Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Websites Used As Launchpads For Cracking

Posted by Zonk on from the not-friendly-global-neighbors dept.

An anonymous reader writes "A Washington Post article reports that Chinese networks are being used to breach hundreds of unclassified U.S. government systems. The article goes on to say that some analysts believe the activity to be tied to the Chinese government, although there is also some dissent." From the article: "Whether the attacks constitute a coordinated Chinese government campaign to penetrate U.S. networks and spy on government databanks has divided U.S. analysts. Some in the Pentagon are said to be convinced of official Chinese involvement; others see the electronic probing as the work of other hackers simply using Chinese networks to disguise the origins of the attacks."

22 of 256 comments (clear)

  1. Idealism by mfh · · Score: 4, Insightful

    FTA: "It's not just the Defense Department but a wide variety of networks that have been hit," including the departments of State, Energy and Homeland Security as well as defense contractors, the official said. "This is an ongoing, organized attempt to siphon off information from our unclassified systems."

    This seems like the work of terrorists to me. They gather unclassified intel from multiple sources and then they can prove/disprove rumours (leaks?) of a secret nature. This puts a strain on the agencies to ensure that solid intel can not be assembled from less potent information, and yet many citizens complain about the slow pace in which free information flows out of the government. Look at what they are up against, today. (I know I'm going to get hammered on that statement) I think we're seeing that delicate balance between freedom of information and security will be tipping in the near future as a direct result of these attacks. It's never been very balanced anyway. I might be a touch left-wing, an idealist -- but to me there needs also to be a careful approach to protecting the homeland, whether it's in Canada, the US or abroad. I have a sneaky feeling that someone we know had something to do with this, and it's likely not the Chinese government -- I think it was the FSM, or possibly a smaller cell -- the Army of the 12 Monkeys!

    --
    The dangers of knowledge trigger emotional distress in human beings.
    1. Re:Idealism by cdrguru · · Score: 3, Interesting
      Yeah, but this flies in the face of people thinking we need "open and transparent" government.

      There is a difference between the citizens of a country knowing every detail of the government's actions and a country that is actively against many of those actions knowing. The problem is that most of the people I hear from seem to think that if everyone just would calm down, smoke some weed together and such that we would all be friends. No more adversaries... Right.

      The US government has always been operating about 40-50% out of sight. Lately, as in the past 10 years or less, this has started to both become obvious and of a concern to some people that believe they should know what the government is doing and why. What they don't get is "what" is sometimes less important than "why" and "why" can be critically important. Often, very, very important to the people in other parts of the world where these actions are taking place.

      Obviously, Al Queda would just love to get a "press briefing" about counter-terrorist actions in the US. Do you think that would be a good idea? At a more local level, how about if the police published a schedule of vacation days for officers? Then you could know when getting nailed for speeding was less likely because of a manpower shortage. This could also help coordinate bank robberies so there was less likelyhood of someone being injured in a chase.

      Yes, absolutely I would agree that we are starting to see the effects of information being freely available and being compiled by organizations that do not have our best interested at heart. This is always going to be a problem at some level - in WWII Japan and Germany had spies doing nothing more than reading US newspapers. The US has done this with Russia and China for years as well. But there was a general understanding that disclosing too much was a bad idea. So, announcements of high-level officials movements were often reported after the fact or vaguely. Same thing with other information that could be coordinated. Today, we have no such restraint in the news organizations and you better believe there are people watching the news, reading newspapers and magazines as well as reading stuff on the Internet.

      Can they put valuable information together? Absolutely. Would "open and transparent" be a lot more valuable to adversaries than to the people it was intended for? Maybe. That is going to be a very tough idea for most people to get their heads around.

    2. Re:Idealism by servicemaster · · Score: 5, Funny

      Sounds like...

      "Now, a clever man would put the poison into his own goblet, because he would know that only a great fool would reach for what he was given. I am not a great fool, so I can clearly not choose the wine in front of you. But you must have known I was not a great fool, you would have counted on it, so I can clearly not choose the wine in front of me!" ...

      "You only think I guessed wrong - that's what's so funny! I switched glasses when your back was turned! Ha-ha, you fool! You fell victim to one of the classic blunders, the most famous of which is "Never get involved in a land war in Asia", but only slightly less famous is this: "Never go in against a Sicilian, when *death* is on the line!". Hahahahahah!"
      [Vizzini falls over dead]

      Vizzini, Princess Bride

    3. Re:Idealism by arkanes · · Score: 4, Insightful
      It's not a tough idea at all. Closed, authoritarian governments have been around as long as there have people. The problem is that this is in direct contradiction to the democratic ideal. The entire point of a democractic government is that its power derives from the citizens, and it is supposed to reflect those citizens interests. It is *not* supposed to be a totalitarian figure, benevolent or not.

