Slashdot Mirror
Chinese "Cyber-Attack" US Department of Commerce
Kranfer writes "The register has an article about how the Chinese have recently launched an attack against the US Department of Commerce. From the article: '...attacks originating from computer crackers largely located in China's Guangdong province are aimed at extracting sensitive information from targets such as the Commerce Department's technology export office. Security consultants and US government officials reckon the assaults have at least the tacit support of the Chinese government...' This is not the first time Chinese hackers have attempted to gain access to US Government systems."
Dupe?
Never underestimate the dark side of the Source
As mentioned before, the attack are most likely not from China at all.
No decent hacker would leave traces from his own machine when he could easily use a zombie network to carry out the attacks and collect information.
They keep claiming China, China, China.. I'm starting to think it's convenient for them to stick to that version for their own internal affairs.
They hacked WindowsUpdate.com as well... It must be them. The screen capture of the hacked website says "hacked by chinese".
Funnypics
These are Chinese hacker infantry, who steal money from the internet to fund the war against the GLA.
If you don't know where you are going, you will wind up somewhere else.
et tu CmdrTaco
What could possibly be of importance on US Department of Commerce computers? Are they trying to download warez? Logs off steamy chat rooms? Minutes of another boring meeting a typical government official attended?
Does anyone on the Slashdot editorial staff even read the main page anymore?
Never underestimate the power of stupid people in large groups.
Seriously. So now they can say "See, no dupes!" Fortunately, clever members of the Slashdot audience have discovered they can use "dup" and "duplicate" instead. I imagine "tripe" still works, too.
I was going to suggest blocking all traffic coming from the IP range of addresses from China, but they could easily circumvent that by using a proxy outside of China. Maybe the U.S. Department of Commerce could create a welcome message that promotes democrary and condemns the inhumane treatment of the Chinese government and have that message appear before prompting for the username. That traffic would probably get blocked by the Great Firewall of China. When your weapons fail to work, turn your enemy's weapons against them.
for all the cracking attempts our own guys have launched against China. I'd be schocked if we (the United States) haven't been doing this type of thing against China, North Korea, Iran, or just about anybody all long.
What kind of credible article uses the word reckon? "Security experts reckon attacks originating from computer crackers largely located in China's Guangdong province are aimed at extracting sensitive information from targets such as the Commerce Department's technology export office." I reckon that people believe that we're hicks for a reason....
" I think that freedom is Americas biggest export. Atleast untill China can stamp it out for 20 cents a unit."
Need I say more?
--- Grow a pair, liberals... stop letting the Republicans bully you!
After we make a glass parking lot out of Iran and North Korea, we'll come for those darned Chicoms, and make their country glow in the dark! Now let us bow our heads to Jesus for his blessing....
[/Neocon]
[/Sarcasm]
Oh yeah, I too must be specifically targeted then, because I've seen these sequences in my log:
OMGZ! L33T JAPANESE HAKKERS ARE ABOUT TO PWN ME!Does everything include nothing?
"As mentioned before, the attack are most likely not from China at all. No decent hacker would leave traces from his own machine", suv4x4
,Microsoft Windows Meta File (WMF) exploit last Christmas were traced back to China."
.. (NISCC) warned that approximately 300 UK Government departments .. have been the subject of such attacks, many reportedly originating in the Far East.
It's not as if they had access to the hackers computers. They would use evidence of portscans being run against their own computers.
"A few minutes ago, we received a complaint from the U.S. Department of Commerce about them being portscanned"
"Attacks on UK government systems using a then unpatched
"Last June the UK's
How the heck does this get modded up Insightful?
was Re:Not Chinese, Insightful)
davecb5620@gmail.com
Sorry for the OT, but I just can't get past the term "Cyber-Attack". Are the Chinese using concentrated electronic sex talk to assault the US Dept of Commerce?
--You think you've found my weakness, but I have more.--
I frequently work with the U.S. government to prevent export control violations in the defense contracting world. While I can't name specific countries, I can tell you that East Asia accounts for 34% of all attacks both cyber and conventional targeting U.S. Industry and government agencies (as of 2005). My peers and I agree that this is likely directly or indirectly sponsored by the Chinese government. And contrary to popular belief, about 90% of what they want is export controlled information, not classified information.
Why export controlled information? Think about how much money it takes to protect classified information - guards, safes, alarm systems etc., it's a lot of cash, and it's damn secure. Export controlled information doesn't enjoy those same protections, just export compliance waivers to sell or ship said products overseas. As an example: Say we have a dual use technology, both military and civilian use - like jet engines. We won't sell it to certain countries we compete with both economically, and militarily, but they will do their very damndest to steal it, either by forging state department waivers, lying, stealing, black-mailing, hacking - whatever it takes. Why do they want it? To equip their jets to compete with ours on the battlefield, or to sell, or maybe even find it's weaknesses to compromise if we ever went to war with them.
