Slashdot Mirror
White House Confirms Chinese Cyberattack
New submitter clam666 writes "White House sources partly confirmed that U.S. government computers — reportedly including systems used by the military for nuclear commands — were breached by Chinese hackers. From the article: 'The attempted hack used 'spear phishing,' in which an attacker sends an email to a specific target that uses familiar phrases in hopes that the recipient will follow links or download attachments that unleash the hacker's malware. None of the White House's secure, classified computer systems were affected, said the official, who reached out to POLITICO after the Free Beacon story appeared — without having been asked for comment. Nor had there been any attempted breach of a classified system, according to the official.'"
.... between what happens to the chinese perpetrators and what has happened to Gary McKinnon over the years!
Obligatory: Would you like to play a game of thermonuclear warfare?
Next up, petitioning the White House to find out why the fuck nuclear control systems are on the internet ...
#fuckbeta #iamslashdot #dicemustdie
How can the attack include military systems used for nuclear commands, yet not include any secure classified systems?
When they made a list of which government systems should be secured, they decided to leave the nukes off that list?!
Alphanos
I call right-wing partisan beatup.
Stupid talking point for dumb people, who don't realize that in real life, a crime can't be solve in 40 minutes, like on CSI: Miami.
Backing up my suspicions for the last 2+ years:
How does the US know the actual nationality of the hackers and not just their end-proxy?
The US have been trying to insinuate a cyber-war for years now, and never said how they know who's behind it (if you said the *ATTACK* came from China, fair enough - to say it ORIGINATED there is more of a stretch, and to say it was Chinese hackers is just ludicrous).
Of course we have suspicions and think we might know who's behind it and who owns the net-blocks, but what a wonderful way to discredit a nation and put the blame on someone else when you want to cyber-attack the US - just proxy through China and start WW3 when the US relatiates.
Really, US? How do you *KNOW*? On the scale that you can confidently state the Chinese "attacked" you (and coupled with your statements that cyber-attacks could be considered acts of war?)? You're REALLY that sure it was China that did it? That you can announce on the news that it was the country itself?
Or do you just want to start a war with China for some reason?
First off, CSI Miami is 42 minutes long.
Second, the Libyan President went on TV 1 week after the attack and said it was a terrorist attack. With the enormous intelligence budget we give to all the various Three-Letter Agencies, the U.S. should have known before a fledgling country with no intelligence agencies.
sudo make me a sandwich
They aren't even on siprnet.
Best Slashdot Co
White House sources partly confirmed that U.S. government computers ...including systems used by the military for nuclear commands, were breached by Chinese hackers.
I'm speechless. May heads roll!
How do they know the phishing emails were sent by Chinese hackers? Are they just using the IP address of where the email originated to determine the nationality of the hackers?
Stupid talking point for dumb people, who don't realize that in real life, a crime can't be solve in 40 minutes, like on CSI: Miami.
It took me less than a minute to realize a coordinated attack on an embassy is not "spontaneous". If anything, it should be easier to determine the Embassy attack was "terrorism" (or at least coordinated and planned) than a Chinese hacker spearfished a certain person on a certain system at a certain time. Just because you stick your head in the sand and ignore warning signs of attack and indicators of planning, it doesn't mean the attack was spontaneous. Even during deployment in Iraq, I saw sugarcoating of events... I see through that bullshit. The Embassy attack was planned, plain and simple. It was well executed. A mob doesn't have that coordination.
Of course.
First, there's a "smoking gun" in the breach. The attack's general incoming direction can easily be traced to china, which at least indicates a proxy's sitting there. That gives China an opportunity to cooperate (if it really wasn't the government, or at least if they have a scapegoat handy), leading to some diplomatic goodwill and good PR all around. In an assassination, the evidence takes far longer to work out and get a general direction from, and accusing another country of assassination is a much more serious accusation, that can't be spun into happy cooperation as easily.
Then there's the target. An unclassified system being breached doesn't really matter, so even without any definite culprit or even many facts, the news can be released without too much worry. For an assassination, everyone involved in the investigation will immediately be inundated with requests for more information, taking precious time away from the investigation itself.
Less need for careful tact means the news can be released faster. This principle is unrelated to what politicians are in charge.
You do not have a moral or legal right to do absolutely anything you want.
Definitely some interesting times ahead as the US's knee jerk SPREAD PEACE LOVE AND DEMOCRACY WITH BOMBS response meets the reality of that whole starting a war in Asia thing.