      Now, it may very well be that (real) democracy isn't stable in the long run - certainly the US government has moved more and more toward the totalitarian mode over the last couple centuries - but the people who're upset over that aren't confused or misled about a need for secrecy. They're concerned with the fact that a government that nominally represents thier them is actively seeking to hide information and activities from them (again, not a poke at the Bush administration - this has been happing, and gradually increasing, for the entire history of the US).

      Historical fact bears this out, too - there's been more than one case of government agencies refusing FOIA requests, or censoring them, not because they contained information critical to national security, but because they were embarressing, or contradicted "official" reports.

      In terms of security at all, the *best* kind is the kind that works even when everyone knows what you're doing. Thats not always possible, of course, but your example of vacation time is a great one for exactly that reason. Suppose that some city had some large fraction of it's officers on vacation on the same week of every year. Thats hurtful to security whether it's published or not. Publishing it, in fact, is probably the best way to correct such a short sighted flaw in operating procedures. "Open and transparent" means that the public (remember, the people who're supposedly the important ones) can confirm that people who claim to be acting in thier interest are actually doing so.

      And the what matters as well, especially when we're a supposedly moral nation. For example, many people are uncomfortable with the idea of torturing prisoners, or assassinating foreign politicians. Now, those actions may be neccesary to protect the US. Or they may not. But, supposedly, it's the *people* of the US who should determine what the line they will not cross is. Thats why we have laws and such about treatment of prisoners, and regulating our international operations. And history has shown that we need public oversight if our government is to be trusted to abide by those laws. Here I will poke specifically at the Bush administration, because, whether you support torturing prisoners for information or not, the Bush adminstration official policy is to do it via legal loopholing and word games, not via straightforward public policy.

      Of course, this is all predicated on the idea that a democratic society is stable or even a good idea. Theres a lot of people who would disagree, even Americans (from the sound of it, even yourself). Humans are social animals and being led is very comforting to many people.

  2. Oh, it's espionage is it... by gowen · · Score: 3, Funny

    By the same logic the Chinese Government is trying to overthrow western democracy using methods indistinguishable from incoherent spam emails about cheap viagra.

    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  3. Microsoft / China "shared source" initiative? by dyfet · · Score: 4, Funny
    Was it not all that long ago that Microsoft agreed to "share" it's source with the Chinese government? I had wondered what became of that...

  4. Must...resist....urge.... by hawkeye_82 · · Score: 3, Funny

    In soviet China, website hacks you. /flinches for rotten fruit attack

  5. why don't they... by justforaday · · Score: 4, Funny

    I don't see why the government doesn't just create it's own private network for data communication. And maybe if they were feeling really generous they could let some of the more prestigious universities out there onto it also...

    --
    I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
  6. At least we know it's not the Russians! by conJunk · · Score: 5, Interesting

    I used to work in physical security (a clerical job I had in high school), and it was always fun to talk to the old-timers and hear their stories.

    My favorite was about how the KGB operatives in DC in the late 50s stayed in good graces wtih their Moscow overloads with a minumum of effort:

    They were supposed to keep tabs on the ongoings of the US political system by establishing inside contacts, and reporting back. So, they just summarized the political news from each day's New York Times, and kept their jobs for years.

    The Americans pulled an good one on them: To spy at the Russian consolate in New York, the CIA recruited Xerox to install a minature camera in the consolate's copy equipment. When he came to do "regular maitenance" each month, he'd also replace the full tapes with new ones.

    Sorry for no linkies, my source for these is an 80 year old CPP.

  7. How much is spoofed? by m50d · · Score: 4, Insightful

    I wonder how many of these attacks are really coming from America. Standard practice is to spoof somewhere that seems to be not worth their time to look into if anyone catches you - eastern europe used to be a favourite, with its famously corrupt and incompetent police forces and the sheer physical distance acting to dissuade US companies or government agencies from bothering to try and bring anyone apparently from there to justice. With the additional hostile political environment and famed elite hackers, China would make a very attractive place to spoof an attack as being from.

    --
    I am trolling
    1. Re:How much is spoofed? by truckaxle · · Score: 3, Informative

      IP spoofing does not allow for anonymous access. This is a common misconception. Any sort of spoofing beyond simple floods require the attacker to be on the same subnet as the attackee (nonblind spoofing). As far as blind spoofing all modern OSs implement random sequence numbers, making blind spoofing very unlikely.

  8. Some are said to be? by Anonymous Coward · · Score: 5, Insightful

    Talk about weak:

    "Some in the Pentagon are said to be convinced of official Chinese involvement..."

    So, other people have said that some people in the Pentagon are convinced. We don't even know who is doing the "saying."

    Sounds like weak speculation to me.

  9. If you've done nothing wrong... by yotto · · Score: 5, Funny

    Then you have nothing to fear from the Chinese knowing all the information the US government has collected on you.

