Chinese "Cyber-Attack" US Department of Commerce

Kranfer writes "The register has an article about how the Chinese have recently launched an attack against the US Department of Commerce. From the article: '...attacks originating from computer crackers largely located in China's Guangdong province are aimed at extracting sensitive information from targets such as the Commerce Department's technology export office. Security consultants and US government officials reckon the assaults have at least the tacit support of the Chinese government...' This is not the first time Chinese hackers have attempted to gain access to US Government systems."

Not Chinese

[suv4x4]

As mentioned before, the attack are most likely not from China at all.

No decent hacker would leave traces from his own machine when he could easily use a zombie network to carry out the attacks and collect information.

They keep claiming China, China, China.. I'm starting to think it's convenient for them to stick to that version for their own internal affairs.

Re:Not Chinese

[javilon]

Al Quaeda is not going to last for ever, you know? they need a solid and real danger to wave in front of the US population in order to take more civil rights away. Apparently, China is second in the list.

Re:Not Chinese

[TopShelf]

Instead of "danger", think "rival". This kind of espionage is more commercial, not military, and frankly stuff like this has happened before even between our closest allies.

Re:Not Chinese

Does everyone have to take every story about someone attacking the US and claim it is a lie? I'm guessing since it' safer to believe nothing is wrong than face reality then this is the reason. "They keep claiming China...." Yes, god forbid someone should point out the person who is doing something. If the guy accross the street keeps attacking you, stealing from you, and destroying your property it's bad to keep blaming him.

This is why the United States will fall apart. We have two groups, one that sees no threat in anything and one group who wants to be the Nazi2000 party. What will happen is we will get a big smack in the face because we didn't defend ourselves and the Bush-like people will gain even more control because of it.

"I'm starting to think it's convenient..."

I'm starting to think that slashdot is full of know-nothing big mouths who don't really have any common sense. "No decent hacker would leave traces...". So that MUST mean that it's not China because they wouldn't leave traces. Kevin Mitnick must not be a very good hacker then because he got caught. We all know it's IMPOSSIBLE to catch good hackers.

And finally, there's the fact that maybe China DOESN'T CARE if we know.

However, once again we have people who tell us we are wrong to worry about security and that what is happening is not really happening. This plays right into the hands of people like Bush who will use the "told you so" argument to make this country a dictatorship.

Re:Not Chinese

[Shoten]

You're reading too much into individual components of my post, and not taking them as a whole. I'll answer your questions in turn. For one, how does someone backtrack to the original host? By gaining control of the next hop, one at a time, essentially. You know that your box got owned by 10.20.30.1, so you counter-hack it. Once in, you look around, and see who connects to it. More importantly, you see who is connected to it while it connects to your box. (This is detailed in a number of the articles linked in the Schneier article I referenced in my original post as the method used.) Rinse, repeat, until you are on a box where the person connecting to the next hop in the chain isn't on an SSH shell, but is local. This is an oversimplified explanation, but is quite technically accurate; the means employed can range from leveraging the tools placed there already by the hacker to using your own. You could also conceivably enlist the assistance of the organizations that own all the hacked boxes, but this would be a nightmare to accomplish, and since the person investigating Titan Rain has been confirmed to essentially be breaking the law by hacking, I'm sure this wasn't how he did it.

And no, I'm not saying that just because it's not a Windows box spouting spam or whatnot, but is instead a unix-flavored system doing very specific things, it's the Chinese. I'm saying that because it's a unix-flavored box at the end of a long train of hacked proxies (keep in mind that without the backtracking, the assumed culprit would have been South Korea in most cases, everyone) where the only person logged in doing naughty things to us is there locally, in a country whose military was the very first to espouse information warfare as a legitimate method in current times...well, that's a much clearer picture. I think you get the idea. To counter, let me point out that the argument has been, up to this point, "It can't be China, because lots of Chinese boxes get owned, and it could just be a bot owned by someone else." That's an argument for skepticism and closer investigation, not a logically sound way to say that the entire population of the world's largest country is impossible of being capable of hacking. And when you look at WHAT is being hacked, and what information is being stolen, then you can see the shopping list that is being used, which is typical of an organized intelligence-gathering organization.

I'm sure this is intended to provide an excuse...

[BlabberMouth]

for all the cracking attempts our own guys have launched against China. I'd be schocked if we (the United States) haven't been doing this type of thing against China, North Korea, Iran, or just about anybody all long.

Export Control, and the Information Age.

[lwap0]

I frequently work with the U.S. government to prevent export control violations in the defense contracting world. While I can't name specific countries, I can tell you that East Asia accounts for 34% of all attacks both cyber and conventional targeting U.S. Industry and government agencies (as of 2005). My peers and I agree that this is likely directly or indirectly sponsored by the Chinese government. And contrary to popular belief, about 90% of what they want is export controlled information, not classified information.

Why export controlled information? Think about how much money it takes to protect classified information - guards, safes, alarm systems etc., it's a lot of cash, and it's damn secure. Export controlled information doesn't enjoy those same protections, just export compliance waivers to sell or ship said products overseas. As an example: Say we have a dual use technology, both military and civilian use - like jet engines. We won't sell it to certain countries we compete with both economically, and militarily, but they will do their very damndest to steal it, either by forging state department waivers, lying, stealing, black-mailing, hacking - whatever it takes. Why do they want it? To equip their jets to compete with ours on the battlefield, or to sell, or maybe even find it's weaknesses to compromise if we ever went to war with them.

I'm willing to bet here that the network used to launch the attack was a University school network, which to most people seems pretty innocent - except that in China, all schools are state run and owned. Is it an academic institution, or an extension of the Chinese government? Likely both. In this instance, the Chinese government gets plausible deniability - they had no control over, or knowledge of any cyber attack. I'll don my tin-foil hat, and disagree with that assertion only because I'm jaded and cynical enough to know better.

Re:To everyone who says it can't be China

[ObsessiveMathsFreak]

China is our enemy

Depends on who you are.

If you're a democracy and liberty loving citizen, then yes, the Chinese regieme represents oppression and injustice and stands against you and your way of life.

However, if you're a corporate shareholder, or one of their shills in public office, then the Chinese regieme represents untold potential to shaft billions and make billions in the process. Ergo, you'll want to keep them sweet.