Slashdot Mirror
Chinese Hacking of American Military Networks On the Rise
Anti-Globalism writes with this excerpt from the Guardian:
"China is stealing sensitive information from American computer networks and stepping up its online espionage, according to a US congressional panel. Beijing's investment in rocket technology is also accelerating the militarization of outer space and lifting it into the 'commanding heights' of modern warfare, the advisory group claims. ... A summary of the study, released in advance, alleges that networks and databases used by the US government and American defense contractors are regularly targeted by Chinese hackers. 'China is stealing vast amounts of sensitive information from US computer networks,' says Larry Wortzel, chairman of the commission set up by Congress in 2000 to investigate US-China issues."
The full study addresses these issues and others relating to the US-China relationship (PDF).
But how much is the USA ramping up their attacks on China?
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
Perhaps I'm just too simple minded, but WHY ON EARTH is ANY of that information even accessible from the interwebz?
No you're not simple minded. Why indeed is it anywhere near the internet ESPECIALLY with a report telling us WE KNOW THERE"S A PROBLEM!.
America is sending all of it's wealth to China anyway and is happily enslaving future generations to chinese investors.
"Supreme excellence consists in breaking the enemy's resistance without fighting." Sun Tsu. 2500 years ago so.
Deleted
US hacks China, China hacks US, where is the news in that? It's like watching two kids fight and both of them saying "He started it!" when in fact, they're both annoying little bastards.
This is propaganda. It's simply preparing the public for adding China to the Axis of Evil, erecting trade barriers etc.
Deleted
One of the largest non-nuclear explosions ever came as a result of US technology that was stolen by the Russians. Except, the CIA knew it was happening and instead of stopping it they decided to plant faulty chip designs. Once the USSR knew the tech was unreliable, they were stuck with one helluva an auditing problem, beyond their capability.
How much do you want to bet that somewhere on a "vulnerable" network, there are some designs that are just... a little... bit... off.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
What's the worst that could happen [if we put up a trade embargo against China]?
When was the last time you went into a Wal-Mart and looked at the 'Made In..." tags? 70%-plus of the stuff in that store is from China, from trash cans to seasonal stuff to lego-like shelving units.
There are -zero- smelting plants for steel based alloys in the US.
Similar with electronics manufacturing, which is all done overseas.
All China would have to do is not export goods or raw alloys, and the US would be in a world of hurt.
Or China could just bomb Taiwan and cause the US more pain because of the sheer amount that the US depends on their manufacturing for electronic items.
China has the ball in this game.
They'll escalate it from there.
From TFA:
"says Larry Wortzel, chairman of the commission"
Larry Wortzel was:
http://www.heritage.org/about/staff/larrywortzel.cfm
who are:
http://www.heritage.org/about/
"Our Mission
Founded in 1973, The Heritage Foundation is a research and educational institute - a think tank - whose mission is to formulate and promote conservative public policies based on the principles of free enterprise, limited government, individual freedom, traditional American values, and a strong national defense."
Yah got to have a bogeyman.
Deleted
"Those people have needs while at work and it'd be inhumane to not address them!"
Well that explains the secret ingredient in MREs.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
Every age needs bogey man.
It was part of the Farewell Dossier
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Major "woosh"
I propose we stop celebrating Chinese New Year, put an end to Chinese Fire Drill and stop playing Chinese Checkers (Go). That'll lurn 'em to bust our tomater.
Bait?
While we're at it, is there any irrefutable proof or must we just blindly trust the storyteller?
It's all about how spicy the mala chicken will become!
chines checkers != go
http://en.wikipedia.org/wiki/Chinese_Checkers
Chinese Checkers (Go).
Chinese Checkers & Go are two entirely different games.
Perhaps this seems a bit extreme, but exactly WHY are these military computers even connected to the Internet? If it's really secret information, shouldn't they have their own network or just not put these things online?
There are -zero- smelting plants for steel based alloys in the US.
Completely false.
I won't even read the rest of your comment.
This sends the message to the rest of the world that the US may not pay its debt to them if they do something the US does not like.... That would be a bad precedent, as we would soon find ourselves very isolated when it comes to finance and commerce...
I came, I conquered, I coredumped
Really, really sensitive information isn't available that way. I'm told that organizations like the DoD that have separate networks with no physical connection to the Internet for the "burn before reading" stuff.
But you can't hide all your sensitive data behind that kind of security. Your organization would grind to a halt. Besides, not all data really merits that level of protection. You don't want the bad guys to have it, but it isn't the end of the world if they do.
