Chinese Websites Used As Launchpads For Cracking

An anonymous reader writes "A Washington Post article reports that Chinese networks are being used to breach hundreds of unclassified U.S. government systems. The article goes on to say that some analysts believe the activity to be tied to the Chinese government, although there is also some dissent." From the article: "Whether the attacks constitute a coordinated Chinese government campaign to penetrate U.S. networks and spy on government databanks has divided U.S. analysts. Some in the Pentagon are said to be convinced of official Chinese involvement; others see the electronic probing as the work of other hackers simply using Chinese networks to disguise the origins of the attacks."

Idealism

[mfh]

FTA: "It's not just the Defense Department but a wide variety of networks that have been hit," including the departments of State, Energy and Homeland Security as well as defense contractors, the official said. "This is an ongoing, organized attempt to siphon off information from our unclassified systems."

This seems like the work of terrorists to me. They gather unclassified intel from multiple sources and then they can prove/disprove rumours (leaks?) of a secret nature. This puts a strain on the agencies to ensure that solid intel can not be assembled from less potent information, and yet many citizens complain about the slow pace in which free information flows out of the government. Look at what they are up against, today. (I know I'm going to get hammered on that statement) I think we're seeing that delicate balance between freedom of information and security will be tipping in the near future as a direct result of these attacks. It's never been very balanced anyway. I might be a touch left-wing, an idealist -- but to me there needs also to be a careful approach to protecting the homeland, whether it's in Canada, the US or abroad. I have a sneaky feeling that someone we know had something to do with this, and it's likely not the Chinese government -- I think it was the FSM [boingboing.net], or possibly a smaller cell -- the Army of the 12 Monkeys!

Re:Idealism

[SimilarityEngine]

This puts a strain on the agencies to ensure that solid intel can not be assembled from less potent information

It doesn't even need to be solid, if you're a blackmailer or social engineer - just enough to be damning/interesting/scary or enough to let you "talk the talk" when posing as a government official working on some project or other.

How much is spoofed?

[m50d]

I wonder how many of these attacks are really coming from America. Standard practice is to spoof somewhere that seems to be not worth their time to look into if anyone catches you - eastern europe used to be a favourite, with its famously corrupt and incompetent police forces and the sheer physical distance acting to dissuade US companies or government agencies from bothering to try and bring anyone apparently from there to justice. With the additional hostile political environment and famed elite hackers, China would make a very attractive place to spoof an attack as being from.

Some are said to be?

[Anonymous Coward]

Talk about weak:

"Some in the Pentagon are said to be convinced of official Chinese involvement..."

So, other people have said that some people in the Pentagon are convinced. We don't even know who is doing the "saying."

Sounds like weak speculation to me.

Real story

[GrAfFiT]

OK, further investigations revealed that the whole issue was seriously inflated. It was just about chinese user's (pirated) Windows XP computers being infected by worms and turned into zombies sending gazillions of blaster/sasser/zotob/whatever to .mil computers. OK nothing to worry about.
Next story : old korean grand-mothers hacking Pentagon's SMTP servers.

websites?

[delirium of disorder]

Although there certainly are penetration methods that use web sites, I would guess that many other application layer IP services are being used for these attacks. The media's use of the term web site to mean any IP device is deceiving.

Re:If you've done nothing wrong...

[gstoddart]

Then you have nothing to fear from the Chinese knowing all the information the US government has collected on you.

Why does everyone insist in perpetuating this absurd statement?

Innocence doesn't mean you should embrace everyone having access to everything about you. Nor should it mean you would be willing to give up your privacy and freedoms just because you've "done nothing wrong".

And, as a more direct response to that .... what if you're a Chinese expat doing things that are legal in the US but deemed subversive by the Chinese. Your family is then in deep doo-doo.

Everytime I hear someone say they don't have anything to fear because they've done nothing wrong, all I can think of are sheep who don't know any better.

First They Came for the Jews

First they came for the Jews
and I did not speak out
because I was not a Jew.
Then they came for the Communists
and I did not speak out
because I was not a Communist.
Then they came for the trade unionists
and I did not speak out
because I was not a trade unionist.
Then they came for me
and there was no one left
to speak out for me.

Pastor Martin Niemöller

Maybe a little of both.

[AltGrendel]

I would suspect that the Chinese Govt. is doing what just about any government would do. Monitoring what's happening, but keeping out of it just enough for plausable deniability.

The Currency of Fear.

[delire]

Secondly, the notoriously paranoid government in Beijing has also long feared that Microsoft Windows has a "back door" that could allow for U.S. government snooping -- a fear no doubt enhanced by the January discovery of bugging devices in President Jiang Zemin's new personal Boeing 767. Microsoft, of course, denies that it would ever be involved in such matters, but many Chinese still feel safer using the open code of Linux. In China, after all, any company as big as Microsoft would be in cahoots with the government.

