Slashdot Mirror
Chinese Hack Attacks on DoD Networks Coordinated
An anonymous reader writes " The Naval Network Warfare Command says that Chinese hackers are relentlessly targeting Defense Department networks with cyber attacks. The 'volume, proficiency and sophistication' of the attacks supports the theory that the attacks are government supported. The motives of the attacks emanating from China include technology theft, intelligence gathering, exfiltration, research on DOD operations and the creation of dormant presences in DOD network for future action. Onlookers warn that current US defenses against these attacks are 'dysfunctional', and that more aggressive measures should be taken to ensure government network safety."
The United States really needs to change doctrine to prevent these sorts of attacks in the future. An assault on government networks by a foreign country should be responded to like any other attempt to impair, hinder, or steal information from the government by a foreign country - with an escalating response based on severity from diplomatic rebukes, cyber counterattacks, sanctions, and ultimately military strikes.
"In God we trust, all others we monitor." -- Unofficial NSA motto
That is an interesting statement:
.gov.cn box..."
"China's so full of compromised hosts that whoever's actually cracking DoD machines is probably sitting in an internet cafe in Milan, piping data through some rooted
I wonder how easy it would be to pin this on MS products that have been pirated?
Its an interesting twist of thought to think that MS is responsible for cyber attacks on the DOD. While that isn't true, it's still interesting in a 'haha' kind of way.
Makes me believe that there will be counter-attack strategies that include government sponsored worms traversing the Internet trying to secure those compromised hosts.
Support NYCountryLawyer RIAA vs People
I agree that we give China too much leeway in a variety of venues, but things are changing there. They have the special economic zones, which are essentially capitalist, and the government is losing its grip on a lot of places. It appears their accounting rules are becoming more westernized, and with them, more transparency in to their economy.
http://bgcommonsense.blogspot.com
By creating a planetary network, mankind on Planet now has the ability to share information at light-speed. But by creating a single such network, each faction has brought themselves closer to discovery as well. At the speed of light, we will catch your information, tag it like an animal in the wild, and release it unharmed -- if such should serve our purposes.
I wonder how much China would complain if the NSA launched an attack against any confirmed hosts? If there is evidence that computers are attacking use, either live or as bots, can China make a real complaint about us protecting our interests?
http://bgcommonsense.blogspot.com
I strongly suspect that DoD WANTS to see the attacks. You are exactly right, if the DoD were really concerned about the loss of classified information they would simply block those IP ranges. Something more sophsiticated is probably at work.
1. Create a honeypot that doesn't look like a honeypot.
2. Fire off press releases complaining about how intelligent and crafty those 1337 Chinese Hackers are.
3. Watch and learn.
I can't think of a better way to assess the level of skill the Chinese possess. I seriously doubt that valuable classified information is within reach of internet connected machines. This article and probably most like it are misinformation designed to encourage the Chinese.
load "$",8,1
To answer you, the guy is speaking out of his ass. He's probably an EDS sub-contractor on the NMCI handling help desk calls about email and web proxies and probably thinks SNORT ACID is something he can get busted for.
Mr. ChooseAnother probably doesn't realize that commenting on this, attributing to himself as an insider is a sure-fire way to get his nads hooked to some 'trodes and get his non-clearance revoked.
But, man, he does sound so C O O L don't you want to be just like him when you grow up?
And of those online in China, only 36 million have broadband connections. Further, black markets and pirated software are not just limited to China. In fact, they're all over. So, with the prevalence of pirated software worldwide, why are the majority of the attacks coming from one place? Why are the attacks from that one place going to US military targets? And why are the attacks so sophisticated?
It is widely known that the Chinese want our secrets and technology, especially those surrounding the military. It is widely known that the Chinese actually do copy and steal US trade and military secrets and technology. And it is widely known that as friendly as the Chinese act toward the US, that the Chinese work behind the scenes to subvert US influence and control.
Given the number of sophisticated attacks coming from a single country against US military targets, especially coming from a country that has been militarily hostile to us in the recent past, then I'd say we probably are getting attacked.
The amount of confusion and damage that this could do would be enormous. And it would have the added benefit (to the attacker) of leaving the hard assets (buildings, people) in place, unlike an actual war. These could be simply bought up later, rather cheaply.
There are different ways to root a country. Actual destruction is the most expensive and inefficent approach there is.
The real cause of these cyberspace attacks is that the U.S. government has actively encouraged them. First, the Feds have actually punished Government employees who have tried to stop these attacks. Read The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them) This is a variation on a common theme of the attitude of the U.S. government, unfortunately. Protecting the U.S. appears not to be a priority.
