Slashdot Mirror
Chinese Websites Used As Launchpads For Cracking
An anonymous reader writes "A Washington Post article reports that Chinese networks are being used to breach hundreds of unclassified U.S. government systems. The article goes on to say that some analysts believe the activity to be tied to the Chinese government, although there is also some dissent." From the article: "Whether the attacks constitute a coordinated Chinese government campaign to penetrate U.S. networks and spy on government databanks has divided U.S. analysts. Some in the Pentagon are said to be convinced of official Chinese involvement; others see the electronic probing as the work of other hackers simply using Chinese networks to disguise the origins of the attacks."
FTA: "It's not just the Defense Department but a wide variety of networks that have been hit," including the departments of State, Energy and Homeland Security as well as defense contractors, the official said. "This is an ongoing, organized attempt to siphon off information from our unclassified systems."
This seems like the work of terrorists to me. They gather unclassified intel from multiple sources and then they can prove/disprove rumours (leaks?) of a secret nature. This puts a strain on the agencies to ensure that solid intel can not be assembled from less potent information, and yet many citizens complain about the slow pace in which free information flows out of the government. Look at what they are up against, today. (I know I'm going to get hammered on that statement) I think we're seeing that delicate balance between freedom of information and security will be tipping in the near future as a direct result of these attacks. It's never been very balanced anyway. I might be a touch left-wing, an idealist -- but to me there needs also to be a careful approach to protecting the homeland, whether it's in Canada, the US or abroad. I have a sneaky feeling that someone we know had something to do with this, and it's likely not the Chinese government -- I think it was the FSM, or possibly a smaller cell -- the Army of the 12 Monkeys!
The dangers of knowledge trigger emotional distress in human beings.
By the same logic the Chinese Government is trying to overthrow western democracy using methods indistinguishable from incoherent spam emails about cheap viagra.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
In soviet China, website hacks you. /flinches for rotten fruit attack
I don't see why the government doesn't just create it's own private network for data communication. And maybe if they were feeling really generous they could let some of the more prestigious universities out there onto it also...
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
I used to work in physical security (a clerical job I had in high school), and it was always fun to talk to the old-timers and hear their stories.
My favorite was about how the KGB operatives in DC in the late 50s stayed in good graces wtih their Moscow overloads with a minumum of effort:
They were supposed to keep tabs on the ongoings of the US political system by establishing inside contacts, and reporting back. So, they just summarized the political news from each day's New York Times, and kept their jobs for years.
The Americans pulled an good one on them: To spy at the Russian consolate in New York, the CIA recruited Xerox to install a minature camera in the consolate's copy equipment. When he came to do "regular maitenance" each month, he'd also replace the full tapes with new ones.
Sorry for no linkies, my source for these is an 80 year old CPP.
I wonder how many of these attacks are really coming from America. Standard practice is to spoof somewhere that seems to be not worth their time to look into if anyone catches you - eastern europe used to be a favourite, with its famously corrupt and incompetent police forces and the sheer physical distance acting to dissuade US companies or government agencies from bothering to try and bring anyone apparently from there to justice. With the additional hostile political environment and famed elite hackers, China would make a very attractive place to spoof an attack as being from.
I am trolling
Talk about weak:
"Some in the Pentagon are said to be convinced of official Chinese involvement..."
So, other people have said that some people in the Pentagon are convinced. We don't even know who is doing the "saying."
Sounds like weak speculation to me.
Then you have nothing to fear from the Chinese knowing all the information the US government has collected on you.
Pulp Audio Weekly - Geek News and Reviews
OK, further investigations revealed that the whole issue was seriously inflated. It was just about chinese user's (pirated) Windows XP computers being infected by worms and turned into zombies sending gazillions of blaster/sasser/zotob/whatever to .mil computers. OK nothing to worry about.
Next story : old korean grand-mothers hacking Pentagon's SMTP servers.
Although there certainly are penetration methods that use web sites, I would guess that many other application layer IP services are being used for these attacks. The media's use of the term web site to mean any IP device is deceiving.
------ Take away the right to say fuck and you take away the right to say fuck the government.
Under the heading "unclassified documents":
"For Official Use Only" - things which don't contain classified data, but contain information that should be kept within the government. Someone made a decision to mark this document as FOUO.
"Sensitive" - a more generic type of document which contains information which is probably not suitable for public release, but is not determined as such. This may be marked FOUO at some future point.
The big problem with the standard information classification guidelines is what you need to do if you classify the document. First, people can't attach them to the normal email system, or in fact even have it on an unclassified computer system. Second, if you print it out you have to print it on a classified-only printer, lock it in a safe and sign for it, sealing the room from those who have no clearance before taking a look. Google AR 25-2 and read the pdf (public distribution) for more specific information on how such documents are handled.
