Slashdot Mirror
China's Cyber-Militia
D. J. Keenan notes that the cover story of the current issue of National Journal reports in depth on China's cyber-aggression against US targets in the government, military, and business. We have discussed China's actions on numerous occasions over the years. The news in this report is the suggestion that Chinese cyber-attackers may have been involved in major power outages in the US. "Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of US companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to US government officials and computer-security experts..."
"A computer virus" is as close as this article came to the reason power companies are so wide open to any aggressor.
I am a name troll of Westlake. Visit my homepage to learn why.
Now I know the truth- it was the Chinese cyber-militia!
Are vital parts of power plants connected to The Internet? Why?
It's hard to prosecute hackers and spammers when they hide behind the Great Firewall of China. The information is of course in the NAT logs, but these are controlled by their government. Thats why when I see automated SSH cracking attempts at my computer I can't really do anything other than block it.
Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.
Wow, has professional writing ever gone downhill. Ever heard of a period?
-1 Uncomfortable Truth
It is a long article, but worth reading. The suspicion of Chinese involvement in two major U.S. power outages is extremely worrying. Following are quotes on related aspects.
Here we are fighting this "war on terror" on a bunch of arabs hiding in caves, and a bunch of arabs hiding in iraqi slums who are not a threat whatsoever to the USA while we have the 1000 pound behemoth that is China completely owning our infrastructure through investments, and espionage. The folks in Washington are a bunch of pussies who can not get their priorities straight. Well people we are in for a rude awakening. China has a brand spanking new fleet of nuclear armed subs just sitting off the coat of the USA, THAT is a true threat, NOT a bunch of arabs hiding in caves. World War 3 will start with a conflict with China, not these arabs hiding in caves. Washinging needs to grow a pair and focus it's efforts on China. I can't fathom why we are still in the middle east. I guess it's just a power hunger grab for arab oil.
I hope the Chinese own Washington's computers and shuts down the Shithouse (Whitehouse) then possibly(?) Washington will grow a pair and get us the fuck out of the middle east to focus on more imporatant issues.
People need to communicate. There is no place to
draw a line, cutting off more-vital parts from the
less-vital parts.
There mechanical protection systems, so you won't
be making meltdowns over the net.
China isn't the only country hacking US interests so whats the big deal here? I'm pretty sure we have just as many hackers hacking into not only Chinese systems, but probably every country out there that doesn't align with our interests.
This just seems like more propaganda.Why must either the chinese government or the organization involved continuously act so amorally in the pursuit of profit (monetary or otherwise) despite the terrible impact it has on others and ignore any 'outsiders' outcry against their actions.
oh...wait...familiar that.....sounds like a good chunk of humanity.
Not saying its not wrong, just putting a perspective stick in the spokes.
Ice Cream has no bones.
From now on every instance of government stupidity and incompetence will be blamed on Chinese Hackers. Well, maybe the 13 year old hacker in his parent's basement is finally safe.
Why are effin' power plant controls accessible on the internet?
The article mentions large scale government, military and industry intrusions. They also mention criminal gangs and others besides China as those responsible.
This is an odd issue that gives neo-conservatives fits. They like trading with China, so they don't like hearing old school anti-Communist and human rights complaints. They place the interests of large American companies above those of American people, so they don't like hearing bad things about Microsoft. This leads to a large scale head in sand act.
I am a name troll of Westlake. Visit my homepage to learn why.
It would be sweet revenge if they suddenly started seeing their government websites reporting "hacked by Tibet"
Attak! Attak!
If you run Windows on a cable modem or DSL, there's a good chance your computer is part of a botnet.
When will we finally admit that the Chinese government declared war on us some 20 years ago? Now we are seeing the fruits of the action. Our infrastructure is more vulnerable to the Chinese than to Al Queda, they have been stealing key nuclear and missile technologies, we can't make portions of OUR key IT infrastructure, without Chinese products...the list goes on.
If you go to any US port, you will find that almost every single shipping container in almost every US port is loaded and moved with a container crane made in China. ZPMC has something approaching a monopoly on container handling equipment. We can't even build the infrastructure to participate in the world economy independently anymore.
Unfortunately, the actions of the PRC government do a grave disservice to the Chinese people, who I'm sure would love to interact with the rest of the world in a fair (possibly democratic) way.