It's not so tough to look inside a payload and scoop out an address and say: oh look! Chinese! But that's not necessarily where the original attackers are from: they are from anywhere, but the address was in a Chinese CIDR block somewhere, on a system that may or may not have been externally controlled from anywhere in the world.
Politically, however, the finger was pointed at China. Whether it was pointed correctly or not isn't really known. For now, however, if you believe the WH, then it's Chinese. But Chinese "patriots" or Chinese military or Chinese officials or who? No mention is made. Could be someone over-stoked on caffeine at an all-night CyberCafe for all we know.
---- Teach Peace. It's Cheaper Than War.
The web page is slow, but the phish is patient.
Very few people will click links from unknown sources, even in government.
However, when the email comes through saying it's from a common company such as Intuit or Chase (both of which have been used in phishing attacks I've seen lately), and comes from an email address from that domain, and looks legitimate (pictures and all), and it tells them that they can either click the link or type in the address, and can even address the target by name, most people won't think twice about clicking that little link to save some time.
As far as they can easily see, it's an email from a company they're in contact with, offering them a convenient link to take care of some important issue.
You do not have a moral or legal right to do absolutely anything you want.
If you read TFA "Soy sauce has been found all over port 21 and a Beijing duck was stuck on the firewall".
Attribution.
Disclaimer: I am a Navy Information Warfare Officer.
First, it's important to note that the White House didn't confirm the suspected source. It was anonymous officials who said this appeared to originate "from China" -- take that as you will.
As you point out, an attack may appear to come from a particular (set of) IP address(es), network(s), or source(s). An attack may have a certain profile, or share a profile with other attacks. An attack may have an assumed motivation based on its target. The attacker(s) may even wish to make it appear that the attack is originating elsewhere.
Even if the "source" is established, is it a nation-state? Hacktivists? Nationalist hackers acting on behalf of government or at the government's explicit or implicit direction? Transnational actors? None of the above?
No one wants to "start a war" with China, but the error in balancing the cyber threat against the "hype" is assuming that all threats are bogus, or must be the result of hawks looking for neverending war, excuses to begin/escalate the next "Cold War", and similar. The threat from China is very real, long-established, and well-understood for anyone who cares to look. It has been discussed thoroughly, even for the Chinese, in their own strategic literature, and there are very public examples of China's offensive cyber capabilities. China's investment in offensive cyber capabilities comes because of the understanding that dominance of the information realm will essentially allow China to skip large chunks of military modernization and still be highly effective in any conflict with the United States.
Think of it this way: it's now assumed that the Stuxnet/Duqu/Flame family were created by the US and/or Israel. (Keep in mind that even overt admissions prove nothing, and can be self-serving...) Even before the books and articles about OLYMPIC GAMES, attribution was assumed because of the target and because of snippets of clues in the code. In general, why is that assumption any more or less valid than this? Is it because some are more inclined to believe that of course the US engages in cyber warfare; but any cyber attacks against us are suspect.
Of course, there are those who will assume that indications of any cyber attack will always be a "false flag" and/or used by those with ulterior motives who want war. It can't possibly be that there are aggressors who indeed want to attack the US, and who greatly benefit from the odd proclivity of those in free societies to see the enemy as their own government, while overlooking the actual adversary. Sun Tzu would be beaming.
Background:
Chinese Insider Offers Rare Glimpse of U.S.-China Frictions
http://www.nytimes.com/2012/04/03/world/asia/chinese-insider-offers-rare-glimpse-of-us-china-frictions.html?_r=1
"The senior leadership of the Chinese government increasingly views the competition between the United States and China as a zero-sum game, with China the likely long-range winner if the American economy and domestic political system continue to stumble, according to an influential Chinese policy analyst. China views the United States as a declining power, but at the same time believes that Washington is trying to fight back to undermine, and even disrupt, the economic and military growth that point to China’s becoming the world’s most powerful country."
China is on track to exceed US military spending in real dollars by 2025
http://www.economist.com/node/21542155
China’s military rise
http://www.economist.com/node/21552212
The dragon’s new teeth: A rare look inside the world’s biggest military expansion
http://www.economist.com/node/21552193
Essential
Of course. That was a point I made in my second paragraph. Now China can step up and help, offering some token gesture of cooperation, like extracting/forging logs pointing in some other direction. This is a chance for diplomatic small-talk, where a little good-faith effort on a task that's meaningless in the long run can help hold off the prospect of an upcoming war with China.
China also has the opportunity to take this flimsy accusation as a grave insult, so they could start rattling sabers and head closer to war... but then they look like aggressors just waiting for an excuse to pick a fight.