I'm willing to bet here that the network used to launch the attack was a University school network, which to most people seems pretty innocent - except that in China, all schools are state run and owned. Is it an academic institution, or an extension of the Chinese government? Likely both. In this instance, the Chinese government gets plausible deniability - they had no control over, or knowledge of any cyber attack. I'll don my tin-foil hat, and disagree with that assertion only because I'm jaded and cynical enough to know better.
I bring nothing to the table.
Who told the US department of commerce to use Windows?
Yawn, I've seen the same thing on every server I've ever maintained, the Department of Commerce isn't special, they should get over it.
Next we'll hear some complaints about "Cyber-Date Rape"...
Like Chinese folks just looking around for info and news.
What has the Commerce department released recently?
whats the news about in China at the moment?
This is just one big Chinese style slashdotting?
liqbase
According to the Register article...
> Information housed on the department's systems includes sensitive commercial and
> economic data on US exporters as well as data involving law enforcement records.
How many times does this have to be drilled into people? If you put something on an internet-accessable server, it *WILL* be accessed from the internet, and not only by "authorized personnel". For additional giggles, put the following key into a Google search...
inurl:.gov confidential "do not distribute"
The f***ing idiots who put sensitive government data on publicly accessable servers should be shot by a firing squad for treason.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Is government stupid enough to expose information that is incredibly sensitive to the internet? (Please, don't answer this).
If they had clear information and data policies, their data would all be on private networks, without access to the outside. Not doing so is just an invitation for crackers who love challenges.
You need to restart your computer. Hold down the Power button for several seconds or press the Restart button.
Ok, assuming for just a moment that it is government backed ( which i honestly doubt ), wouldn't this be considered a declaration of war and a 'first strike' ?
And all we are going to do is sit on our hands and let them?
---- Booth was a patriot ----
aimed at extracting sensitive information from targets such as the Commerce Department's technology export office.
Why is sensitive governmental data even connected to the public internet? Surely the government can afford it's own private network that doesn't even have connections to the general public internet. They couldn't hack into something that's not there... Sure, the government started the internet, that doesn't mean they have to continue using the same one we do, does it?
Here is a tool to retrieve IP ranges by country..
. php
http://www.proxyserverprivacy.com/ipaddress_range
far...out
One has to wonder, with all the uproar about hacking from China into US Gov't computers, why don't they just block all the IP blocks in China? Download the list from APNIC, use something like Perl's Net::CIDR to merge the blocks and add to your firewall. It's rather easy...
I don't know, but it works for me.
What fact? that US helped us many decades ago??
All the enemies americans have today are made-up ones, like Iran and Iraq. Yankees are getting more and more crazy everyday.
*sigh*
hmmm... dumb...
Keep repeating that, and quite possibly they will do something to make those words more true, affecting all the ex-pats and tourists in China. Be careful.
OSx86 FTW
0.0.0.0/0 should block most attacks. Just create an exception for each of your gay porn sites and you're good to go.
If you're a democracy and liberty loving citizen, then yes, the Chinese regieme represents oppression and injustice and stands against you and your way of life.
However, if you're a corporate shareholder, or one of their shills in public office, then the Chinese regieme represents untold potential to shaft billions and make billions in the process. Ergo, you'll want to keep them sweet.
May the Maths Be with you!
China is our enemy? China is our friend? It depends on who you're talking about and who you ask. China isn't a monolith, although they're pretty centralized. (Like us -- today, DC politicos review even mid-level hires throughout the country.) There are friends of US even in their government, and enemies and in between, much like our government. I'm sure they try to spy on us and we try to spy on them. Remember early 2001, the tension after the crash of the US spy plane in Chinese airspace? There were reports of administration hawks saying we'll go after the countries later deemed Axis of Evil and then Red China as well. Today, we import something like twice as much from China, sell them the IBM laptop business, and our government occasionally bemoans lack of Chinese civil rights but caters to them to help us with N. Korea and other hotspots. This is reality in a world where we're married economically to them (ok, a pretty disfunctional marriage) and our efforts to project US power haven't worked out quite as expected (by us). (BTW, is the unnamed "security consultant" mentioned in the Register report really reliable as a news source?)
I'm a bit surprised by this. Not that the Chinese Government would approve such action, but that somebody is able to perform it. My indirect experience with the culture suggests that finding individuals capable of the type of on-the-fly problem solving necessary to attack a protected network is very difficult. While the application of such skills is a bit maligned, I'd say it's a good sign for them that such people do in fact exist and can be motivated to utilize their abilities. I know of a few groups who'd be interested in hiring the team performing these attacks for more legit activities.