Security is always a tradeoff of cost (including the cost of making it hard for your own people to get the information they need) versus risk. If you have a good security policy and enforce it properly, you can do a reasonable compromise between the two. The problem is that many organizations either don't have the policy or are sloppy about enforcing.
Where's the "+1 Crazy" when you need it?
Jesus Christ, all you people need a sarcasm detector adjustment. If you thought the parent was serious, you may in fact be a retard.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
because most of the attacks do not come directly from them, they come via proxies from infected systems the world wide....
I came, I conquered, I coredumped
Beijing's investment in rocket technology is also accelerating the militarisation of outer space
Funny, I thought it was the US stance of space dominance that was accelerating militarisation of space.
'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
Why don't we just take measures to sanction China? Oh wait, we let our economy fail to the point that China owns us. Somehow all this business-favoring government has managed to allow everything to get outsourced and allowed everyone to source everything from China.
China's internet link needs to be severed or otherwise blocked from passing through U.S. routers. US influence should also persuade similar actions in other nations as well. This sort of behavior should not be tolerated. CUT CHINA OFF. The alternative is to dive in with them and go all the hell out.
Electronics manufacturing is not done in the US? Then what is Wolf Electronix? Were the semiconductor facilities run by Intel and Philips just my imagination? Holy shit! I must be really fucked up to have hallucinated all that!
"+1 Wishful Thinking" would be nicer.
upon the advice of my lawyer, i have no sig at this time
Frenemy. It's a love hate relationship. Colbert rocks.
The pdf may be of interest to those studying relationships with China, but very little mention of any "cyber war" except part of chapter two that stresses its 'non-classified' information. The biggest hole in US computer security is Windows and how people use it. It is very common for 'users' of Windows not to set passwords, which just makes it even easier easier to penetrate the whole network. Hopefully, no Windows machine can even access classified information in the first place.
Unix isn't perfect either and again, its the human aspect that is the biggest risk. Anyone caught using an account with access to 'sensitive' or 'classified' without an adequate password should be warned, explained what a good password is and fired if they can't comply. It would seem that there is high compliance and regular audits anywhere 'classified' information can be accessed. Chapter 2 of the pdf only mentions 'unclassified' material, never mind all 'classified' material is created from 'unclassified' resources. Truly classified data should never be accessible from The Internet in any way, in the first place. Any information placed on, or close to The Internet should be considered 'public' on a worldwide basis.
Generally speaking, China uses the simplest, known techniques, to penetrate servers. Any admin can tell you how many dictionary attacks come from China. It is impossible to determine which ones are just 'script kiddies' or students and which are serious organized efforts. There is a very small rate of success from this method. Today it seems that these (Unix) machines are simply used to spread the simple scripts on a wider scale. Simply moving off port 22 (even to port 23) will stop 99% of the problem. Statistical programs that temporarily deny access to a certain IP address can be very effective as most scans never return, even if the access is denied for as little as five minutes. To combat the hardcore attempts where the attack returns, simply increase the 'access denied' time and ultimately blacklist the IP address and the whole net if necessary. (It is very rare it ever goes that far.)
In conclusion: Don't put classified information in the reach of The Internet. Never use any Microsoft product to view 'classified' or 'sensitive' information unless it can be assured there will never be any Internet connections of any sort. It is highly unlikely any government secrets leak out unless that was the intention, such as a "trial balloon". At this time, this is a non-problem that can be stopped. If absolutely nothing is done, it could escalate in much the way spam did. The official report appears to draw the same conclusion, however that is buried in a pile of irrelevant and off-topic material.
BillSF
I have seen this. I used to work in a start-up and saw 2 seperate incidents. In one case, I was hiring for coders. Found a gal who was interesting. She had married a GI and moved to Northern Colorado Springs. Since we could do the work over the line, not an issue. I interviewed her and she was not interested. That is, until I mentioned taht we were doing work for DOD and NSA. Then her attitude changed dramatically. She very much wanted the job. Ok, not a big deal.
But a year later, we were looking for funding. Found a Tawain born guy from Loveland who use to own the chinese restaurant there. He wanted to invest. But he insisted on getting control of the hardware (which was the important part) if we defaulted. When would company be considered defaulted? When he said so. Told him no way. So, then he wanted to buy hardware and said that he would sell it in mainland china and we could all be worth 30 million or more. The hardware was only 1M. But he explained that mainland was willing to pay 30 for it and might go higher. I was actually shocked since I considered him Tawainese and would not do that. My opinion changed when at a slashdot posting, a tawain native said that the chinese who came there STILL consider themselves chinese, not tawainese. The original guy may not have been a spy. But, he was all too happy to sell tech to them. More interestingly, he indicated that he had been in touch WITH mainland china.