You do not have a moral or legal right to do absolutely anything you want.
I wonder if: the WH picks up a phone and calls somebody in the Chinese Embassy or straight to the right contact and says: yo, is this yours? Do you realize we interpret these things as an act of war?
Or does this online Spy Vs Spy game continue until something really evil happens?
---- Teach Peace. It's Cheaper Than War.
Every person in China is sovereign property of the Communist Chinese Government. Therefore, if any person in China attacks the US, China is attacking the US.
This is a blatant Act of War that deserves an immediate response.
You want to know how I know you don't work in security?
There are supposed to be secure channels for having informal diplomatic discussions that are kept private, where a conversation like the former could take place, but I suspect that diplomats are a bit wary of making "private" comments these days. That leaves only the subtle dance of public politics, where the latter is likely.
You do not have a moral or legal right to do absolutely anything you want.
May I point you to Hanlon's razor?
"Never attribute to malice that which is adequately explained by stupidity."
http://en.wikipedia.org/wiki/Hanlon's_razor
For every problem there is a solution that is simple, obvious and wrong.
The next time the US is attacked by a nation - in the sense of Dec 7, 1941, it will go down like this outline:
1. Cyber attack knocking out our infrastructure and parts of our military and government.
2. My fellow Americans run around like the scared sheep that they are.
3. Dorks with AR-15 with the M-4 conversion kits start running around shooting people to "protect" everyone. The cops hide.
3. Attacker sends over wave after wave of really cheap aircraft knocking out all the high tech planes like the f-22 and everything else.
4. They win.
As opposed to what, serving yourself and now trying to play the victim?
First off, CSI Miami is 42 minutes long.
Second, the Libyan President went on TV 1 week after the attack and said it was a terrorist attack. With the enormous intelligence budget we give to all the various Three-Letter Agencies, the U.S. should have known before a fledgling country with no intelligence agencies.
Oh yeah. Just like they did on September 10, 2001.
There's a country full of milling militias, any one (or more) which might seize an opportunity in a condition of general unrest. There's the possibility that one single militia had one single pre-prepared plan that they could roll out. There's the possibility that Al-Qaeda had a plan already set up and scheduled. Then again, there's a load of politically-based sensationalism a certain so-called "News" network wants to promote, which is basically trying to convince us that Osama, er, "Usama" bin Ladin personally led a wave of jihadis in a grand, pre-planned anniversary wave of jihadis - but only in one of the several unsettled countries making noise at that time.
Since when do we blindly believe what politicians say? Especially other people's politicians?
OK, I'm keeping an open mind. It's possible that this really was all an al-Qaeda plot. But I'd rather wait until the evidence was all collected, sifted and cross-checked. There's no ticking bomb here, and I'd really rather not have another pants-wetting rush to find ways to curtail our freedom just because some gang broke in and committed atrocities again.
You made a mistake, it took 2 weeks to accuse the right party instead of blaming our free speech, some corny movie that would struggle to be B quality and the awesome tolerance other cultures have for ours.
Madeleine Albright was just in Ohio campaigning for Obama, and she said it's a difficult situation to understand and that Romney was wrong in criticizing the White House because it takes time and investigation to determine what happened. I hoping someone would ask "why was they speaking about it before having those crucial facts then?" but the topic didn't allow questions.
Wow, that sounds bad.
Wait, so there are only a couple ways that these could both be claimed:
1. Someone is lying
2. Our gov't is actually dumb enough to not classify & secure systems used by the military for nuclear commands
3. Someone is lying
I'm guessing it's either 1 or 3.
What victim? The only victims are the 4 people who died. They died after 6 hours of fighting. There's an entire Brigade stationed in Italy, a few hours flight away. Where were the Marines to stage a rescue? Those 4 men died because of the administrations failures. We should have reminded the residents of Libya why the Marine Corps Song start with "From the halls of Montezuma to the shores of Tripoli."
sudo make me a sandwich
Shame on you samzenpus. The white house has only confirmed that an unclassified computer has been hacked. Not one capable of nuclear commands, not that it was a Chinese attack.
Anyone else do a double take while reading summary?
"White House sources partly confirmed that U.S. government computers — reportedly including systems used by the military for nuclear commands — were breached by Chinese hackers."
Check. Got it.
"Nor had there been any attempted breach of a classified system, according to the official.'"
Chinese breach nuke system, no classified systems were breached, so nuke systems aren't classified....?
