Cisco accused of building a Great Chinese Firewall

In a 2002 Cisco (China) PowerPoint presentation entitled “An Overview of [China's] Public Security Industry”, a Cisco (China) official in the Government Business Department listed the “Golden Shield Project” – the host project of China’s Great Firewall – as one of Cisco's major target customers. In this document, which apparently lays out the marketing strategy for Cisco (China) to sell products to the Chinese security police, one of the main objectives of the Golden Shield was to “combat the ‘Falun Gong’ evil cult” – parroting the rhetoric of the Chinese authorities used to persecute Falun Gong.

In the presentation page headed "Cisco Opportunities [in the Golden Shield Project]," Cisco offers much more than just routers; it offers planning, construction, technical training, and operations maintenance for the Golden Shield. Global Internet Freedom Consortium research shows that the infrastructure of China’s Great Firewall coincides with the layouts in Cisco (China)’s PowerPoint document.

One of Golden Shield's stated goals in the Cisco presentation was to "combat 'Falun Gong' evil religion and other hostiles," -- a statement that was attributed to Runsen Li, the Chinese government information technology chief in charge of developing the project.

Shiyu Zhou, deputy director of the Global Internet Freedom Consortium said Cisco could be offering, "censorship training" to Chinese authorities. A 2002 internal company document lists China's "Golden Shield" censorship project as one of Cisco's "major target customers," Zhou told the Senate human rights subcommittee.

Mark Chandler, Cisco's senior vice president of legal services, said during the Tuesday Senate hearing that he was "appalled" and "disappointed" when he saw that quote in the presentation.

"Cisco is the largest producer of networking equipment and sells the same products worldwide. It does not customize the equipment to help repressive governments censor the Internet", General counsel Mark Chandler said at a Senate hearing Tuesday. "The company's routers and switches have basic security features that protect networks from viruses and service interruptions", he said.

That part of the document was a quote from an official Chinese government statement condemning "hostile elements," Chandler said. The presentation was done by a Chinese engineer working for Cisco.

"We regret that the engineer included that in the presentation, even by way of explaining the Chinese government's goals," Chandler said. "We disavow the implication that this reflects in any way Cisco's views or objectives."

"It is very regrettable that one of our engineers quoted directly from Mr. Runsen Li, the Chinese government's head of IT for the Golden Shield project in this internal presentation," said Terry Alberstein, a senior director of corporate communications at Cisco. "They do not represent Cisco's views, principles or its sales and marketing strategy or approach. They were merely inserted in that presentation to capture the goals of the Chinese government in that specific project, which was one of many discussed in that 2002 presentation."

About Global Internet Freedom Consortium:

Global Internet Freedom Consortium is the largest and longest anti-censorship operation in the world.
The Consortium has run the world’s largest anti-censorship operation since 2000. Our five existing tools – UltraSurf, DynaWeb FreeGate, Garden, GPass, and FirePhoenix — currently accommodate an estimated 95% of the total anti-censorship traffic in closed societies around the world, and are used DAILY by millions of users. As of January 2008, the Top Five censoring countries with the most average daily hits to our anti-censorship systems are (hits per day):
(a) China: 194.4 million
(b) Iran: 74.8 million
(c) Saudi Arabia: 8.4 million
(d) UAE: 8 million
(e) Syria: 2.8 million
They say that "The Great Firewall will be taken down as the Berlin Wall."

About Cisco:

Cisco is a multinational corporation with more than 63,000 employees and annual revenue of US$35 billion as of 2007. Headquartered in San Jose, California, it designs and sells networking and communications technology and services under five brands, namely Cisco, Linksys, WebEx, IronPort, and Scientific Atlanta.

Reports on Chinese Firewall:
The internal Cisco PDF
Battle for Freedom in Chinese Cyberspace
New Technologies Battle and Defeat Internet Censorship, 2007-11-21
Wikipedia

Chinese hackers attacked Belgium

Belgium joined the growing ranks of countries voicing concerns about cyber attacks originating from China. Belgium is believed to have been targeted because the headquarters of the European Union and NATO are located here and because of Belgium's track record in Africa. In recent days, the Chinese have shown growing interest for this continent.

