Chinese Hack Attacks on DoD Networks Coordinated 295
An anonymous reader writes " The Naval Network Warfare Command says that Chinese hackers are relentlessly targeting Defense Department networks with cyber attacks. The 'volume, proficiency and sophistication' of the attacks supports the theory that the attacks are government supported. The motives of the attacks emanating from China include technology theft, intelligence gathering, exfiltration, research on DOD operations and the creation of dormant presences in DOD network for future action. Onlookers warn that current US defenses against these attacks are 'dysfunctional', and that more aggressive measures should be taken to ensure government network safety."
Far outstripping other attackers (Score:5, Insightful)
Gee, ya think? China has more than a billion people. I know they're not all running around with shiny new laptops, but come on - this is akin to saying that the majority of low-temperature attacks on the United States come from Canada. Well, duh!
I can make the same "cyberattack" claims about my not-worth-cracking dedicated servers and the dinky firewall machine sitting on my cable modem, too, but that doesn't mean I'm engaged in a "cyberwar" with anyone. The majority of rooted machines trying to root mine are in China. Most of this comes in the form of automated attempts to bruteforce ssh, but I've seen targeted attempts where there's clearly a human on the other end of the wire.
While I don't doubt that DoD machines are probably being targeted intentionally, there's an overwhelming amount of garbage traffic coming out of central and eastern Asia, and it hits everyone. Nearly half of all my rejected SMTP traffic is from Chinese netspace, but most of it's trying to peddle western products to American consumers, the Chinese people have nothing to do with it. China's so full of compromised hosts that whoever's actually cracking DoD machines is probably sitting in an internet cafe in Milan, piping data through some rooted
Oh, and the next person to use "spear phishing" in an article is getting a swift kick in the nuts!
Onlookers? (Score:4, Insightful)
However, I would like to know who these "onlookers" are... The defense measures (can't say specifically of course) that we take are plenty effective against all types of attacks we get. One of our top priorities is writing code that is solid and secure. We run scans (again, specifics are classified) nightly to test the security of our infrastructure and applications.
Whoever these "onlookers" are, I would love to hear about how THEY successfully hacked into our network instead of just criticizing with no actual knowledge.
They reap what they sow (Score:3, Insightful)
Re:Idiots (Score:3, Insightful)
The theory is that free trade will turn them into a democracy. So far its proven to be hooey. Are we going to allow this shit to keep going on decade after decade with the delusion that eating KFC will make them democracy?
Speculation? (Score:5, Insightful)
mitigate the problems (Score:3, Insightful)
Re:Far outstripping other attackers (Score:5, Insightful)
Yes, and of those, only 137 million Chinese are online. In contrast, the US has about 185 million online. So, the fact that the majority of the attacks are coming from China is indeed significant. That is particularly true given the sophistication of the attacks cited and the military targets they are going after.
Re:Idiots (Score:5, Insightful)
If we screw with the exchange rates, why do we have a trade and credit deficit? As far as being difficult for outsiders to do business, we have one of the most open-to-business countries there is. It is not perfect, but one of the top in that regard. And although we slipped on the human rights with Gitmo etc., it is still far more open a proces than what China has. Our system is a B-, their's is an F. And, our polution regulations are much tougher than theirs. I've been there and seen a red moon directly overhead (it was not an eclipse). True, US regs are weaker than Europe's, but Europe is not the issue here.
view from a different perspective (Score:5, Insightful)
Another thing is, as of now, China doesn't even need to fire a single bullet to beat the crap out of us if we decide to launch a war on them.
China currently has 1000 billion US dollar foreign reserve, that is somewhere 1/5 to 1/4 of ALL US dollar reserve held by foreign countries. At the onset of the war, China will have three options: one is conventional warfare, two is nuclear warfare, three is financial warfare.
Conventional warfare is something US would avoid, think Korean War. Nuclear Warfare is something both would avoid, unless the fat lady sings(the absolute last resort.)
At the beginning, we of course would bomb the crap out of their infrastructure and military installation, given our air superiority, as we did in Iraq. And China knows this and know they would not win in this course of action.
All they need to do is to make a threat or actually dump US dollar reserve on the international market.
Don't think this would happen? Brush up your knowledge of Suez Canal crisis of 1956. That was exactly what happened when British and French forces rapily withdrew after successful military invasion after Eisnehower threathened to sell US reserves of British pound and thereby to collapse the British currency. Of course the British pound was already under pressure after decades of British colonial expansions that spent a lot of money, not unlike the current US national debt of today. Most historians agree the Suez Canal is the major milestone of the demise of British empire.
