This page has been archived and commenting is disabled.
DEADF007 - Is Stuxnet The Secret Weapon To Attack Iran's Nukes; Is A Virus About To Revolutionize Modern Warfare?
One of the most interesting stories in the last few days, has little to do with finance and economics (at least right now), but arguably very much to do with geopolitics. A fascinating report which cites computer security experts claims that the recent uber-cryptic malware worm Stuxnet is nothing less than a weapon designed to infiltrate industrial systems, and based on attack patterns, the ultimate object of Stuxnet may be none other than Iran's Busher nuclear reactor, which could be targetted for destruction without absolutely any military intervention. Has modern warfare just become obsolete courtesy of a computer virus?
From Yahoo:
Cyber security experts say they have identified the world’s first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.
The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet’s arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.
A brief history of Stuxnet:
Stuxnet surfaced in June and, by July, was identified as a hypersophisticated piece of malware probably created by a team working for a nation state, say cyber security experts. Its name is derived from some of the filenames in the malware. It is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. That much the experts discovered right away.
But what was the motive of the people who created it? Was Stuxnet intended to steal industrial secrets – pressure, temperature, valve, or other settings –and communicate that proprietary data over the Internet to cyber thieves?
And it gets much more eerie:
Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.
"Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack."
Stuxnet is so sophisticated it may revolutionize the way modern warfare if fought entirely:
Stuxnet's ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world.
"Stuxnet is the key for a very specific lock – in fact, there is only one lock in the world that it will open," Langner says in an interview. "The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process."
The virus has already spread to the point where it is safe to say most critical SCADA infrastructure may already be infected.
So far, Stuxnet has infected at least 45,000 industrial control systems around the world, without blowing them up – although some victims in North America have experienced some serious computer problems, Eric Byres, a Canadian expert, told the Monitor. Most of the victim computers, however, are in Iran, Pakistan, India, and Indonesia. Some systems have been hit in Germany, Canada, and the US, too. Once a system is infected, Stuxnet simply sits and waits – checking every five seconds to see if its exact parameters are met on the system. When they are, Stuxnet is programmed to activate a sequence that will cause the industrial process to self-destruct, Langner says.
Has Stuxnet already hit its target?It might be too late for Stuxnet's
target, Langner says. He suggests it has already been hit – and
destroyed or heavily damaged. But Stuxnet reveals no overt clues within
its code to what it is after.
Will DEADF007 be the keyword that everyone will soon focus on?
Langner's analysis also shows, step by step, what happens after Stuxnet finds its target. Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows.
"After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon," Langner writes in his analysis. "Something big."
And the punchline - Iran's nuclear plant may have already been destroyed without anyone firing a shot anywhere:
A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.
Could Stuxnet's target be Iran's Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat?
Langner is quick to note that his views on Stuxnet's target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr's expected startup in late August has been delayed, he notes, for unknown reasons. (One Iranian official blamed the delay on hot weather.)
There is much more to this story than merely creating page click inducing headlines. Computerworld itself is on the case:
A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran's Bushehr nuclear reactor.
That's the emerging consensus of security experts who have examined the Stuxnet worm. In recent weeks, they have broken the cryptographic code behind the software and taken a look at how the worm operates in test environments. Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker -- possibly a nation-state -- and it was designed to destroy something big.
Though it was first developed more than a year ago, Stuxnet was discovered in July 2010, when a Belarus-based security company found the worm on computers belonging to an Iranian client. Since then it has been the subject of ongoing study by security researchers, who say they have never seen anything like it before. Now, after months of private speculation, some of the researchers who know Stuxnet best say that it may have been built to sabotage Iran's nukes.
And ever more experts are chiming in:
Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran's Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm's attack.
Experts had first thought that Stuxnet was written to steal industrial secrets -- factory formulas that could be used to build counterfeit products. But Langner found something quite different. The worm actually looks for very specific Siemens settings -- a kind of fingerprint that tells it that it has been installed on a very specific programmable logic controller (PLC) device -- and then it injects its own code into that system.
Because of the complexity of the attack, the target "must be of extremely high value to the attacker," Langner wrote in his analysis.
The evidence supporting that the attack is truly focusing on Iran is moving beyond the merely circumstantial:
This specific target may well have been Iran's Bushehr reactor, now
under construction, Langner said in a blog post. Bushehr reportedly
experienced delays last year, several months after Stuxnet is thought to
have been created, and, according to screenshots of the plant posted by UPI, it uses the Windows-based Siemens PLC software targeted by Stuxnet.
