Navy’s Master Remote Control for Drones Needed, As long as China is Out of the Loop

The military’s future plan to create a technical cloud that would allow common control of all the branches drones is a great idea! But dear God please tell me the security on this system, (and R&D) will be off the chart to keep Chinese hackers out of the loop.

According to a US Navy release:

The Office of Naval Research (ONR) has developed something similar to a master remote control for military ground, air and undersea unmanned systems that will work across the services, as outlined in a new video released, May 2. (Above)

This Office of the Secretary of Defense (OSD) prescribed data model is a piece of software that enabled development of the Common Control System, which is comprised of many different common control services.

Chinese hackers have run roughshod over allied military designers and contractors. Even QinetiQ North America, a world leading defense and security company that creates secret satellites, drones, and Special Forces software was hacked by Chinese infiltrators.

For three years Chinese hackers pilfered research and development secrets from the company:

We found traces of the intruders in many of their divisions and across most of their product lines. There was virtually no place we looked where we didn’t find them,” said Christopher Day whose security company was hired by QinetiQ to investigate the break-ins.

Integrating inter-service drone command, control and communication will bring unprecedented capabilities to our drone forces. But security from conception HAS TO BE priority number one.

Google, like Anonymous, Joins Fight against Israel

Google Palestine

Those who don’t know history are destined to repeat it.” – Edmund Burke (1729-1797)

Since its inception again as a nation, Israel has been in a battle to have the right to do just one thing, exist. In this battle for legitimacy as a nation it has faced invasions from Muslim countries and constant rocket attacks by militant Islamic groups. Now it would seem that search engine giant Google has entered the fight against Israel.

Since Israel’s re-creation in 1948, they have been in a constant battle to simply survive. Not only have they faced unending physical threats, but waves of online attacks too. Militant groups have joined in with Hacktivists groups like Anonymous to put constant pressure on Israel’s online presence. Last month Israeli systems were hammered in a co-ordinated denial of service attack called #OpIsrael.

Many of these groups believe that they are helping the Islamic Palestinian people gain their freedom to form a state called “Palestine”. They believe (falsely) that creating a “Two State Solution” will bring peace to the Middle East and protect the Palestinians from “Israeli aggression”.

FOLLOW THE LEADER

Just this week, Google jumped into the political arena on the Palestinian’s side by changing their “Google Palestinian Territories” site to simply say Google Palestine. A small name change, that has very large political repercussions.

In this case, we are following the lead of the UN, Icann [Internet Corporation for Assigned Names and Numbers], ISO [International Organisation for Standardisation] and other international organisations,” Google Spokesman Nathan Tyler, told the BBC.

Well beyond just “following the lead of the UN“, the move was a direct blow to Israel and it’s right to exist peacefully. Google also decided to side against their home nation as the UN recognizes Palestine as a state, but the US does not.

As you will see recognizing Palestine as a state, and the whole creation of a “Two State Solution” will not bring peace to the Middle East.

As it has been done before, and it failed…

THE BRITISH MANDATE

After WWI it was agreed that the British Mandate Palestine, land that Britain took control of from turkey, would be divided into two countries. At first Israel was to be given the entire land (reminiscent of the land promised to Israel by God in Genesis 15:18-21) but after strong Islamic objection, it was agreed between Islamic authorities and Britain that a two state solution would bring peace to the Middle East.

Jewish Palestinians would be given a small section of land (which would be eventually be called Israel) and the Muslim Palestinians were given a very large section of land called Trans-Jordan.

IsraelAndTransjordan

ISLAMIC NAZI SS TROOPS

Not all of the Muslim leaders fell in line with this decision. Radical Islamic leaders believed that Israel should not exist and began resisting the change. By the time WWII came around some of these leaders joined in with Germany to place Muslim troops in Nazi SS divisions.

Amin al Husseini bei bosnischen SS-Freiwilligen

After WWII members of these Islamic Nazi troops banned together to form many of the radical Islamic groups which still fight the legitimacy of Israel to exist.

