Slashdot Mirror

← Back to Stories (view on slashdot.org)

China's Cyber-Militia

Posted by kdawson on from the less-power-to-you dept.

D. J. Keenan notes that the cover story of the current issue of National Journal reports in depth on China's cyber-aggression against US targets in the government, military, and business. We have discussed China's actions on numerous occasions over the years. The news in this report is the suggestion that Chinese cyber-attackers may have been involved in major power outages in the US. "Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of US companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to US government officials and computer-security experts..."

35 of 196 comments (clear)

  1. Microsoft? Windows? by westbake · · Score: 3, Insightful

    "A computer virus" is as close as this article came to the reason power companies are so wide open to any aggressor.

    --
    I am a name troll of Westlake. Visit my homepage to learn why.
  2. Huh!? by fluch · · Score: 5, Insightful

    Are vital parts of power plants connected to The Internet? Why?

    1. Re:Huh!? by ChowRiit · · Score: 4, Insightful

      You beat me to it - hell, my old SCHOOL didn't have their servers that contained student records connected to the internet, and this was back 5+ years ago when people were less well educated on these things.

      That ANY major infrastructure would be connected to the internet is shocking, and I'd really like to believe that people aren't that stupid...

    2. Re:Huh!? by Stradivarius · · Score: 2, Insightful

      What's the alternative to COTS? Custom-building every piece of hardware and writing every piece of code from the firmware, to the operating system, and applications in-house?

      There's a lot of reason to believe that doing so would result in less secure software. The software would have less people trying to break it, thus less opportunity to find and fix the inevitable bugs. There's something to be said for the trial-by-fire that is a public release of software. And in many cases it probably wouldn't get the same investment of dollars into the software as the commercial world can afford, so you have less money to fix said bugs when they were discovered.

      Similarly the software would likely be less functional, given that even the defense budget is not infinite. It just makes sense to leverage COTS, provided you can ensure adequate supply of parts in a major conflict. That is a challenge with the effects of globalization.

      Using COTS where it makes sense doesn't mean you should hook everything up the Internet though.

    3. Re:Huh!? by _xeno_ · · Score: 2, Informative

      I've always heard it as "Commercial Off The Shelf" - and Google seems to agree with me. (Yes, even Linux use would generally be commercial, because it usually comes with support contracts from someone.)

      But anyway, part of the reason for using COTS products in general is that people bitch about "government waste" and things like "$500 hammers" - so in response, the government and the DOD started a mandate to use more COTS products.

      The idea is to save money by not reinventing the wheel where it isn't needed. Quite a lot of the government and the military is paper pushing, and when COTS software can be used instead of custom designed software, it's a win in cost - which means spending less taxpayer money, which means taxpayers are less upset.

      Which isn't to say everything is COTS, but the government likes the idea of using products that are easy to obtain and have a wide knowledge base of users to draw on. That way, if a COTS product breaks, it's easier to replace or repair, since it may be possible to have it fixed/replaced without going back to the original vendor.

      Using COTS products where possible saves government money, which is taxpayer money, which is likely your money. It's a good thing.

      --
      You are in a maze of twisty little relative jumps, all alike.
  3. I hope this guy isn't getting paid by ShieldW0lf · · Score: 4, Funny

    Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.

    Wow, has professional writing ever gone downhill. Ever heard of a period?

    --
    -1 Uncomfortable Truth
    1. Re:I hope this guy isn't getting paid by Cairnarvon · · Score: 3, Insightful

      The sentence is as clear as it can be, and splitting it up would only serve to add padding and dilute the information content. I realise catering to short attention spans is the in thing to do right now, but come on.

    2. Re:I hope this guy isn't getting paid by TubeSteak · · Score: 4, Informative

      Wow, has professional writing ever gone downhill. Ever heard of a period? You've obviously never read anything written over a hundred years ago.
      Professional writing used to be a competition to put on paper the longest sentence with the least amount of punctuation possible.

      What we call a paragraph, they called a sentence.
      --
      [Fuck Beta]
      o0t!
    3. Re:I hope this guy isn't getting paid by couchslug · · Score: 2, Funny

      "Wow, has professional writing ever gone downhill. Ever heard of a period?"

      No

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  4. Some quotes from the article by D.+J.+Keenan · · Score: 5, Interesting
    [I am the submitter.]
    It is a long article, but worth reading. The suspicion of Chinese involvement in two major U.S. power outages is extremely worrying. Following are quotes on related aspects.