No, this is absolutely not propaganda. This is VERY real. Chinese ppl are happy to see their country coming up. And I understand that. But chinese gov is STILL in a cold war with us. They are very much spying on the west and buying tech. whenever possible. And yes, it is the west, not just America. That includes countries like Japan, Australia, Canada, France, UK, Israel, etc and even Russia. In fact, I consider your statement far more propaganda, because you have NO IDEA of what you are talking about.
I prefer the "u" in honour as it seems to be missing these days.
The reason is that China controls the currency and pretty much fixes it against the dollar. When the euro rises against the dollar, then yuan rises a bit as well. BUT, China is the one with the monster holding of our dollars and increasing at exponential rate. The yuen should be rising against the dollar if it was traded freely. But it is not. BTW, same issue with India.
I prefer the "u" in honour as it seems to be missing these days.
the DoD network will continue to be vulnerable as long as they insist on using windows. lest you think i'm a peacenik or something, i was a boom operator in the USAF for 20 years. i retired in 1997, and joined the local LUG. Alot of the members were NCO sysadmins from the base, who related that "all the officers coming out of the zoo (USAF Academy) only knew windows, and policy did not allow for anything else". So, being good NCOs, they snuck linux in the back door and had it running all over the place, as proxy servers, firewalls, etc. their officers didn't know about it, but as long as nobody complained and it made them look good, they were happy. then when they found out, and had it removed. problems increased dramatically soon thereafter. fuckin' zeros...they don't listen! MSgt, USAF (Ret.)
The DoD takes everything personally, and for good reason, but I have a steady stream of chinese hackers attempting to break into the router in my tool shed that reports battery voltage and temperature at a cabin that is inaccessible for 6 months of the year.
I really should put a webcam in there so they can see what they have achieved if they ever do manage to get in.
(22.1F, batteries 25.3V, 600 watt hours of energy stored today.)
"Combine moving inept corrupt people into agencies, with corrupt people from Microsoft and the CEO of companies like GE, walmart, Target, GM, etc and you have the downfall of American civilization and probably the west."
-You forgot ".....and using corrupt programs written by a corrupt software company."
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
Really? There are LOADS of Linux and other *nix running at McChord. Of course email and SharePoint run on exchange. But as a Boom Operator, surely you know that much of the maintenance management applications as well as ARMS (you know, the application that tracks your flying hours) runs with Oracle on Unix minis. Right. And there are many many many more non-Windows applications I can think of. But of course as I said, email and SharePoint are on Windows (obviously).
If you want news from today, you have to come back tomorrow.
The really funny part about conspiracy theories is that they are all bullshit until enough information comes to light to show they are not. There are many things in the world that happen which the general public as blissfully unaware of. This is a good thing in some cases, a bad thing in others. Since WWI, the US and western countries have had a habit of building up bad press against the people they don't like. Demonizing them as axis of evil etc. This is all about manipulating public opinion.
Personally, I think Al Queda has contracted the Chinese to poison our toys and food supplies. In short, the Chinese are terrorists! But that is just a tin foil hat beer drinking wtf did you say kind of thing.
If you were to play connect the dots with financial data, physical world events, political maneuvers, other significant events, I'm certain that you could come up with better stories than any news station ever could. If you want to have some fun just get a list of the 15 biggest corporations, the 15 most influential politicians, and the 15 most influential world leaders. Now find out how many ways you can connect them. The results would scare the pants off the pope if he wasn't on the lists... but hey, that's all conspiracy crap... right?
Mr. Orwell, I miss you!
Support NYCountryLawyer RIAA vs People
And you guys claim to read Schneiier?? Consider this: if the Chinese are spying on our tech, we can stick it to them rather badly by lettng them find pointless dead end projects upon which to waste their treasure. everything is an opportunity... .max
Mostly.
Because most admins are home watching reruns of 'Lost'.
Sig this!
Never attribute to malice that which is adequately explained by stupidity.
...as soon as you realize that nobody who actually knows what's really going on is allowed to post about it on Slashdot.