HA! I just wasted some of your bandwidth with a frivolous sig!
China is the enemy.
Politically, however, the finger was pointed at China.
Technically, the finger should be pointed at Microsoft.
When all you have is a hammer, every problem starts to look like a thumb.
Oh please! The DoD has been aware since, I don't know, the 1980s that anything important is not hooked up the public internet. I imagine that if they've been following their own doctrine, it's a treasonous offense to put any material not for public consumption on an internet-accessible machine, whether or not they think it's publicly accessible. Hell, it's been a long standing joke in the hacker / cracker communities -> "So tell me again, PH3@RMe, how you hacked a FBI / CIA / DoD server and got access to some uber-elite secret files" with full knowledge that nothing important is kept on those servers, and defacing the website (or serving up pr0n / warez on the FTP) is simply for bragging rights.
Frankly I wouldn't be surprised if the web servers for many of these organizations lacked a hard drive, and booted purely from a burned DVD. Just reboot the machine whenever the checksums on the files change.
I am John Hurt.
With the amount of US Debt that China holds, Obama will say nothing and hope this goes away. At any other time and with any other Administration, we would be floating 2 carrier groups into the Sea of Japan and preventing any Chinese trade vessels from docking at our ports.
They are nothing without the American consumer.
Of course. That was a point I made in my second paragraph. Now China can step up and help, offering some token gesture of cooperation, like extracting/forging logs pointing in some other direction.
This was a state acting, as cyber criminals likely don't care about nuclear delivery infrastructure. Assuming that I am a black hat in the official service of state intelligence attempting to compromise highly sensitive information, I am going to work through compromised foreign proxies ("I'm behind 7 proxies!"), burning one or more of them after each use, via drive wipes and deliberate infection with destructive viruses.
It seems weird that you would try something this daring directly from your home soil. It would be a great way to frame China for your misbehavior though, and throw the US off your scent.
HA! I just wasted some of your bandwidth with a frivolous sig!
I wonder if: the WH picks up a phone and calls somebody in the Chinese Embassy or straight to the right contact and says: yo, is this yours? Do you realize we interpret these things as an act of war?
US Diplomat: We have found out that there are attempts to gain access to US secure systems coming from Chinese controlled IP addresses. We take offense at this activity, and request that you cease immediately.
....And both sides keep hacking.
China Diplomat: The Peoples Republic abhor illegal and immoral activity, and in now way condone such behavior. While we are on the topic, we have discovered similar attacks on our systems coming from US controlled addresses.
US Diplomat: It is not the policy of the US to engage in clandestine cyber attacks on state controlled computer systems. We do not condone any such action.
China Diplomat: Excellent, we are in agreement then!
HA! I just wasted some of your bandwidth with a frivolous sig!
How long will you excuse the stupidity before you realize that it's intentional? It took me quite a long time, and I ignored all the warnings from people around me at the time. Now that we have descended in to the state they predicted, bankrupted and near tyranny I get it.
Instead of wasting your time making excuses for them, do something productive. Go get some people you trust on ballots and campaign to get them in to offices, and get the turds out of the punch bowl.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
And just to be clear, do you think Obama is just "Stupid" when he is spending 2 times what the Government income is every year? Does anyone not know what happens when they have 0 savings, and spend twice their income year after year? Come on now, you can't be that gullible can you?
Do you think that Fast and Furious was just a stupid idea, and of course ignore demand letters 1-3? I'm guessing so, because they are too stupid to make those kinds of mistakes intentionally right?
The NDAA was just another mistake I'm sure. Lets ignore the fact that Obama and his attorneys have appealed the judges ruling twice now, it's just stupidity at work and he really does care about John Q Public and would never put them in jail or kill them without trial.
Yeah, I mean.. these guys are just stupid. I mean, all those years of grooming and college to prep them for the office and they are just.. well, stupid right? Or are the people that believe they are stupid?
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Yep.. Remember farm sluts?
http://www.youtube.com/watch?v=snjCj0ntG8E
after the Free Bacon story appeared
Which is it, shortage or surplus??
The US economy is not your stupid household budget. Stop making that asinine comparison.
Seriously. If the murder 3000+ Americans didn't put a dent in Saudi-US relations...
You're correct- It didn't put a dent in the relations the US has with a certain group of Saudis that hold power in their nation.
The ties of the powerful to any particular nation have been fading for a while now. The small groups in each wealthy nation across the world, groups that hold much of the assets and power, identify more with each other than their birth nations.
