Attack Vectors – China War | Time Lines | Civil War | COVID | Cybermaps

Has the U.S.-China Cold War Now Begun?

Has a new Civil War started in America?










Among the biggest victims of the coronavirus pandemic is the fiction of amicable U.S.-China relations. Those ties have been worsening for years, even before President Trump decided to call out Beijing’s predatory behavior starting in 2017. With the crisis now pitting America and China openly against each other, it seems impossible to salvage the old working ties. Washington now faces an unambiguously adversarial relationship with the Chinese Communist Party, one in which global ideological blocs may be drawn. Losing this new cold war would be a grievous blow to global transparency and liberal order. It would also threaten a significant reduction of American power and influence abroad.









Electromagnetic Defense Task Force –

The “increasing confidence” comes from classified and open-source documents and evidence, the sources said. Fox News has requested to see the evidence directly. Sources emphasized — as is often the case with intelligence — that it’s not definitive and should not be characterized as such. Some inside the administration and the intelligence and epidemiological communities are more skeptical, and the investigation is continuing.


Six years ago, Bloomberg News killed an investigation into the wealth of Communist Party elites in China, fearful of repercussions by the Chinese government. The company successfully silenced the reporters involved. And it sought to keep the spouse of one of the reporters quiet, too. Bloomberg News Killed Investigation, Fired Reporter, Then Sought To Silence His Wife

President Trump deserves the gratitude of every American for heeding EMP Commission warnings and issuing his “Executive Order on Coordinating National Resilience to Electromagnetic Pulses” on March 26, 2019.

5 years ago The Atlantic wrote that not only was war with the US and China likely it was way more likely than anyone realized. They wrote that something could happen that will cause a cascade affect resulting in total war.

USAF EDTF, Electromagnetic Pulse Threats to America’s Electric Grid: Counterpoints to Electric Power Research Institute (OTH: August 27, 2019)

FEB 29, 2020 – A Chinese Destroyer Fired a Laser at a U.S. Navy Patrol Aircraft

March 25, 2020 – U.S. cybersecurity experts see recent spike in Chinese digital espionage

US launches advanced satellite in 1st Space Force national security mission

03/30/20 – We weren’t ready for a pandemic — imagine a crippling cyberattack

APRIL 1, 2020 – China seizes Covid-19 advantage in South China Sea

Apr 3, 2020 – Coronavirus isn’t our only national security threat

OAN Newsroom – UPDATED 6:47 AM PT — Wednesday, April 15, 2020 – The Trump administration is halting funding to the World Health Organization (WHO) pending an investigation into the group’s alleged “mismanagement” of the COVID-19 pandemic.


Step one – Reconnaissance

Before launching an attack, hackers first identify a vulnerable target and explore the best ways to exploit it. The initial target can be anyone in an organization. The attackers simply need a single point of entrance to get started. Targeted phishing emails are common in this step, as an effective method of distributing malware.

  • (i) Assess the situation: Initiate the response by assessing the situation in terms of time, place and person distribution of those affected, routes of transmission, its impact on critical infrastructure and health facilities, the agencies and organizations involved in responding to the event, communicate to the public health responders, local, state and national level emergency operation centers for event management etc.

The whole point of this phase is getting to know the target.
The questions that hackers are answering at this stage are:

  1. Who are the important people in the company? This can be answered by looking at the company web site or LinkedIn.
  2. Who do they do business with? For this they may be able to use social engineering, by make a few “sales calls” to the company. The other way is good old-fashioned dumpster diving.
  3. What public data is available about the company? Hackers collect IP address information and run scans to determine what hardware and software they are using. They check the ICAAN web registry database.

NY Interactive                            NY Interactive Map

Step two – Weaponization

In this phase, the hacker uses the information that they gathered in the previous phase to create the things they will need to get into the network. This could be creating believable Spear Phishing e-mails. These would look like e-mails that they could potentially receive from a known vendor or other business contact. The next is creating Watering Holes, or fake web pages. These web pages will look identical to a vendor’s web page or even a bank’s web page. But the sole purpose is to capture your user name and password, or to offer you a free download of a document or something else of interest. The final thing the attacker will do in this stage is to collect the tools that they plan to use once they gain access to the network so that they can successfully exploit any vulnerabilities that they find.