Another article by Computerworld discusses the lack of patching of a bug which Windows promised had been fixed, yet which allowed the entry of the virus into attacked systems. One wonders why Windows may have misrepresented this weakness...
Microsoft confirmed Wednesday that it overlooked the vulnerability when it was revealed last year.
The vulnerability in Windows Print Spooler service was one of four
exploited by Stuxnet, a worm that some have suggested was crafted to sabotage an Iranian nuclear reactor.
Last week, researchers at both Kaspersky Lab and Symantec, the firms that had reported the bug to Microsoft
in July and August, respectively, said the print spooler vulnerability
had not been publicly disclosed before they found Stuxnet was using the
flaw.
Yesterday Microsoft this omission:
"Microsoft is aware of claims that the print spooler vulnerability in
MS10-061 was partially discussed in a publication in April 2009," said
company spokesman Dave Forstrom in an e-mail Wednesday. "These claims
are accurate. Microsoft was not directly made aware of this
vulnerability nor its publication at the time of release."
And for the paranoid, there are at least two other unpatched bugs which allow Stuxnet to enter any system it desires:
The security firms also notified Microsoft of two other unpatched bugs that the Stuxnet worm exploited. Those flaws, which can be used by attackers to upgrade access privileges on compromised PCs to administrator status, will be patched in a future update, Microsoft said last week. It has not set a timetable for the fixes, however.
Little information is available about the two lesser vulnerabilities. Danish bug tracker Secunia, for example, has posted only bare-bones advisories, noting that one affects Windows XP while the other affects Vista and Windows Server 2008 machines.
In other words, the entire world could very well be open to attacks by the most sophisticated targeted virus ever created, whose sole purpose may be the eradication of targets which previously involved the involvement of armed combat.
Is the face of warfare about to change forever?
»
- 38445 reads
- Printer-friendly version
- Send to friend
- advertisements -
I would say you have it backwards;
Networked computers are nearly impossible to secure, at least for very long, and you can never stop trying to secure them even when you have once succeeded.
Backdoors are nice scary monsters to trot out for dramatic play, but unless I was a legitimate target for the NSA or Mossad I'd not give it any thought. Means the NKs are fuxored up the wazoo, of course.
Cyber war is us, we're Number One. All straight fact from
www.carlisle.army.mil/.../173_PCCIPDeterrenceCyberDimension_97.pdf
See the lead paragraph on pg. nine, quote won't copy from this mil site.
Iraq war started with this cyber attack.
BANZAI7 NEWS IMAGE INSIDE THE PLANT (no kidding)
http://williambanzai7.blogspot.com/2010/09/stuxnet-virus.html
STUXNET INJECTION DEVICE http://zedomax.com/blog/wp-content/uploads/2009/06/steampunk-usb.jpg
Guess no one watched Battlestar Galactica (the new one).
The whole reason why the Cylons destroyed the 12 colonies, was because #6, played by Trician Helfer, had slept with a person who gave her access to the defense mainframes. While in there, she put some back doors in, and next thing you know, they just turned off the switch. Because of the computers were networked, they could turn off everything.
Now obviously in the real world not everything is connected, but if anything like say....the water tanks cooling the rods were fucked with, well then, besides being one helluva bad design flaw, it could cause some serious damage.
I think there was also something similar in Die Hard IV.
By your command
Galactica series, the new one done before SciFi channel bought out by a flea market operation: Best thing I've ever seen on television. Amazing series. Now out on DVD, even blu-ray, I believe. Like so many great ones, though, can't really be appreciated unless you watch from the first episode. Starbuck had to be the hottest crazy babe ever. I sure miss that show, but life goes on.
Joshua: Shall we play a game?David Lightman: Love to. How about Global Thermonuclear War?
Joshua: Wouldn't you prefer a nice game of chess?
David Lightman: Later. Let's play Global Thermonuclear War.
Joshua: Fine.
Very interesting stuff, thanks for posting it.
Symantec agrees that stuxnet can both re-program industrial control systems to malfunction and steal industrial code software. I guess if your ultimate aim is to reprogram some facility's industrial control software to dangerously malfunction, your first step would be to steal its current control software.
Symantec makes stuxnet sound like a flexible toolkit that can be tailored to attack any facility. So maybe there are different versions floating around targeting different facilities. Maybe even multiple groups have been employing stuxnet against each other. I suppose the real game with stuxnet is up already by now, but I'm sure it's no one-off.
Symantec also mentions the theory that a 1982 Siberian pipeline explosion was the result of cyber sabotage.
Symantec is promising to release a longer paper on stuxnet next week. They seem to have studied it pretty deeply and are convinced it is meant to take control of industrial facilities.