I'm not Twitter and I'll post how I'll do as I please.
I am a name troll of Westlake. Visit my homepage to learn why.
When are we going to consider it an act of war and bomb them back to the stone age or at least stop buying their cheap plastic crap (and only buy their useful electronic crap) so their economy goes down the toilet, we can get cheaper oil, and their people sink into poverty and rise up against their opressive government and turn into a democracy? Sounds like a plan to me. We should at least anonymously EMP blast some of their major government datacenters to send them a message.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
What kind of un-patched Windows crap is running the power grid?
Of course the attackers are guilty; but that doesn't excuse foolish security practices. Nevermind bad security on the end-point, or in the software. It seems like the power company, with all its rights-of-way, shouldn't even have to route over the public network. Routing over a private network would provide physical security. Breaking into that requires putting your actual body at the point of attack. Since the power company came before the Internet, I would have thought they had a private network of some kind in place already, or close cooperation with telcos. I guess not.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Come on Slashdot, they were only infringing copyright!
China is just doing exactly what the US, Russia, England, and every other nation is doing, and has done for hundreds of years, which is stealing each others secrets...
And the recent power outages are due to badly maintained and or out of date hardware thats not very fault tolerant.
I might have my cynical head on though.
A learning experience is one of those things that say, 'You know that thing you just did? Don't do that.' - D. Adams
No business or government agency can claim to be seriously concerned about security if they continue to insist on running MS windows on the dekstop.The Air force, for example, is transitioning to thin client desktops because they REALLY CARE about their users getting hacked.
Computer hackers in China, including those working on behalf of the Chinese government and military
Can they prove that? This sounds like regular old corporate espionage -- nothing unusual or even foreign there. Is xenophobia starting to take hold, or are those statements substantiated? No time to RTFA.
The submitter quotes the most frightening parts of the article and our current "trade partner" China is well positioned to spy. We trust them to make equipment and non free software like Cisco routere has proved itself impossible to check.
Still, most of the hacks are common and anyone could do it. Time and time again we read about autopropagating botnets for Windows and how they cover large parts of the internet. When that system is used on corporate and government desktops, anyone can exploit it.
I am a name troll of Westlake. Visit my homepage to learn why.
at least the US governement learned from Billy or is that the Caine example is till around! or the Vietnamese Canon boat attack on US ships or the WTC attack 911 so the next to blame is not terrorists but China who is the next scapegoat - framed or not! who trusts the US??
...China gets rid of their nuclear weapons.
Till then, they get to do as they please, same as any nuclear-armed country.
I wanted to have Firefox installed and use it instead of Internet Explorer 6 (yes, 6), but it is against regulations to have it installed these days.
Clearly military security is reactive, as opposed to proactive -- sad, but true.
I am open source, and Linux baby!
What are we going to do to China? Sanctions? Trade Tariffs? Probably just a "stern speech"
Even if it is Chinese Government sponsored hackers, the american people still want their cheap goods.
Just like most americans we care more about the price of gas, than what type of government is in Iraq.
We want fresh fruit picked by illegal immigrants who have no healthcare.
We want cheap power, but as long as the nuclear power plant is built in someone elses backyard.
"gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast"
Solution is, don't put your SCADA units on the Internet. And even if this were true the more likely explanation is that they didn't have enough spare capacity.
davecb5620@gmail.com
"a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States"
.. A malfunctioning alarm system may have played a big role in the outage Dan Verton Nov 20 2003"
No, what really happened was the grid was overloaded and the SQL virus was playing havoc with connectivity, then a tree fell over and tripped out a line, which spread in a domino effect all the way to Canada. A similar virus tripped out the control system in a Nuclear power plant.
http://www.nationaljournal.com/njmagazine/cs_20080531_6948.php
"During the hour before the Aug. 14 blackout, engineers in the control center of an Ohio utility struggled to figure out why transmission lines were failing and complained that a computer failure was making it difficult to determine what was going on, transcripts of telephone communications released Wednesday show"
http://www.wired.com/science/discoveries/news/2003/09/60285
"Software failure cited in August blackout investigation
http://www.nrc.gov/reading-rm/doc-collections/gen-comm/info-notices/2003/in200314.pdf
http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,87400,00.html
davecb5620@gmail.com
I wonder if this woman was killed as a result:
http://www.dailymail.co.uk/news/worldnews/article-1022699/Woman-lived-inside-iron-lung-60-years-killed-power-cut.html
I never realized the severity of these articles until a couple months ago my boss noticed someone from a Chinese i.p. trying to get root access to our Linux server. Fortunately they didn't get in but it did make these articles a lot more real for me, we're just a small software company and even we were targeted.