    --
    Pulp Audio Weekly - Geek News and Reviews
    1. Re:If you've done nothing wrong... by yotto · · Score: 4, Informative

      I'll assume for the moment that you didn't realize my sarcasm when I say:

      I was being sarcastic, and showing one obvious instance where, even if you /do/ believe that statement about the "Good Guys", you'll see why it's flawed anyway.

      --
      Pulp Audio Weekly - Geek News and Reviews
  10. Real story by GrAfFiT · · Score: 4, Insightful

    OK, further investigations revealed that the whole issue was seriously inflated. It was just about chinese user's (pirated) Windows XP computers being infected by worms and turned into zombies sending gazillions of blaster/sasser/zotob/whatever to .mil computers. OK nothing to worry about.
    Next story : old korean grand-mothers hacking Pentagon's SMTP servers.

  11. websites? by delirium+of+disorder · · Score: 4, Insightful

    Although there certainly are penetration methods that use web sites, I would guess that many other application layer IP services are being used for these attacks. The media's use of the term web site to mean any IP device is deceiving.

    --
    ------ Take away the right to say fuck and you take away the right to say fuck the government.
  12. unclassified could be espionage as well by HBI · · Score: 4, Informative

    Under the heading "unclassified documents":

    "For Official Use Only" - things which don't contain classified data, but contain information that should be kept within the government. Someone made a decision to mark this document as FOUO.

    "Sensitive" - a more generic type of document which contains information which is probably not suitable for public release, but is not determined as such. This may be marked FOUO at some future point.

    The big problem with the standard information classification guidelines is what you need to do if you classify the document. First, people can't attach them to the normal email system, or in fact even have it on an unclassified computer system. Second, if you print it out you have to print it on a classified-only printer, lock it in a safe and sign for it, sealing the room from those who have no clearance before taking a look. Google AR 25-2 and read the pdf (public distribution) for more specific information on how such documents are handled.

    This provides a lot of impetus to keep data that is not truly secret from being classified as such. So many documents are FOUO or considered "sensitive". It doesn't mean the data in the hands of an enemy couldn't be damaging, particularly in the aggregate.

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  13. Re:IT IS TRUE!!! by grasshoppa · · Score: 4, Funny

    China _does_ have oil.

    Well, there now, sounds to me like they may be harboring terrorists and weapons of mass destruction.

    We must persevere. Stay true to our convictions, and continue to sacrifice. For the good of the world, in our war on terrorism.

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
  14. The Currency of Fear. by delire · · Score: 3, Insightful

    Secondly, the notoriously paranoid government in Beijing has also long feared that Microsoft Windows has a "back door" that could allow for U.S. government snooping -- a fear no doubt enhanced by the January discovery of bugging devices in President Jiang Zemin's new personal Boeing 767. Microsoft, of course, denies that it would ever be involved in such matters, but many Chinese still feel safer using the open code of Linux. In China, after all, any company as big as Microsoft would be in cahoots with the government.
    From here.
  15. Nature of "Attacks" by MrCopilot · · Score: 4, Insightful
    Hmm, So they recieve hits on UNClassified Computers (Servers?). Is it possible someone in china just wants to know about corn production and distribution to soldiers?

    Nowhere does TFA describe the attacks themselves. I guess we are to assume they are malicious Attacks to gain control of DOD computers. I try to never assume anything based on vague DOD statements. So I'm going with hits on the serveer Logs. Seems like a cute way to get approval for Classifying these UNClassified Systems. This administration has been overly secretive in a whole slew of areas, add one more to the list.

    I give it a week, then quietly changes will be made and this info will dissappear off the web, innaccessible to all but the DOD.

    Wouldn't it be interesting to know how many "Attacks" the chinese government receives from the US.

    The number of attempted intrusions from all sources identified by the Pentagon last year totaled about 79,000, defense officials said, up from about 54,000 in 2003. Of those, hackers succeeded in gaining access to a Defense Department computer in about 1,300 cases. The vast majority of these instances involved what VanPutte called "low risk" computers.

    Gained access, Shit man, Raise Terror Threat Level to chartruse.

    This is an ongoing, organized attempt to siphon off information from our unclassified systems."

    No kidding, People are using computers to gather publicly available information. Oh.. My.. God.. Raise to level Periwinkle.....Get Dick to an undisclosed location. Get Condi on the horn.

    Either you are with us or your with the Chinese Websites.

    --
    OSGGFG - Open Source Gamers Guide to Free Games
  16. When we learn? by MrCopilot · · Score: 4, Funny

    Did Matthew Broderick teach us nothing?

    --
    OSGGFG - Open Source Gamers Guide to Free Games
  17. Damn - More Outsourcing by ppp · · Score: 4, Funny

    Those hacking jobs rightfully belong to Americans!

    --
    -G
    www.pixelstatic.com