A very good mantra, but one that was written before malicious stupidity became the default modus operandi of political figures. Yes, I realize there were both maliciousness and stupidity long ago. The trick is that in recent decades there are certain political figures who have managed to combine the two in a publicly accepted manner. They use is both to defend themselves and to push for ever more bizarre legal changes. When we believe them too stupid to pull the wool over our eyes they have the perfect opportunity to stick the knife in our backs. I refer you to Pink Floyd at this point:
You have to be trusted by the people that you lie to
so that when they turn their backs on you
you'll get the chance to stick the knife in
It was something about pigs and sheep if I remember rightly.
Stupid people don't get the backing needed to be in the halls of power except through serious complicity of high crimes and misdemeanors. When someone in the halls of power is making stupid mistakes that cost tax payers or the country money or influence, you can bet your autographed picture of Nero that Brutus is using his knife on you/us. There is no such thing as a naive president. Stupidity is ONLY a defense, not something on their todo list.
When Paris Hilton gets elected... meh, perhaps I'll change my tune. Till then, the old white guys club is not letting stupid people in..... yet.
Support NYCountryLawyer RIAA vs People
IMHO Western countries are *not* comparable to dictatorships at all - not in the slightest. I am from Zimbabwe - that's all I claim as qualification.
Whether or not they are heavily influenced by powerful individuals, there are a lot more powerful and rich people in democracies so there are many interests to be satisfied and compromises to be made to keep parties in power. i.e. nobody can have it all their own way.
In dictatorships, anyone who appears even as if they *could* provide some challenge is mown down. This way the dictator *can* have everything the way they like it and in my country's case that turns out to be a very bad thing for everyone else.
This is all just my personal opinion.
Well hello there, neighbor, I'm from South Africa, soon to be Zimbabwe v2.0 :P
I hate printers.
I propose we ban Chinese Whispers. That's how things really get out of hand.
"Chinese ppl are happy to see their country coming up"
;) ) are very happy to sell it to the Chinese government, for the right price.
And that Taiwanese guy was also "all too happy" to sell something that costs 1 million to the Chinese Government for 30 million.
30 million dollars. Not 2 million, not 1.5 million.
Oh yeah, it was because of patriotism or "The Love of China" that he gave them 50% off the original price of 60 million. That must be it eh?
Given what I know of Chinese people, it's far more likely that the Taiwanese guy was just seeing it as a great business opportunity - a chance to make lots of money.
You were the one with the "love for your country (or other thing)" which got in the way.
The Chinese government was willing to pay for US secrets. And chinese people (and other free market loving people
"I was actually shocked since I considered him Tawainese and would not do that"
Why wouldn't he do that? He's Taiwanese not American. Selling US tech to China _might_ only negatively affect Taiwan in the future, and even if it did, he and his family would have millions in the bank - so they could move to Australia or Singapore or wherever.
You appear to be joining the dots the wrong way.
There's nothing stopping us
It is not too hard to hack a network if you got
counterfeit hardware inside the network giving
you a backdoor in.
http://www.infoworld.com/article/08/05/12/FBI-worried-as-DoD-sold-counterfeit-Cisco-gear_1.html
So once they got in, they learned what they needed
to know to stay in, and put other methods in place
to stay in.
They are going to have to rebuild their network one segment
at a time from the ground up.
They need several things with one of them being segment
monitoring IDS system that can detect the outbound traffic.
Something that can track all outbound traffic against
a white-list of acceptable IPs, think a reverse peer guardian
that tracks what IP's are reached and snds alarms if they
are not on the list.
In any event they will have a monumental task of clearing
all the backdoors in the system, and should consider going
totally to a secure hardware+software encrypted VPN that
does not even travel over the public internet.
There is enough dark fiber out there to do it for the classified
material they transmit.
Also if most of your military traffic goes over the old
global crossing network, don't allow the public sale of
that network to a foreign nation with an oppposing ideology.
Namely China !
http://www.hereinreality.com/likashing.html
When you do stupid things, bad things happen.
google "32 trillion offshore needs IRS attention"
Ditto to Texas Instruments and a few others.
google "32 trillion offshore needs IRS attention"
Whispering was not required when you can trade campaign
donations for guidance systems for ICBM's.
http://www.fas.org/news/china/1998/h980618-prc8.htm
google "32 trillion offshore needs IRS attention"
Not most, just the advanced guidance systems for Nukes.
Nothing important or anything.
http://www.fas.org/news/china/1998/h980618-prc8.htm
LOL
google "32 trillion offshore needs IRS attention"
Ppl mod this troll but this is right in line with
what Rockefeller has said at CFR meetings, but
ppl don't pay attention to anything that isn't
entertainment these days.
