Sanders and Chappell Wireshark Resources Network Sniffing

http://www.chrissanders.org/

http://www.chappellseminars.com/index.html

TaoSecurity Google v China

Richard Bejtlich's blog on digital security and the practices of network security
monitoring, incident response, and forensics.

In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google...

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted...

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.


Welcome to the party, Google. You can use the term "advanced persistent threat" (APT) if you want to give this adversary its proper name. See my post Report on Chinese Government Sponsored Cyber Activities for more details.


I have to really applaud Google for saying they might shut down operations in a country of 1.4 billion potential consumers as a result of an incident detection and response!


There were many events last year that fulfilled my prediction for 2009 Expect at least one cloud security incident to affect something you value. I think this one wins hands down.


Never mind the China angle for a moment. All of us should stop and consider what sort of data we are storing at Google, and in what form that data is stored. Google's Keeping Your Data Safe post for Enterprise customers claims While some intellectual property on our corporate network was compromised, we believe our customer cloud-based data remains secure. However, my experience with these sorts of incidents is that if it occurred in "mid-December," Google will be spending the next several months realizing how large the exposure really is.

A Declaration of the Independence of Cyberspace

Governments of the Industrial World, you weary giants of flesh and

steel, I come from Cyberspace, the new home of Mind. On behalf of the

future, I ask you of the past to leave us alone. You are not welcome

among us. You have no sovereignty where we gather. We have no elected

government, nor are we likely to have one, so I address you with no

greater authority than that with which liberty itself always speaks. I

declare the global social space we are building to be naturally

independent of the tyrannies you seek to impose on us. You have no

moral right to rule us nor do you possess any methods of enforcement we

have true reason to fear. Governments derive their just powers from the

consent of the governed. You have neither solicited nor received ours.

We did not invite you. You do not know us, nor do you know our world.

Cyberspace does not lie within your borders. Do not think that you can

build it, as though it were a public construction project. You cannot.

It is an act of nature and it grows itself through our collective

actions. You have not engaged in our great and gathering conversation,

nor did you create the wealth of our marketplaces. You do not know our

culture, our ethics, or the unwritten codes that already provide our

society more order than could be obtained by any of your impositions.

You claim there are problems among us that you need to solve. You use

this claim as an excuse to invade our precincts. Many of these problems

don't exist. Where there are real conflicts, where there are wrongs, we

will identify them and address them by our means. We are forming our

own Social Contract . This governance will arise according to the

conditions of our world, not yours. Our world is different. Cyberspace

consists of transactions, relationships, and thought itself, arrayed

like a standing wave in the web of our communications. Ours is a world

that is both everywhere and nowhere, but it is not where bodies live.

We are creating a world that all may enter without privilege or

prejudice accorded by race, economic power, military force, or station

of birth. We are creating a world where anyone, anywhere may express

his or her beliefs, no matter how singular, without fear of being

coerced into silence or conformity. Your legal concepts of property,

expression, identity, movement, and context do not apply to us. They

are based on matter, There is no matter here. Our identities have no

bodies, so, unlike you, we cannot obtain order by physical coercion. We

believe that from ethics, enlightened self-interest, and the

commonweal, our governance will emerge . Our identities may be

distributed across many of your jurisdictions. The only law that all

our constituent cultures would generally recognize is the Golden Rule.

We hope we will be able to build our particular solutions on that

basis. But we cannot accept the solutions you are attempting to impose.

In the United States, you have today created a law, the

Telecommunications Reform Act, which repudiates your own Constitution

and insults the dreams of Jefferson, Washington, Mill, Madison,

DeToqueville, and Brandeis. These dreams must now be born anew in us.

You are terrified of your own children, since they are natives in a

world where you will always be immigrants. Because you fear them, you

entrust your bureaucracies with the parental responsibilities you are

too cowardly to confront yourselves. In our world, all the sentiments

and expressions of humanity, from the debasing to the angelic, are

parts of a seamless whole, the global conversation of bits. We cannot

separate the air that chokes from the air upon which wings beat. In

China, Germany, France, Russia, Singapore, Italy and the United States,

you are trying to ward off the virus of liberty by erecting guard posts

at the frontiers of Cyberspace. These may keep out the contagion for a

small time, but they will not work in a world that will soon be

blanketed in bit-bearing media. Your increasingly obsolete information

industries would perpetuate themselves by proposing laws, in America

and elsewhere, that claim to own speech itself throughout the world.

These laws would declare ideas to be another industrial product, no

more noble than pig iron. In our world, whatever the human mind may

create can be reproduced and distributed infinitely at no cost. The

global conveyance of thought no longer requires your factories to

accomplish. These increasingly hostile and colonial measures place us

in the same position as those previous lovers of freedom and

self-determination who had to reject the authorities of distant,

uninformed powers. We must declare our virtual selves immune to your

sovereignty, even as we continue to consent to your rule over our

bodies. We will spread ourselves across the Planet so that no one can

arrest our thoughts. We will create a civilization of the Mind in

Cyberspace. May it be more humane and fair than the world your

governments have made before. Davos, Switzerland February 8, 1996

Cosmo in the movie Sneakers (1992)

"There's a war out there, old friend. A world war....and it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information! The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes, little bits of data. It's all just electrons."

 http://www.ethicalhacker.net/content/view/284/1/