It sounds like China is saying that they are involved in our power grid going down when they did not do anything. It's our poor grid setup that took it down.
The answer is to use portable firefox, and then you don't have to install it.
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
Ding ding ding. We have a winner.
The concept of M.A.D. is what is keep the world in one piece, and not a giant puddle of radioactive sludge. Thanks to modern intelligence tech, all countries capable of launching ICBMs are also capable of knowing when OTHER ICBMs are launched, within minutes. If one gets launch, then other countries will launch retaliatory strikes, and eventually, EVERYONE will launch their weapons, hoping to at least destroy the enemy before they are destroyed themselves.
China is a threat to us. They have enough nuclear warheads to pepper every population center with deliciously lethal Uranium goodness, and they can launch theirs five to ten minutes after we launch ours. Considering that an ICBM would take twenty to forty five minutes to travel to its intended target, that's more than enough reaction time. That's why we buy their cheap shit, take their insults and attacks, and let the Communist thing slide.
Maybe we could organize a code bounty and have someone write you a Firefox extension that makes this easy. A combination HTML highlighter (so that you know you already posted in a thread) and account changer. It could be called SockpuppetSlashFox. Or SlashPuppetFox. Or TwitterSlashPuppetFoxSwitcher. Or just pathetic.
Then you could continue to promote free software in your very special way.
The twitter monologues. Click on my homepage and be amazed.
For God's sake Slashdot, get it together.
...in preventing global wars, but I fear it is going to end up the same as our efforts to prevent all forest fires. The population grows and grows, and disputes like this little thing mount and mount, until a huge war/fire destroys everything.
M.A.D. just squashes down the desire to slaughter each other by the millions. Eventually it's going to pop back out of the box with a vengence.
Not only is this administration losing the last war, it's losing the next war as well.
FTA
"in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast"
The secret to success is knowing who to blame for your failures.
Spend a few minutes and think about this. What is there to gain? If China really did it, they completely expose their capability and for what???
Perhaps the author should ask himself one question. Would you do it if you are in control? That's right my friend!!Exactly!
The feds are liars. A number of the network switches that are coming in from China are made with custom chips from China. They are out and out openings that allow China into our network. China is very caustious about using that backdoor. The real problem is that we have so many of these switches in our network, that we would have to replace ALL of them. Slim to no chance of that happening. But the feds keep quiet about because it will cause a sheer panic at a time when about the ONLY thing propping up the market is tech. IOW, Bush's admin and the republicans are lying all the time moving us from one disaster to another. GD their black hearts.
This is fantastic news, and I can't thank China enough for these attacks. The fact is, vulnerabilities in our systems exist whether they are under attack or not. These attacks should serve as a wake up call and lead to security being taken much more seriously. Can you imagine if these weaknesses were left open and were exploited by terrorists, or by some country we find ourselves at war with in the future?
I've often scoffed at the seemingly obtuse propaganda used by communist nations in their media, to be fair, usa has plenty propaganda too, but this is just laughable, if you read about the North East blackout, you'll see that a bug in a Unix based system was primarily responsible for the failure of the electricity infrastructure to react when it should have.
Now, if I was a Chinese spy, I'd infiltrate General Electric, install a bug in the operating software responsible for the control of the energy distribution network, wait till those dumb ol americans had got complacent and then, for no strategic advantage whatsoever, cripple their energy distribution network, and then laugh my black communist heart out.
prepare the survey weasels.
The Chinese 'cyber-militia' has a name. It is called the 'Red Hacker Army'. Google them up. From what I have read they were formed in 1998, immediately after China was given 'Most Favored Nation' status by the Clinton administration. Way to go Clinton Cult. The Red Hacker Army has always been funded by the Chinese communist government and are featured frequently, by name, in public Chinese newspapers. Their published exploits are followed and cheered by many Chinese citizens. Remember that the next time you buy Chinese at Wal-Mart etc.
