Slashdot Mirror
Chinese Hackers Had Unfettered Access To Nortel Networks For a Decade
An anonymous reader sends this quote from CBC News:
"Hackers based in China enjoyed widespread access to Nortel's computer network for nearly a decade, according to ... Brian Shields, a former Nortel employee who launched an internal investigation of the attacks, the Wall Street Journal reports [from behind a paywall]. ... Over the years, the hackers downloaded business plans, research and development reports, employee emails and other documents. According to the internal report, Nortel 'did nothing from a security standpoint' about the attacks."
Sometimes security sacrifices are made in exchange for learning about the attackers. Could this possibly have been an example of this? I know that Nortel is common tech in business and local government, but would this penetration be dangerous to military or defense development?
Do not look into laser with remaining eye.
Otherwise known as, 'Huawei employees'.
The first thing the US (and other First World nations) should be doing is getting tougher on China instead of being any bit friendly to them in commerce.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
1) I no longer care what "Wall Street Journal reports [from behind a paywall]". Quoting largely unavailable sources is wasting my time.
2) Nortel wasn't so good at security in their products. Not much of a surprise.
Oh, and 3) discounting 'cyberwar' as a solution justifying a problem is a little like dismissing a accidental wound as not in and of itself fatal. You've been injured. Claiming it's 'not that bad' doesn't change the nature of the injury. China has been attacking the rest of the world for a while now. The evidence cannot be excused.
deleting the extra space after periods so i can stay relevant, yeah.
The only reason was either incompetence, or a back-room deal with China that caused Canada to turn their eye the other way.
One has to wonder why Huawei rose to prominence so drastically... Where else have they been "researching" their technology?
Wife: Honey, I'm being raped Husband: Give it a minute, I want to check out his methods so we can prevent it in the future {two hours later} Husband: I think he has a penis
Link to full article.
Now, I'm assuming that absolutely nothing whatsoever will come of the investigation into the hacking, as usually seems to be the case. However, the bit about Nortel knowing that they had been cracked good and hard and not telling buyers is the sort of thing that the SEC might take an interest in. Potentially(depending on the level of regulatory capture, of course...) a very strong, very personal interest in.
That could get rather uncomfortable for anybody involved in their asset sale. I'd imagine that some of the buyers are sniffing around for blood as we speak.
One tiny detail this summary neglected to mention is Nortel went bankrupt 3 years ago.
They had no interest in pursuing the investigation because there was pretty much no way it was going to make their assets look any *more* valuable to buyers...
According to TFA, the excuse used by the Chinese government amounts to "wasn't government sponsored, show us some proof".
Have there been any cases where a hack was actually traced to an individual in China? Has the Chinese government followed up in those instances to arrest and try the individuals? I would think that if someone in US were to hack into a Chinese company network they would be arrested and tried.
Oh, wait. I see. That explains alot. :)
I wish Chinese hackers would steal our democratic values and ideals.
Keywords for the NSA overthrow oppressive regime true believers marathon Manhatten the financial district blueprints I
Where were all thier network security experts at?
Cisco and Juniper, mostly.
Eagles may soar, but weasels don't get sucked into jet engines.
Preventing attackers from getting in it only the first line of defense. Detecting then once they are in, and having the logs that show what they did is critical for an adequate response. Unfortunately, as many recently published events show, this seems to be largely unknown or not done due to cost reasons. At the same time, most corporate systems are relatively easy to break in for high-competence attachers. Something needs to change here, and the only thing I can think of is personal criminal liability of those that fail to put reasonable security on their IT installations.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Foreigners own less than 30% of US Treasury bonds. China owns 30% of those foreign owned bonds. About 8% of US bonds in total. The bonds are for a fixed term. They are paid in US dollars, at a fixed interest. And the US Treasury must register and approve all buyers.
China cannot "call in their debt" early. That's not how bonds work. The only way for them to do... anything... with the bonds is to dump them on the open market. However, that would crash the price, and the US could simply buy back the bonds at less than their face value, saving money in the long term. Since the interest rate paid on bonds is about a low as it can get, it means demand is high and so the US is not in any way dependent on China buying new debt. In fact, China seems to be gradually selling out of US Treasuries, and the interest hasn't gone up. If China tried to dump its bonds, the market would scoop them up.