When you have 25% of another country's currency on the market, that is a pretty powerful hand. All you need to do is dump all that at once onto the international market. It effectively and immediately collapses the US currency and the whole American economy. Do you think other countries will have the capacity and more importantly the willingness to buy those currency. Do you think other nations would be willing to lend us money by buying up treasury bills, knowing our money would be worthless on the market.Hell no. People all over the world will be dumping US dollar like crazy. US stockmarket will crash; there will be endless runs to the bank.
The economy as we know of will cease to exist.
Some people of course will doubt that China woud do this. But when you are been bombed crap out of you a-ss and you are getting desperate. Trust me, you'lldo anything.
This, my friend, is how the war between China and US will play out NOW. But very very unlikely to happen. It is like two big boys on the playground. Of course it is nice to be the only king of THE playground. But sometimes it easier to share it a little with someone as strong as you are. That is, the essence of international relation. Boy, I just hope we don't have some airheads in the administration thinking otherwise.
So for those people ignorant of economy and internation politics, you can stop making those senseless remarks. Brush up on your knowledge before making a fool out of yourself.
That's all artificiall and more.. (Score:1, Insightful)
Once upon a time (Score:3, Insightful)
Why aren't they running hardened clients on the inside? Why are they running systems against which phishing is useful? Why aren't they deploying advanced OS technology in which stealing a password or compromising a browser doesn't give away the entire machine?
Not to mention that the whole article doesn't make sense. Either the source IP addresses are in China or they aren't. If they are, why haven't they simply dropped all packets from China, and why are they so convinced that a Chinese IP means a Chinese attacker? If the IP addresses aren't from China, what is their reason for believing it's a Chinese-0wned set of machines?
Re:A Military Attack is Military Attack (Score:4, Insightful)
I think that's the sort of logic the OP is going for at least...
WTF are computers with sensitive info... (Score:2, Insightful)
If China did it, it wouldn't use Chinese IPs (Score:5, Insightful)
This is most likely a coordinated attack by someone who wants US information (could be any country/organization in the world) and developed a botnet which happens to mostly reside in China, since China's computers tend not to get frequent security updates. The fact that the IP addresses are originating from China indicates that it's probably anyone but China.
However...China-bashing does score political points right now.
Re:Idiots (Score:3, Insightful)
The US is just as bad - look at the Australia/US free trade agreement regarding extending patent terms and its affect on generic medicines.
Don't play the human rights card because every nation has abuses eg
What makes you think democracy is so great? The US is the best examples of its failures. At least in China when an official is caught taking bribes/etc he/she is placed under house arrest... too bad that type of thing doesnt happen with pork barreling in the US.
The US has been screwing the world for years, it's about time we had a new superpower to keep the US under thumb.
Re:Launch All Missiles (Score:2, Insightful)
Thats a fun mastabatory game you are playing there.
Do you seriously think that?
While not a fan of our current policies and actions, if the U.S. decided to tell the U.N. to take a flying-f*ck at the moon, absolutely nothing, aside from a vote to tell the U.S. that other people are peeved at us, would happen. Why?
Like it or not, we are still the big boys on the block; Economically and Militarily.
Do you know how many of those countries that take political pot shots at the U.S. are receiving huge chunks of cash and economic incentives to play nice with us on the economic side of the house? If other countries decided to put the money screws to the U.S. (and economic is arguably the biggest persuader in the arsenal) the U.S. could wreak more havok on them. Yes, it would be difficult for us, but in the long run, we'd come out of that game on top as well.
This is like those old samurai movies. Zatoichi, is attacked by a mob of sword weilding henchmen. The first few guys get cut down fast and horribly. A few more try to rush him and end up dead or maimed. Finally, the big ones, the ones that talk the toughest, take off running, trying to figure out how they can make a deal with him. (Also note: It's always the tough bosses in the movies that send the little guys in.) To finish, the U.N. will talk tough, Venezuela and a few others will take economic action, the U.S. will cut them off. And the French, Germans, Russians, Japanese, Italians, Polish, and Indians will still have their teams in the U.S. making trade deals and wrangling for the U.S. dollar and market.
You see, when the average household makes and spends in a month what 3 Indian families do in a year, and your country depends on the availability of that market, thats too big of risk.
Perhaps that's why the 5th column in the U.S. is so busy trying to wreck the U.S.
Need to pull a japanese type mis information (Score:3, Insightful)
We need to do the same. China is bright enough to not run Windows in their equipment (frightening that USA does on our ships which will be used in defending Tiawan). But we can provide ideas/plans that we will not use or that we found subtly flawed. Basically, disinformation. I would be surprised if we are not doing just that.
