Advocate (Dr.) Prashant Mali's Blog

Hacking is Not that Hard  ▫ More than 90% of successful breaches  required only the most basic techniques. ▫ Only 3% of breaches were unavoidable  without difficult or expensive actions. ▫ Outsiders with insiders help of or with gross negligence  of insiders were responsible for most  breaches. ▫ 85% of breaches took months to be  discovered; the average time is five  months. ▫ 96% of successful breaches could have  been avoided if the victim had put in place  simple or intermediate controls. ▫75% of attacks use publicly known  vulnerabilities in commercial software  that could be prevented by regular  patching. ▫ One study found that antivirus software  missed as much of 95% of malware in the  first few days after its introduction. ▫ Another study found that 25% of malware  is not detected by current techniques.

Ø   1995 – Major General Wang Pufeng describes attacking via Internet Ø   1997 – Major General Wang Baocun’s 10 Features of Chinese InfoWar Ø   1997 – “ War Beyond Limits” (Unrestricted Warfare) is written by 2 Senior Chinese Colonels Ø   May 03, 2001 China warns of massive hack attacks Ø   2002 - “informatisation” campaign begins Chinese Communist Party (CCP) General Secretary and Central Military Commission (CMC) Chairman Jiang Zemin, a speech before the 16th Party Congress Ø   2003 - Titan Rain US DoD & Government websites targeted Ø   2004 – Japan targeted by Chinese over disputed Daiyu Islands Ø   2007 – GhostNet Global CnC network with IP addresses in People’s Republic of China   Ø   2008 – Byzantine Hades - targeted cyber operations against the U.S. government using social engineering and malicious attachments and links in e-mail messages.  Ø   2008 - MI5 writes to more than 300 senior executives at banks, accountants and legal firms warning them - t