From IntelliBriefs: The recent discovery of Chinese cyber warfare attacks on foreign computers, on communication computers of visiting dignitaries, and espionage activities to assist a friendly country is building weapons of mass destruction (WMDI) has refocused international attention on the developing spectrum of China’s military doctrine. Continue reading →
“A colleague alerted me a couple of days ago to a massive DDOS attack against Kyrgyzstan ISPs http://www.ns.kg andwww.domain.kg which essentially shut them down on January 18, 2009. There are only 4 ISP providers for the entire country so this attack was clearly sending a message. Since the attacking IPs were Russian, and since the Russian government supports the current Kyrgyzstan President, I’m thinking that its a message to the opposition party.” … Continue reading →
The Dark Visitor blog
This Chinese hacker intrusion flowchart above, taken from Stuhack, clearly demonstrates Chinese hackers have developed a methodology to their attacks.
The first thing that popped into my head when I saw the chart was the Police song, “Murder by Numbers.”
Is this intrusion chart unique? Probably not. Could they have taken it from someone else? Sure.
As always, many thanks to Jumper for helping me to get the correct terminology. I really had some of them botched.
Four years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top-20 lists that followed one, two, and three years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to worms like Blaster, Slammer, and Code Red have been on these lists. This SANS Top-20 2005 is a marked deviation from the previous Top-20 lists. In addition to Windows and UNIX categories, we have also included Cross-Platform Applications and Networking Products. The change reflects the dynamic nature of the evolving threat landscape. Unlike the previous Top-20 lists, this list is not “cumulative” in nature. We have only listed critical vulnerabilities from the past year and a half or so. If you have not patched your systems for a length of time, it is highly recommended that you first patch the vulnerabilities listed in the Top-20 2004 list. We have made a best effort to make this list meaningful for most organizations. Hence, the Top-20 2005 is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious government agencies in the UK, US, and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute. A list of participants may be found at the end of this document. The SANS Top-20 is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. We will update the list and the instructions as more critical threats and more current or convenient methods of protection are identified, and we welcome your input along the way. This is a community consensus document — your experience in fighting attackers and in eliminating the vulnerabilities can help others who come after you. Please send suggestions via e-mail to firstname.lastname@example.org.