Short term gain vs. long term goals (Score:5, Insightful)
Some decades in the future, China will turn out to be a real and formidable rival (economically, geopolitically, culturally,
Meanwhile, instead of preparing for such a prospect, the US has forsaken the obvious means of combating terrorism, for example intelligence, infiltration, disruption, and targeted strikes, and went into a full all out war on two countries, draining its budget, increasing its dead, and earning it the wrath of much of the world.
Go figure
Re:Idiots (Score:1, Insightful)
The theory is that voting for one of two old, rich white men makes us a democracy. So far its proven to be hooey. Are we going to allow this shit to keep going on decade after decade with the delusion that eating KFC is the reason why we're so fat?
Bullshit, Bullshit, Bullshit. (Score:2, Insightful)
I mean, come on. The military invented the internet. I'm sure with the professional level of paranoia with which the American military structure comes installed that there is simply no possibility that a bunch of internet hackers from China could have any effect whatsoever on the well-being of military security.
Which means only one thing. . .
This story is propaganda. The government wants the public to fear China and to herd people in whatever new direction they have planned.
Anybody who believes this crap is not just a fool, but a dangerous fool, because if you get enough fools believing in propaganda, you get wars.
Iraq was the result of too many fools not waking up soon enough. --And thank-you all for that, BTW. I remember a lot of fools cheering like crazy on this site and others when the troops were first rolling into Baghdad, posters here drunk on war and acting as though the whole thing was a game level of some Westwood production and that the troops would be home in 10 weeks and that it wouldn't end up being a multi-billion dollar Vietnam-esque quagmire which anybody with any real awareness could see coming from a mile away. You were FOOLS! The lies were obvious, and everybody and their dog fell for them. I hope there are fewer fools out there today. --If you were a fool and have woken up since then, THANK-YOU!!! If not, I hope you wake up soon. The world is screwed up enough without a cold-war with the Chinese!
However, based on the number of foolish responses to this story already posted on Slashdot, I don't see how we're going to avoid more dumb conflict. Few things make me angry these days, but fools making the same mistakes over and over when it comes to war and the lies which lead to war is definitely one of those things.
-FL
Re:mitigate the problems (Score:5, Insightful)
But only in the most literal sense.
There are multiple levels of classification and squarely in the middle of unclassified and secret is sensitive information. If you add enough of it together, you can end up with information that can be considered secret.
The best example i can think of is this story:
Grad Student's Work Reveals National Infrastructure [slashdot.org]
Duped the next day: Fiber-Optic Map: A Classified Dissertation? [slashdot.org]
Just because information isn't classified as secret, doesn't mean it's useless.
Re:mitigate the problems (Score:3, Insightful)
Thats a little hard to believe given most North Korean's dont have computers let alone internet access. If they really are attacks from North Korea, your dad must be involved in more than a "dinky little small business".
so? (Score:3, Insightful)
Everybody knows that all of this is - of course - merely a part of fighting terrorism, since industrial and military espionage require different, more sophisticated and technically more complex and costly measures. Calling any of these measures disproportionate is considered heresy.
Sarcasm aside: protect your networks, or prepare to be hacked. [slashdot.org]
Re:Far outstripping other attackers (Score:2, Insightful)
Seriously, the idea that a functioning non-capitalist economy (notwithstanding that China has a somewhat free market) is so offensive as to require total economic isolation and military incursions was something that was fashionable in the 60's. (Cuba anyone?) Don't tell me it's back again.
Re:Far outstripping other attackers (Score:3, Insightful)
No, most online, public-facing servers are at least theoretically hackable, depending on the value one assigns to 'hack'.
But that's not the point GP is making. The important element here is that, in many cases, if you can find an exploit in the Windows operating system, you can attack millions of them with little more effort than it would take to pwn one. This is a result of the Windows monoculture [wikipedia.org], and it's inherently unhealthy.
This is not the case with the other server operating systems available on the market. The number of different configurations and permutations that exist in the wild make even the juiciest targets of much more limited value. So someone who wants to conduct a large-scale, concerted attack against a number of servers would have to invest a vast amount of time and effort into succeeding.
Small-scale, targeted attacks are a different proposition entirely. With enough time and effort, it's often possible to penetrate even the more sophisticated security arrangements by exploiting a weakness in the specific implementation. But that's not at all germane to GP's point, which is that the systematic (systemic, too) breakdown of security in the US government's computing infrastructure can be largely attributed to its over-reliance on a very limited set of products whose security is questionable at best.