Since each bond is individually registered with the US Treasury, and is paid by the US Treasury, if China somehow tried to... do something... somehow... to blackmail the US over its debt, the US government could selectively default on Chinese owned bonds. This wouldn't spook the bond market much because of the narrow targeted US response, and the obvious dickishness of the Chinese in bring it on themselves. (In fact, under such circumstances it would probably settle the markets.)
Put simply, you cannot fuck with another country by buying their debt in a form they have absolute control over.
Anyone who says you can is lying to you in order to sell you something.
Science is all about firing a drunk pig out of a cannon just to see what happens.
The only evidence these guys were in China were the sources of the IP addresses they were using. They never went any further than doing a whois. So they know the hackers were using systems in China, but it's a very large assumption that's where the attacks actually originated.
Yeah, I love all these stories about 'China' hacking everything under the sun. If I were a black hat interested in breaking into a computer, the very first thing I would do is compromise a server in china to work through so if my hack were discovered it would be written off as 'more Chinese hackers'. I believe this is referred to as a false flag operation in spy trade craft. I find it hard to believe that all these governments and corporations are constantly being attacked by nothing but Chinese hackers.
HA! I just wasted some of your bandwidth with a frivolous sig!
Since the interest rate paid on bonds is about a low as it can get, it means demand is high
No, it doesn't mean that. It means that the Federal Reserve keeps buying all surplus debt, which is a lot. "The market" hasn't bought (net) new debt in quite a while. This price manipulation is one of the reasons cited by China for their changing investment strategy.
Except that the GP is right and US citizens hold more of the debt. http://www.gao.gov/special.pubs/longterm/debt/ownership.html. China is the largest foreign holder of US debt, but they don't hold more than domestic holders.
China could dump all their investments, driving down the price, and making it difficult for the gov't to get any new money since everyone will just buy the stuff that China is selling.
a) That doesn't make any sense. If they did that, it would be a short term market shake-up, predators would jump in to pick up essentially free bonds, and it would use up China's entire "arsenal" in a one-time event, and burn T-T-Trillions in its own capital in the process.
The conspiracy theory is that somehow, because of "Chinese loans", China now has some long term "leverage" over the US. But it doesn't work like that. China can't "call in its loans", it can't make threats. All it can do is sell on the open market. For China to try to act, it burns trillions in its own capital, and gains nothing in the long run but a few months of market excitement which they can't take advantage of, because...
b) The US Treasury completely controls the bonds it sells. If China dumps it's entire investment, not concerned about the cost, the US govt could simply force the purchase for itself at that price. The effect on the market is zero. If that's not enough, the US govt could selectively default on Chinese-owned bonds, or ban their resale for so many days, zeroing their value, restoring a normal market. Or it could just limit the rate of transfer of Chinese-owned bonds.
Likewise, if China dumped its current holdings, hoping to raise the interest rates the US must offer for new debt to extortionate levels, then buys those bonds to lock in a higher interest rate as some kind of market scam, the US can happily take China's money and then selectively default on those new Chinese-owned high-interest bonds. (It's not as if crashing the bond markets is subtle. So the US govt will have every excuse to pass emergency legislation against this "hostile act". Just as they could act against any dangerous market manipulation.) And China isn't stupid enough to risk it.
You can't damage another country by buying its debt in its currency in a system that it has utter control over.
(The reason European debt is dangerous (ie, Greek debt) is because it's in a "foreign" currency, the EU. Any country that is forced to borrow in a foreign currency puts itself at risk. The US doesn't "Borrow" at all. It issues US Dollar, fixed interest, debt bonds. Any crisis that lowers the value of the US dollar, lowers US debt relative to other currencies. Totally different ballgame.)
Suppose the US needs (like, *really* needs) some additional money, so they decide to float some new bonds.
Oh, and these two events don't have to be tightly correlated. The US can print money now and issue debt later. Inflation isn't instant. The US dollar might drop in value on the currency markets, but that doesn't affect internal prices immediately, although it does immediately make US exports more competitive. Once China shoots its wad, and markets have recovered, the US then issues debt to cover spending.
Science is all about firing a drunk pig out of a cannon just to see what happens.
Hell, the brits own 4%, half of what china does.