Social Engineering: No Tech Hacking

One of the best videos on social engineering from one of the best. Security expert and author Johnny Long of “Google Hacking” and “Hackers for Charity” fame, wrote an exceptional book called “No Tech Hacking”. Johnny proves that low tech or “no tech” skills are sometimes all that are needed in a penetration test. “No Tech Hacking” was probably one of the most enjoyable computer security books that I have ever read.

In this YouTube video from DefCon 15, Johnny covers many of the same topics from his book. You will be treated to Johnny’s unique observation skills, humor and whit. But you will also learn about bypassing a multi-million dollar security system with a coat hanger and a wash cloth, how to walk through walls, how to disappear and Jedi mind tricks.

It is definitely worth checking out.

Live Fire Exercise: Baltic Cyber Shield 2010 – Defcon 18

Very interesting talk from Defcon 18. Kenneth Geers (NICS, CCD COE) talks about cyber attacks on Estonia, cyber war, SCADA and the May 2010 International cyber defense exercise.

(Part 1 of 3)

Did China create Stuxnet to Attack India’s Space Program?

At the end of September, cyberwar expert Jeffrey Carr made a very interesting observation that seems to have slipped under the radar.

In his Forbes Firewall post titled, “Did the Stuxnet Worm Kill India’s INSAT-4B Satellite?”, Jeffrey brought up an intriguing theory.

He mentioned that it could have been China, not Israel who created Stuxnet, and the intended target may not have been an Iranian nuclear power plant at all, but India’s space program.

According to the article, in July, India’s Direct-to-Home (DTH) TV Satellite INSAT-4B had a power glitch and shut down. When it did, it affected 70% of DTH customers. To remedy the situation, DTH customer satellite dishes were re-directed to the Chinese run ASIASAT-5 satellite.

The kicker is that India’s INSAT-4B was put in orbit by the Indian Space Research Organization (ISRO). The ISRO provides R&D for India’s Aerospace industry and space resource monitoring. Jeffrey found that the ISRO uses versions of the Siemens software that are susceptible to Stuxnet.

Why would China be interested in an ISRO satellite? China and India are currently locked in a space race. And from all indications it is just as heated as the America-Russian space race of the 60’s and 70’s. Both nations want to land an astronaut on the moon and India is aiming to get there 5 years sooner than China.

In a more recent interview on The Diplomat, Jeffrey was asked to expound why China might be the culprit.  He mentioned that China is one nation of a small few who had both the motive and the technology to create Stuxnet.

“The reason why is that if you look at the states that have been impacted—it has generally been those in Asia or Eurasia—what they have in common is that they are producers of key resources. It might be oil, iron ore, copper, gold—things that are critical to many states, but which are particularly critical to China right now”.

Jeffrey also believes that China is focusing heavily on offensive cyber weapons that could shutdown infrastructure of an attacker that heavily relies on technology like SCADA.

According to Carr, China is a booming technologic nation right now. They have about 1200 R&D Labs that are focusing on absorbing technologies from other countries. China and also Russia are making strong advances in cyber-attack and defense where America seems to be falling behind.

This correlates strongly with the FoxNews article that came out today, “U.S. Could Lose the SciTech Edge to China”, which stated:

We have to compete today against the Chinese and Indians who are graduating tens of thousands more very talented science, math and engineering graduates from their colleges.”

And,

The fastest-growing college majors in America as of 2007 were parks, recreation, leisure, and fitness studies according to the U.S. Department of Education.”

Interesting indeed…