Justice minister Jo Vandeurzen claimed that the Federal Government had been targeted by Chinese hackers, backing up a separate statement by Belgium's foreign affairs minister, Karel De Grucht that his ministry had been hit by espionage in recent weeks.

In both cases, the Belgians appear certain that the culprits were Chinese and that the Beijing authorities must know something about events, although no evidence has been offered to back up these allegations. The precise nature of the attacks has not been explained either.

If the accusation is justified, it is starting to look as if Chinese-originated cyber-attacks have spread well beyond the obvious Western targets.

The Chinese have been implicated in acts of cyber-espionage in the last couple of years, including various alleged assaults on US military systems in 2006 and 2007. As recently as last September, a "leaked" report blamed the Chinese for a similar attack on the Pentagon.

The US reports have come in the form of briefings from unnamed individuals or leaks, suggesting that the US was sending a coded warning to the Chinese that such events risked damaging relations between the countries. The US suspects China of using espionage to make gains in the software, integrated circuit, computing, electronics, telecommunications and information security sectors in an effort to shift the People's Liberation Army (PLA) "into an information-based, network-enabled force."

The UK, by contrast, has been more pointed. In late 2007 it openly sent letters to large UK companies warning them of the threat from Chinese-backed cyber-warfare.

"There simply isn't enough evidence to say whether these attacks were sponsored by the Chinese Government or not," said Graham Cluley of Sophos on the Belgian attacks.

"Governments need to think carefully before accusing another of spying via the Internet - unless they have strong proof. There is no doubt however of the importance of securing critical computers inside government from hackers whether motivated by politics, espionage or money," he added.

China has denied responsibility for any attacks coming from the country, but security experts have stated that the country -- and at least two dozen, and as many as a hundred, other nations -- routinely probe, and even attack, each other networks. Germany's government has acknowledged, for example, that the nation's intelligence agency has engaged in cyber espionage to gain information from computers in Afghanistan and the Democratic Republic of the Congo.

In April, the North Atlantic Treaty Organization (NATO) decided to establish a Cyber Defense Management Authority (CDMA) to coordinate its member countries responses to hostile online attacks.
You can read a US military report on China here

Source TechWorld

FBI fears Chinese have back doors into US government networks

FBI is investigating security leaks that could help Chinese government or Chinese hackers (or both) to benefit of undetectable back-doors into highly secure government and military computer networks for months, perhaps years. The cause: a high-number of counterfeit Cisco routers and switches installed in nearly all government networks that experienced upgrades and/or new units within the past 18 months.

US government has been attempting to avoid security issues by using only higher-end Cisco partners/suppliers for the gear. Cisco have 80% of the market share on networking solutions and 1 of 10 Cisco products are fake. These products are sold on the black market ans can end-up in sensitive networks. However, the highly-competitive lowest-bid environment of government procurement has inspired several vendors to look for cheap alternatives for hardware... resulting in a catastrophic meltdown of security.

There is an unclassified FBI presentation that has been released discusses the fear that China is intentionally having counterfeit Cisco hardware sold in the United States. In the presentation, the FBI discusses four cases that they had investigated where this hardware has been discovered even in classified networks.

The more serious statements made in this presentation are on slide 30, where they claim about 10% of the information technology hardware that is sold globally is counterfeit and it is being sold through legitimate channels (KPMG is the cited source) for the past couple of years. In the case of Cisco, this counterfeit hardware is sold through their Cisco Gold and Silver Partners program. Other vendor vetting processes are just as flawed allowing this hardware to enter into your IT infrastructure.