:-P
Meanwhile, back in the USA, the military will only admit exploits by the RHA starting in 2003. And only this year have they begun publicly disclosed counter measures against these attacks that have been going on for 10 years. Way to go Bush League.
I have read comments that the military would not be stupid enough to make secret information accessible via the Internet. Um, sure. Right.
And that's why the military was ordered last year to begin migration to Macintosh Internet client and server computers. Yup. Someone over there managed to figure out which commercial OS is the single LEAST secure on the Internet. It's you know who...
For about 40 years now all kinds of utility companies have wiped their collective backsides with the idea that any kind of information processing system that has any kind of actuator needs to be thoroughly secured. After all, when was the last time you casually strolled into a waterworks or a power plant? All those things are locked down, if not guarded.
Has it come to the point that without an "enemy" we cannot bring ourselves to put decent security all IT equipment connected to public utility companies that has actuators?
Ah well ... I guess that if even the military can't be bothered to maintain elementary password discipline across their IT installations no-one else can.
... that GeorgeWalkerBush, CondiRice (GWB's Candy thang) are pedofiles. The reason for the Telecom Forgiveness Act is to cover up GWB's And CR's downloads of porn and their porn accounts ... it has nothing to do with nailing Elliot Spitzer.
;)
Guess they got the goods on Billie G. and Stevie B. too!
OOOOHHHHH!!!!!!GGGGGOOOOODDDD!!!!!
Toodles
FUD, who really cares. Basically there are a bunch of other arguments here but essentially this one comes down to the old adage, "business is business," "The hand that bites the hand that feeds," etc. FUD or not, stuff like this more than likely happens depending on the bigger or more moronic targets. Why do you think the whole push for open source. It wasn't just about seeing if someone is spying on you. It's to tweak the software to make it harder for things like this to happen. While it won't make it uncrackable, it does make it more harder for attackers due to the level of diversity existent in the wild.
Should worth mentionning that the Chinese fluoridate US water supplies too... Ever heard of Dr. Strangelove?
A half brain hacker can cover his track pretty well and led others to believe the origin of the attack wherever the hacker wanted. All this talk about China's hack sound like the dumb had hacked in to dumber's unbreakable network. If we can trace the origin of the hack that easy then whoever is doing the hack is pretty dumb. Or we are dumber than the dumb hacker. I think neither case is truth. All this talk about Chinese hacker is pretty lame.
Melt all the lead before it reaches our shores.
Bite me
The submitter writes as if these things were solid facts written in stone, whereas the fact is that nobody really knows. Sadly, building on what "intelligence" comes out of CIA just isn't feasible, as the arguments for the war in Iraq amply demonstrate. SO, the power outages "may have been caused by hackers" or something; or they may have been caused by something else. We rely heavily on advanced technology, which is a bit like balancing on a knifes edge - it is bound to go wrong from time to time, sometimes massively so, especially when stiff competition makes funding for maintenance less abundant.
Apart from that, it isn't exactly difficult to break in to this kind of system - in the past we have seen hackers walk all over the place where they aren't supposed to have been. If script kiddies can do it, is isn't surprising if higly trained miltary personnel can do it too.
But I sincerely doubt that they would leave lots of traces and clues lying around for the more paranoid factions on slashdot to play with. Script-kiddies, yes, but if you are professional, whether criminal or some foreign government, you don't just blunder stupidly in and trigger alarms, or leave your droppings all over the place.
I can see how this kind of nonsense is politically useful. Hasn't the American public caught on to this yet?
Look at how the yuan is tied to the dollar. It is designed to drain us. China's top people are in a war with us. But Bush's admin is the LAST person I want to see taking them on. Obama or Clinton would be superior in everyway. I suspect that both will try to negotiate this first, before escalating slowly.
W. has screwed us so bad, that we keep North Korea and Cuba on the terrorists list, of which NEITHER have been involved with anything since the 80's and have new leadership, while we have loads of proof that Venezuela is all over the war in Columbia. Yet, we do not put Venezuela on the list because we import too much oil from them. Had W. kept Clinton's battery research going, we would be on electrical cars. Of course, BC killed off Poppa Bush's IFR which was just about as stupid.