The second biggest problem is that the Federal Government has set up a hostile enviroment to discourage Security Research. Security researches are threatened with prosecution, jail time and civil lawsuits that can bankrupt them. The common occurance is when a Researcher reports a problem with a flaw in a product. There are no Safe Harbor procedures or provisions in any Federal law which allow this to happen so that society in general can benefit.
This has had a rather chilling effort on the IT industry as a whole. There is no safe way to study real cracking, so our students (and industry workers) really don't understand how the bad guys work. This also has the added downside that new technologies are developed without any real understanding (or even concern) of what the attack vectors are. MS Windows is the best known example. Javascript is the second best.
Had the U.S. implemented Safe Harbor provisions, we'd be in far better shape to deal with hostile attacks, throughout the entire industry.
While the offshoring of jobs has had an effect, without the above two points we'd still have this problem. Furthermore, if we had shored up and expanded our efforts in Security Research, we would be a lot more resistant to backoffice exploits.
It is also obvious that security can't be offshored. So if the Federal government had made security a priority, your original point would be moot.
The best way to predict the future is to create it. - Peter Drucker.
SIPRNet is mostly separate. From what I've heard, people aren't allowed to move information between SIPRNet computers and other 'insecure' computers at all.
First and foremost, Americans aren't the only people losing their lives in Iraq. Racism is for fools.
Second of all, we are talking about a government which we know lies as a matter of course. So taking the body counts they offer as proof in any sort of argument makes little sense. --Having learned from their experiences with Vietnam, the government now conceals the number of U.S. Service people wounded or killed in Iraq. There have been more than 3000 American casualties.
Consider also that a significant part of the war is being fought by 'private contractors' (a fancy name for mercenaries) whose deaths are not recorded by the official stats and whose own public records are almost certainly false.
Body armor has also improved much over the last thirty years. Many of the same kinds of wounds received in Vietnam led to death whereas we now have thousands more American kids coming home missing arms and legs than we did from Vietnam.
Thirdly, just because the official casualty statistics in Iraq and Vietnam do not happen to match on the front page of the New York Times does not mean that the two wars have no other significant parallels. Those who cannot see the parallels are either blind or are deliberately not looking.
Fourth, NONE of this discounts my primary points; that propaganda and ignorance on the part of the populace are what to war. --We are now seeing the same tactics with regard to China. These are my main points.
Fifth, and finally. . . You say that bashing the war is sheep-like behavior. Sorry. Wrong. The war was started by those who were blind and foolish. The Administration lied. This is an uncontested fact. (Or rather, the facts are only contested by fools who cannot see reality when is is posted directly in front of their noses. Not even the Bush Administration is trying to sell the WMD's line of bullshit anymore. Not that it matters; fools are willing to accept any new lie which they put forth.)
Sheep are NOT those who see the lies and refuse to believe them. Seeing a lie
Not that this was an overly serious post to begin with, I guess I'll start off by saying that's "masturbatory". But anyway.
The United States of America, as a country, is wholly dependent upon other countries for its own prosperity. Look around you; Virtually everything that you can afford to buy is manufactured in China, (SOMETIMES) Japan, Mexico, Taiwan, Hong Kong, and so on and so forth. Most of those electronics are also designed in Japan (Sony, Hitachi, Pioneer, Panasonic, Nintendo), Europe (Philips), Korea (Samsung, LG) and Taiwan (ASUS, MSI, Biostar, DFI). Why? Cheap labour. Do you realize how much it would cost to purchase a television whose manufacture was solely performed in the United States, with well-paid workers and stricter quality standards? Let's just say there's no such thing as a $20 DVD player in that sort of world.
Like it or not, there is a massive amount of interdependency between the United States and the rest of the world, and there isn't a whole lot that the average American could do with their lives were the United States to end the rest of the world as we know it, or even just cut off contact. Not only that, but the aforementioned brands that people in the 'States use every day would cease to exist in American society. Considering that these electronics companies are pretty much the staple of our electronic consumption for both appliances and entertainment, that means that entertainment as we know it would also take a nosedive.
As I type this, I'm using an Acer computer, with an ASUS motherboard, an LG optical drive, a Microsoft optical mouse (made in China), a Philips 17" CRT, and a Siemens (Germany) DSL modem. Were I living in the United States, and the USA simply decided that it were to isolate itself from the world, all of those things would simply cease to be. Well, that's not entirely true. Existing products would obviously still be around, but when it comes time to buy something else, or if one of those components should fail, I'd be SOL, especially since I don't know of any motherboard manufacturers based in the United States who make AMD motherboards.
My point is, American industry is mostly on the ropes as it is - General Motors, for instance, is scrambling to keep up with cheap, efficient imports of increasingly higher quality. Chrysler is now merged with Daimler-Benz, a German company, meaning that if ties with the EU were cut, the fate of Chrysler in the USA would be in question.