This photo from the FBI presentation shows the differences between a original Cisco Router and a fake one:


FBI is concerned about critical infrastructure damage and the potential of access to secure government systems. Many online IT circles have been speculating that the counterfeit hardware will provide backdoor capabilities and access into compromised networks for the originators of the equipment. In fact, some areas of speculation regarding the counterfeit Cisco equipment has focused on the possibility that the hardware is being manufactured expressly to deploy exploitable systems far and wide into the wild. The rationale being that the likely "wholesale" price of the counterfeit routers and switches are so low and profit margins likely very thin, that the only real advantage may be gained from downstream system exploits in the future.

US Government should buy only from mainland assembly plants (in the US, preferably monitored) and cutting out any suspicious links in the chain.

Another issue of security that Richard Marcinko was complaining about back in the 90's that nobody took seriously. He has said that the chinese have been getting their hands on our top secret electronic hardware for years. He even says that we've been secretly giving the equipment to them in exchange for political leverage and a lot of other things. He says that china has an extensive spying scheme and network in the US. and that it's very compartmentalized.

System boards are made in China. The BIOS chip on these boards are made there so is easy to have the OS open up a network connection when triggered, thinking it is supposed to because the BIOS claims it has this port open for this card.

This is not the first time when a government authority finds major backdoors.

The German Counter Intelligence found years ago that Internet hackers started to point out several build-in software backdoors for the NSA and other agencies in their Bundeswehr Windows systems and could affect the German economy. (Articles on Wired.com, DebianHelp)

They developed their own proprietary Operating Systems, based mainly on LINUX software rules, and forced all sensitive German government and army offices to change to those OS's, and got rid of all Microsoft infected software.

These facts reminds me the scandal of the American embassy in Moscow in 1987, when the US diplomats refused to move to the new embassy because of rumors that the embassy was filled with soviet surveillance equipment during its construction. I've heard that Clinton received the full schemes of the surveillance system after the fall of URSS. (Another article on NYTimes)

Source AboveTopSecret, News.com
The FBI Presentation

ExpoSecurity 2008 Photos

As I promised I'll put the photos from the exhibition:

The main entrance


Lots of video recorders

Lots of surveillance cameras



working on it

Huawei and Symantec Joint Venture

CUPERTINO, Calif. and SHENZHEN, China – Symantec Corp. (Nasdaq: SYMC) and Huawei Technologies Co., Ltd. (Huawei) announced that they have commenced their joint venture, which was announced in May 2007. The new company will develop and distribute world-leading security and storage appliances to global telecommunications carriers and enterprises. The transaction has satisfied all closing conditions, received all required government and regulatory approvals and officially closed on Feb. 5, 2008.

The joint venture company is headquartered in Chengdu, China, with Huawei owning 51 percent and Symantec owning 49 percent. John W. Thompson, chairman and chief executive officer of Symantec, has been named chairman of the board and Ren ZhengFei, chief executive officer of Huawei, has been named chief executive officer.

Huawei is licensing certain technology and Symantec is licensing certain storage and security software to the joint venture company. Symantec is also contributing US$150 million to the joint venture.

Apple Patches iPhone Security Vulnerability

Following news that Apple's latest firmware update for the iPhone breaks the "jailbreak" software that many users had installed to run third-party applications or use a carrier other than AT&T, nCircle's Andrew Storms said that, with the iPhone SDK on its way, it's best to take advantage of the security patch and sit tight for a few months.
Apple has pushed out its 1.1.2 firmware update for the iPhone and iPod touch, which fixes a bug in rendering TIFF images. The bug has been used by several groups to create software hacks for unlocking the phone and for "jailbreaking" the phone to run third-party applications. It also made the iPhone extremely vulnerable to malicious exploits.
Previous versions of Apple's firmware used a version of the libtiff library that was susceptible to buffer overflow attacks. "By enticing a user to view a maliciously crafted TIFF image, an attacker may cause an unexpected application termination or arbitrary code execution," Apple's update page explained.
While the upgrade fixes a serious security Relevant Products/Services hole, it also breaks the "jailbreak" software many users have installed to run third-party applications or use the phone with a different carrier.
But hackers have already come up with a way around the update. Users can run software called Oktoprep before upgrading to 1.1.2. An outfit called Conceited Software now offers a jailbreak program to keep the phone open for third-party apps.