    The Central Intelligence Agency's chief cyber-security officer, Tom Donahue, said that hackers had breached the computer systems of utility companies outside the United States and that they had even demanded ransom.

    ... many of the systems that [U.S.] utility operators use were designed by others. Intelligence officials now worry that software developed overseas poses another layer of risk because malicious codes or backdoors can be embedded in the software at its creation. U.S. officials have singled out software manufacturers in emerging markets such as, not surprisingly, China.

    "Numerous computer networks around the world, including those owned by the U.S. government, were subject to intrusions [in 2007] that appear to have originated within" the People's Republic of China. ... the [Chinese] Army is "building capabilities for information warfare" for possible use in "pre-emptive attacks."
    1. Re:Some quotes from the article by ColdWetDog · · Score: 3, Informative
      How about another view on this.

      If you don't want to go there, the short version is that the data for hacking into the power systems is pretty darn weak.

      Since we can't beat up Iran anymore, we have to have somebody to hate.

      --
      Faster! Faster! Faster would be better!
    2. Re:Some quotes from the article by Herschel+Cohen · · Score: 3, Interesting

      I have a theory, since it is obvious we will never win the "War Against Terror" we need an alternative to keep ourselves busy and afraid with another big, bad enemy of the scale of the Soviet Union. Then we all give up our rights without a grumble. Happy Days are here again, as we fight another Cold War (we understand those) or is it WWIV (ok, make it six).

      The content is too breathless. The words fed us smell like the b.s. we had before on lesser security issues. This all makes me dubious. I find it hard to take this seriously. We have too much incompetence that is too wide spread. Those leading only value ever enlarging cash piles while strenuously waving patriotic flags. It is just too familiar. So it has to be a foreign threat not good old American (U.S.) incompetence?

      Push this too far, we will be taking on an enemy so large it might mean those so used to sending the dispensable off to be killed or horribly injured may join the party. That is, this time it will be close up and very deadly for the even erstwhile avid supporters of the military, albeit previously from afar.

  5. Just wait by LM741N · · Score: 4, Funny

    From now on every instance of government stupidity and incompetence will be blamed on Chinese Hackers. Well, maybe the 13 year old hacker in his parent's basement is finally safe.

  6. It's not just power companies. by westbake · · Score: 3, Insightful

    The article mentions large scale government, military and industry intrusions. They also mention criminal gangs and others besides China as those responsible.

    This is an odd issue that gives neo-conservatives fits. They like trading with China, so they don't like hearing old school anti-Communist and human rights complaints. They place the interests of large American companies above those of American people, so they don't like hearing bad things about Microsoft. This leads to a large scale head in sand act.

    --
    I am a name troll of Westlake. Visit my homepage to learn why.
    1. Re:It's not just power companies. by dotancohen · · Score: 4, Insightful

      The article mentions large scale government, military and industry intrusions. They also mention criminal gangs and others besides China as those responsible.

      Why not? If Scientology has managed to infiltrate US institutions then why can't China do it with their forged Cisco equipment at every gateway?
      --
      It is dangerous to be right when the government is wrong.
  7. "hacked by chinese" by bsDaemon · · Score: 3, Funny

    It would be sweet revenge if they suddenly started seeing their government websites reporting "hacked by Tibet"

  8. Re:of course by fluch · · Score: 4, Insightful

    The computers which control the plant should be physically separated from the computers which are needed/wanted for connection with the internet. Otherwise you are begging for disasters.

  9. We are at war... by Anonymous Coward · · Score: 2, Insightful

    When will we finally admit that the Chinese government declared war on us some 20 years ago? Now we are seeing the fruits of the action. Our infrastructure is more vulnerable to the Chinese than to Al Queda, they have been stealing key nuclear and missile technologies, we can't make portions of OUR key IT infrastructure, without Chinese products...the list goes on.

    If you go to any US port, you will find that almost every single shipping container in almost every US port is loaded and moved with a container crane made in China. ZPMC has something approaching a monopoly on container handling equipment. We can't even build the infrastructure to participate in the world economy independently anymore.

    Unfortunately, the actions of the PRC government do a grave disservice to the Chinese people, who I'm sure would love to interact with the rest of the world in a fair (possibly democratic) way.