-Tim Louden
No need to 'invade', just melt the country. It will deter others from making the same mistake.
---- Booth was a patriot ----
Based on the other recent post, many government employees browse pron and gambling sites and get infected with bots.
That would probably be a better vector.
Plus they might make a profit while doing it.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
And if you are Wal-Mart, China is a suplier for 80% of their clothing. If China is our enemy, then what does that make Wal-Mart?? "A friend of my enemy is also my enemy." Sure there are sweatshops in other impoverished areas of the world, but man, China's sweatshops are the cheapest!!
"But this one goes to 11!"
May it is just bored Chinese soldiers watching the same porn on/through the computers that the US government employees were watching the porn on ;-)
"Troll" doesn't mean you disagree with someone. It means that they don't believe what they're saying, and they're only saying it to get reactions from people. I believe everything I said above; I feel I presented it in a fairly rational manner, and I welcome ordered, rational debate on any point in my comment.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
and bomb that location bet that will slow it down.
Jesus, Kranfer - it's not "the Chinese", but "some Chinese people". Lumping all Chinese folks into one group, then to say they did something somewhat-underhanded is fucked up.
If you do a google search "site:gov noforn", without the quotes of course, you will unearth hundreds of previously classified and CURRENTLY CLASSIFIED documents. All inadvertantly available on govt. webservers and expressely intended for "No Foreigh Nationals", hence the NOFORN classification. It is sickening.
The first document you will see is from the Department of Homeland Security. Ironic or pathetic?
The concept of "enemy" or "friend" is too simplistic to ba applied here.
Chinese government and businesses have a variety of behaviors that range from those useful to us to those damaging to us.
"If you're a democracy and liberty loving citizen, then yes, the Chinese regieme represents oppression and injustice and stands against you and your way of life."
It has also brought prosperity and economic progress unmatched in Chinese history, and all of that progress has been since 1948!.
Who are we to say that an immediate and unguided transition to democracy would do better?
"However, if you're a corporate shareholder, or one of their shills in public office, then the Chinese regieme represents untold potential to shaft billions and make billions in the process. Ergo, you'll want to keep them sweet."
If those billions would only work for Western wages they could not compete and would not have the opportunity to be "exploited" by corporations.
Sure, many of them work in sweatshops. Point being, they are WORKING, and the Chinese economy is booming. That is what was required to move the US and Europe into their current prosperity, so why should China be different?
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
FTA:
The closest thing to saying the Chinese Government is doing it is a reference to an AFP article, with the words "tacit approval". So let us examine said article.
So there you have it. The only reference is an unreferenced and unsubstantiated claim that some lawmakers believe the Chinese government sanctioned them. That is to say they aren't doing anything about it. If in fact the origin has been determined to be hackers in China, and the Chinese government did nothing about it, then they are essentially correct to say that there is a minimum of tacit approval and one could say even a sanctioning of the actions.
... Even before this, you'd turn off all possible logging activity, lock up the security, stop unneeded services, so that you can be relatively secure during the attack.
If the boxes were so secure, how did they get in there?
You must be new to computer security. No box connected to a network is 100% secure.
Consider you have to hack into Us givernment servers with confidential data. Even if you're not an incredible hax0r, it's obvious that if they find out about you, you're totally screwed.
Not necessarily. If you are from a country that has no extradition agreement, or has no interest in helping the US out and may even privately applaud or benefit from your results there may be no reckoning coming. They may not have commissioned you to do the work but if they do nothing to stop you, where is the risk?
So the first thing you do, the MOMENT you grab the data, is cut the PC off the network.
And trigger systems that monitor for systems to drop off the network and/or cease logging, thus giving you less time to cover your tracks elsewhere, or at least get out of reach. Duh. I've got systems that monitor themselves (in addition to non-local monitoring) and in certain cases (such as logging being disabled w/o the proper auth sequence) will cut off all but a single local IP on the administration network (different interface). Windows boxen can be powered off via remote access cards installed in the machine and triggered when certain conditions arise such as a combination of a sudden loss of reporting and higher than normal IP traffic from a non-registered (aka non-standard) IP. Pull your alleged sure-thing activity and you lose immediately.
Why were the Windows boxes having "logs" of where the data was sent and so on. What kind of trojan would log their own activity on the compromised machine?
Because external log creation and storage is a key factor in Intrusion Detection Systems, and logging network conenctions is a key element in tracing what happened and where thigns went to. It is also a key ele
My Suburban burns less gasoline than your Prius.
China is our enemy ...
Depends on who you are.
