earlier or later become alcoholics but (just in a case) dreamed to become the astronauts." "The Turkish authorities request Russian tourists to arrive with the passports where they are pictured drunk..." And another one: "In Russia, the alcoholism is not struggle but pleasure".

Many Russian families send their kids oversees not for American education as Chinese do but to look for better life or perhaps to make some money and send it back home to support parents. What else can they expect? Either work as a puppet for one of the wealthy "new Russians" (and without owning a car it's also problematic); join military; join militia (local police) to collect the bribes on the roads; or become an alcoholic working at the factory or elsewhere for low compensation or even worse - drug addict - the fate of many young people. Many Russians don't see the light in the end of a tunnel in their homeland. It's not my imagination - I spoke to few kids from Russia that I met in Sicily (Italy), New York, Cancun, Rio de Janeiro and Barcelona. They are all spread out through the world map.

In many cases, finding a decent job in Russia is problematic - you have to have a car (not affordable for an average citizen) as well as certain skills that cost money to acquire. Young adults who live in large cities have more choices but the newest fashion - drugs are killing without remorse. Russia's attempt to establish the democracy turned to a population to serve the wealthy management.

I spoke to a Russian immigrant who recalled the following story that happened about 30 years ago. He was among several people in the room to meet the Russian journalist who worked in China for almost 25 years. It was a fascinating story about China and Chinese but he memorized the only one phrase that is still carbon in his memory. "If the average Soviet farmer ("kolhoznik") would work at least at 1/3 of the power of the Chinese farmers, the Soviet Union would be in great shape."


Long-term goals

Smart decisions even under communist government resulted in outstanding growth of China's economy since the strong economy must be a component of a global dominance. At some point, Deng Xiaoping's statement (who was a 3rd Chairman of the Central Military Commission of CCP) "to be rich is actually good" began China's re-birth. He is called "the architect" of a new brand of socialism and was credited with advancing Chinese standards of living

Having more money and carefully manipulating the currency, stocking up on a number of key commodities when the commodity prices such as oil and copper are low, investing up to 15% to 20% of GDP into the infrastructure of highways and railways, plus all the associated township infrastructure linking North and South, and East and West across the U.S.A. or Europe advances China's economy in unprecedented pace. China is also buying U.S. government issued bonds and heavily invests in military and space, purchasing new technologies from the West and then using it for own advantage.

At the same time, China is quietly and rapidly buying gold to protect its huge U.S. dollar reserves (~$2 trillion in U.S. debt). For the past six years, the country has almost doubled its holdings in gold to 1,054 tons, making China the sixth-largest holder of gold bullion. At the same time, they are pushing the idea of replacing the dollar as the world's reserve currency with another stable currency issued by international financial institutions. How can China buy gold quietly? They make a number of direct purchases from the governments of major gold-producing nations. China now has 30 times more gold in reserves than it held in 1990.

I am not talking only about the Chinese government but also private citizens who now have permission (and encouragement from the government to allocate at least 5 % of investment!) to buy gold, something that was not possible just last year and considered as a crime. If every one of the 900 million hardworking Chinese people were to buy just one ounce of gold, it would completely absorb the production of all the world's gold mines for the next 10 years. The value of that gold at today's bargain prices would be $1.13 trillion. According to the China Gold Association, the People's Republic plans to increase its gold reserves another 374% -- to 5,000 metric tons while the export of gold is banned! Recently, China entered into an agreement with Russia, Brazil, France and several Arab states to end dollar trading for oil -- instead using a bin of currencies that includes gold. No doubt, with the U.S. dollar losing value -- exactly opposite to gold -- China should protect itself, but all these actions together could make China a future world gold supplier - a part of the world dominance plan.
Watch out, America!

A weak yuan (The renminbi or the Chinese yuan is the currency of the People's Republic of China (PRC), with the exception of Hong Kong and Macau) makes Chinese exports cheaper and is forcing American companies move offshore, grinding down support for soothing global trade rules and fanning trade disputes. While China builds the magnetic levitation train that can travel at more than 300 miles per hours back in 2003, the U.S. invested only 1/10th of 1% of GDP for infrastructure while the railroads are falling apart. By the way, China just announced that their super-speed train broke the world record.

While China invests in the largest electric grid in the world more than doubling its electrical capacity, the U.S. has a "critical mass" situation with its electrical grid that is running out of capacity to support its economy (I am not even talking about electrical cars being planned to manufacture this year). This is how one country loses the power while another one gains using all the weaknesses of the opponent. Only now, the Obama administration began talking about investing $15 billion in the U.S. infrastructure that is still a water drop in the sea comparing to what is actually required.