  10. Re:And the point of the article is...? by jeiler · · Score: 2, Insightful

    The US not only hacks into governments that don't "align with our interest," but in all probability with governments that do. Remember, we've had folks kicked out of Israel (and, IIRC, England) for espionage within the last two decades--and these are two of our staunchest allies.

    --

    If you haven't been down-modded lately, you aren't trying.

    Sacred cows make the best hamburger.

  11. What kind of un-patched Windows crap... by istartedi · · Score: 3, Insightful

    What kind of un-patched Windows crap is running the power grid?

    Of course the attackers are guilty; but that doesn't excuse foolish security practices. Nevermind bad security on the end-point, or in the software. It seems like the power company, with all its rights-of-way, shouldn't even have to route over the public network. Routing over a private network would provide physical security. Breaking into that requires putting your actual body at the point of attack. Since the power company came before the Internet, I would have thought they had a private network of some kind in place already, or close cooperation with telcos. I guess not.

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  12. Did Red China really hire the hackers? by justinlee37 · · Score: 3, Insightful

    Computer hackers in China, including those working on behalf of the Chinese government and military

    Can they prove that? This sounds like regular old corporate espionage -- nothing unusual or even foreign there. Is xenophobia starting to take hold, or are those statements substantiated? No time to RTFA.

  13. China is well situated. by westbake · · Score: 4, Insightful

    The submitter quotes the most frightening parts of the article and our current "trade partner" China is well positioned to spy. We trust them to make equipment and non free software like Cisco routere has proved itself impossible to check.

    Still, most of the hacks are common and anyone could do it. Time and time again we read about autopropagating botnets for Windows and how they cover large parts of the internet. When that system is used on corporate and government desktops, anyone can exploit it.

    --
    I am a name troll of Westlake. Visit my homepage to learn why.
  14. When will we retailate? As soon as... by AmazingRuss · · Score: 4, Insightful

    ...China gets rid of their nuclear weapons.

    Till then, they get to do as they please, same as any nuclear-armed country.

  15. Re:of course by TubeSteak · · Score: 2, Funny

    The computers which control the plant should be physically separated from the computers which are needed/wanted for connection with the internet. Otherwise you are begging for disasters. It's more like the trees which grow next to the powerlines should be kept trimmed.
    Otherwise you are begging for disasters.

    Did Hackers Cause the 2003 Northeast Blackout? Umm, No
    http://blog.wired.com/27bstroke6/2008/05/did-hackers-cau.html

    So China would have to have planted the race condition in a [General Electric] product used around the world, then, using the most devious malware ever devised, arranged for trees to grow up into exactly the right power lines at precisely the right time to trigger the cascade.
    --
    [Fuck Beta]
    o0t!
  16. What really happened .. by rs232 · · Score: 2, Informative

    "a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States"

    No, what really happened was the grid was overloaded and the SQL virus was playing havoc with connectivity, then a tree fell over and tripped out a line, which spread in a domino effect all the way to Canada. A similar virus tripped out the control system in a Nuclear power plant.

    http://www.nationaljournal.com/njmagazine/cs_20080531_6948.php

    "During the hour before the Aug. 14 blackout, engineers in the control center of an Ohio utility struggled to figure out why transmission lines were failing and complained that a computer failure was making it difficult to determine what was going on, transcripts of telephone communications released Wednesday show"

    http://www.wired.com/science/discoveries/news/2003/09/60285

    "Software failure cited in August blackout investigation .. A malfunctioning alarm system may have played a big role in the outage Dan Verton Nov 20 2003"

    http://www.nrc.gov/reading-rm/doc-collections/gen-comm/info-notices/2003/in200314.pdf

    http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,87400,00.html

    --
    davecb5620@gmail.com
  17. Re:Or.... by thermian · · Score: 2, Insightful

    I can't imagine england is morally capable of this kind of thing

    You may find it instructive to research how England got its first tea plants from China. That is possibly one of the finest feats of industrial espionage in history.

    Also, check out the antics of the East India company, and ponder what happened to all that money and power, think it evaporated away and england is all cuddles and sweetness now?

    --
    A learning experience is one of those things that say, 'You know that thing you just did? Don't do that.' - D. Adams
  18. Re:When will we retailate? As soon as... by Drakonik · · Score: 3, Insightful

    Ding ding ding. We have a winner.

