Pages

Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts

Thursday, January 13, 2011

FACE THE DANGER

There is no reason to explain again that today’s computing is not possible without adequate protection against viruses, malware, botnets, and all other cyber “weapons”. You probably are overwhelmed with a number of articles, experts’ advices, webinars, and various tutorials about user awareness the same way as I am.
What I want to add to this is to describe the face of real danger, the danger that the majority of computer users are not aware about. The new hacking technique and tools will make your security protection tools like a toy for kids. In my March 2010 article I have suggested a set of software tools to protect your computers (perhaps from all known malware).
What I have learned that after Stuxnet cyberattack became known and was described in more-less details, many security professionals have revised the entire approach to the security protection. The common denominator for all opinions is the fact that our commonly accepted approach to IT security is not working anymore due to the new and highly sophisticated penetration tools that were developed recently. No, I am not going to discuss Stuxnet and similar, highly sophisticated software that was discussed on the Internet widely but rater down-to-earth penetration tools that is available today.
The goal of this article is to make more people aware that our poor antivirus programs may protect you from only 20 to 30% of today’s penetration software.  Disagree?
Just today, I got an e-mail from “Hakin9 Mewsletter newsletteren@hakin9.org” with the following content. As is (no spell correction):
“Russia Hackers are pleased to announce RH2.5 KIT ver 2011
that people can use to hack & secure computer systems by
knowing exactly how a hacker would break into it.
Collection of Advanced Hacking Guides & Tools.
PDF Guide:

1. Advanced Hacking Guide with MEtasploit
2. Malware Development (RATS, botnets, Rootkits)
3. Convert exe into PDF, XLS, DOC, JPG
4. Exploit development guide
5. Tech Tricks (Spoofing-Sms,email,call)
6. Download any Apple Apps Free of cost		 7. Credit Card HAcking
8. Netbanking Hacking-bypass Virtual KEyboard
9. Spreading guide to Infect 100K/Victims per day
10. Advanced Email Hacking Tricks
11. SET(Social Engineering Toolkit) module
12. Links for other russian hacking sites
Hacking Marketplace

Tools/Services:
{Value more than 1500 USD}

1. Polomorphic Crypter's (to make Files undetectable- bypass all AV Scantime,runtime)
2. Java Driveby FUD (deploy your exe by URL on target)
3. Immunity Canvas (Hack remote pc with IP address)
4. Paid Botnets (Spyeye,etc)
5. IRC Bots(Ganga, niger,etc)
6. Yahoo messenger zeroday exploit (run exe on target)
7. Ice pack Enterprise (execute exe using php script)
8. Bleeding_Life_V2_pack /Other Packs		 Service's:
1. One Linux Based VPS with Root access for Lab Setup (Safe & Secure)
2. VPN Double + Triple Encrypted (Hide your real Ip Address)
3. Fake Emailer with attachment
4. Email Bomber (Send 1 million emails into Inbox)
5. DDOS Attacks Shells
Hire a Hacker
for Offensive and Defensive services, Internal on-site penetration testing gives
the business the assurance it needs to conduct safely in the Internet and with business partners.
Email at: root@russiahackers.ru or russiahackers@mail.ru
Visit Site
First of all, I am a subscriber of Hackin9 IT Security Magazine, and I am getting the news about new development in the world of IT Security. Normally, the e-mail address field “FROM” looks like this:
Hakin9 Magazine newsletteren@hakin9.org
This time, it was slightly different:
Hakin9 Mewsletter newsletteren@hakin9.org
As you see above (and I have no doubts considering miss-spells and ignorance of normal technical English) , the content of e-mail was pure advertisement with a link to the live web site that offers the both sets of tools correspondingly for $100 and $250USD.
My guess is that my e-mail account was hacked along with many others, and the Russian hackers e-mailed the information about their “products”.
Let me be honest, I am not so worrying about hacking of my e-mail account but about the “products” offered on the web site.
Let’s review some.
Convert exe into PDF, XLS, DOC, JPG
This one is the most troubling “products”. Just imagine that you are getting the file attached to your e-mail with one of the named above extensions and are trying to open it. The file immediately executes the built-in code, and voila! Your PC is infected. Does anti-virus or firewall can prevent it? I honestly doubt…
Polymorphic Crypters (to make Files undetectable- bypass all AV Scantime, runtime)
No need to give an explanation – this code will bypass all Antimalware programs.
Spreading guide to Infect 100K/Victims per day
Tutorial on how to infect hundreds of thousands of PC users per day!
SET(Social Engineering Toolkit) module 
Welcome to infected Facebook and Twitter!
Netbanking Hacking-bypass Virtual Keyboard
Do you use online banking? I do, and most of my friends do, and most of their friends do, too! Now, imagine you have opened one of the infected e-mails (or e-mails with infected attachment), and you will be faced with a nasty surprise: your account has zero balance! It also could happen on-the-fly, while you are logging into your banking account.
Immunity Canvas (Hack remote PC with IP address)
If the hacker knows the IP address of your PC, it can be hacked with this tool. You are no longer a single Administrator of your computer. You will share it with “nasty boys” who can speak not only English but also Russian or Chinese! A simple IP scanner (like free LanSpy) will help to identify your computer’s hardware, operating system, many installed programs, computer domain and NetBios names, MAC address, remote control, time, discs, transports, users, global and local users groups, policy settings, shared resources, sessions, open files, services, registry and event log information. Nothing on the remote computer is hidden from them now…
Welcome to the hacking world!
Should I continue?
You may want to ask “what should I do?” I’d be very much glad and happy if I could give you a definite answer but I don’t have one. The minimum of what you can do is to EDUCATE – yourself, your family and friends, friends of your friends, and, of course, corporate users if you are responsible for secure computing at your organization. So, instead of reading stupid chain e-mails that try to scare you if you don’t resend them immediately to another 10 people (nice way to spread the malware!) your fellow citizens will read and forward the information about how to conduct the secure computing and not to become the victims of cyber-gangsters.
As for the tools that I have suggested in my previous article, they are still vital. It’s better to have some basic protection + knowledge of secure computing than to ignore it completely because those tools do not provide 100% security.
Happy and secure computing in 2011!
Posted by at 1 comment:
Labels: , , , , , , , , , , , , , , ,

Tuesday, March 9, 2010

Should we be afraid of Chinese hackers? ...Or lost cyber war (Part III)


PART I
PART II
PART III

PART III


Why U.S. is losing steam

In addition to the full access to Windows OS that proved to be vulnerable to endless exploits, China chooses FreeBSD as basis for secure OS. The Washington Times recently reported that "China has developed more secure operating software for its tens of millions of computers and is already installing it on government and military systems, hoping to make Beijing's networks impenetrable to U.S. military and intelligence agencies." What a bold move! No wonder that many security specialists are seriously concerned that China rapidly getting the leading edge over U.S.
Congress discussed this issue recently but what's the result? Recall Obama's visit to China (read above). Is our government insane? Not at all! As always, money rules the world. When it comes to make a decision the corporate lobbying wins over common sense.