Hacks Not Worth the Risk

To get the benefits of the 1.1.2 upgrade without losing functionality, users can install Oktoprep on a phone running the 1.1.1 firmware. Once installed, it's safe to upgrade to 1.1.2. But users who have unlocked their devices might wind up with an iBrick if they upgrade without installing the latest hacks.
Apple has announced that it will release a software development kit for the iPhone in February, but until then the company appears locked in a cat and mouse game with the unlockers.
"For the mass majority of consumers, there is no high value to gain in risking another iPhone brick," Andrew Storms, director of security operations for nCircle, said in an e-mail. "With the SDK on its way, it's best to upgrade, take advantage of the security patch, and sit tight for a few months."
Even with the TIFF bug fix, enterprises should remain wary of the iPhone, Storms said. "Until Apple puts forth centralized configuration, compliance, and auditing mechanisms for the iPhone, it will just be a great gadget that every executive wishes their I.T. security staff would endorse," he said.
Besides fixing the TIFF hole, the latest upgrade offers a few new features. They include support for more languages, a battery indicator in iTunes, and a custom option for ringtones.

China Mobile in Talks for iPhone

In other iPhone news, Apple is in preliminary negotiations with China Mobile to sell the iPhone in China, Wang Jianzhou, China Mobile's CEO, announced at an industry conference on Tuesday. "Our customers like this kind of fashionable product," he said.
Another China Mobile executive, Huang Haibo, told Agence France-Press, "Of course, we hope to bring the iPhone to China, but for the time being we're only in preliminary contact with Apple, and we have not made any concrete progress yet."
But Wang also said he finds the revenue-sharing model that Apple has won with carriers in the U.S. and Europe less than fashionable. "We still think we can maintain the operator-centric model because we have the customers, the end users," he said.
China Mobile is the world's largest carrier with 350 million subscribers, so it would be an excellent partner for Apple in China. But, as Wang said, that many subscribers also gives the company substantial bargaining power with Apple.
Apple is expected to launch the iPhone in Asia in 2008 and is in negotiations with several carriers across the region. Apple plans to launch its first Apple Store in China soon.

WordPress blogs vulnerable to attack

WordPress developers have released an "urgent" security update to the widely used blog publishing tool to address a flaw that could allow unauthorised users to edit other users' blog posts.
Less serious bugs have also surfaced in two WordPress add-ons, the WP-Forum plugin and the multi-user version of WordPress, WordPress MU.
WordPress is currently one of the most popular blog publishing systems, and is widely used by large organisations.
The WordPress update, version 2.3.3, addresses a bug in WordPress' XML-RPC implementation, developers said.
"If you have registration enabled... a specially crafted request would allow a user to edit posts of other users on that blog," said a WordPress spokesman on the software's website.
Users can download the fixed application directly, or the patched version of xmlrpc.php on its own.
Separately, an unpatched WP-Forum plugin bug has been found to allow attackers to retrieve information such as user names, password hashes and email addresses for users and administrators on a compromised blog, according to Secunia.
The vulnerability "is being actively exploited right now," WordPress said, advising users to disable the plugin until a patch has become available.
Also on Tuesday, WordPress released a fix for a bug in WordPress MU that could be exploited to bypass security restrictions and compromose a vulnerable system.
The bug, found in the wp-admin/options.php script, does not properly restrict changes to options, which could be abused to for instance upload and execute arbitrary PHP code, according to Secunia.
However, to exploit the flaw an attacker must have valid user credentials and "manage_options" capabilities. "Upload_files" capabilities must also be present, Secunia said.
The flaw is fixed in version 1.3.3 of WordPress MU, according to developers.