For ranting comments... (Score:1, Insightful)
When Nero burned the coliseum and blamed the fledgling Cristian faction, many people knew it was a red herring and yet did nothing while thouseands were tortured and killed. Flash ahead to 1933, the Reichstag fire in Germany. During the Leipzig Trial, the German officials blamed the communist party for the fire, though it is widely believed that the German government itself started the fire to justify a war. Cue world war 2. The year is 2001: several steel buildings supposedly collapse from fire damage, of all things, though a steel and concrete building has never collapsed from fire damage in the history of the world. The alleged culprit? Generic terrorists from the Middle East, with substantiated connections to the US government. Look where we are now.
Being passive is the same as being permissive. If we are not actively opposing these tactics, it's the same as supporting them. And like our predecessors, history will judge us harshly.
Re:view from a different perspective (Score:2, Insightful)
China currently has 1000 billion US dollar foreign reserve, that is somewhere 1/5 to 1/4 of ALL US dollar reserve held by foreign countries. At the onset of the war, China will have three options: one is conventional warfare, two is nuclear warfare, three is financial warfare.
Their reserves include US treasury bonds and other debt instruments, which makes financial warfare a case of Mutually Assured Destruction. At the outset of war, renege: declare all bonds in their hands to be enemy assets: void,worthless, and never to be repaid. "If you owe the bank $100,000 you're their debtor. When you owe them $1,000,000,000,000 you're their partner, whether they like it or not!"
What difference does it make? (Score:1, Insightful)
Give it up! This is a big fat joke! there is no "national security", we've even given up national sovereignty, they don't care about the borders-nothing, just their wall street profits, no matter what it takes. Most gain in the shortest period of time, that's all, nothing else matters to them.
It doesn't matter any longer. The US has been sold down the river by the profits at any costs globalists, they dig that chinese two class society fascist model, full technology with full totalitarian control. Maximum money and maximum power, what megalomaniacs always strive for.
It makes no difference if a few low level DOD computers get hacked, all they are doing is verifying the info *they already have been given* on a silver platter by the "bottom line" globalists and their sock puppet toady politicians.
Re:view from a different perspective (Score:2, Insightful)
So much for 'intelligence' (Score:1, Insightful)
If the US Federal government wants to get serious about cyber-security, they should refrain from firing competent staff such as Shawn Carpenter [techtarget.com] for doing their job. Current US law hinders counter-intelligence operators from gathering information and countering these attacks, since it is illegal to gain unauthorized access to the perpetrators' machines!
This means that security personnel who are doing their job to combat these attacks risk losing their job and even criminal prosecution.
Although Shawn Carpenter lost his job at the Sandia National Laboratory, he was eventually awarded $4 million [tmcnet.com] for his termination which was found to be"malicious, willful, reckless, wanton, fraudulent or in bad faith."
The US intelligence community and Federal beaurocracy needs to wise up. National secrets are leaking like a sieve [washtimes.com] while the shortage of qualified operators continues to increase, and the beaurocrats are too busy covering their asses and fighting turf wars to do anything about it.
Re:Far outstripping other attackers (Score:3, Insightful)
In the above, I think you misspelled USA....
The premier of China has threatened to nuke Los Angeles
You seem to have misspelled North Korea
asses versus elbows (Score:5, Insightful)
After the Iraq WMD fiasco I don't trust the US to know its ass from its elbow when it comes to these sorts of things.
The standards of evidence are obviously so low that nowadays all you have to do is imagine a threat and suddenly it's real and all sorts of circumstantial evidence points to it being true.
Re:Speculation? (Score:1, Insightful)
While I wouldn't trust the US government to actually require credible evidence before making such accusations, I'm pretty sure wrecking diplomatic relations with China is such a massively bad idea at this time that even the current administration isn't stupid or arrogant enough to do so.
Re:Oh nonsense. Here are the biggest problems. (Score:2, Insightful)
At my university (I won't say which one), a computer science professor decided that it would be a good idea to teach a class on computer malware. He offered a solid rationale, which could be paraphrased to that computer science is the only field in which research into potentially dangerous materials (code) is actively discouraged. In fact, I'm taking an introductory biology course right now where one of the lab exercises involves E. Coli!!! Nobody seems to be freaking out over that!
So what was the fallout of this idea? Several companies (including some of the large antivirus companies) have stated that they will not hire anyone who takes this class. And we recently determined that someone who came in on the first day of class, supposedly to offer test preparation for entry into graduate school, was actually a mole for an as-yet-unidentified organization (thus far we've determined that the company she claimed to work for does not exist). And it seems like everyone who can actually see the logic in his argument is too scared to say anything.
Sheesh, no wonder the U.S. is taking such a beating from foreign hackers.