Even worse! The U.S. Government often downplays cyber attacks on our infrastructure. As Ed Giorgio (in 60 Minutes Report on US Cyber Security (November 7, 8 & 9, 2009)) noted, there are at least 10 "reasons why cyber intrusions are ignored, denied, or not reported by government." No doubts, they will be denied by the government officials but here they are:
  1. It is downright embarrassing to admit that you do not have very good cyber defenses and it will severely hurt your brand.
  2. The targeted organization frequently has no solution to the problem as was the case when DHS "lied" to congress. In government and the military, you cannot report a problem you don't have a solution for.
  3. The administration might be worried about international political fallout because it impacts other delicate issues with China, Russia, Israel, France, etc.
  4. We don't want to open a can of worms and admit that we too have an offensive capability which we work hard to keep secret.
  5. We fear the unwanted oversight and attention.
  6. If we are forced to address the problem by making us reprogram resources from high priority mainstream mission programs which are already behind on.
  7. The bureaucracy doesn't want to be forced to hold somebody accountable and perhaps take adverse action.
  8. Adding security may get in the way of mission operations and reduce our effectiveness (like not being allowed to use a flash drive).
  9. Recognizing the problem would expand the set of stakeholders who you have to work with to solve the problem. No bureaucrat wants that as it causes a loss of control.
  10. We are skeptics and just plain don't believe it's a big problem and that's it has been blown out of proportion.
"Security? What security? What are you talking about? It's not my responsibility!"

As David Osborne and Ted Gaebler indicate:
"It is hard to imagine today, but a hundred years ago bureaucracy meant something positive. It connoted a rational, efficient method of organization - something to take the place of the arbitrary exercise of power by authoritarian regimes. Bureaucracy brought the same logic to government work that the assembly line brought to the factory. With the hierarchical authority and functional a specialization, they made possible the efficient undertaking of large complex tasks."

Since the word "bureaucracy" became a synonym to the word "government" (verify it with MS-Word grammar!) what can you expect these days? Efficiency? Smart decisions? Logical solutions? Forget-about-it!

When the highly qualified computer investigator decided to track the Chinese hackers and passed his amazing discoveries to the FBI that praised his work, as a result he was facing charges against his activity. "...they are so afraid of taking risks that they wasted all this time investigating me instead of going after Titan Rain" [very sophisticated attack - read below] - said the computer investigator.

Do you have any comments? Are you surprised? Do you see the elements of "political correctness" here?

At the same time, Chinese government is not under pressure from its corporations and it ignores any "political correctness" that has overpowered United States. China improves the security of its army (PLA) using a hardened FreeBSD operating system. Considering also more than 100 information infrastructure attacks per minute on the US Department of Defense originated from China and keeping in account that most of the DOD computers are Windows-based, now we have a clear picture: it's the face of an enemy.

Whether it's current or future enemy hard to say but I think that at this moment it is a virtual one, the enemy that is invisible, the enemy that is hard to catch. As I mentioned earlier, tracking virtual enemies can be quite a challenge to U.S. spy hunters.The FBI officials are uncompromisingly pursuing the possibility that the Chinese government is behind many cyber attacks (especially not widely discussed Titan Rain attack - "the most pervasive cyber-espionage threats that U.S. computer networks have ever faced.") considering how well it was organized.

As you may guess, it's almost impossible to determine who exactly was behind the attack: China government, PLA, or someone from private sector (aka patriot hackers) because China has not been cooperating with U.S. investigations of Titan Rain. In accordance to the TIME magazine, "TIME has obtained documents showing that since 2003, the hackers, eager to access American know-how, have compromised secure networks ranging from the Redstone Arsenal military base to NASA to the World Bank… and can be a point patrol for more serious assaults that could shut down or even take over a number of U.S. military networks".

Due to the length of this article I don't want to discuss this issue further but I highly recommend reading about the Titan Rain attack (see the link above) and who discovered it.

Similar developments can be seen on a military front. In April 2009, in Prague, President Obama gave a speech in which he pledged America would work toward a "world without nuclear weapons.". Considering China's military advancements, they have different plans. China's growing revenues helps to become the world's biggest military power, to the point where the U.S. "would not dare and would not be able to intervene in military conflict", for instance in the Taiwan where U.S. has its own interest. Their new ballistic missile is capable hitting a target at sea with the range more than 1,000 miles and could be well used to attack and sink U.S. carriers.

No wonder, the Defense Secretary Roberts Gates has expressed his concern, too: "Investments in cyber and anti-satellite warfare (by China), anti-air and anti-ship weaponry, and ballistic missiles could threaten America's primary way to project power and help allies in the Pacific - in particular our forward air bases and carrier strike groups." while the U.S. administration (faced with huge budget deficit) seized financing for upgrade of aged nuclear arsenal. All of it will lead to the reduction of our military capabilities giving China a leading edge.

History often repeats itself. You are witnessing the process of losing the world dominance by one country and shifting the power to another one.


The lost cyber war

During 2008-2009, U.S. government and military organizations reported about 200 breaches including breaches of more than 70 million records in 2009 comparing to a total of fewer than 3 million in 2008. Do you see the trend? Did our government initiatives and billions of taxpayers' money spent on improving security pay off?

"The great thing about being a pessimist is that you are constantly either being proven right or pleasantly surprised." -- George Will, News commentator.

Consider me a pessimist but I don't see the light in the end of the tunnel.

I'd love to be wrong but I guarantee that there will be greater need in more security practitioners than we have now. Cyber security became a survival skill for any organization.

Senior government officials overseeing the nation's cyber defenses told a Senate panel that agencies are doing more to coordinate their far-ranging efforts, but that even in the best-case scenario, the hackers are often one step ahead. "The harder we can make the general network environment, the easier it's going to be to detect [threats]," said Richard Schaeffer, director of the National Security Agency's Information Assurance Directorate. "We believe that if one institutes best practices, proper configuration, good network monitoring ... a system ought to be able to withstand about 80 percent of the commonly known attacks."

What about the rest 20%?


What's the situation with resistance to cyber crime?

The painful experience of the last several years, lost data, productivity, new security standards imposed by the government, humongous amount of money spent on improvement of IT security raised a red flag for many organizations. I can't say that we do nothing to fight cyber crime but as I mentioned above we are always one step behind the hackers. Let's see what's going on these days.

In February 2009, President Obama launched a 60-day investigation into cyber-security, promising to improve U.S. Internet defense. I don't know what was done after the investigation except the creation of one or more departments with more bureaucrats but the situation did not change much. I have been reading articles about new Federal law propositions, new security requirements, new initiatives, however, all of it proved to be close to useless not only at the U.S. level but also on the international level. According to InformationWeek news reports, the American and Russian governments were engaged in talks to make Internet a more secure medium and limit certain types of cyber-weapons but talks haven't progressed far due to a difference in philosophy.

Many organizations and companies who work on defense against Chinese hackers have recognized that it's close to impossible to catch and prosecute hackers who operate abroad and especially in China. Since no international legal agreement exist, even if the hacker will be traced to a particular person, it will be impossible extradite him to the U.S. considering the relationships with the communist's government of China. Lately, the relationships became even worse (the hacking of Google's story).

Meanwhile, Chinese hackers are becoming harder to monitor since they communicate and coordinate their attacks through private text-messaging rather than on blogs or Web sites, leaving no traces of their activities. So, what is left? Is there ANY way to protect our networks and data? The only learning how to defend ourselves is the way to go under current circumstances.