Corona Virus – COVID19 Outbreak


Step three – Delivery

Now the attack starts. Phishing e-mails are sent, Watering Hole web pages are posted to the Internet and the attacker waits for all the data they need to start rolling in. If the Phishing e-mail contains a weaponized attachment, then the attacker waits for someone to open the attachment and for the malware to call home.

  • (iv) Implementation of the action plan: The RRTs/QRMTs investigate the outbreak/increase in the disease incidence, collect samples and send it to the identified state/national laboratory for testing. Hospitals are alerted for receiving the patients and their treatment. If necessary tented hospitals are set up. Methods to control the disease and quarantine measures are instituted. Once the disease is identified, treatment protocols are sent to all concerned by the fastest possible means. Standard operating procedures (SOP) for laboratory testing is made by the identified laboratory and the same is sent to all the hospital laboratories and district hospitals for implementation. Laboratory reagents are distributed to the concerned laboratories. Public is taken into confidence to prevent any panic. The list of ‘Do’s and Don’ts’ are circulated thorough the print and electronic media. Hospitals ensure appropriate isolation, quarantine, waste disposal and personal protective measures. All contaminated clothing and equipment are carefully disposed of by incineration. An impact assessment team assesses the impact of the attacks on humans, animals and plants.

In this phase the attacker makes sure that they continue to have access to the network. They will install a persistent backdoor, create Admin accounts on the network, disable firewall rules and perhaps even activate remote desktop access on servers and other systems on the network. The intent at this point is to make sure that the attacker can stay in the system as long as they need to.

Now that they have total control, they can achieve their objectives. This could be stealing information on employees, customers, product designs, etc. or they can start messing with the operations of the company. Remember, not all hackers are after monetizable data, some are out to just mess things up. If you take online orders, they could shut down your order-taking system or delete orders from the system. They could even create orders and have them shipped to your customers. If you have an Industrial Control System and they gain access to it, they could shut down equipment, enter new set points, and disable alarms. Not all hackers want to steal your money, sell your information or post your incriminating e-mails on WikiLeaks, some hackers just want to cause you pain.

The more time hackers spend gaining information about the people and systems at the company, the more successful the hacking attempt will be.

Step three – Exploitation

(a) Preparedness phase: This phase includes actions to be taken by different agencies to ensure required state of preparedness. These include evaluation of the laboratory facilities and upgrading the same, evaluating the hospital preparedness in emergency response and case management in case of an imminent attack, conduct training of health professionals, rapid response team (RRT) and quick response medical team (QRMT) who would be the first responders, work out the legal provision and their implications, ensure that requirement of safe drinking water is met, ensure availability of adequate stocks of medicines and vaccines, coordinate with security organization, organize mock drills for health professionals, government departments, animal husbandry, security, law enforcing and other agencies so as to assess their preparedness levels to act in case of an attack, prepare contact details so that communications is unhampered during an attack. Public should be kept aware about imminent attacks so that voluntary reporting is encouraged. It is important to carry out review of situation based on current information of threat perception.
Now the ‘fun’ begins for the hacker. As user names and passwords arrive, the hacker tries them against web-based e-mail systems or VPN connections to the company network. If malware-laced attachments were sent, then the attacker remotely accesses the infected computers. The attacker explores the network and gains a better idea of the traffic flow on the network, what systems are connected to the network and how they can be exploited.

  • (ii) Contact key health personnel: Contact and coordinate with personnel within the health department that have emergency response roles and responsibilities. Record all contacts and follow-up actions.

(b) Early Warning Phase: The early warning in the surveillance system includes activities like case definitions, notification, compilation and interpretation of epidemiological data. Early detection and rapid investigation by public health epidemiologist is critical in determining the scope and magnitude of the attack and to implement effective interventions.
(c) Notification Phase: It is mandatory to report any unusual syndrome or usual syndromes in unusual numbers to appropriate authorities. The activities in this phase include rapid epidemiological investigations, quick laboratory support for confirmation of diagnosis, quarantine, isolation, keeping health care facilities geared for impending casualty management and evolving public health facilities for control.