Oh well...
google "32 trillion offshore needs IRS attention"
There are more than two parties. Voters who aren't aware of that have abdicated especially if they don't want to vote for either of the two parties.
If the other parties are worse than the Two and there is nobody better amongst the available citizens who wants to be a candidate, then by definition you are getting the best choice, Democracy is working as well as it can and it's the citizens who are crap.
If there indeed is a better candidate, then vote for him/her.
In the 2004 election, approximately 62 million voted for Bush, 59 million for Kerry, and about 78+ million eligible to vote didn't bother to vote.
In the 2008 election, 67M for Obama, 59M for McCain, and about 70M didn't bother.
If those 70+ million figured that someone else was better, even if their votes were split in two or three, I bet the Two parties would start paying a bit more attention and might shift their position accordingly.
As it is, why should the Two parties bother? Between the two of them they've got the support of 98-99% of the voters who can be bothered to vote.
http://en.wikipedia.org/wiki/United_States_presidential_election,_2004
http://en.wikipedia.org/wiki/United_States_presidential_election,_2008
The people are getting what they voted for.
Since WWI, the US and western countries have had a habit of building up bad press against the people they don't like.
Since World War 1? Try a little earlier.
That's Jefferson Davis dancing with Benedict Arnold and Satan. Truth is, there have been political cartoons in America just like this one demonizing our enemies for as long as there has been political dissent (read: As long as there has been America). I just can't find any on Google that are actually readable. The difference of course being this news story is a 'news story' and a political cartoon is generally more of an opinion piece.
From which I can only conclude that you know very little of dictatorships, or of democracy.
Major parties will tend to cluster around the centre in their country's political spectrum. This isn't due to some exciting "conspiracy" by "The Man", it's simply due to the fact that most people in most modern western nations don't want their countries to change too much too quickly. (For obvious reasons - times of rapid change tend to be stressful and difficult, and most people have more than enough stress and difficulty in their personal lives without the government adding more.)
Roughly speaking, if most people want no more than C amount of change in a governmental term, then any party which positions itself outside the interval [-C,+C] (centre=0) is inherently saying that it does not intend to reflect the will of the majority, and consequently will not be considered a major party.
It's not a conspiracy; it's just social dynamics.
I have yet to see any reference to "the dumbed down population" or "the sheeple" be anything other than a straw man used to bolster a crackpot argument.
Perhaps you'd like to offer some data to support the notion that today's population is "dumbed down"? In particular, you may wish to focus on demonstrating that today's population is more compliant than the population of McCarthy's era, or the population which would forcibly and repeatedly shock a screaming man at the request of an authority figure.
To the best of my knowledge, there's no evidence today's population is any more dumbed down than the populations of every other generation. Feel free to provide evidence to the contrary; note, however, that "why, when I was a boy..." does not constitute evidence.
Or attentional biases on your part - this is the first media report which mentions it that I've seen in quite some time, and it's not actually a report on Chinese hacking, but rather a report on the current activities of the US government.
Not, of course, that seeing vastly more reporting on China-vs-US hacks than US-vs-China hacks should be at all surprising, since
- (a) information is much more available in the US, so news media is simply more likely to hear about an event,
- (b) information in the US is predominantly in English, so those of us reading in English are much more likely to hear of it,
- (c) the US is either the country of or a treaty ally of most readers of English-language news media, and attacks on entities we are legally obligated to defend are naturally of rather more interest than attacks on other entities,
- (d) the US is militarily more technologically advanced than China, meaning that China has vastly more to gain from this kind of espionage.
And so on. The simple fact of the matter is that we're more likely to hear of a Chinese hack on the US for a great many reasons which have nothing to do with any purported "media bias". Such a bias may or may not exist, but it's a sign of intellectual laziness and/or dishonesty to simply invoke "teh MSM iz bias!1!" rather than actually thinking about the underlying factors.
Not that intellectual laziness and dishonesty is surprising to find in an argument equating democracy with dictatorship.
A great aspect of the stimulus is that they won't be wasting the money the way the U.S. has: the Chinese will be using their stimulus funds to build some desperately needed infrastructure such as roads, water pipes, railways, airports, and so on. So not only will they continue growing strongly, they will also emerge from the global financial crisis at a higher stage of development and will be stronger than ever.
Then again, I find many people who think Fedex is a government department.
upon the advice of my lawyer, i have no sig at this time
Its going to be much nastier to discover software weaknesses after war begins.