Again, I can't say we do nothing because:
  • We educate IT professionals responsible for protection of their IT infrastructure, and we have a number of highly experienced and certified professionals who participate in examining case studies, war-gaming various scenarios, exercises, and implementing global defense solutions.
  • We have created a whole bunch of security-related certifications to certify the expertise of IT pros (CISSP, CEH, Security+, CISA).
  • We have developed multiple government standards to protect the government networks and information.
  • We plug the endless holes in the operating systems, applications, utilities, and databases.
  • We participate in numerous webinars, read whitepapers, magazines and books; discuss the IT security on hundreds of forums.
  • We have plenty of web sites dedicated to data security.
  • We spent (and continue spending) zillions of dollars on anti-malware products and technologies ($7 billion a year).
Yet, we are still facing the same danger to be exposed to sudden cyber-attack or to become the victim of cybercrime because the standards are not perfect and not everyone is following them, the anti-malware products are only 50% effective; there are endless security holes in the operating systems, applications, web browsers, perimeter defense and more. As a result, for instance, according to FBI, an average of over 1 million computers per year is currently being hijacked by botnets; an estimated 90% of Internet access points on corporate networks are inadequately protected; and the cyber-gangsters rip estimated $100 billion worldwide utilizing silent attacks that are invisible to their victims.

What are the latest developments in cyber-defense?

There is interesting information about the new security content protocol specification that has been released by The National Institute of Technology (Special Publication 800-126. "The Technical Specification for the SCAP,"). In accordance to the Government Computer News, "SCAP comprises specifications for the standard organization and expression of security-related information, provides an overview of the protocol and on ways software developers can integrate SCAP technology into their product offerings and interfaces."

In the end of last year, the U.S. Department of Homeland Security (DHS) completed, in cooperation with other government agencies, a draft of national cyber attack response plan that is planned to be tested in September 2010 during Cyber Storm III, a cyber security drill. I am just curious why this information is available online and not restricted to those who has appropriate security clearance...

Northrop Grumman and three universities planned to form a cyber security research consortium to address emergent cyber security issues. Northrop Grumman will fund 10 research projects at MIT, Carnegie Mellon University and Purdue University. Quite a powerful combination! I hope we'll get some positive developments from the best brains in our country.

The Homeland Security seeks new ideas how to protect our networks by creating a Web 2.0 crowd-sourcing portal called IdeaFactory. House leaders have asked the chamber's security officials to implement a new cyber-security training procedure for aides and take extra steps to protect sensitive information from potential hackers and to recommend the technology updated focused on security awareness.

Microsoft detailed new botnet protection, IdM technology at RSA Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group, offers insight into the company's plans to thwart botnets, secure enterprise cloud computing and help individuals better manage their online identities.

Yes, the first step that will be the most effective is to educate computer users about potential threats from highly qualified hackers, what needs to be done and how to operate computers safely.

Here is what one fellow said in his blog:
"I run a computer service shop, and...we drop Avast [anti-virus program] on ALL computers that come in, while simultaneously telling every single customer that it will do nothing to prevent them from brand new threats...and neither will anything else on the market today! Quoting myself, "viruses are a cat-and-mouse game, and antivirus vendors are always the cat doing the chasing." Software firewalls are also junk because any virus that does take root can easily bypass such a program. In reality, the only two things that are needed to keep a secure network are (A) a hardware firewall between you and the Internet and (B) well-educated, cautious, skeptical users. Education seems to fly out the window when an erection or free music is involved… Computers and software stopped being the weakest link over a decade ago. The most commonly exploited security hole on a computer is the device which sits between the keyboard and the chair, not the IP stack or WMF rendering libraries."
Posted by: cryptikonline on: 07/14/09

Step number two should be proactive defense, the type of defense that actively fights hackers with their own weapons. I was glad to find information that there are some white-hat hackers that actually do just that!

In accordance to F-Secure, a white-hat hacker (a good guy) using the avatar 'Catch-Em' hacked into the Pakbugs.com web site (the underground site that re-sells stolen credit cards), compiled a list of registered users with their email addresses and passwords and then posted the list to the Full Disclosure security mailing list. He also forced the web site to shut down for several days, and later (when the web site was online again) activated the DDoS (distributed denial of service attack).

DNSSEC introduced a new encrypted domain technology designed to protect the domain name system from spoofing and other hacks.

Lockheed Martin has formed an information security alliance with several technology providers to focus on self-healing systems to solve some of the information security problems.

There are also some successful operations on the grand scale. Eighty (80) people worldwide were arrested in connection with a major international banking ID phishing scam. "Operation Phish Phry" has been described as the biggest cybercrime investigation in US history.

I'd like to see more news like these ones:
There is a known technique to build "Honeypot" servers that attract hackers by lack of any protection and avert them from sensitive servers that have various layers of protection. Since the hackers usually take the easy route, those servers serve well by not only turning the attention away from important computers but also allow learning how the servers are being hacked and what needs to be done to protect the sites against becoming a part of botnets. For instance, a new open-source honeypot project called Glastopf dynamically emulates vulnerabilities attackers are looking for" and can auto-detect and allow unknown attacks.

Recently introduced technique, perhaps limits the number of security holes in the software by using the application Whitelisting techniques like from Faronics. If any executable file is not on the white list, it's not permitted to run!

On another note, if you have the critical infrastructure with strategic importance, why not isolate it physically from the Internet and use, perhaps, dedicated lines of communication? Not possible? I doubt it. With amount of money wasted on security that does not protect there is always a way to find the method of managing the infrastructure without exposing it to attacks originated from the Internet.

What can we do about cyber-terrorism?

Let's be honest, the facts are against us. Those who defend the networks are faced with a huge range of cyber-weapons to protect the infrastructure. At the same time, the cyber-gangsters can reach the goal by exploiting only a single vulnerability. Cyber-gangsters are usually fanatics who would do anything to cause the mass destruction, whereas security experts are not the fanatics to work tirelessly endless hours.

U.S. Federal agents have thwarted planned terror attacks on Fort Dix, N.J. by uncovering a terror ring in Lackawanna, N.Y. and plots against the nation's financial centers, the World Bank, ten airliners landing in the U.S. (the liquid-bomb plot), JFK airport, the Brooklyn Bridge, the New York subway system, the Los Angeles airport, the Israeli consulate in Los Angeles, and the Prudential Building in Newark, N.J., among others. They fought real terrorists. But how do you fight cyber terrorists?

The Internet is not a secure media. Those security professionals who passed CISSP exam (commonly respected security certification) learned about the model for security policy development or so-called "CIA triad" (Confidentiality, Integrity, Availability). The problem with the Internet security lays in the fact that the Internet was not initially designed for confidentiality or integrity. It was designed for availability and resiliency by providing a packet switched network with alternate paths meshed together. The security services of confidentiality and integrity usually must be implemented at the application and end-point levels (computer, mobile phone, PDA, etc.).

There were some voices to re-design the Internet and to make it more secure. Wouldn't it be great? It makes sense for some of the people who are responsible for security. This drastic measure cannot be taken without the government intervention due to possibly imposed taxes on the Internet usage and huge expenses. As you may guess, this measure will obviously rage many people (including myself, perhaps on this stage) who would oppose it using all available civil rights. I am not talking only about the U.S. citizens but also about world's net-citizens since it must be a common effort after a commonly accepted agreement.