From here. [newamerica.net]

Chinese Government

[Krast0r]

If the Chinese Government wanted to break into the websites of foreign powers, they probably would have broken into them all by now. Think about it, China has a population of roughly 1,306,313,812 (July 2005) and a purchasing power of $7.262 trillion. Chances are that someone in China will be able to break into a Government website, and with that kind of purchasing power they could probably get a PC or 2. However, if China really wanted to do some damage they could always get everyone in the population to refresh a page a few. Although this may be slightly unpractical, it would certainly be noticed.

Nature of "Attacks"

[MrCopilot]

Hmm, So they recieve hits on UNClassified Computers (Servers?). Is it possible someone in china just wants to know about corn production and distribution to soldiers?

Nowhere does TFA describe the attacks themselves. I guess we are to assume they are malicious Attacks to gain control of DOD computers. I try to never assume anything based on vague DOD statements. So I'm going with hits on the serveer Logs. Seems like a cute way to get approval for Classifying these UNClassified Systems. This administration has been overly secretive in a whole slew of areas, add one more to the list.

I give it a week, then quietly changes will be made and this info will dissappear off the web, innaccessible to all but the DOD.

Wouldn't it be interesting to know how many "Attacks" the chinese government receives from the US.

The number of attempted intrusions from all sources identified by the Pentagon last year totaled about 79,000, defense officials said, up from about 54,000 in 2003. Of those, hackers succeeded in gaining access to a Defense Department computer in about 1,300 cases. The vast majority of these instances involved what VanPutte called "low risk" computers.

Gained access, Shit man, Raise Terror Threat Level to chartruse.

This is an ongoing, organized attempt to siphon off information from our unclassified systems."

No kidding, People are using computers to gather publicly available information. Oh.. My.. God.. Raise to level Periwinkle.....Get Dick to an undisclosed location. Get Condi on the horn.

Either you are with us or your with the Chinese Websites.

Of course they're spying

[Anonymous Coward]

That's what governments do; even friendly ones. We're just arguing about whether we have caught them in the act.

I expect they're being more sophisticated. How about sniffing everything that goes over the internet. I bet they're doing that.

I remember describing something as having more antennas than a Russian fishing trawler. Those trawlers were of course not fishing for fish.

Re:unclassified could be espionage as well

[LiquidCoooled]

Rule number one of the internet.

If you don't want the world to see your sensitive documents, don't put them on the webserver.

Re:Some are said to be?

[Anonymous Coward]

Or a Democrat.

Do you seriously think there is a differnece between the two parties besides minor ideological differences?

Re:Idealism

[isepic]

You know, I used to think the same way, but beileve it or not, some folks DON'T CARE if you know who they are.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Real Bigness

[twiddlingbits]

What the hell are you smoking? You better have some FACTS to prove all these looney left-wing allegations about Bush-China. GWB has done more for the security of the USA than Bill Clinton ever did. We all know Bill Clinton was taking bribes in the form of illegal campaign contributions from the Chinese Government via it's agents disgised as "businessmen" with legitimate interests. Now you really are off the deep end about China and American colonies. The USA has never had very much to do with mainland China, we recognize Taiwan as "China". If you are basing all this on the lowering of trade barriers on textiles earlier this year that has allowed the market to be flooded with low cost Chinese goods, that IMO is NOT a bad thing. The USA can no longer compete in some areas with other nations, we have to recognize that and adapt. Erecting barriers only increases the cost to USA consumers, and really does nothing else. It's not capitalisms to protect inefficent suppliers. The laws of Economics tell use the resources used by these suppilers would return better economic value when applied elsewhere. Now quit smoking that crack and make some sane arguments, not wild conspiracy theories.

Re:Idealism

[arkanes]

It's not a tough idea at all. Closed, authoritarian governments have been around as long as there have people. The problem is that this is in direct contradiction to the democratic ideal. The entire point of a democractic government is that its power derives from the citizens, and it is supposed to reflect those citizens interests. It is *not* supposed to be a totalitarian figure, benevolent or not.

Now, it may very well be that (real) democracy isn't stable in the long run - certainly the US government has moved more and more toward the totalitarian mode over the last couple centuries - but the people who're upset over that aren't confused or misled about a need for secrecy. They're concerned with the fact that a government that nominally represents thier them is actively seeking to hide information and activities from them (again, not a poke at the Bush administration - this has been happing, and gradually increasing, for the entire history of the US).

Historical fact bears this out, too - there's been more than one case of government agencies refusing FOIA requests, or censoring them, not because they contained information critical to national security, but because they were embarressing, or contradicted "official" reports.

In terms of security at all, the *best* kind is the kind that works even when everyone knows what you're doing. Thats not always possible, of course, but your example of vacation time is a great one for exactly that reason. Suppose that some city had some large fraction of it's officers on vacation on the same week of every year. Thats hurtful to security whether it's published or not. Publishing it, in fact, is probably the best way to correct such a short sighted flaw in operating procedures. "Open and transparent" means that the public (remember, the people who're supposedly the important ones) can confirm that people who claim to be acting in thier interest are actually doing so.