I prefer the "u" in honour as it seems to be missing these days.
Oh wait...
Only for as long as it takes to implement full scale deployment of its railgun systems. 200 mile range with 5 meter accuracy, and total TOT control spells... not good; be it for ICBMs, SRBMs or any underground installation ever made, because a five kilogram tungsten/titanium/Depleted Uranium rod is NOT something you wanna meet at 15 miles a second.
Chinese do what US services do since a long time. The US eavesdrops on the world and by Google steers the way people view the world. Echelon serves US ( GB & NZ too ) military, secret services, and companies. Why do you wonder. I bet Cisco has a bootloader for US services in all Cisco routers. ( like Xerox built a camera in photocopying machines for the Eastblock )
US (actually western world) is AGAIN using their typical terrorist act. When "they" do it for "us" it's terrorist attact, but when "we" do same for "them", it's anti-terrorism.
""We" are good and "they" are bad" -mentality is so stupid. Cant US, UK and all other big countries stop that world-wide-terrorism and start taking care on their own country?
If US makes cyber-attack to china, why china shouldn't do same to US? Because then US does it same back and write some news from it, what someone post to slashdot. Point is not that WHO is guilty for what, but that everyone are supporting terrorism and defending own actions "This is just a war against terrorism".
If I would have the power of universum, I would build such walls around US, China, UK and many other countries that they could play only with themself and stop terrorising whole world!
How is the security on the machines in China? Another way to look at it is that China can be a fat target for bot herding, etc. Just because a connection comes in from China, doesn't mean that it didn't originate from the States.
The US must act with all urgency to close the cyber-militia gap with those pesky chinks. If not those pesky russky cyber militias will kill all our chillun and convert us all to godless capitalism. The US must develop multiple independently retargetable cyber-militias to close this gap.
"Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of US companies and government agencies..."
/. readers.
Sigh. As a Chinese, I only wish my government were so competent. All those with power are so preoccupied with carving up the national wealth that it seems absurd to suggest they'd have any room left in their fat brains to care about hacking U.S. power grids. Yeah, that's how corrupt the communist government is. And the so called "Chinese hackers" might be one of the most overrated entities in the world. It's true that some patriotic nerd can hack "Free Tibet" sites maintained by voluntary work, but infiltrating the U.S. government? Nah.
I can understand the motivation behind all this China hype. The U.S. wants somebody to fill in the void left by the former Soviet Union -- it must be *so* lonely to stand alone as the world's only superpower. Communist China just happens to be the most promising candidate, with a dictator government, different cultures, and different values. Sadly, in reality China is no where near a rival as the USSR was, and it's highly unlikely that she will ever reach that height before the inevitable downfall of the communist regime. Thus these "cyber warfares" between communist China and the U.S., can only remain in the imaginations of
It is a based on a "formula" that only the Chinese gov. knows. As the dollar drops, so does the yuan (though only slowly). When the euro went up against most other money, the yuan remained steady. When nearly any single money shifts except for the dollar, the yuan is steady. Only when the dollar shifts against all others, does it finally shift. IOW, it is tied to the dollar.
Also, it is disingenuous to say that it is not tied to it. In doing so, it is similar to say that America's Terrorist list is about terrorism.
"I suspect, as the system went down, the PLA hacker said something like, 'Oops, my bad,' in Chinese." haha had to post it
the article alludes to misinformation by the US government... tall trees in ohio and a computer virus were blamed. what is the real truth, and would we ever be able to tell? i agree that a 13 yo script kid could probably pull off the same (depending on the actual circumstances), so how would we ever know?
General Lord, Commander of AFCYBER, has gone on record repeatedly accusing the Chinese PLA of large-scale military and economic hacking. The US is never going to present proof, but Lord has more weight than a journalist, beltway consultant or slashdotter. Search on 'General William Lord' && 'China'.
You are now part of the American propaganda machine. Why would anyone beleive any "Intelligence" information from your country after the UN WMD debacle. pfffft
maybe next time levy breaks around New Orleans, the government can blame Chinese for that? I'm amazed by how people here who usually don't trust the federal government, seem to jump to believe what CIA tell you guys this time. Remember slam dunk WMD?