Why Neither the US Nor China Admits Cyberwar

Why won't the US or China (or even Russia) admit we're engaged in cyberwar? I have a theory based on historical precedent, involving all three countries: the Korean War. Since my time in the Air Force I knew that US pilots had directly engaged Russian pilots in the skies over Korea in the 1950s. This was an "open secret." Recently I watched the NOVA episode Missing in MiG Alley, which confirmed this fact:NARRATOR: For 40 years, Russia's role...

Read More

On the Other Side of an Advanced Persistent Threat

I found these excerpts from yesterdays DEBKAfile story An alarmed Iran asks for outside help to stop rampaging Stuxnet malworm to be interesting:Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcize the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and...

Read More

Why Russia and China Think We're Fighting Cyberwar Now

Thanks to the Team Cymru news feed for pointing me to Emerging Cyberthreats and Russian Views on Information Warfare and Information Operations by Roland Heickerö of the Swedish Defence Research Agency. I found this content in pages 23-24, "Differences and similarities between Russian, US and Chinese views on IW," to be really interesting:In order to understand the Russian view in a wider context, a comparison has been made with Russia’s most important...

Read More

Kundra IPv6 Memo

I've written a few posts on IPv6 here. I read the short Transition to IPv6 Memo (.pdf) written by Federal CTO Vivek Kundra. I'd like to comment on two of the assumptions he makes in that memo:The Federal government must transition to IPv6 in order to...1. Reduce complexity and increase transparency of Internet services by eliminating the architectural need to rely on Network Address Translation (NAT) technologies;2. Enable ubiquitous security services...

Read More

Five Reasons "dot-secure" Will Fail

Thom Shanker reported in Cyberwar Chief Calls for Secure Computer Network the following this week:The new commander of the military’s cyberwarfare operations is advocating the creation of a separate, secure computer network to protect civilian government agencies and critical industries like the nation’s power grid against attacks mounted over the Internet.The officer, Gen. Keith B. Alexander, suggested that such a heavily restricted network would...

Read More

Check-TCPUDPClient.ps1

The output from the script below is designed to be a framework to check TCP and UDP open ports under connection. It makes use of whatever TCP and UDP Client sockets code is native to Powershell 2.0. My original conception was to create a scripted 'fuzzer' that would send non-arbitrary data to open ports to test or provoke library module loading.  Powershell's socket facilities are impressive for a scripted language. I don't know how much documentation there is for TCP/IP.  No error checking implemented.Check-TCPUDPClient.ps1 .\Check-TCPUDPClient.ps1...

Read More

Thoughts on "Cyber Weapons"

With all the activity concerning Stuxnet, I've been thinking about "cyber weapons." You might recognize the image at left as coming from the venerable rootkit.com site operated by Greg Hoglund since 1999 (for real -- check out archive.org!) When Greg started that site I remember a lot of people complaining about cyber weapons and putting offensive tools in the wrong hands. Now with tools like Metasploit and Ronin, people are bound to worry about...

Read More

Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York

I will be speaking at two events organized by TechTarget, for whom I used to write my Snort Report and Traffic Talk articles. The one-day events will be held in Seattle, WA on 28 Sep 10 and in New York on 16 Nov 10. Currently the Emerging Threats site shows details for the Seattle event, where I will discuss What Is Advanced Persistent Threat, and What Can You Do About It?On a related note, Robert RSnake Hansen will offer two sessions in Seattle....

Read More

NYCBSDCon 2010 Registration Open

Registration for NYCBSDCon 2010 is now open. As usual George and friends have assembled a great schedule! If you're in the New York city area or within travel distance, check it out. Tw...

Read More

Someone Is Not Paying Attention

I enjoy reading InformationWeek because it gives me a chance to keep in touch with broader IT trends, and the content is usually solid. The cover story for last week's issue was End Users: Ignore Them At Your Peril (sorry about the odd link; the original is here but requires registration). I started reading the article by Michael Healey of Yeoman Technology Group, but quickly realized Mr Healey is clearly out of touch with the reality of the modern...

Read More

NetWitness Minidecoder in Action

Many TaoSecurity Blog readers are undoubtedly familiar with NetWitness. Several weeks ago I met with their CEO and CTO to discuss their products and services. They were kind enough to later provide me with a device that they ship to their engineers to provide testing and experimentation with their product. Here I call it a "Minidecoder," but you can think of it as "NetWitness in an EeeBox PC" (specifically the EeeBox PC EB1012). As you can see...

Read More

DualComm Port Mirroring Switch

John He from DualComm Technology was kind enough to send me one of his company's port-mirroring switches, namely the DCGS-2005 pictured with its box at left. In the figure, I have port 1 going to a computer I want to monitor. Port 2 is going to the uplink (or access switch) for that computer. Port 5 (at the far right) is going to a sensor.The idea behind this device is to provide a plug-and-play alternative to network taps. I thought this system...

Read More

A Book for the Korean Cyber Armies

I've got a book for the Korean cyber armies, North and South. That's right, it's my first book, The Tao of Network Security Monitoring, now published in Korean! Apparently my publisher just decided to translate and deliver this new edition to Korea. Can anyone who reads Korean comment on how they translated my name?I've known for a while there is also a Spanish edition, but I've never seen it. I asked to see one of those too.I have to admit that...

Read More

India v China

Some of you may remember my "X vs China" series of posts of 2007, where I discussed multiple high profile cases where various nations noted their disapproval of China's exploitation of their networks. (That's right, 2007 -- three years before the January festivities.) This morning I read Hostile nations trying to steal India's defence secrets, by Rajit Pandit of India's Economic Times. He writes:Even as Chinese and Pakistani online espionage agents...

Read More

One Page to Share with Your Management

I thought this brief question-and-answer session, Richard Clarke: Preparing For A Future Cyberwar by Kim S. Nash extracted the essence of advanced persistent threat problems and how to address them. I'd like to publish the whole article, but instead I'll highlight my favorite sections:Nash: How can the federal government protect companies?Clarke: Do more. As a matter of law and policy, the federal government should actively counter industrial espionage.Most...

Read More

The Inside Scoop on DoD Thinking

I wanted to help put some of you in the mindset of a DoD person when reading recent news, namely Defense official discloses cyberattack and Pentagon considers preemptive strikes as part of cyber-defense strategy, both by Washington Post reporter Ellen Nakashima. I'll assume you read both articles and the references.Deputy Defense Secretary Lynn's article (covered by the first Post story) is significant, perhaps for reasons that aren't obvious. ...

Read More

Review of Hacking Exposed: Wireless, 2nd Ed Posted

Amazon.com just posted my five star review of Hacking Exposed: Wireless, 2nd Ed by Johnny Cache, Joshua Wright and Vincent Liu. From the review:I reviewed the first edition of Hacking Exposed: Wireless (HEW) in May 2007, and offered four stars. Three years later I can confidently say that Hacking Exposed: Wireless, 2nd Ed (HEW2) is a solid five star book. After reading my 2007 review, I believe the authors took my suggestions seriously, and those...

Read More