This provides a lot of impetus to keep data that is not truly secret from being classified as such. So many documents are FOUO or considered "sensitive". It doesn't mean the data in the hands of an enemy couldn't be damaging, particularly in the aggregate.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
I can no longer sit back and allow Chinese infiltration, Chinese indoctrination, Chinese subversion, and the international Chinese conspiracy to sap and impurify all of our precious computers.
China _does_ have oil.
Well, there now, sounds to me like they may be harboring terrorists and weapons of mass destruction.
We must persevere. Stay true to our convictions, and continue to sacrifice. For the good of the world, in our war on terrorism.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
I would suspect that the Chinese Govt. is doing what just about any government would do. Monitoring what's happening, but keeping out of it just enough for plausable deniability.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
From here.
If the Chinese Government wanted to break into the websites of foreign powers, they probably would have broken into them all by now. Think about it, China has a population of roughly 1,306,313,812 (July 2005) and a purchasing power of $7.262 trillion. Chances are that someone in China will be able to break into a Government website, and with that kind of purchasing power they could probably get a PC or 2. However, if China really wanted to do some damage they could always get everyone in the population to refresh a page a few. Although this may be slightly unpractical, it would certainly be noticed.
Matthew Grint Midnight Artists
Nowhere does TFA describe the attacks themselves. I guess we are to assume they are malicious Attacks to gain control of DOD computers. I try to never assume anything based on vague DOD statements. So I'm going with hits on the serveer Logs. Seems like a cute way to get approval for Classifying these UNClassified Systems. This administration has been overly secretive in a whole slew of areas, add one more to the list.
I give it a week, then quietly changes will be made and this info will dissappear off the web, innaccessible to all but the DOD.
Wouldn't it be interesting to know how many "Attacks" the chinese government receives from the US.
The number of attempted intrusions from all sources identified by the Pentagon last year totaled about 79,000, defense officials said, up from about 54,000 in 2003. Of those, hackers succeeded in gaining access to a Defense Department computer in about 1,300 cases. The vast majority of these instances involved what VanPutte called "low risk" computers.
Gained access, Shit man, Raise Terror Threat Level to chartruse.
This is an ongoing, organized attempt to siphon off information from our unclassified systems."
No kidding, People are using computers to gather publicly available information. Oh.. My.. God.. Raise to level Periwinkle.....Get Dick to an undisclosed location. Get Condi on the horn.
Either you are with us or your with the Chinese Websites.
OSGGFG - Open Source Gamers Guide to Free Games
That's what governments do; even friendly ones. We're just arguing about whether we have caught them in the act.
I expect they're being more sophisticated. How about sniffing everything that goes over the internet. I bet they're doing that.
I remember describing something as having more antennas than a Russian fishing trawler. Those trawlers were of course not fishing for fish.
Did Matthew Broderick teach us nothing?
OSGGFG - Open Source Gamers Guide to Free Games
Those hacking jobs rightfully belong to Americans!
-G
www.pixelstatic.com
The Chinese government is a mafia.
Not hardly.
All the mobs in the world, since the beginning of organized crime, probably have a body count in the low thousands. The Red Dynasty killed about thirty million people in the Cultural Revolution alone.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
What the hell are you smoking? You better have some FACTS to prove all these looney left-wing allegations about Bush-China. GWB has done more for the security of the USA than Bill Clinton ever did. We all know Bill Clinton was taking bribes in the form of illegal campaign contributions from the Chinese Government via it's agents disgised as "businessmen" with legitimate interests. Now you really are off the deep end about China and American colonies. The USA has never had very much to do with mainland China, we recognize Taiwan as "China". If you are basing all this on the lowering of trade barriers on textiles earlier this year that has allowed the market to be flooded with low cost Chinese goods, that IMO is NOT a bad thing. The USA can no longer compete in some areas with other nations, we have to recognize that and adapt. Erecting barriers only increases the cost to USA consumers, and really does nothing else. It's not capitalisms to protect inefficent suppliers. The laws of Economics tell use the resources used by these suppilers would return better economic value when applied elsewhere. Now quit smoking that crack and make some sane arguments, not wild conspiracy theories.
That really just means that all the Capones outside China (and Russia) never really knew the meaning of really "hitting the big time".
--
make install -not war
Uhmm thermopile there probably are 1.6% of women out there who would sleep with you but they would be what I would call "high risk"!