My Wordfence Brute Force Log
My Wordfence Brute Force Log

(d) Response Phase: In this phase the activities include rapid epidemiological investigation, quick laboratory support, mass casualty management and initiation of preventive, curative and specific control measures for containing the further spread of the disease. In order to achieve them, following steps can be followed:

  • (iii) Develop action plan: Develop initial health response objectives that are specific, measurable and achievable. Establish an action plan based on the assessment of the situation. Assign responsibilities and record all actions.

Step six – Command and control

Now they have access to the network, administrator accounts, all the needed tools are in place. They now have unfettered access to the entire network. They can look at anything, impersonate any user on the network, and even send e-mails from the CEO to all employees. At this point they are in control. They can lock you out of your entire network if they want to.

This page is a hand-curated list of the cyber attacks and threats related to the global pandemic.

Coronavirus Destroys US-China Relations

Worldwide Threat Assessment of the US intelligence community

List of military operations of India

Human rights in China

Step seven – Action on objective



China and others took the American financial stumble as a blunder of democratic capitalism, and a moment of opportunity to advance their own agendas. Under Xi Jinping, Beijing has seen the last decade as a period of “strategic opportunity” — one it did not necessarily expect to last, as it faces its own expected economic and demographic slowdowns. It built military bases in the South China Sea in contravention of international law, launched the vast and opaque Belt and Road Initiative to spread economic and political influence, doubled down on the state’s role in the economy and prejudicial policies, and coopted international human rights bodies. Along the way, it began to develop its own global governance aspirations and visions.

With the election of Donald Trump, the United States widened Beijing’s window of opportunity with its self-inflicted political convulsion. To China’s great fortune, American foreign policy was now expressly hostile to multilateral institutions, bellicose on trade, and defined national security in terms of narrow, homeland defense. To experts in the United States and abroad this looked like a willing abdication of the system the United States had constructed and led. But alongside these fears, and in another significant shift, foreign policy thinkers from both major parties increasingly agreed that the United States and China had entered a period of a great-power competition, in part, over the future of the international order and which power would set its terms.

Here are four of the space threats that a dedicated service branch might address:

1) Kinetic physical weapons. Satellites are vulnerable to objects that can be launched into space to take them out (like ballistic missiles) or a satellite that can be placed in orbit and intentionally maneuvered into another satellite’s path. Ground stations can be attacked by conventional military weapons or disrupted through an attack on the power grid.

2) Non-kinetic physical weapons. Lasers, high-powered microwaves and electromagnetic pulse weapons — like a nuclear detonation in space — can have physical effects on satellites and ground stations without making physical contact with them. Lasers can also be used to temporarily dazzle or permanently blind mission-critical sensors on satellites, while high-powered microwave weapons, best deployed from another high-flying platform, can disrupt or permanently damage a satellite’s electronics.

Pence called out Russia’s work to develop an airborne laser that would be able to destroy space-based systems, but China is believed to already have much of the technology necessary to field an operational capability to dazzle or blind a satellite. And last year, Chinese media celebrated the development of a shipboard, miniaturized microwave weapon that could evolve into an orbital anti-satellite system. In 2011, the Christian Science Monitor quoted an unnamed European intelligence source stating that Iran managed to “blind” a U.S. satellite by “aiming a laser burst quite accurately” — sparking speculation it obtained the technology from Russia or China.

In 2014, Russian jamming in Ukraine resulted in the loss of GPS for radios and phones, as well as the grounding of some remotely piloted aircraft. Iran jammed Voice of America transmissions on the Telstar 12 satellite in 2003, jammed BBC and VOA broadcasts on the Hot Bird satellite in 2010, and claimed to have spoofed GPS to down an American RQ-170 drone in 2011. North Korea used its GPS jamming capabilities against South Korea in 2010, in 2011 coinciding with a U.S.-Korean exercise, in 2012 and again in 2016. However, it’s unclear if the North has uplink jammers to disrupt military satellites.

Jamming activities can be difficult to detect or distinguish from accidental interference. In 2015, Gen. John Hyten, then-commander of U.S. Air Force Space Command, noted that the U.S. military was jamming its own communications satellites an average of 23 times per month.