Maybe the future incidents will push more people toward this measure but we must act now - as a government and as individuals - to fully meet the challenge of cyber terrorism. Some methods we may use include:
  1. Implementing strong access control systems to ensure that only authorized individuals can access cyber systems.
  2. Using strong encryption to ensure confidentiality and integrity of information stored, processed, and transmitted on and through cyberspace
  3. Keeping policies up to date, and ensuring they are strictly enforced
  4. Implementing effective detection systems to recognize currently known and future cyber attacks quickly
  5. Closely monitoring all cyber activity by using log files and log analyzers
  6. Implementing a real-time national defense strategy
  7. Deep analysis and forward thinking on possible future technologies and prediction of attacks (based on current trends) that may occur as those technologies are implemented to address the security requirements of the future

1. END-POINT PROTECTIONS FOR ORGANIZATIONS

Here are the "BIG SEVEN" rules that reflect the major steps to be taken to protect the end-points in the corporate and government networks:
  1. Create an Internet use policy and use the web content filtering with scheduled updates.
  2. Train employees on cyber security and enforce it vigorously.
  3. When administer the access rights, reduce privileges as much as possible on a "need-to-know" basis.
  4. Login to the system with administrator rights only when you need to change the configuration or install/remove the applications. Otherwise, login as a regular user with no administrative rights. (Report: 92% of critical Microsoft vulnerabilities mitigated by Least Privilege accounts)
  5. Take care about updating your software (OSs and applications patches) religiously.
  6. Use the best possible Anti-malware product on each piece of hardware. Besides that, implement application "whitelisting", heuristic and behavioral detection additionally to detection by signatures to mitigate zero-day threats.
  7. Consider implementing new technologies such as cloud and virtual computing by centralizing the hardware for distributing the applications down to user's PCs (or terminals).
Using application and OS streaming based on specific needs and storing the images in one, central location will increase the security level and lessen the burden of maintaining the security locally, on each node since all the patches and security protection will be concentrated in one place rather be distributed all over the network - hosted security (assuming that the application/OS streaming will be tightly secured and encrypted).

Such a solution may dramatically lessen the number of attack vectors with many additional benefits. In fact, server versions of Windows typically have a lower infection rate on average than client versions. Servers have a tendency to have a lower effective attack surface (or vectors) than computers running client operating systems because they are more likely to be managed by experienced administrators and to be protected by several layers of security.

2. ANTI-SPAM PROTECTION

MessageLabs Intelligence Top Tips to Stamp out Spam:
  • Protect your email address - using your primary email address anywhere on the web puts it at risk of being picked up by spammers so be careful where you use it
  • Watch out for the checkboxes - when you buy or sign up for something online, opt out of being contacted by third parties, you don't know where your address will end up.
  • Don't use the reply, remove or forward options - acknowledging the spam email using any of these options only validates your email address and can lead to more spam.
  • Use an unusual name - if you use an email address with numbers in it for instance, you are less likely to receive spam. Spammers often use directories of common names to guess email addresses, e.g. ajones@company.com, bjones@company.com, etc.
  • Avoid clicking on any links in spam messages - the addresses of links are frequently disguised and often serve only to confirm your existence to spammers. Same with unsubscribe links.
  • Avoid downloading pictures in spam email - these can identify you as a recipient even if you just view the message in the preview pane. You can view your email as text to prevent this, or you can set your email security to block external images.
  • Use a spam filtering service

3. HOME PC PROTECTION

a) First of all, educate yourself about information security even if you are not involved in the Information Technologies.

b) Consider dedicating one PC exclusively for online banking. Restrict other browsing or services like email of web surfing.

c) Use the combination of the best security utilities. My "four favorites" that I have on EVERY PC that I use at home and recommend to my clients:
In addition, if you download a zipped or executable file from the Internet web site, please use the Virustotal.com web site. Upload your file to that web site and verify it against 32 virus scanners. There is a big chance that only one anti-virus scanner will detect the malicious content. The service is free.

d) Do not expose your personal information on social networking web sites. It's easy to follow the crowd and proudly post your photos and personal information about yourself and your family. Keep in mind that it is exactly what the hackers need to steal your identity.

e) Remember that "there's no patch for human stupidity". Do not click on suspicious e-mails that you don't expect to receive. Do not open e-mail attachments (even such "innocent" as PDF or PPT files) because they may contain the malicious code. In fact, the PDF files, in particular, are responsible for about 80% of all infections in accordance to some sources. Such the files can take a form of fake codec or videos and poisoned search results continue tricking users into on purposely disabling the security programs that they had at the first place.

No Internet security suite can protect you from yourself, so do yourself and the Internet a favor - patch all your insecure applications - it's free with F-Secure and Secunia.

Through a combination of a fully patched OS (operating system) running the latest versions of the software installed, least privilege accounts and a well-configured personal firewall, a big percentage of the malware that penetrates through the client-side will be mitigated well before it reached the antivirus scanner.

f) Sometimes, you may travel (abroad or just out of your office). Please be cautious about public PCs/kiosks:
  • Check how the PC is set up. It shouldn't let you access the system settings such as the control panel and user accounts. It is a case when the less you can do on the PC, the better - it's well-locked down. I would also recommend to look around the PC for any kind of plug-in devices. It can be hardware-based keylogger attached to the keyboard cable or USB port. For more on keyloggers, read the Bright Hub article, "Risky business, using kiosk computers."
  • When you HAVE TO perform online banking and credit card purchases that might leave sensitive information on public PC and have to chance to avoid it (what is highly recommended), uncheck any box offering to remember your information and change your passwords as soon as you are on a PC you know is secure (home/your office). I have setup special access to my online PayPal account using the security fob that generates random digits to be used for passwords. It allows me to access the web site with a different password every time I use it. You may request it from PayPal, too.
  • If you have access to browser options that let you clear the cache and wipe out cookies, you should use them. The best systems warn you that they will clear stored information such as cookies when you exit.
  • If you need to save a file - do not do it to the local drive but rather to Flash drive. Also, you may want to e-mail the file to yourself and then delete it from the public PC. Make sure you emptied Windows Trash can.
  • If you access the Internet through Wi-Fi networks available in public places, remember, there might be hackers that wait for your free, password-free access. Today's Wi-Fi security protocols are proven to be weak and can be easily broken within minutes with a tool freely available on the Internet.



The future of cyber space. Be aware!

Since this is the last chapter of this article, I'd like to summarize my concerns. In accordance to Liu Migfu (People's Liberation Army (PLA) Senior Col., "The China Dream" book), "China's big goal in the 21st century is to become world number one, the top power."

China's population is growing by 21 million a year and currently houses 1.2 billion people that represent 22% of the world's population. At the same time, their territory is only 7%. The law that restricts Chinese citizens to have only one child doesn't work because poverty breeds children in spite of the danger to be put in jail. This limited territory cannot provide enough food for such a dramatically growing population forever. Many poor Chinese citizens will be faced with starvation.

Of course, I am speculating but think about it. What would be the solution to this problem if you are one of the Chinese government officials? The answer is the immigration (legal and illegal) of a large number of people to the every corner of this world. It's the most inexpensive solution that will have the most lasting effect. China thinks in longer terms. The gradual (and peaceful!) takeover of the territory could be a long-term plan. Legal immigrants can buy or open businesses in whichever country they settle in and have the political power earlier or later. The illegal immigrants will flood the businesses with cheap labor. Given enough time, all of it may lead to serious political and economical influence all around the world especially if Chinese immigrants will preserve close ties with their motherland.

I am taking about a peaceful invasion that you cannot fight because it will be a fight against unarmed people. Taking into consideration long-term plans and almost enormous financial resources of China, the Chinese immigrants will be supplied with enough money from the Chinese government to keep the businesses strong. Of course, they will have to repay the loan what will tie them to China even more.