Only to racists, like the religious people thru the 20th Century who "forgive" black people, "because god made them that way, it's not their fault". Of course people who insist on believing in an imaginary spirit that created the universe 7000 years ago, inserting dinosaur bones in the ground to fool us, and who insist children should be taught their myth is as valid as Evolution, are ridiculous. It's their choice to be stupid, and impose their stupidity on us and our descendants. Deciding that some people are worth ignoring based on their behavior, including their senseless beliefs, is not the baseless prejudice of racism. It's mere judgement, which any sensible person exercises to protect ourself from accepting nonsense where the truth is important.
It's really sad that Creationists have cloaked themselves in the stolen garment of antiracism. Especially when so many Creationists are straight-up racists, from long lines of racists. Creationism is the way many racists pass the buck, saying "we love niggers, it's part of god's plan that they're inferior". I've seen it up close, especially when I lived in Louisiana for several years. And I've seen nothing else from these Creationists anywhere else but the same (often unwitting) selfserving, willful ignorance. Ridicule is the fairest treatment they can expect - just as if they blathered on about how textbooks should dignify the theory that the Tooth Fairy created the universe.
--
make install -not war
Only to racists, like the religious people thru the 20th Century who "forgive" black people, "because god made them that way, it's not their fault".
You can point out dark parts of any race or large religions history pretty much. Should we hold the rape of nanking against the Japanese today?
Of course people who insist on believing in an imaginary spirit that created the universe 7000 years ago, inserting dinosaur bones in the ground to fool us, and who insist children should be taught their myth is as valid as Evolution, are ridiculous.
So you are saying all religion is ridiculous? You can basically point out things in every religion that are ridiculous to believe if you don't have faith. Even if you believe all religion to be ridiculous, does that give you a basis to judge anyone who believes in a particular god as 'stupid' as you do later on? It's their choice to be stupid, and impose their stupidity on us and our descendants. Deciding that some people are worth ignoring based on their behavior, including their senseless beliefs, is not the baseless prejudice of racism. It's mere judgement, which any sensible person exercises to protect ourself from accepting nonsense where the truth is important.
So people do not have the right to teach their children as they see fit? It's one thing to be an athiest, it's another to call people stupid based on their beliefs.
It's really sad that Creationists have cloaked themselves in the stolen garment of antiracism. Especially when so many Creationists are straight-up racists, from long lines of racists.
This is really no better than the Anti-Semitism that hate groups spew about Jews.
Creationism is the way many racists pass the buck, saying "we love niggers, it's part of god's plan that they're inferior". I've seen it up close, especially when I lived in Louisiana for several years.
I'm sad to see that living in Louisiana and your experences have biased yo to the point where you think religious people = stupid racists. You do realize, by judging them the way you do, you are as bad as what you claim they are? You have become no better than what you have so much rage against.
And I've seen nothing else from these Creationists anywhere else but the same (often unwitting) selfserving, willful ignorance. Ridicule is the fairest treatment they can expect - just as if they blathered on about how textbooks should dignify the theory that the Tooth Fairy created the universe.
There are logical, and legal reasons why creationism shouldn't be taught in public schools. You would be better off sticking to those rather than promoting hatred of a group of people based on their religious beliefs.
I'd have to agree with the orignal poster. Web sites don't do anything until an end-user requests files from the site. A better title might be "Government computer users download hacks from web sites." This would also put a healthier spin on the problem which might yield a solution. For example, I think government classified network users shouldn't/can't cruise hostile websites in China. "Web sites attack" is a poor phrase hoisted on a technically shallow public. IMHO.
Although I wouldn't put this in the same category as government network hacking, I've had similar problems. I run a message board that focuses on military matters with a bias towards the US side of things. As the popularity has grown, so have the hacking attempts. Luckily they've all been unsuccessful because I'm on top of software updates, but the amount of times that I've had to block these idiots where they try to download my entire site with leech clients, flood the forum search engine with countless requests per second, initiate thousands of connections to the web server but timeout causing the number of apache processes to skyrocket, and do other things to try and bring it down is getting too many to count. The one thing that unites all of this? 98% of these shenanigans are coming from Chinese subnets. Only a few have been from elsewhere, namely France and Germany. What's crazy about it, is that the ip's that they're using from China are all over the continent. We're talking well over 100 subnets. Late last year I finally started blocking all of the Chinese subnets and voila! All problems with the site have gone away. It's rather unfortunate as I had a lot of Chinese visitors that I had to shut out.
Hmmmm, yes, let's cut off the country that is the source of all the spam out there. Taking a quick look at the list maintained by Spamhaus here http://www.spamhaus.org/rokso/index.lasso that would be......the Unites States. Of the top 200 listed, noted as being responsible for 80% of the spam on the internet, I see only 4 that are listed as coming from China. Might want to be careful about what you wish for, you might get it. Your US-centric attitude shows you for the bigot you are and it ain't pretty.