And the what matters as well, especially when we're a supposedly moral nation. For example, many people are uncomfortable with the idea of torturing prisoners, or assassinating foreign politicians. Now, those actions may be neccesary to protect the US. Or they may not. But, supposedly, it's the *people* of the US who should determine what the line they will not cross is. Thats why we have laws and such about treatment of prisoners, and regulating our international operations. And history has shown that we need public oversight if our government is to be trusted to abide by those laws. Here I will poke specifically at the Bush administration, because, whether you support torturing prisoners for information or not, the Bush adminstration official policy is to do it via legal loopholing and word games, not via straightforward public policy.

Of course, this is all predicated on the idea that a democratic society is stable or even a good idea. Theres a lot of people who would disagree, even Americans (from the sound of it, even yourself). Humans are social animals and being led is very comforting to many people.

Re:Real Bigness

[Doc Ruby]

Only to racists, like the religious people thru the 20th Century who "forgive" black people, "because god made them that way, it's not their fault". Of course people who insist on believing in an imaginary spirit that created the universe 7000 years ago, inserting dinosaur bones in the ground to fool us, and who insist children should be taught their myth is as valid as Evolution, are ridiculous. It's their choice to be stupid, and impose their stupidity on us and our descendants. Deciding that some people are worth ignoring based on their behavior, including their senseless beliefs, is not the baseless prejudice of racism. It's mere judgement, which any sensible person exercises to protect ourself from accepting nonsense where the truth is important.

It's really sad that Creationists have cloaked themselves in the stolen garment of antiracism. Especially when so many Creationists are straight-up racists, from long lines of racists. Creationism is the way many racists pass the buck, saying "we love niggers, it's part of god's plan that they're inferior". I've seen it up close, especially when I lived in Louisiana for several years. And I've seen nothing else from these Creationists anywhere else but the same (often unwitting) selfserving, willful ignorance. Ridicule is the fairest treatment they can expect - just as if they blathered on about how textbooks should dignify the theory that the Tooth Fairy created the universe.

Re:Real Bigness

[Doc Ruby]

Clinton is gone. Bush is here today. It's rightwingnuts like you who also say "we're not as bad as Saddam Hussein when we torture Iraqis" who are the problem. Or claim that bombing bin Laden's camps is a way to distract us from a blowjob. You've got nothing worth hearing to say about security.

Re:Real Bigness

[JavaLord]

Only to racists, like the religious people thru the 20th Century who "forgive" black people, "because god made them that way, it's not their fault".

You can point out dark parts of any race or large religions history pretty much. Should we hold the rape of nanking against the Japanese today?

Of course people who insist on believing in an imaginary spirit that created the universe 7000 years ago, inserting dinosaur bones in the ground to fool us, and who insist children should be taught their myth is as valid as Evolution, are ridiculous.

So you are saying all religion is ridiculous? You can basically point out things in every religion that are ridiculous to believe if you don't have faith. Even if you believe all religion to be ridiculous, does that give you a basis to judge anyone who believes in a particular god as 'stupid' as you do later on? It's their choice to be stupid, and impose their stupidity on us and our descendants. Deciding that some people are worth ignoring based on their behavior, including their senseless beliefs, is not the baseless prejudice of racism. It's mere judgement, which any sensible person exercises to protect ourself from accepting nonsense where the truth is important.

So people do not have the right to teach their children as they see fit? It's one thing to be an athiest, it's another to call people stupid based on their beliefs.

It's really sad that Creationists have cloaked themselves in the stolen garment of antiracism. Especially when so many Creationists are straight-up racists, from long lines of racists.

This is really no better than the Anti-Semitism that hate groups spew about Jews.

Creationism is the way many racists pass the buck, saying "we love niggers, it's part of god's plan that they're inferior". I've seen it up close, especially when I lived in Louisiana for several years.

I'm sad to see that living in Louisiana and your experences have biased yo to the point where you think religious people = stupid racists. You do realize, by judging them the way you do, you are as bad as what you claim they are? You have become no better than what you have so much rage against.

And I've seen nothing else from these Creationists anywhere else but the same (often unwitting) selfserving, willful ignorance. Ridicule is the fairest treatment they can expect - just as if they blathered on about how textbooks should dignify the theory that the Tooth Fairy created the universe.

There are logical, and legal reasons why creationism shouldn't be taught in public schools. You would be better off sticking to those rather than promoting hatred of a group of people based on their religious beliefs.

Re:Web sites

[th3ex9]

I'd have to agree with the orignal poster. Web sites don't do anything until an end-user requests files from the site. A better title might be "Government computer users download hacks from web sites." This would also put a healthier spin on the problem which might yield a solution. For example, I think government classified network users shouldn't/can't cruise hostile websites in China. "Web sites attack" is a poor phrase hoisted on a technically shallow public. IMHO.

Re:Cut the Chinese off of our internet

[Alerius]

Hmmmm, yes, let's cut off the country that is the source of all the spam out there. Taking a quick look at the list maintained by Spamhaus here http://www.spamhaus.org/rokso/index.lasso [spamhaus.org] that would be......the Unites States. Of the top 200 listed, noted as being responsible for 80% of the spam on the internet, I see only 4 that are listed as coming from China. Might want to be careful about what you wish for, you might get it. Your US-centric attitude shows you for the bigot you are and it ain't pretty.