Like it or not, imported goods are a vital part of any economy, and arguably especially the USA's. Economic sanctions would devastate the American economy, and as far as that goes, I wouldn't underestimate the strength of the EU, China and Russia militarily. While not strictly a superpower even combined, they have more than enough nuclear weaponry to glaze over the entire US mainland, and China has more than enough manpower to launch a sustained conventional assault on the United States, as well.
While I highly doubt nuclear weapons will EVER be used by any sane government, it's still in the USA's best interests to avoid pissing off the neighbors.
Screw the rules, I have green hair!
"they are very likely to overtake the United States economically, largely because they have a more productive populace"
China could overtake the economy because they have a work force that is paid low wages, has a lower standard of living, and is less educated. Another reason they can overtake is because our own American CEO's are falling all over themselves to have everything manufactured over there at the expense of American workers' jobs. Let's see what else? Oh yeah, did I mention that American companies invest in R&D and then GIVE AWAY that technology to China? Did you also know that the Chinese government gets an automatic 50% stake in every business venture over there?
Did you happen to know that the American workforce is among the most productive in the world?
Is China a threat?
Ask the Tibetans, Taiwanese, or people living in Hong Kong. Hell, dig up a history book and learn what happened in the 50's when the U.S. military while fighting the North Koreans suddenly found themselves fighting 8 Divisions of Chinese.
China is no one's friend. They especially want to get even with the U.S. and Europe for humiliating them during the 1700s and 1800s during the gun-boat diplomacy phase of history with them.
Finally, look up their information on their economy and the fact the yuan is artificially valued. Who needs to play by international rules, anyway?
-- Posted from my parent's basement
As a webmaster for several popular sites, I can attest that most probes\hack attempts\spambots come from net-blocks within China. I do wonder if it is a trick to get all of us to block all China traffic, so that it helps the Great Firewall?
Being globalized is not the problem. The problem is China has tied their money to American money and at a significantly lower rate. In response, American companies have shifted the work from America to China. For the last 4-5 years, we should have had the ability to prevent China from doing this if we had proper leadership. The problem is that the USA is so tied up with Iraq, that W. can not afford to really take on anything else. Basically, he needs China to not oppose his actions. As it is, they do not openly, but are engaging in a cold war with America (and that includes the whole west for that matter) by encouraging other nations to mess with us. All in all, I believe that W. and Cheney have been busy playing the fiddle.
I prefer the "u" in honour as it seems to be missing these days.
"What, the US wants Chinese trade and military secrets? That might be true if China weren't running behind the US in either."
/sarcasm
So your saying the US strategy is to wait until China is "in front" of the US and then start spying, the US sure are good sports about this stuff wouldn't you agree?
"That's almost completely negated by the US sending tons of business their way."
Ahhhh, I see. The US is not losing bussiness to a competitor they're being generous to the underdog, what kind souls they are.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
So much for the Interstellar Ark:
2 14.shtml
http://science.slashdot.org/science/07/02/18/1359
Only when humans decide to get out of and deprive governments and wealthy of the "defense" industry will humans have money and worthiness of being allowed doe DESERVE an interstellar ark.
Elevating Chinese attempts to breach a DOD (or any government) database to the level of military attack is just ASKING for excuses to wage war. Since vastly many interconnected ties exist in economics, land, and employment schemes, traditional war would be immensely devastating not only to average workers but to the wealthy land owners, property owners and even the high tech companies.
I call madness. Oh, and don't forget the US DOD is probably running stealth "attacks" on Chinese, Russian, French, Canadian, Australian, UK, Venezuelan and innumerable other nations' databases and networks, friend and foe alike.
remember, there are at least to sides to every story. Stop making Chinese out to be the big bad guy. Any nation with something to fear will do what China is known to have been doing for years, and what many informed as well as ignorant "red-blodded 'merkuns" overlook when the US is exposed for doing the same things. In the end, it's specious, corrosive human conduct. If all these people focus on poverty, disease, hunger, underemployment, and other things (like lessening the causes of reactive terrorism), then maybe we can concentrate as a collective on pursuing interstellar travels.
The database and network attacks will be less of a problem if the networks are not accessible via internet junctions. More honeypots need to be set up, more honeynets need to be spun off, and less classified information should be available.
Hell, I suspect that these things HAVE been done, and that the reports many of you armchair politicos (you know who you are-- just informed enough to be barely credible) and the rest of us see are the "leaked" stuff which was generated from logs of Chinese (and other nations') penetration attempts and successes against honeynets and honeypots, and the reports are just mostly useful for facilitating creation of domestic antipathy toward or or mistrust of the Chinese, or whomever is the boogieman of the quarter.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"