The same financial resources concentrated in the hands of Chinese government can surely be used (and probably are used) to finance the cyber-gangsters who conduct cyber espionage (economic and military), to secretly stockpile the gold and invest in oil-rich regions out of China, to bribe government officials in various countries and to gain the advantage in trade and politics. Just try to arrest any Chinese anywhere in the United States and the Chinese government will raise a hell with the White House. I am taking about boycotts of trade goods and various sanctions. The growing power of China will be used easily to tight our hands. Now, can we arrest any Chinese hacker in China even if he is an originator of the cyber attack?

The trade and cyber war between the People's Republic of China and the United States, in particular, is a war for extraordinary power and wealth for the winner, and therefore China uses all available resources openly or secretly for winning down the road.

Regardless of whether cyber terrorism is a serious threat to safety, our critical infrastructures, or just an annoyance, we must be forward-thinking to meet future challenges regarding cyber security.

As you understand, many countries' governments consider cyber security and cyber- weapons very seriously. Our government, in fact, not only continuously worked on improvement of cyber-security but also successfully used cyber attacks during Iraq war in May 2007 when George W. Bush authorized the NSA attack on the cellular phones and computers that insurgents in Iraq were using to plan roadside bombings. The attack not only prevented successful communication and coordination efforts but also supplied enemy with false information by leading them directly under fire of U.S. soldiers.

There were several cyber tsars to lead the U.S. efforts in cyber defense as well as several major initiatives aimed to improve and protect our infrastructures against cyber attacks. The new reality of computer age is taken so seriously that the Obama administration's former White House chief of cyber-security, Melissa Hathaway, has called for international cyberspace agreements (with similar proposals from Russian government).

However, the chances of such an agreement are quite slim. And here is why. The senior U.S. Army officials identify the wireless communications networks used by insurgents and terrorists as their No. 1 target, and after the Russian government's attempt to propose a treaty limiting the use of cyber-weapons, the State Department has rejected the idea preferring to focus on improving defenses and summon cyber attacks as crimes. In addition, the officials are against any move that could undermine our own cyber security by limiting the options and ability to attack because the advantages of having a cyber-warfare capacity are simply too great in the computer era world.

The cyber-war tactics are also advancing. The United States has already learned that it makes no sense to hit an enemy's infrastructure if it disables an ally's, and possibly America's own since many networks are interdependent. "If nations begin attacking one another's banks and power grids, the next step is exchange of bombs and bullets". In spite of the fact that China rapidly moves to the leading position of cyber-war master, most likely, it has no desire to knock-out Wall Street, because it owns large piece of it. Russia should be hesitant to begin a cyber-attack on the United States because, unlike Estonia or Georgia, the U.S. could quickly response with massive conventional force.

As you see the Cold War still exists but it moved underground or, to be precise, "underwire".

In fact, in accordance to McAfee's annual Virtual Criminology report, many nations are secretly stockpiling tools and techniques in preparation for sophisticated cyber warfare against each other So, expect the cyber-weapons to be enhanced, the cyber-war capacity to be increased and improved, and methods of penetration or DoS attacks to be technologically advanced.

Here is a "dirty 13" prediction for 2010 by Larry Barrett:
  1. Antivirus is not enough
  2. Social engineering as the primary attack vector
  3. Rogue security software vendors escalate their efforts
  4. Social networking third-party apps will fraud targets
  5. Windows 7 will come in the crosshairs of attackers
  6. Fast Flux botnets will increase
  7. URL-shortening services become the phisher's best friend
  8. Mac and Mobile Malware Will Increase
  9. Spammers breaking more rules
  10. As spammers adapt, volume will continue to fluctuate
  11. Specialized malware on the rise
  12. CAPTCHA technology will improve
  13. Instant messaging spam will surge
Russians have an excellent proverb that when being translated to English sounds like this: "Those drowning - save thyself". It can be very well applied to the situations described in this article.

Got computer? Start with security!

Please share this article on your network (Tweeter, Facebook, etc - more social networking links can be found on top of the page in the right corner)

References:

http://community.middlebury.edu/~scs/docs/Lee%20Lai%20To,%20China,%20USA,%20and%20the%20South%20China%20Sea%20Conflicts.pdf
http://english.peopledaily.com.cn/home.html
http://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=e1005399-d98b-4aff-bb60-2c1884949700
The commercial malware industry.
http://blogs.zdnet.com/security/?p=3673
http://blogs.zdnet.com/security/?p=4791&tag=nl.e539
Janczewski, L. & Colarik, A. (2008). "Cyber Warfare and Cyber Terrorism". Page xiii. Information Science Reference, Hershey, New York
http://www.financialsense.com/stormwatch/geo/pastanalysis/2009/0717.html
http://www.microsoft.com/downloads/details.aspx?FamilyID=037f3771-330e-4457-a52c-5b085dc0a4cd&displaylang=en
http://www.cnn.com/2008/TECH/03/07/china.hackers
http://www.popsci.com/scitech/article/2009-04/hackers-china-syndrome
http://money.cnn.com/magazines/fortune/fortune_archive
http://tinyurl.com/llcdcc
http://www.investors.com/NewsAndAnalysis/Article.aspx?id=522689
Posted by at 2 comments:
Labels: , , , , , , , , , , , , , ,

Thursday, February 18, 2010

Should we be afraid of Chinese hackers? ...Or lost cyber war (Part I)

"Our nation's intellectual capital, industrial secrets, and economic security are under daily and withering attack." --Stephen Spoonamore (expert in the field of electronic data security and digital network architecture.)
"China's big goal in the 21st century is to become world number one, the top power," -Liu Migfu. (People's Liberation Army (PLA) Senior Col., "The China Dream" book).
"Political power flows from the barrel of a gun." - Mao Zedong (former Chairman of the Communists Party of China)
"Educate and inform the whole mass of the people... They are the only sure reliance for the preservation of our liberty."-- Thomas Jefferson


Disclaimer.
Please note, I don't pretend to be an expert in politics. I am just sharing my concerns. Thank you in advance if you are ready to spare 20-25 minutes and read this article.

I began sharing my views on politics as the main motivational factor for cyber crime in the first article that I wrote about Russian hackers. Now, let me share my concern about their neighbor to the south, a "rising star of the world economy" China, and growing skills of Chinese computer hackers.

PART I
PART II
PART III

PART I


A "political correctness" storm.

The terms "cyber terrorism" or "information warfare" are derived from political agendas of those who rule the countries or from global conglomerates and large corporations that don't hesitate to use any possible measures to achieve their goal. The information age gave us not only sophisticated computer equipment, software, and gadgets but also something that many of us did not expect. I am talking about malware, cyber war, anti-virus programs, firewalls, computer worms and Trojans, botnets, identity theft, and social engineering. All of it became a part of our lives; whether your life is somehow associated with computers or you touch the keyboard occasionally.

This article is not only about cyber danger from our "friends" but also about what causes this danger and why we have to understand it better in order to protect not only our computer systems but our country and our position in the global economy. So, forgive me about emphasis on politics because I believe that political repercussion on current situation with the information security is enormous.

If you are working in the office (except those lucky enough to work from home), you are facing so-called "office politics" every day. You interact with your fellow co-workers and your lovely (or not so lovely) managers. As you may have already discovered, your wellbeing depends more on the right behavior and ability to navigate the river of office politics than on your technical or other abilities. The same occurs on the global level between the countries and even continents.

Unfortunately for us, many Western countries including USA are running under "political correctness" dogma created and nurtured by the fanatics of liberalism. Brainwashed liberals are people who do not accept even the strongest arguments and facts against their distorted dogma of social justice - the utopia of socialism and communism. Yes, they have ears but they don't want to listen; yes, they have eyes but they don't want to see the facts and reality of this world.