4) Cyberattacks. Here are some possible intrusion points for a cyberattack: antennas on satellites and ground stations, the landlines that connect ground stations to terrestrial networks, and the user terminals that connect to satellites. Hackers, if they’re sophisticated enough, can monitor data, insert corrupted data, or “shut down all communications and permanently damage the satellite by expending its propellant supply or damaging its electronics and sensors,” according to the CSIS report.

Theoretically, Russia, Iran and North Korea might use their cyber capabilities to attack U.S. satellites. China, however, has been implicated in cyberattacks that in 2014 caused the National Oceanographic and Atmospheric Administration’s satellite information and weather systems to stop transmitting for two days. In 2008, China was implicated in an attack on NASA’s Terra Earth observation satellite that achieved the steps to command the satellite but stopped short of issuing commands.

A report on arms control compliance does not offer proof, but points to circumstantial evidence, of excavations and other stepped-up activity at China’s Lop Nur test site.

“China’s possible preparation to operate its Lop Nur test site year-round, its use of explosive containment chambers, extensive excavation activities at Lop Nur and a lack of transparency on its nuclear testing activities … raise concerns regarding its adherence to the zero yield standard,” the state department report, first revealed by the Wall Street Journal, said.

“The pace and manner by which the Chinese government is modernising its stockpile is worrying, destabilizing, and illustrates why China should be brought into the global arms control framework,” said the senior US official on condition of anonymity.

China, estimated to have about 300 nuclear weapons, has repeatedly rejected Trump’s proposal, arguing its nuclear force is defensive and poses no threat.

OAS (On-Access Scan) shows malware detection flow during On-Access Scan, i.e. when objects are accessed during open, copy, run or save operations.
ODS (On Demand Scanner) shows malware detection flow during On-Demand Scan, when the user manually selects the ’Scan for viruses’ option in the context menu.
MAV (Mail Anti-Virus) shows malware detection flow during Mail Anti-Virus scan when new objects appear in an email application (Outlook, The Bat, Thunderbird). The MAV scans incoming messages and calls OAS when saving attachments to a disk.
WAV (Web Anti-Virus) shows malware detection flow during Web Anti-Virus scan when the html page of a website opens or a file is downloads. It checks the ports specified in the Web Anti-Virus settings.
IDS (Intrusion Detection System) shows network attacks detection flow.
VUL (Vulnerability Scan) shows vulnerability detection flow.
KAS (Kaspersky Anti-Spam) shows suspicious and unwanted email traffic discovered by Kaspersky’s Reputation Filtering technology.
BAD (Botnet Activity Detection) shows statistics on identified IP-addresses of DDoS-attacks victims and botnet C&C servers. These statistics were acquired with the help of the DDoS Intelligence system (part of the solution Kaspersky DDoS Protection).

category     / tim-pool /

category     / styxhexenhammer666 /

What is syndromic surveillance?

Henning KJ1.
Innovative electronic surveillance systems are being developed to improve early detection of outbreaks attributable to biologic terrorism or other causes. A review of the rationale, goals, definitions, and realistic expectations for these surveillance systems is a crucial first step toward establishing a framework for further research and development in this area. This commentary provides such a review for current syndromic surveillance systems. Syndromic surveillance has been used for early detection of outbreaks, to follow the size, spread, and tempo of outbreaks, to monitor disease trends, and to provide reassurance that an outbreak has not occurred. Syndromic surveillance systems seek to use existing health data in real time to provide immediate analysis and feedback to those charged with investigation and follow-up of potential outbreaks. Optimal syndrome definitions for continuous monitoring and specific data sources best suited to outbreak surveillance for specific diseases have not been determined. Broadly applicable signal-detection methodologies and response protocols that would maximize detection while preserving scant resources are being sought. Stakeholders need to understand the advantages and limitations of syndromic surveillance systems. Syndromic surveillance systems might enhance collaboration among public health agencies, health-care providers, information-system professionals, academic investigators, and industry. However, syndromic surveillance does not replace traditional public health surveillance, nor does it substitute for direct physician reporting of unusual or suspect cases of public health importance.