PALESTINE AS A LAUNCHING POINT FOR TERROR

Radical Islamic fighters swarm into these “disputed Palestinian territories” to continue the fight against Israel by constantly firing mortars and rockets into their cities. According to Wikipedia, “as of November 2012, over 2,256 rockets had been launched at Israel from Gaza since January 2012.”

CONCLUSION

Google has decided to use it’s clout to support the creation of a Palestinian state.

As you can see, Google’s choice to side politically with the UN, along with Anonymous and radical Islamic groups, is a huge blow to both peace in the Middle East and Israel’s daily fight to simply survive.

Update 5/5

Okay, now I understand a little bit better, Google has business interests in Palestine:

“Palestinians have such a unique position,” says Gisel Kordestani, Google’s director of new business development. “They’re well educated. They have strong English-language skills. With 88 million people in the [Middle East and North African] region getting online, they have the opportunity to build something for the Arab world.”

Google stands to benefit from whatever is built. Currently less than 1% of the searchable content online is in Arabic. If it grows, Google can sell ads against the new content.

Google Taps Palestine For New Business Development

As they say, follow the money…

Scouring the Web for Insecure Systems using Shodan-Fu

Shodan

Shodan – “The computer search engine”, seems to be one of the most (if not the most) controversial search engines on the internet. Shodan searches for computer systems and not people or things. According to reports from major media it would seem that you can search for vulnerable power plants on a whim and control traffic lights with ease. But is it really that easy?

Well, yes and no.

I remember when Shodan first started offering it’s search engine publicly. One highly respected security guru said that it would be shut down in a week. Well, it has been quite a while and Shodan is still up and running. Granted if you know what to look for you can find vulnerable or completely open systems with a few simple search terms. But you can also do the same with Google if you know how to craft the search terms.

I don’t think it’s Shodan that is as much the problem, as it is that people keep putting completely insecure systems on the internet!

Or they leave very outdated systems out on the internet that haven’t been patched or updated in years!

For example a quick Shodan search for “IIS/2.0” returns about 90 systems that are still live on the internet! That Microsoft Web Server version is over 16 years old!

Here are some more:

  • IIS/3.0 returns over 600 systems
  • IIS/4.0 about 14,000
  • IIS/5.0 about 500,000!

And IIS/5.0 is so much newer than 2.0, heck it was released with Windows 2000…

You can search for operating system versions too. How about “Windows NT 4.0”?

This returns about 900 systems.

“Microsoft-Windows-NT/5.1” Returns about 1800 systems. These are basically Windows XP systems running a web server – What could go wrong with that?

And that is just operating systems, you would be surprised how many wide open printers you will find out there. A quick search for network print server names will return  thousands of printers many which have the security disabled.

And that is very sad as on many network print servers, turning on security is literally just a mouse click or two.

You can even refine your searches on Shodan using commands like port, country or even city.

But is it really that easy to find open security systems and SCADA systems as main media makes it seem? No, not really, you need to know very specific search terms to find these. But if you do know these terms, then it is a different story.

But sometimes these search words are very obscure, and of course they are not advertised.

But if you do know the terms you can find a lot of systems, like these overseas Wind Farm systems:

Wind Farm

Wow, that is a lot of power and that is just one wind farm!

No worries though, the summary is a gimme, you are not allowed to change anything with these wind farm system without logging in. I hope they use complex passwords…

You can find some pretty funny stuff too doing Shodan searches, like this one:

Shodan Funny

I believe that Shodan is a critical tool for security specialists. With it you can search for your company and see what is actually out there. Many large companies have public facing systems that they have completely forgotten about. These systems may be exploitable and could allow an attacker into your internal system.

You can also check to see if you have public facing devices that are wide open. For example, what if your network administrator set up a print server and left it completely open on the internet. Do you really want someone from a different company or country going in to your print server and telling it to e-mail a copy of everything printed to them?

As usual with all security tools, some people will use Shodan for evil purposes. That is why it is critical that security departments use it first to check out their own company. Also make sure that login credentials for any publicly facing system has a long complex password.

A little bit of security goes a long way!

(When using Shodan remember, do not attempt to log in to a system that is not yours or try to access information that does not belong to you. Doing so is highly illegal and you could end up in jail.)