Symantec article: http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices
Wiki on the 1982 explosion: http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage
Quick thoughts from a "consumer-level" tech. I've seen Stuxnet "in person" and it was on some mouth-breather's "strategic Facebook access platform." Big whoop. It was pretty well-done, yes, but there's better stuff floating around the computosphere right this moment.
1) I'm skeptical that Internet-connected Windows-controlled hardware is actually controlling the operations of secure industrial control systems. A Windows client making micro-second control changes to turbine speed or pump rate is VERY difficult to accept. However, the human element may very well be monitoring the lower-level hardware from Internet-connected Windows clients, and that seems intuitively to me to be the more likely vector of attack. Humans like to be able to override all kinds of technology even when it's working properly. If the actual control-systems are functioning properly, but the data being fed to the human monitors is way wrong, the human is likely to employ his common sense to step in and FUCK THINGS UP. I personally would call this the more likely avenue of success for a Stuxnet (or any cyber) attack. The "virus" doesn't damage the target at all--it tricks the user into destroying the target.
2) One way to make it difficult for security-minded people to find your infection is to distribute it so widely and so uniformly that it becomes part of the "typical environment." When a particular DLL on a system process appears on 85% of the computers a person examines, and produces no "obviously" malignant effects on any of them, complacency/fatigue sets in and no matter how good the inspector is, it becomes very easy to overlook. Think of the technique of concealment used in Poe's The Purloined Letter. Thus overall the potential for a cyber-attack such as described in the article is very real if conceived by a well-educated party. The "best" infection is the one that causes no noticeable symptoms.
Anyway, haven't made it through more than half the posts yet, but wanted to mention these points in case they haven't been well-covered already.
As for security--if you want a secure PC, it's easy, and it's not about Linux vs. Windows vs. Apple.
Just don't connect it to a network. Piece of cake.
No PC is secure until it is unplugged. Run it off of a car battery.
http://en.wikipedia.org/wiki/Power_line_communication
There have been a number of articles in the news over the last several years about TPTB gaining access to a computer through the power lines to the house, then through the power lines in the house, through the wall plug, and into the computer through its power cord plugged into the wall socket. I'm surprised that hasn't been mentioned here. Iran's power plant guidance system doesn't need to be online. The computer it is on just needs to be plugged into the power grid.
While you "might" be able to figure out what a PC is doing via the noise it generates on its power cord, there is NO WAY to tell it what to do via that vector!
Folks don't spend all their time getting some id10t to plug in a USB drive if an easier method exists.
I understand about the USB drive. I was responding to the comment that you can have a secure PC if it is not connected to a network or the internet.
While you "might" be able to figure out what a PC is doing via the noise it generates on its power cord, there is NO WAY to tell it what to do via that vector!
Did you read the link to Wikipedia that I gave? You can run a network in your house through the wiring of the house. These require an adaptor to be plugged into the wall outlet and into the compute's ethernet connection. However, I have read articles about the government being able to take control of folks' PCs by going in through the power cord plugged into the wall socket. Mixing apples and kumquats a bit I know; one technology gets to the computer through the power cord, the other gets in through an ethernet connection to the wall plug. But it does appear that one can tell a PC what to do via that vector, if by vector you mean the power lines. That has been happening for quite some time. Google on "Power Line Communications".
http://oreilly.com/pub/a/etel/2007/02/15/an-introduction-to-power-line-c...
US Readies Cyberwar, Virtual Flag Terrorism
We must recall that Google was founded with the help of the US intelligence community, and is now acting as a virtual arm of the US National Security Agency, the electronic espionage department of the US government. Google-NSA’s arrogance and hypocrisy are unbearable, especially when we bear in mind the countless times that Google search engines have been used to suppress exposés of the US governments false flag operations, most notably 9/11, and other sensitive topics.
There are two sides to the conflict between Google-NSA and China. One is the Great Cyberwall erected by the Chinese government against attempts by the US-UK to capitalize on ethnic and social tensions inside China to launch a color revolution, CIA people power coup, or postmodern putsch. The other aspect is Google’s claim that hackers working for the Chinese government raided Google’s e-mail servers. The second charge has been formally denied by the Chinese.
Even as Google prepares to shut down its Chinese operations, something larger and more sinister is looming. The US Wall Street-controlled media are gearing up to educate the public about imminent cyberwarfare and cyber-conflict. We can sense that Andrew Marshall, the Pentagon’s infamous octogenarian Yoda of the Office of Net Assessment, is playing a key role behind the scenes. This effort was formally launched in May 2009 by none other than Obama, who announced a buildup of US cyberwar assets, illustrating his project with the claim that his own campaign websites had been hacked during the 2008 campaign, prompting him to seek the assistance of FBI, CIA, NSA and the rest.