Remember the phrase "Any problem in computer science may be solved with another layer of abstraction"? Think of these groups of ridiculously wealthy and powerful people as a layer of abstraction placed above the nations of the world- In my opinion, the interactions between many nations that exist under this abstraction are largely attempts at scripted drama, random aberrations, or corrective actions brought about to manage those not yet aligned to the majority's interests.
I don't think it's any of this "New World Order" crap- It's just what people do, all the time: Those of similar socioeconomic position and means, with similar outlooks on how society should work, tend to clump together to their mutual benefit. I hang out with my neighbors, I belong to an investment group of similarly minded co-workers and friends that exist in roughly the same socioeconomic plane. If someone either fabulously wealthy or very poor were to join this group, it wouldn't work out very well.
I believe some of the extremely rich and powerful take this to a higher level in that they want to shape society to fit their own views, but this is the same principle writ large. I'm not trying to label this negatively or positively in regards to ethics or morality, just summarizing what I believe I have observed.
The corruption is at worst a symptom of a larger problem. China appears to be suffering from the same problems experienced by Japan on its way to surpassing the US as an economic superpower. Now, that didn't happen, did it? Japan faltered because for the longest time Japan was virtually a one-party state. Now look at that other "great" one-party state, the Soviet Union.
There are otther factors of course, such as Japan's graying population, a problem that China is also facing because of its ill-conceived one-child policy. But even minor, public policy differences produce an incentive to search for solutions different from the accepted orthodoxy.
Monopolies aren't good, whether it's a company or a state party. China most likely wont' surpass the US as a superpower. Both may well go into a state of decline and be surpassed a third country with enough sense not to nurture economic or political monopolies that breed both corruption and stagnation.
that the intelligence services actually wanted to analyze the data and question people before making a conclusion?
Yes, countries can go broke. NO it's not like a household budget. It's not. Period.
Have you bothered to study any history at all? Do you know what happens when a country goes bankrupt? I'm guessing not, since you seem to believe that it's no big deal. Go read some fooking history, the get back to us on the issue.
And to say it does not compare is completely asinine on your part, at least in the basics of an economy and budget. Since you fail to read history, I'm guessing that you really truly believe that comparing spending money I don't have is different between a Government and a Household, which means that you severely lack education.
Ever hear of Morgan Friedman? Go listen to some of his speeches so that you don't have to work very hard to get educated. Heaven forbid anyone exert any effort in knowing what they hell they are talking about.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Deficit spending is the same, no matter who's budget you are looking at. Whether Government or you at home, spending what you don't have with no plan to get out of debt ensures bankruptcy. The difference of course is a matter of whom gets fucked when the bankruptcy occurs, in which case a Government should never have been allowed to spend money it does not have since every citizen gets fucked over on a default. See here.
To claim there is no similarity without qualifiers screams of ignorance. If you had claimed the difference is that the Government fucks over a lot more people in the process, I'd agree with your claim. You however seem to be under the delusion that it's okay for a Government to spend in a deficit, take money from funds of the people (see what the US President EO's have done to Social Security over the last 30 years), etc.. etc.. and it's not. A Government should NEVER spend money it does not have, ever.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
They are not the same, and you are not an economist. It has been written many times by people who DO work with the economy that it is a stupid analogy.
Are you getting Milton Friedman confused with Morgan Freeman in a message where you're scolding me for not knowing what I'm talking about? Just so we're clear.
No, it isn't.
Among many: http://www.rooseveltinstitute.org/new-roosevelt/federal-budget-not-household-budget-here-s-why
I never claimed to be an economist, however I have studied many and what their thoughts are. There is no confusion in whom I was referring. Here is a Wiki page with his information, but there are numerous speeches from him available on Youtube. A quick Google search would have yielded the same result as I posted, so you obviously care very little about your ignorance.
Pay attention to what he says regarding deficit spending, and remember that he is not alone. Every great economist over the last 300+ years has said the same thing. If you want to bankrupt and kill a country, spend what you don't have. This is not rocket science at all, you are just believing a fallacy that someone taught you claiming it's okay for a Government to spend spend spend even when they don't have it. You have been mislead, and all you have to do is study a bit to see that the fallacy is just that.
If you fail to believe the economists, why not look at history? I gave you an example, but there are many more. Germany was not the only country to do this. And don't keep fooling yourself, how economies work does not change over time. The mistakes being made now will yield the same results as they yielded the Germans in the early 20th century, and have yielded for every country that has taken the same path. As the old proverb states "those that fail to learn from history are doomed to repeat it."
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.