As Marina Kalashnikova, a Moscow-based historian, researcher and journalist, noted "Western establishment avoids uncomfortable truths about the world and themselves". Another Russian-born journalist who actually "tasted" socialism, Svetlana Kunin (IBD) said "When party leaders talk about the "collective good," what they are really talking about is their right to determine what is good for the collective. Government bureaucrats decide what level of sacrifice is needed and who needs to sacrifice. They replace voluntary charity with the forceful redistribution of other people's private property. Why do people born into a free society accept a failed 100-year-old ideology? It seems Americans are simply unaware of modern history. They don't know the theory behind slogans such as "fairness and equality" and "sacrifice for the collective good," much less how it works when implemented. They buy into old utopian slogans masquerading as new progressive ideals for "Hope and Change." More

Do you want to see where the "political correctness" approach leads to? Look at one of the European countries and what they are faced with. When the media is bought by the Islamic radicals from overseas and local hardcore liberals, the core value of democracy disappears and those who use it for their own advantages are well known. For instance, the examples of voices "political correctness" are clearly showing the fear of retribution if any action against rising Islam will be taken.

The "political correctness" is weakening and killing our country too; it's spreading out to all facets of our lives making us vulnerable even inside of our borders where we are faced now with a new enemy -- radical Islamism. We have created a climate in which not only citizens are forced not to speak when their concern is related to radicalized Muslims but also the members of the military who are afraid to raise questions about the bald and blatant Islamist comments. We have learned from the press that no one raised a red flag about what Major Nidal Hassan expressed over many years because it could be interpreted as anti-Muslim prejudice. In turn, the military took no action against a man who loudly advertised his extremist sympathies. Thirteen (13) Americans paid for that with their lives.

The radical Muslim world hates us because our culture (our music, our lifestyles, etc.) is spreading to them and threatening to steal away their power base (which is the hearts and minds of their children). Once their children have access to the Internet they'll discover the wide range of choices outside their culture. Instead, extremist Muslims use the Internet to radicalize young Muslims in Western countries using their personal weaknesses. And while the vast majority of the world's Muslims are not extremists, significant minorities are just that. Worldwide, Muslims believing themselves to be advancing the faith have committed more than 14,000 acts of violence just since 9/11. To name just few: Madrid, London, Bali, Jerusalem, Mumbai, and Amman. The list is long and bloody - and it includes many innocent Muslims.

There are many furious and confused Americans who witnessed the years-long campaign to minimize the threat of radical Islam, to paint Islam as "the religion of peace," and to marginalize critics of the jihad as guilty of "Islamophobia." It's time to learn from the problems concerning Switzerland and many other European countries: "(1) A large Muslim immigration coupled with a low native birth rate; (2) Increasing Muslims efforts to change the national culture over to an Islamic one, starting small but having ambition, and less and less tendency to assimilate and live in tolerance; and (3) Terrorism from radicalization" (New York Times and Wall St. J, 11/30).

Even in China, pro-China and pro-Muslim hackers have clashed online in a series of Web sites defacements since deadly ethnic riots in China's Muslim region last months.

Here is what one of the Internet bloggers, spinedr33, said: "...no President can come out and say "there's a cultural war happening right now... there are 1.6 billion Muslims and a sect of their culture doesn't want to co-exist with Western culture. So they want us dead. To defend our way of life, we have to fight back. Since these are people - and not countries - we're going to have to fight any regime/country that won't help stop their radical citizens. So there's a good chance that we may come into conflict with Iraq, Afghanistan, Iran, North Korea, etc." The best anyone can do is using the euphemism "war on terror." But let's face it- there IS a cultural war going on right now. At least WE'RE willing to call a truce to stop it (the radicals no longer seem able to do so). There's so much more to write, but what's the point? If you don't get it by now, you may never..."

Blind liberalism and ignorance to the reality of this world created the product of this correctness - our President and his ideas of spreading the wealth and social justice policies not only to our country but also on a global level. It began from Obama's apologies for past American behavior, sending peace feelers to our former enemies like Castro brothers and Hugo Chavez, bowing to the Japanese emperor and the Saudi king on his recent visits to Asia and Arab Emirates (we did not notice him bowing to the Queen of England). He has deferred to Russia about missile defense and conveniently "forgot" about human rights, global warming issues, and Tibet to China.

This President aims to kiss the back sides of our enemies pronouncing that America was ignorant and arrogant, and we are better now and ready for cooperation. Cooperation is good but with whom? Israelites also tried numerous times to cooperate but were barraged with rockets in return. This new American approach to solve the world problems by bowing is very much to the taste of Iran that, based on recent events, came to conclusion that America can be simply ignored.

Harold Estes, enlisted in the U.S. Navy in 1934 and served proudly before, during and after WW II, sent a letter to the President and several U.S. Congressman. He said "One of the benefits of my age, perhaps the only one, is to speak my mind, blunt and direct even to the head man. I am amazed, angry and determined not to see my country die before I do but you seem hell bent not to grant me that wish.
I can't figure out what country you are the president of. You fly around the world telling our friends and enemies despicable lies like:
"We're no longer a Christian nation", "America is arrogant" - (Your wife even announced to the world, "America is mean-spirited." Please tell her to try preaching that nonsense to 23 generations of our war dead buried all over the globe who died for no other reason than to free a whole lot of strangers from tyranny and hopelessness.)... Take a little advice from a very old geezer, young man. Shape up and start acting like an American. If you don't, I'll do what I can to see you get shipped out of that fancy rental on Pennsylvania Avenue. You were elected to lead not to bow, apologize and kiss the hands of murderers and corrupt leaders who still treat their people like slaves." More...

Why am I telling you all this that is not directly related to China? Because everything is politisized and the politics is a complicated matter especially when we are seeing the results of "political correctness".

Let's get back to my concern. Please answer these two questions. What's the difference between the Cuban communists and China communists? Why is it OK to have a business with one communist country but not with the other one? Is it more politically correct? Yes, today's situation with China dictates that we don't have to throw the stones on China since we have a glass roof ourselves. Who should we blame that we raised our enemy with our own hands? We can only ourselves and our own governments.

Political situation in China

Today, the emperors that were born into position through a family dynasty no longer rule China. Rather, the Republic of China currently operates under a communist government (and many U.S. Government officials are intended to forget it), which is divided into several branches. Much like the U.S. executive and legislative branches of the government, the NPC (National People's Congress) holds the power to pass laws and change the constitution, as well as elect members of the State Council and Chinese Supreme Court.

As Chinese describe it, after the end of the Qing dynasty in 1912, China was still maintaining a feudalistic society where a small group of rich landlords had the majority of the country's wealth, leaving masses of peasants in poverty and despair. Imperialism from Europe also humiliated the Chinese people because they were not truly in control of their own country, having been forced into an embarrassment of unfair agreements. Finally, the Chinese Communist Party formed in 1921 with the goal of bringing to an end foreign oppression of China.

Since the establishment of the People's Republic of China in 1949, the government has desperately tried to heal the country's wounds that resulted from years of turmoil. Their first priority is to assure that all Chinese "eat their fill and dress warmly," a task not easy to do considering the country's gargantuan population. This all falls under the Declaration of Human Rights which states that all citizens are entitled to "life, liberty and sustenance" (we see the difference in two countries' situations by comparing this to the United States' principle calling for "life, liberty and the pursuit of happiness.)