One highlight of this US propaganda campaign has been a two-hour docudrama special recently repeated several times on CNN on Feb. 20-21, simulating a massive cyber attack on the United States, starting with cell phones and then taking over into computers.[1] The impact of this attack is to shut down telephone communications, followed by airports and rail services, and finally to knock out most of the US electrical power grid, causing panic and chaos. The simulation is presented in the form of a meeting of the National Security Council while the US is under attack. Several protagonists of the 9/11 cover-up were among the starring players, including Jamie Gorelick (playing the US Attorney General), John Negroponte (playing the Secretary of State), and Michael Chertoff (in the role of the National Security Council Director).
Another important sign of the times is a Feb. 28 op-ed in the Washington Post by Admiral Mike McConnell, who headed up the NSA under Clinton, and is now a top executive for Booz Allen Hamilton, one of the military consulting firms which claims to have the greatest expertise in matters of cyber warfare.[2] Admiral McConnell’s basic idea is that cyber war is now upon us, and that the US must respond using the experience of the Cold War as the relevant model.
The results of this campaign of preparatory propaganda can be summed up under four basic points.
One is the relentless exaggeration of what cyber warfare can actually do in its present state. The public is now expected to believe that computer viruses and denial of service attacks can be used to shut down phone service, cripple airports, prevent trains from running, sabotage nuclear reactors, and paralyze power grids over the quasi-totality of the United States. Many of these claims were launched in relatively obscure articles by CIA officials or Wall Street Journal writers. It is not at all clear that cyber warfare can do what these interested parties are alleging. Rather, the best intelligence estimate right now is that we are in the presence of a new wave of cynical and demagogic fear mongering, similar to the weapons of mass distraction charges made by the neocons against Iraq during the buildup of war hysteria in 2002-2003. The idea that cyber warfare can shut down electrical grids very likely belongs in the same category with Tony Blair’s ludicrous charge that Saddam Hussein had the ability to strike London in 45 minutes. It was a fantastic lie.
A second Leitmotiv is the transposition of the terminology and mindset of the Cold War and nuclear confrontation into the modern cyber arena. The CNN simulation works towards refurbishing notions of deterrence, retaliation, and first strike, dressing them up in the trendy jargon of the computer age. Notions of preventive attack and preemptive attack are also being revamped. One big difference which the propagandists do not point out is that, while nuclear war was considered an unthinkable last resort by most government officials, the new propaganda portrays cyberwarfare as not unthinkable at all, but something that can be indulged in with relative impunity.
Very important legal questions arise in this context. Does a cyber attack constitute an armed attack? Can a cyber attack be casus belli, grounds for issuing a declaration of war? Is escalation from computers to bombs legal? Can a cyber attack represent a threat to international peace and security for the purposes of the United Nations charter? Can a cyber attack be used to invoke article V of the NATO treaty, which calls for common defense?
A third aspect of the current media blitz is that a new cast of enemies is being groomed and brought onstage, even as the shadowy adversaries of yesterday are relegated to a less prominent position – at least as far as cyber-aggression is concerned. In the CNN simulation, there is some discussion of a possible role of “Al Qaeda” and “bin Laden” in the ongoing attack. But this idea is brusquely and almost scornfully dismissed with the reply that those guys are known to live in caves, and therefore could hardly have the equipment necessary to carry on cyber warfare, even though they might desire to do so. (But 9/11? sure they could) For the CNN producers and their intelligence community consultants, the targets are clear: Russia (specifically the city of Irkutsk), China, and Sudan are the three countries mentioned as sources of the cyber attacks shutting down the US economy. With this, we have gone far beyond the narrow confines of the Middle East to target the largest country in the world, the largest country in Asia, and the largest country in Africa. The new target list involves two great powers, and not simply Iraq or Iran. We can see bigger and more lunatic adventures being prepared by the US scenario writers.
The fourth unmistakable overtone of the current propaganda barrage is the danger we can sum up under the heading of virtual flag terrorism. The world of cyber warfare is so opaque and recondite for the average person, and solid confirmation of claims so hard to come by, that rogue bureaucrats in the US and British governments will be able to a surge virtually anything with little fear of being refuted. Google accuses China of hacking without offering any convincing proof, and China denies the charge. What is the average person to believe? What prevents hackers in league with invisible government rogue moles at the NSA from deliberately attacking US facilities, and then blaming it on China, thus ginning up a major international provocation with little risk of being caught?
