Skip to: [ search ] [ menus ] [ content ] Select style [ Aqua ] [ Citrus ] [ Fire ] [ Orange ] [ show/hide more content ]

From China, with love….

There is too much going on today. It looks like time for a “daily double.”

Stay tuned.

Any resemblance of this post’s title to a James Bond movie starring Sean Connery is strictly intentional.

And, of course, the book by Ian Fleming….

A cyberattack on RSA, the security arm of EMC, earlier this year, in March, ALSO victimized 760 other companies! The list of companies has been presented to the U.S. Congress. For those of you who are not “in the business,” RSA is an organization that provides (among other things) SecureID tags (dongles) used by MANY companies worldwide to safeguard (especially Windows-based) computer systems. The security provided by RSA SecurIDs would seem to many novices to be impenetrable.

NOTHING is impenetrable.

The ENTIRE LIST of victim companies was published by the security analyst, Brian Krebs, in his blog. Of course, I looked to see whether one of my former employers, VeriSign, Inc., which specializes/specialized (the security business was sold to Symantec) in Internet and network security and uses Windows computers and used RSA SecurID internally is on the list. It is (VERISIGN-CORP – VeriSign Infrastructure & Operations).

Another company that is close to my heart, Apple, is NOT! :-)

Microsoft is.

ALMOST 20% of the current Fortune 100 companies are on the list! :-)

I am only smiling because it can happen to anybody, and likely DOES. The fact that most of the corporations are largely Windows-based is likely only a strong contributor. :-)

Krebs includes a few caveats:

“Below is a list of companies whose networks were shown to have been phoning home to some of the same control infrastructure that was used in the attack on RSA. The first victims appear to have begun communicating with the attacker’s control networks as early as November 2010.

A few caveats are in order here. First, many of the network owners listed are Internet service providers, and are likely included because some of their subscribers were hit. Second, it is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims. Finally, some of these organizations (there are several antivirus firms mentioned  below) may be represented because they  intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks.

Among the more interesting names on the list are Abbott Labs, the Alabama Supercomputer Network, Charles Schwabb & Co., Cisco Systems, eBay, the European Space Agency, Facebook, Freddie Mac, Google, the General Services Administration, the Inter-American Development Bank, IBM, Intel Corp., the Internal Revenue Service (IRS), the Massachusetts Institute of Technology, Motorola Inc., Northrop Grumman, Novell, Perot Systems, PriceWaterhouseCoopers LLP, Research in Motion (RIM) Ltd., Seagate Technology, Thomson Financial, Unisys Corp., USAA, Verisign, VMWare, Wachovia Corp., and Wells Fargo & Co.”

I thought that I would scan the HUGE list for OTHER companies that are of interest to me, for example, as former customers, or for other reasons.

Amazon is there, as well as AOL-ATDN (AOL Transit Data Network). I’m not sure whether the latter was any part of the AOL that purchased the Netscape for which I worked. (“Who cares? They’re always changing, corporation names.“) ALCATEL-NA and AT&T is there (AT&T US and AT&T Global Network Services – EMEA and AT&T-INTERNET4). CERT is there (Computer Emergency Response Team [CERT] – Coordination Center)! Charles Schwab, COMCAST, Deutsch Telekom AG (DTAG), EBAY,EXIM – Export Import Bank of the U.S., Fannie Mae, GBLX Global Crossing Ltd., GLOBAL-SPLK (Sprint International), Bell Canada (GT-BELL), HP-INTERNET-AS (Hewlett-Packart Company), the IRS (Internal Revenue Service :-) ), Level3 (Level 3 Communications), LUCENT-CIO (Lucent Technologies Inc.), MCAFFEE and MCAFEE-COM (McAfee Inc.), MEGAPATH2-US (MegaPath Networks Inc.), MOTOROLA (Motorola, Inc.), NOKIA (Nokia Internet) and NOKIA-AS NOKIANET (APAC Data Centre network) and NOKIANET_DALLAS (NOKIANET Dallas Office), Princeton-AS (Princeton University), QUALCOMM (Qualcomm, Inc.), QWEST (Qwest Communications Company, LLC), ROGERS-CABLE (Rogers Cable Communications Inc.), SBIS-AS (AT&T Internet Services), SHAW (Shaw Communications), Sprint US and SPRINTLINK-HOSTING (SPRINT, Business Services Group), TELSTRA (Telstra Pty Ltd), TRENDMICRO (Global IDC and Backbone of Trend Micro Inc.) and TRENDMICRO (Trend Micro Inc.), UUNET (MCI Communications Services, Inc. d/b/a Verizon Business) and  UUNET-INT (MCI Communications Services, Inc. d/b/a Verizon Business), VODAFONE_ICELAND (Backbone Autonomous System) and VODAFONE-IT-ASN (Vodafone N.V.) and VODANET (International IP-Backbone of Vodafone), VOLKSWAGEN (Volkswagen AG, Wolfsburg 1), VRIS-AS-BLOCK (Verizon Online LLC), WAYPORT (AT&T Wi-Fi Services),Webex Communications, Inc., WORLDBANK-AS (WORLD BANK), and YAHOO-US (Yahoo) are all on the list!

Hey! But you could have your OWN personal favorites…! :-)

Many or all of the Internet Service Providers like Comcast or AT&T could be off the hook… perhaps. :-) Personally, I always like to think about THE FINANCIALS! :-)

The CNNMoney article says:

“Microsoft, one of the few companies we contacted that was willing to talk on the record about the attack, said it has “not seen any evidence supporting the claim.” Several other companies gave similar statements but asked not to be named in this story.”

Maybe some of them haven’t figured it OUT yet! :-) But they’ve had since at least March…! Linear thinking takes longer, and first you have to get out of “denial.”

I hope that you enjoy reading the article as much as I did. My sympathies go out to my colleagues at companies that had to clean up the mess.

My title refers to the “Pie Chart” in Krebs’ article that shows, of the more than 300 command-and-control networks that were used in these attacks, 299 were located in China.

-Bill at

Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”

You can view higher-resolution photos at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. The Cheshire Cat Photo Store on Zazzle® contains a wide variety of apparel and gifts decorated with our images of California. All locations are accessible from hereBe a “Facebook Fan” of Cheshire Cat Photo here! If you don’t see what you want or would be on our email list for updates, send us an email at

No Comments to “From China, with love….”

  (RSS feed for these comments)

You must be logged in to post a comment.

InspectorWordpress has prevented 52153 attacks.
Get Adobe Flash player