I've always respected both the USSR and China. I've found it odd that we really were allies to both countries during WWII. Growing up during the 80s, I had nothing personal against the USSR version of communism. To me, they were just the "other side" that the US military/spies were always competing with in media. (It was either the USSR or Nazis.) Today, I respect China far more as "the other side" than USSR for a number of little reasons. We didn't defeat the USSR, economics defeated the USSR. As it stands today, China is far more likely to outlast the US economically in the long run.
China has gone through lots of phases and is a very old country. The US tends to forget that. The communist part of China could disappear tomorrow (say next 100-200 years), but they'd still be "the other side" that we choose to target in our long term planing. It isn't that China is or isn't communist. China is the other super power however their local government is. We should look at competing with them. I look at it as a long term culture clash more than anything else though.
If it wasn't China, who would be the other side? Iran, North Korea, Japan, France, or Britain? We have to have an equal contest though. To the average US citizen, Iran and North Korea don't feel like an equal "other side." Japan and Britian both have a firm hold on segments of our culture. They may be economic dangers, but we don't feel like they are "the other side" any more. France seems to have its moments for the US. Let's admit it, we get it from the British that we'll find something/anything about the French to dislike just on general grounds. If we really want to be honest, the EU should be seriously considered "the other side." The EU doesn't make a good media villian though.
These are Chinese hacker infantry, who steal money from the internet to fund the war against the GLA.^H^H^H^H Alliance.
A few months ago, I had got a lot of hacking attempts from some computer located in China. So I decided to do a port scan on it. It turns out the computer has a bunch of open ports used by well known viruses/trojans (subseven and some other).
I'm sure China does "actually hire hackers to do it right so that this is going to be hard to trace and hard to counterhack."
We don't catch those people, generally, though they will have a bad day every now and then.
Primarily, we catch the lamers. (the lamers probably still get paid standard army wages, so they won't mind much)
One should wonder: for every lamer we catch, how many non-lamers go uncaught?
For those in the know, discovering that rootkit isn't all that hard. At the very least, it is possible to tell that something is amiss. Timing data is damn hard to fake.
More importantly, these people have LITTLE REASON TO CARE. The government openly admits to such activities. The government supports these people. At worst it might look mildly bad on a salary review if word got back to your boss that the enemy noticed. Getting the info is more important than such concerns. Getting lots of good info probably earns a promotion, even if there are a few exposures.
Hacking novels are designed to have fascinating twists. Life isn't a hacking novel.
500 is not workable. Anybody who has ever used a connection through several computers will laugh at this. Even 50 is too painful to contemplate. Heck, a mere 5 hops is usually VERY miserable. (No, not like traceroute. You ssh from one box to the next, then to the next... and find that the damn connection sucks so bad that you say "screw it" and give up.)
People don't cover their tracks as well as they think they do. People get lax, lazy, rushed, frustrated, careless...
So, Chinese are now hacking for fun and profit? Heh, I guess the Chinese embrace of anything-goes capitalism is fully complete now. A socialist hacker would be an oxymoron.
There's no secret to the chinese hacking a server: each of them tries a password
Beware of programmers who carry screwdrivers!
People seem to forget. The US does this kind of thing all the time. Not only to other countries but to their own Citizens. Remember we have all those three letter agencies that do this sort of thing all the time. So what is good for the goose is it not good for the gander? Or is it like torture these days? We gasp and cry when we see someone get their head lopped off on TV, and say "What savages!" Still it is ok for us to torture people for weeks on end because we are the good guys so this is good torture. Who is the savage really? The person that quickly puts and end to the pain of the enemy by whacking off their head or the person that makes their enemy suffer for weeks without end?
You see I come from a group of people that was once "Branded" savages by the US goverment. One example that even lives up to today. We were savages for taking scalps of our enemies. The part that is ALWAYS left out is we only took scalps in revenge for taking the scalps of our women and children for $5.00 a scalp. Payable by the US Goverment. Funny how that part of history is left out and still scalping is always related back to Native Americans even today. "Scalp'm Braves"
So are the Chinese really the bad guys or are they protecting their own assests? We're trying to pick their pockets all the time so why is it so bad when they try to pick ours?
The simple truth for people and goverments is you can't run around beating up other people all the time. Sooner or later someone bigger and badder than you will finally get tired of your shit and your continued assaults against them and in defense will either gang up with the other guys you are beating up on or if big enough on their own will turn around and beat the shit out of you.
The solution is simple. Leave them alone and they will leave us alone. It is all "Cause and Effect" Don't be the "cause" and you won't feel the effect. You can't blame someone for taking a defensive position to your offenceive moves.
The same rule of "cause and effect" applies to networks. You choose to run Windows that can access sensetive areas then YOU are setting yourself up to get hacked. I find it strange that the NSA would build something as secure as SELinux and the rest of the goverment not use it. Maybe not strange just stupid. The point is they have the tools to lock everything down and if they don't well too bad should have bought a better lock for the front door.