Under this socialist government, "freedom of speech, the press, assembly, association, marching and demonstration is officially guaranteed" for Chinese citizens. If you are a citizen of 18 years or older, you have the right to vote for deputies of the National People's Congress. They also have the right to lodge a complaint against officials if their rights are violated. Additionally, the country promises government protection of religious rights. China supports equal rights for all ethnic groups, prohibiting discrimination, including discrimination against women. However, the underlying principle behind today's Chinese government is the socialist idea that "All power in the People's Republic of China belongs to the people." After centuries of being under the control of an emperor and years of subjecting to foreign powers, the Chinese desperately work for a society in which the citizens lead their own country.

Sounds nice? In reality, based on observations, most of the democracy - related rights are being ignored or actually suppressed by the government. So, the slogan "All power in the People's Republic of China belongs to the people" actually is converted to "All power in the People's Republic of China belongs to the people" actually is converted to "All power in the People's Republic of China belongs to the Government". It is a nature of the socialism or communism - driven system. The Chinese government does not allow criticizing their rulers, they hold a tight control on all economical, financial, and political processes, and suppress the freedom of information by applying heavy censoring of Internet and local media (read the news about Obama's visit to China and his meeting with Chinese students).

Growing Economy

"Obama... was impressed with the dynamism of Shanghai, where he held a town hall-style meeting with Chinese youth Monday and which, he said, is "a sign of China's emergence as a great economic power." (AP). In fact, when my friends visited China last year, they also were impressed with a number of construction sites surrounding cities - the result of rapidly growing economy, so far, the third biggest in the world.

I respect the Chinese for their 5000+ years history, their contribution to the world with medicine, sport, the art of drawing and self-defense, their hardworking, dedication, and smart approach to many things in life. The current economic power of China is the result of sweat and blood of ordinary citizens applied every day. This is the simple secret of success. If you would have a chance to look inside of the auditorium of prestigious U.S. colleges that teach math, physics, and mechanical/electrical engineering, you would be surprised to find out that about 85% of students are Asians.

Some of them choose to stay in the U.S. They are the kids of hardworking parents who emigrated from China, who keep Chinese food restaurants with your favorite food, and who save money dollar-to-dollar to give the kids the best possible education. They are also the kids of wealthy Chinese who can afford to educate them in American colleges. Many of them come back to China after graduation as they see the opportunity to prosper in their own country. And many of the technology companies that are sources of national pride in China, for example Baidu.com and Sohu.com, are founded by returnees from the West, and are listed on the stock exchange abroad.

However, do not be blinded by China's economic growth success. A mild form of social-democratic political system in Western Europe has resulted in decline in standard of living weighed down by welfare. A harsher form of socialism in China led to mass misery and murder (Tiananmen Square). Recent events when China's authorities decided to put the Chinese lawyer on trial after he wanted just to follow the criminal law in a case against local mafia, or when the San Francisco layers tried to sue China for $2.2 billion dollars in an Internet-censoring software piracy case and came under cyber attack last month are proof that you can expect anything but democracy from the communist government.

China vs. Russia

Being at a great disadvantage compared to Russia, with a humongous number of poor people and lack of advanced economical infrastructure, China economically overpowered Russia as well as many other countries. It's not the only current communist government's smart politics to attract the foreign capital, not only smart policy to protect it, but also the solid base on workforce that want to live better and don't mind working very hard to achieve their goal. There are several explanations why Russia, the country with the biggest amount of natural resources and territory in the world, the country that had the industrial infrastructure in place, could not repeat the success of China:
  • Stupid politics and total corruption from the top to the bottom;
  • Lack of protection for foreign capitals;
  • Aging population;
  • Search of an "escape goat" instead of honest view on what's wrong with the country and how to fix it;
  • Obsession with drugs (flowing from Afghanistan), especially with alcohol.
I don't want to go into details on how the Russian government is implementing their plan to improve the lives of citizens by acquiring and selling natural resources for personal enrichment. What can you expect from a government that consists from 75% former KGB officers and their buddies and the rest from former criminals to mafia bosses? There were many articles written on this topic by not only the Western journalists but also by Russians themselves. The paradox is that while Russians are gladly accepted all Western goodies (cars, music, clothes, fashion, etc) after the fall of Soviet Union, they are hesitant to accept the true democracy and the country is falling back to the dark age of a cold war.

As one of the investors, Bill Mann mentioned back in 2006: "Investing in another country means that you need to have an understanding about what the people to whom you are entrusting your money think about people like you." Citing the "unpredictability of administrative processes" in Russia, Swedish retail giant, Ikea, froze all its future Russian investments last year because the company faced inflated electricity prices in supposed retaliation for an unwillingness to grease some palms. In a statement that attests the quote above, Ikea's country director conveyed the feeling to an interviewer that "someone somewhere does not like us." More...

Many of the average Russian workers are alcoholics (or, perhaps, huge fans of alcohol) who have no work ethic and motivation to work hard but to spend most of the earned money on alcohol. The paycheck day is very special - the stores that sell vodka see long lines. The next day after the paycheck, many factories and organizations lose 30-40% of people coming to work. A bottle of vodka became nation's currency, a door-opener to the offices of bureaucrats and a payment for various favors

Hard to believe? Consider this. The Russian Federal Organization' web site for alcohol regulations published the project of a new regulation to establish a minimal price for vodka since the "samogonka" (or hard liquor prepared at home) competes with the commercially available vodka. Russia is getting good revenue from sold vodka (38.2 rubles per bottle) considering the fact that, in 2008, vodka sold in Russian Federation in the amount of 1,760,000,000 liters! Add to that an estimated 20-24% of that amount of self-made alcohol and you will end up with 2,147,200,000 liters a year or more than 90 liters per person (!) including children.

Just consider these three sarcastic Russian anecdotes: "Kids from the Yaskovichi village knew very well that they will earlier or later become alcoholics but (just in a case) dreamed to become the astronauts." "The Turkish authorities request Russian tourists to arrive with the passports where they are pictured drunk..." And another one: "In Russia, the alcoholism is not struggle but pleasure".

Many Russian families send their kids oversees not for American education as Chinese do but to look for better life or perhaps to make some money and send it back home to support parents. What else can they expect? Either work as a puppet for one of the wealthy "new Russians" (and without owning a car it's also problematic); join military; join militia (local police) to collect the bribes on the roads; or become an alcoholic working at the factory or elsewhere for low compensation or even worse - drug addict - the fate of many young people. Many Russians don't see the light in the end of a tunnel in their homeland. It's not my imagination - I spoke to few kids from Russia that I met in Sicily (Italy), New York, Cancun, Rio de Janeiro and Barcelona. They are all spread out through the world map.

In many cases, finding a decent job in Russia is problematic - you have to have a car (not affordable for an average citizen) as well as certain skills that cost money to acquire. Young adults who live in large cities have more choices but the newest fashion - drugs are killing without remorse. Russia's attempt to establish the democracy turned to a population to serve the wealthy management.

I spoke to a Russian immigrant who recalled the following story that happened about 30 years ago. He was among several people in the room to meet the Russian journalist who worked in China for almost 25 years. It was a fascinating story about China and Chinese but he memorized the only one phrase that is still carbon in his memory. "If the average Soviet farmer ("kolhoznik") would work at least at 1/3 of the power of the Chinese farmers, the Soviet Union would be in great shape."