"The world trading system is going to blow up, or the U.S. economy is going to totally de-industrialize unless China loosens controls on its currency", said Peter Morici, a University of Maryland business professor and a former chief economist at the U.S. International Trade Commission.

It reminds me of Japan in the beginning of the 70's, the country that basically overpowered American dominance in TV and metalworking tools markets. Using honest (and not very honest) methods, manipulating the U.S. government officials by either bribing or by blackmailing, they allowed, for instance, sell TVs in Japan only after the U.S. manufacturing and technology rights were sold to Japan. With Japanese's outstanding ability to improve the technology step-by-step, Japan began to manufacture better quality products and sell them cheaper. Do you remember the American TV companies like Zenith and RCA? They went out of business. Not to mention Japanese cars vs. American?

Even now, money hungry U.S. corporations repeat the same mistake - history did not teach them a lesson. For instance, the potentially huge market in China attracted Microsoft (read below how Microsoft gave away the source code to China) as well as many other industry giants. Now, all this technology is used to advance China and give it a leading edge. It's a fact of life that U.S. consumers use most of the China-made products in daily life starting from electronics, clothes, tools, and finishing with food products including food for pets. It's even scary to imagine that if one day China would want to stop the flow of the consumer products to the American people we would face a disaster. The only thing that calms me down is the fact that Chinese probably doesn't want the U.S. to fall down severely because of a huge pile of U.S. government issued bonds that has accumulated in their hands.

However, it's a trump card in their hands that could be used if it would fit in the big plan to bring the U.S. to its knees. And who would fill the vacuum? Who would become the new superpowers? Regimes proved that they were unafraid to be ruthless to their own people (not to mention their enemies). The Chinese government dreams about restoring the world dominance of China as the greatest country. I wouldn't be surprised if they achieve their goal within next 10-15 years. Read this part of an eye-opening article from IBD.
"In the case of Communist China, we're talking about a power that was willing to embrace capitalism because its totalitarian rulers saw that it could be the key to global dominance. When students tried to use new economic freedoms as a path to political freedoms, they were soon gunned down in Tiananmen Square, or incarcerated. So why would it surprise anyone that a regime so brutal and calculating would also in 1982 provide enough highly enriched uranium to Pakistan to construct two atomic bombs, as rogue Pakistani scientist A.Q. Khan has revealed and the Washington Post reported ...? Indeed, according to Khan it was none other than Chairman Mao himself who years before approved the secret deal. Islamabad and Red China may have animosity toward India in common. But it is simply naive to believe that Beijing did not have an eye on the potential destabilization that the nuclear empowerment of a hard-line Islamist regime would have on Western democracies.

"If New York were hit with a terrorist nuclear device, the Chinese would be the first to offer medical assistance, blankets, and toys," say nuclear weapons experts Thomas C. Reed and Danny B. Stillman in "The Nuclear Express," a book based in part on visits to Chinese nuclear facilities. "But the fact is," they add, "with New York down and the dollar discredited, the mandarins of China would be the last men standing. China would emerge as the world's pre-eminent economic power, with the clout to allocate energy resources as it saw fit."

China and Russia together have for many years helped Iran build nuclear facilities, which we now know Tehran's Islamofascist regime is using with the aim of building weapons. From providing technical information stolen from the West to aiding missile development to helping construct Iran's Bushehr plant, Moscow has been indispensable to the mullahs' nuclear ambitions. And again, to believe that former KGB agent Vladimir Putin only has economic gains in mind, or regional advantage, is naive. The bloodthirstiness of totalitarianism is at the core of China and Russia's proliferation efforts on behalf of Islamic powers. The Cold War may be over, but their malevolent global designs are not." (IBD, 11/13/09)


Financial and economic power these days gives China a clear advantage over the U.S. that struggles with economy and job market. No wonder our Democratic government tries to please the Chinese government in order to improve relations and allow more importing of American made products and technologies to China to bring the huge deficit balance down. The U.S. trade deficit with China widened in September 2009 to $22.1 billion from $20.2 billion, the highest in nearly a year.

Business Week mentioned: A day after President Obama left Asia after an 8-day visit, Jon Huntsman, the American ambassador in Beijing, tried to counter the spin in the media that his boss's China visit didn't go so well. China, having a leading edge now, can simply ignore U.S. requests or, perhaps, yield in small things but resist in a big way by following its own big plans.

Enough about China's global plans -- get familiar with their "cyber force".


Continue to PART II

Please share this article on your network (Tweeter, Facebook, etc - more links can be found on top of the page in the right corner)