[Log In] []

Exploring the science and magic of Identity and Access Management
Thursday, October 29, 2020

Tiananmen Square, the Internet and Freedom

Communications, Freedom, History
Author: Mark Dixon
Friday, June 3, 2016
11:10 am

Twenty-seven years ago today, on June 3, 1989, government officials in the People’s Republic of China authorized its soldiers and tanks to reclaim Beijing’s Tiananmen Square from protesting students and others seeking democratic reform. By nightfall on June 4, Chinese troops had forcibly cleared the square, killing hundreds and arresting thousands of demonstrators and suspected dissidents.

China

During this time, a graduate student from China was working at the same company where I was employed.  I witnessed him using the Internet to exchange messages with freedom-loving compatriots all over the world.  He was somewhat frightened that the Chinese government would discover what he was doing and harm his family back in China, so he asked me to not tell others what he was doing at that time.

As I watched what he was doing, I realized what a powerful force global electronic communications could be in the support of personal freedom. I’m sure the tremendous advances in personal freedom that have occurred in China since that time are due at least in part, to interpersonal communications via the Internet.  If people can communicate, it is really difficult for governments to suppress them and deny freedom.

Comments Off on Tiananmen Square, the Internet and Freedom . Permalink . Trackback URL
WordPress Tags: ,
 

Mandiant Report: APT1 – Exposing One of China’s Cyber Espionage Units

Information Security
Author: Mark Dixon
Monday, March 11, 2013
12:39 pm

Mandiant

Mandiant, an American cyber security firm, recently released a 74 page report documenting evidence of cyber attacks by the People’s Liberation Army of the Republic of China:

Since 2004, Mandiant has investigated computer security breaches at hundreds of organizations around the world. The majority of these security breaches are attributed to advanced threat actors referred to as the “Advanced Persistent Threat” (APT). … this report is focused on the most prolific of these groups. We refer to this group as “APT1” and it is one of more than 20 APT groups with origins in China. APT1 is a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006. From our observations, it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen. …

APt1 has systematically stolen hundreds of terabytes of data from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously. APT1 has a well-defined attack methodology, honed over years and designed to steal large volumes of valuable intellectual property. Once APT1 has established access, they periodically revisit the victim’s network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations’ leadership.

This detailed report includes a map showing observed APT1 activity …

Mandiant3

 

… and a timeline of observed compromises by industry sector:

Mandiant2

 

The report includes a detailed analysis of the APT attack lifecycle and methods for compromising the systems in the targets they attacked:

Mandiant1

Detailed background about  the infrastructure used in the attacks and some of the people involved in this work are also included.

The report concludes:

In a State that rigorously monitors Internet use, it is highly unlikely that the Chinese Government is unaware of an attack group that operates from the Pudong New Area of Shanghai. The detection and awareness of APT1 is made even more probable by the sheer scale and sustainment of attacks that we have observed and documented in this report. Therefore the most probable conclusion is that APT1 is able to wage such a long-running and extensive cyber espionage campaign because it is acting with the full knowledge and cooperation of the government. Given the mission, resourcing, and location of PLA Unit 61398, we conclude that PLA Unit 61398 is APT1.

Perhaps this statement from Sun Tzu, in his book, The Art of War, is particularly appropriate in this case:

If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.

Comments Off on Mandiant Report: APT1 – Exposing One of China’s Cyber Espionage Units . Permalink . Trackback URL
 

Spy vs. Spy in Cyberspace – China vs. USA

Identity, Information Security
Author: Mark Dixon
Friday, April 15, 2011
12:04 pm

Spy vs. SpyThanks to my colleague Kevin Moulton for pointing out an excellent Yahoo! special report: In cyberspy vs. cyberspy, China has the edge.

According to U. S. investigators, China has stolen terabytes of sensitive data — from usernames and passwords for State Department computers to designs for multi-billion dollar weapons systems. And Chinese hackers show no signs of letting up. “The attacks coming out of China are not only continuing, they are accelerating,” says Alan Paller, director of research at information-security training group SANS Institute in Washington, DC.

Private enterprise is also getting hit big time.

The official figures don’t account for intrusions into commercial computer networks, which are part of an expanding cyber-espionage campaign attributed to China, according to current and former U. S. national security officials and computer-security experts. 

In the last two years, dozens of U. S. companies in the technology, oil and gas and financial sectors have disclosed that their computer systems have been infiltrated. 

In January 2010, Internet search giant Google announced it was the target of a sophisticated cyber-attack using malicious code dubbed “Aurora,” which compromised the Gmail accounts of human rights activists and succeeded in accessing Google source code repositories.

The political ramifications of this cyber warfare are huge. The US and China are the world’s two largest economies, both cooperating and competing on the world’s stage.  With China owning more than $1.1 trillion in U. S. government debt, destabilization of U. S. markets due Chinese cyberattacks would, in effect, be an attack on China’s economy itself.

The old Mad Magazine Spy vs. Spy comics were hilarious, with each spy destroying the other through nefarious means, and then getting up quickly to compete another day.   On the other hand, the China vs. USA cyberspy game is serious business – we play this one for keeps. 

Comments Off on Spy vs. Spy in Cyberspace – China vs. USA . Permalink . Trackback URL
WordPress Tags: , , ,
 
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.