Slashdot Mirror
US Defense Contractors and Universities Targeted In Cyberattacks
Trailrunner7 writes, quoting Threatpost: "Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors. The attacks are using highly customized malicious files to entice targeted users into opening them and starting the compromise. The attack campaign is using a series of hacked servers as command-and-control points and researchers say that the tactics and tools used by the attackers indicates that they may be located in China. The first evidence of the campaign was an attack on Digitalbond, a company that provides security services for ICS systems. ... In addition to the attack on Digitalbond, researchers have found that the campaign also has hit users at Carnegie Mellon University, Purdue University and the University of Rhode Island."
This is absolutely nothing new
When we start using cyberweapons against people without constraint and then post a whole bunch of articles about how cost effective it is, other nations see that as a reason enough to use them against us. Most states cant afford enough money to build $35 million dollar fighter jets or spy satilites, but can slip some script kiddies a few bucks to send out some spam with exploits in it.
This is low level Cyber warfare and its starting to ramp up. this is like the introduction of planes in WWI. At first they waived at each other on their scouting mission. then someone brought a pistol, then a rifle. Then it was gunners and machineguns until we get the Red Baron and Fighter Aces. Next thing we know its jet Propulsions and heat Seakers, Stealth fighters launching! Make no mistake, Stuxnet was the First pistol at 1000 feet, what comes next no one can guess.
what is obvious is that Information Assutrance is no longer a support service, somewhere behind tech support and first to be cut, IA is now a front line warfighter task. Lets just hope the bean countes realize in time!
Papa Legba come and open the gate
You forgot to mention Vietnam in that. Estimates put the Chinese casualties at far greater numbers than North Vietnamese troops.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
How dare China try to hack another country's computers, infect them with malware, and otherwise snoop on us!
Only a ROGUE STATE would do such a thing!!!
Not really the same government.
The China of the 50s and 60s was hardline communist (and killed ~60 million of their own people). Since that time China has experienced the Tienamen Square uprising & moved towards European-style socialism (free market capitalism + government safety nets). No longer following the same policies as the 50s/60s-era government.
Besides: It is not to their advantage to start killing their customers.
FREE magazine : http://clarkesworldmagazine.com/prior/
Are you saying Pakistan is a "bad friend" and proof of China's shittiness? Well WE are friends with Pakistan. What's that say about us?
Americans have killed more people in the last decade than any other country. 300,000 dead and about 2 million casualties with permanent disabilities (blown off arms, jaws, legs). What does THAT say about us? Speaking strictly as an observer I'd say China, the EU, even Russia look better.
FREE magazine : http://clarkesworldmagazine.com/prior/
You are making a massive leap in logic. If we opened a war with North Korea for example, I think you would find that even if it did not do so openly, China would be sending in lots of troops. The regime is not the only difference between now and the Vietnam/NK war times. There is also no open war in the area, which makes probably more difference than who is currently in power.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
FTFS: "Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors."
While Willie Sutton never actually said "that's where the money is" when it came to robbing banks, the truth in general about that statement couldn't be more apropos regarding this situation.
Data=Wealth.
--
BMO
Since we have such a closed government now, and many other countries are following the same exact tight lipped policies let me ask a few questions.
Syria, how many foreigners are involved? We simply don't know, and obviously we won't know. I think we both know that the US, China, and Russia are all involved right? Just how much and who becomes the question. Is Russia simply supplying arms? Or are they also manning gunships in "Police" action? (Just like the US does mind you)
How many Iranians are involved in the constant fights still going on in Iraq and Afghanistan? Pakistanis? Again, we don't know.
These are small conflicts at this point, the US made sure that the actual war was over very quickly. If this was a longer war, would more troops from more countries be involved? Historically the answer is a resounding "FUCK YEAH!"
The more open the conflict, the more apt there will be for people to send in soldiers. It's a simple game in politics that is universally played. Everyone want's their interests interjected on the other side. If that was not true, why would we have wars in the first place?
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
That's why we have administrator-level access and ultra-restrictive GPOs in the first place, right? In the hopes that the few people who can actually do damage to computers and servers aren't monkeys banging away in the hopes of producing Shakespeare?
As a final note, I would like to point out that ending my post with a question mark makes it seem more poingant and totally deserving a five. Except I spoiled it. Crap.
How many Chinese have been killed by other Chinese? (Google "Great Leap Forward" and "Cultural Revolution")
(Of course, you can point out that Americans kill Americans in mass numbers -- the Civil War,and, of course, the entire process of claiming the continent from the natives.. but then you can also compare Chinese civil wars and various ethnic clashes at those points in history, as well. Pick a century, and line 'em up, and see who is more brutal. (Answer: Probably no one to any meaningful degree, because we're all human, and thus, we all pretty much behave the same way over a span of time. You can always cherry-pick a decade or two where one culture was unusually peaceful, or pick a small or isolated subculture, but the longer you stretch the timescale or widen the definition of 'culture', the more it becomes obvious that we're not a peaceful species.))
"Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies
Just who in their right minds connects a SCADA unit directly to the Internet. Lets have a contest too see how long someone can write about Internet security without once mentioning Microsoft Windows.
"In Digitlbond's case, the file is called "Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.pdf.exe" and when it's opened, the file installs a Trojan downloader called spoolsvr.exe "
AccountKiller
"5 years ago I worked at a Defense contractor and we had a carefully crafted spear phishing attack .. A fake site was crafted"
A Defense contractor that can be compromised by a click-and-download-this-executable hack shouldn't be in the defense industry.
AccountKiller