    The concept of M.A.D. is what is keep the world in one piece, and not a giant puddle of radioactive sludge. Thanks to modern intelligence tech, all countries capable of launching ICBMs are also capable of knowing when OTHER ICBMs are launched, within minutes. If one gets launch, then other countries will launch retaliatory strikes, and eventually, EVERYONE will launch their weapons, hoping to at least destroy the enemy before they are destroyed themselves.

    China is a threat to us. They have enough nuclear warheads to pepper every population center with deliciously lethal Uranium goodness, and they can launch theirs five to ten minutes after we launch ours. Considering that an ICBM would take twenty to forty five minutes to travel to its intended target, that's more than enough reaction time. That's why we buy their cheap shit, take their insults and attacks, and let the Communist thing slide.

  19. Re:wake up people by Jah-Wren+Ryel · · Score: 3, Insightful

    When are we going to consider it an act of war and bomb them back to the stone age Congratulations. You are doing exactly what the publishers of the article wanted you to do - go apeshit over innuendo. The article had zero proof, but lots and lots of speculation about China causing power outages. You know what speculation is, right? Its just bullshit they want to trick you into believing without actually outright lying.
    --
    When information is power, privacy is freedom.
  20. Thank you China by CopaceticOpus · · Score: 3, Insightful

    This is fantastic news, and I can't thank China enough for these attacks. The fact is, vulnerabilities in our systems exist whether they are under attack or not. These attacks should serve as a wake up call and lead to security being taken much more seriously. Can you imagine if these weaknesses were left open and were exploited by terrorists, or by some country we find ourselves at war with in the future?

  21. good old propaganda by Gearoid_Murphy · · Score: 3, Interesting

    I've often scoffed at the seemingly obtuse propaganda used by communist nations in their media, to be fair, usa has plenty propaganda too, but this is just laughable, if you read about the North East blackout, you'll see that a bug in a Unix based system was primarily responsible for the failure of the electricity infrastructure to react when it should have.
    Now, if I was a Chinese spy, I'd infiltrate General Electric, install a bug in the operating software responsible for the control of the energy distribution network, wait till those dumb ol americans had got complacent and then, for no strategic advantage whatsoever, cripple their energy distribution network, and then laugh my black communist heart out.

    --
    prepare the survey weasels.
  22. Re:And the point of the article is...? by jeiler · · Score: 2, Funny

    Every time I hear about divesting from China, I think of this picture.

    --

    If you haven't been down-modded lately, you aren't trying.

    Sacred cows make the best hamburger.

  23. Scaremongering by jandersen · · Score: 4, Insightful

    The submitter writes as if these things were solid facts written in stone, whereas the fact is that nobody really knows. Sadly, building on what "intelligence" comes out of CIA just isn't feasible, as the arguments for the war in Iraq amply demonstrate. SO, the power outages "may have been caused by hackers" or something; or they may have been caused by something else. We rely heavily on advanced technology, which is a bit like balancing on a knifes edge - it is bound to go wrong from time to time, sometimes massively so, especially when stiff competition makes funding for maintenance less abundant.

    Apart from that, it isn't exactly difficult to break in to this kind of system - in the past we have seen hackers walk all over the place where they aren't supposed to have been. If script kiddies can do it, is isn't surprising if higly trained miltary personnel can do it too.

    But I sincerely doubt that they would leave lots of traces and clues lying around for the more paranoid factions on slashdot to play with. Script-kiddies, yes, but if you are professional, whether criminal or some foreign government, you don't just blunder stupidly in and trigger alarms, or leave your droppings all over the place.

    I can see how this kind of nonsense is politically useful. Hasn't the American public caught on to this yet?

  24. You couldn't make this shit up! by sean4u · · Score: 2, Funny

    Oh wait...

  25. Re:Washington is full of pussies by meringuoid · · Score: 3, Insightful
    Neither government is stupid enough to ever fight each other. In today's modern global economy, the entire world's economy would go to shit if the US and China went to war.

    Funnily enough, that's what everyone in Europe was saying in 1913.

    --
    Real Daleks don't climb stairs - they level the building.
  26. Re:they are accurate by Anonymous Coward · · Score: 2, Funny

    Forget batteries, we need cars that run on fucking idiots. Slashdot has shown me that that's something we'll never run out of, cuz we got plenty here. (Of which you're just one example.)