Long-term goals

Smart decisions even under communist government resulted in outstanding growth of China's economy since the strong economy must be a component of a global dominance. At some point, Deng Xiaoping's statement (who was a 3rd Chairman of the Central Military Commission of CCP) "to be rich is actually good" began China's re-birth. He is called "the architect" of a new brand of socialism and was credited with advancing Chinese standards of living

Having more money and carefully manipulating the currency, stocking up on a number of key commodities when the commodity prices such as oil and copper are low, investing up to 15% to 20% of GDP into the infrastructure of highways and railways, plus all the associated township infrastructure linking North and South, and East and West across the U.S.A. or Europe advances China's economy in unprecedented pace. China is also buying U.S. government issued bonds and heavily invests in military and space, purchasing new technologies from the West and then using it for own advantage.

At the same time, China is quietly and rapidly buying gold to protect its huge U.S. dollar reserves (~$2 trillion in U.S. debt). For the past six years, the country has almost doubled its holdings in gold to 1,054 tons, making China the sixth-largest holder of gold bullion. At the same time, they are pushing the idea of replacing the dollar as the world's reserve currency with another stable currency issued by international financial institutions. How can China buy gold quietly? They make a number of direct purchases from the governments of major gold-producing nations. China now has 30 times more gold in reserves than it held in 1990.

I am not talking only about the Chinese government but also private citizens who now have permission (and encouragement from the government to allocate at least 5 % of investment!) to buy gold, something that was not possible just last year and considered as a crime. If every one of the 900 million hardworking Chinese people were to buy just one ounce of gold, it would completely absorb the production of all the world's gold mines for the next 10 years. The value of that gold at today's bargain prices would be $1.13 trillion. According to the China Gold Association, the People's Republic plans to increase its gold reserves another 374% -- to 5,000 metric tons while the export of gold is banned! Recently, China entered into an agreement with Russia, Brazil, France and several Arab states to end dollar trading for oil -- instead using a bin of currencies that includes gold. No doubt, with the U.S. dollar losing value -- exactly opposite to gold -- China should protect itself, but all these actions together could make China a future world gold supplier - a part of the world dominance plan.
Watch out, America!

A weak yuan (The renminbi or the Chinese yuan is the currency of the People's Republic of China (PRC), with the exception of Hong Kong and Macau) makes Chinese exports cheaper and is forcing American companies move offshore, grinding down support for soothing global trade rules and fanning trade disputes. While China builds the magnetic levitation train that can travel at more than 300 miles per hours back in 2003, the U.S. invested only 1/10th of 1% of GDP for infrastructure while the railroads are falling apart. By the way, China just announced that their super-speed train broke the world record.

While China invests in the largest electric grid in the world more than doubling its electrical capacity, the U.S. has a "critical mass" situation with its electrical grid that is running out of capacity to support its economy (I am not even talking about electrical cars being planned to manufacture this year). This is how one country loses the power while another one gains using all the weaknesses of the opponent. Only now, the Obama administration began talking about investing $15 billion in the U.S. infrastructure that is still a water drop in the sea comparing to what is actually required.

"The world trading system is going to blow up, or the U.S. economy is going to totally de-industrialize unless China loosens controls on its currency", said Peter Morici, a University of Maryland business professor and a former chief economist at the U.S. International Trade Commission.

It reminds me of Japan in the beginning of the 70's, the country that basically overpowered American dominance in TV and metalworking tools markets. Using honest (and not very honest) methods, manipulating the U.S. government officials by either bribing or by blackmailing, they allowed, for instance, sell TVs in Japan only after the U.S. manufacturing and technology rights were sold to Japan. With Japanese's outstanding ability to improve the technology step-by-step, Japan began to manufacture better quality products and sell them cheaper. Do you remember the American TV companies like Zenith and RCA? They went out of business. Not to mention Japanese cars vs. American?

Even now, money hungry U.S. corporations repeat the same mistake - history did not teach them a lesson. For instance, the potentially huge market in China attracted Microsoft (read below how Microsoft gave away the source code to China) as well as many other industry giants. Now, all this technology is used to advance China and give it a leading edge. It's a fact of life that U.S. consumers use most of the China-made products in daily life starting from electronics, clothes, tools, and finishing with food products including food for pets. It's even scary to imagine that if one day China would want to stop the flow of the consumer products to the American people we would face a disaster. The only thing that calms me down is the fact that Chinese probably doesn't want the U.S. to fall down severely because of a huge pile of U.S. government issued bonds that has accumulated in their hands.

However, it's a trump card in their hands that could be used if it would fit in the big plan to bring the U.S. to its knees. And who would fill the vacuum? Who would become the new superpowers? Regimes proved that they were unafraid to be ruthless to their own people (not to mention their enemies). The Chinese government dreams about restoring the world dominance of China as the greatest country. I wouldn't be surprised if they achieve their goal within next 10-15 years. Read this part of an eye-opening article from IBD.
"In the case of Communist China, we're talking about a power that was willing to embrace capitalism because its totalitarian rulers saw that it could be the key to global dominance. When students tried to use new economic freedoms as a path to political freedoms, they were soon gunned down in Tiananmen Square, or incarcerated. So why would it surprise anyone that a regime so brutal and calculating would also in 1982 provide enough highly enriched uranium to Pakistan to construct two atomic bombs, as rogue Pakistani scientist A.Q. Khan has revealed and the Washington Post reported ...? Indeed, according to Khan it was none other than Chairman Mao himself who years before approved the secret deal. Islamabad and Red China may have animosity toward India in common. But it is simply naive to believe that Beijing did not have an eye on the potential destabilization that the nuclear empowerment of a hard-line Islamist regime would have on Western democracies.

"If New York were hit with a terrorist nuclear device, the Chinese would be the first to offer medical assistance, blankets, and toys," say nuclear weapons experts Thomas C. Reed and Danny B. Stillman in "The Nuclear Express," a book based in part on visits to Chinese nuclear facilities. "But the fact is," they add, "with New York down and the dollar discredited, the mandarins of China would be the last men standing. China would emerge as the world's pre-eminent economic power, with the clout to allocate energy resources as it saw fit."

China and Russia together have for many years helped Iran build nuclear facilities, which we now know Tehran's Islamofascist regime is using with the aim of building weapons. From providing technical information stolen from the West to aiding missile development to helping construct Iran's Bushehr plant, Moscow has been indispensable to the mullahs' nuclear ambitions. And again, to believe that former KGB agent Vladimir Putin only has economic gains in mind, or regional advantage, is naive. The bloodthirstiness of totalitarianism is at the core of China and Russia's proliferation efforts on behalf of Islamic powers. The Cold War may be over, but their malevolent global designs are not." (IBD, 11/13/09)


Financial and economic power these days gives China a clear advantage over the U.S. that struggles with economy and job market. No wonder our Democratic government tries to please the Chinese government in order to improve relations and allow more importing of American made products and technologies to China to bring the huge deficit balance down. The U.S. trade deficit with China widened in September 2009 to $22.1 billion from $20.2 billion, the highest in nearly a year.

Business Week mentioned: A day after President Obama left Asia after an 8-day visit, Jon Huntsman, the American ambassador in Beijing, tried to counter the spin in the media that his boss's China visit didn't go so well. China, having a leading edge now, can simply ignore U.S. requests or, perhaps, yield in small things but resist in a big way by following its own big plans.

Enough about China's global plans -- get familiar with their "cyber force".

Continue to PART II

Please share this article on your network (Tweeter, Facebook, etc - more links can be found on top of the page in the right corner)
Posted by at 2 comments:
Labels: , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)