If millions of people are plunged into the dark, if trains and airliners crash, if other disasters occur, it is child’s play to issue a communiqué blaming hackers in the service of the Russian, Chinese, Sudanese, the Iranians, or other governments. The governments accused can certainly issue denials, but it is not clear how such a charge could be convincingly refuted.
The CNN simulation includes a discussion of the difference between location and attribution, meaning that the mere fact that an attack is launched from the country’s territory does not mean that the government is responsible. “Location is not attribution,” intones Secretary of State Negroponte at one point. But we can already hear the voice of the inevitable neocon warmonger asserting à la Bush that no distinction must be made between the servers spreading a destructive virus and the government whose territory harbors those servers. For the neocon, location and attribution are sure to be the same. This opens the possibility of starting a conflict by infiltrating physical provocateurs onto the territory of the targeted nation, and letting them launch a cyber attack from there. Even easier, so-called botnets of captive computers commandeered by trojans and related viruses can be used to launch the attack.
It goes without saying that the beltway bandits and Pentagon contractors are eager to cash in on the lucrative contracts that are now in the offing. More broadly, cyber warfare can be used as a great alibi for purposes of avoiding civil liability in the age of underfunding and asset stripping. When we have the next crash in the Washington DC metro, the management and the National Transportation Safety Board can ignore decades of underfunding and simply blame everything on Russia, China, and the Sudan, and tell the families of the victims to go and sue those governments. It is therefore time to begin a campaign of counter-inoculation of international public opinion against this new set of ominous lies which is being foisted off on the world.
http://www.youtube.com/watch?v=MDWEM2jM7qY&feature=related
http://www.washingtonpost.com/wp-dyn/content/article/2010/02/25/AR2010022502493.html
Nice.
Surely *someone* has real motivation to convince the public at large that the lights went NOT because of poor maintenance and crumbling infrastructure, but because them damn Chineses did it. ;)
+++++++ 10 nice read, geo, keep up the good work, my best.
I'm sorry but all tech companies in the 90s (especially those with an R&D focus) were competing for federal funds. Nothing new there. For good or for bad, US intelligence has funded incredible innovation in computer science. So when Google was a young company - did they take a government contract or two - like every other company I would suggest yes. Are they beholding - I would guess no. (Holy s**** - can't believe I defending Google)
Alternatives to Google exist:
http://www.yauba.com/
Well, blunderdog, if you doubt it, be sure to check out the Symantec presentation of their study next week where they promise:
"we will also show the code used and give demonstrations on the more malevolent and intriguing parts of the threat, namely the PLC/STL rootkit and the ability to control real-life physical systems."
http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml
stuxnet spreads also on USB drives.
One thing I'm not finding in any of the articles is a description of how and to where stuxnet sends stolen information. To a website, I guess? Anybody seen anything on that?
I didn't emphasize it, but perhaps I should have: I'm skeptical when it comes to *secure* systems.
Certainly it would be trivial to shut down the air-conditioning.
Time to go low-tech. Strike that. Make it no-tech.
Could Stuxnet's target be Iran's Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat?
This statement is a lie. Write a blatant lie into an article and be discredited forever. US statements explicitly confirm Bushehr is no strategic threat. The only threat is the Iranian's wanting to produce a very small percentage of the fuel for it to create a buffer for any potential dispruption to the predominant Russian supply.
I say we make Iranian President Ahmadinejad and Israeli President Peres fight against eachother in a cage match to the death. Whoever loses the match, the rest of the world nukes their country to the stoneage. Or we just nuke them both. Or they kiss and make up.
Mortal Kombat redux!
Well, Good Morning, Zero Hegdgers !!
Finally awake ?
Been writing about this for the last 18 months.
Last month I published the following post:
Cyber Criminals Attack Critical Water, Oil and Gas Systems
(Even sent a copy to ZH, but was elegantly ignored, so I posted it in the off-topic forum instead... "With $100 million You Can Take Down The Whole EU"...)
Can't wait to see the surprise when the Solar Max knocks out all communication systems on Earth With Force Of 100 million H-Bombs...
;-)
Have a great weekend everone !
In the evening ceremony chanel bags,chanel handbags sale as the first high-level chanel designer handbags custom Chinese star chanel bags prices uk XuQing alone in Paris – 2010 Shanghai chanel bags online uk,chanel bags uk online shopping early series dress coach outlet as ceremony. coach outlet store is Karl Lagrange coach outlet online the anfield fantasy coach outlet 2010 is 30-40 in Shanghai outlet 2010 coach handbags,coach handbags oulet China’s amorous feelings chanel 2.55 handbags,chanel handbags black different dress.