Slashdot Mirror
White House Confirms Chinese Cyberattack
New submitter clam666 writes "White House sources partly confirmed that U.S. government computers — reportedly including systems used by the military for nuclear commands — were breached by Chinese hackers. From the article: 'The attempted hack used 'spear phishing,' in which an attacker sends an email to a specific target that uses familiar phrases in hopes that the recipient will follow links or download attachments that unleash the hacker's malware. None of the White House's secure, classified computer systems were affected, said the official, who reached out to POLITICO after the Free Beacon story appeared — without having been asked for comment. Nor had there been any attempted breach of a classified system, according to the official.'"
.... between what happens to the chinese perpetrators and what has happened to Gary McKinnon over the years!
Obligatory: Would you like to play a game of thermonuclear warfare?
Next up, petitioning the White House to find out why the fuck nuclear control systems are on the internet ...
#fuckbeta #iamslashdot #dicemustdie
How can the attack include military systems used for nuclear commands, yet not include any secure classified systems?
When they made a list of which government systems should be secured, they decided to leave the nukes off that list?!
Alphanos
I call right-wing partisan beatup.
Stupid talking point for dumb people, who don't realize that in real life, a crime can't be solve in 40 minutes, like on CSI: Miami.
Backing up my suspicions for the last 2+ years:
How does the US know the actual nationality of the hackers and not just their end-proxy?
The US have been trying to insinuate a cyber-war for years now, and never said how they know who's behind it (if you said the *ATTACK* came from China, fair enough - to say it ORIGINATED there is more of a stretch, and to say it was Chinese hackers is just ludicrous).
Of course we have suspicions and think we might know who's behind it and who owns the net-blocks, but what a wonderful way to discredit a nation and put the blame on someone else when you want to cyber-attack the US - just proxy through China and start WW3 when the US relatiates.
Really, US? How do you *KNOW*? On the scale that you can confidently state the Chinese "attacked" you (and coupled with your statements that cyber-attacks could be considered acts of war?)? You're REALLY that sure it was China that did it? That you can announce on the news that it was the country itself?
Or do you just want to start a war with China for some reason?
How do they know the phishing emails were sent by Chinese hackers? Are they just using the IP address of where the email originated to determine the nationality of the hackers?
Stupid talking point for dumb people, who don't realize that in real life, a crime can't be solve in 40 minutes, like on CSI: Miami.
It took me less than a minute to realize a coordinated attack on an embassy is not "spontaneous". If anything, it should be easier to determine the Embassy attack was "terrorism" (or at least coordinated and planned) than a Chinese hacker spearfished a certain person on a certain system at a certain time. Just because you stick your head in the sand and ignore warning signs of attack and indicators of planning, it doesn't mean the attack was spontaneous. Even during deployment in Iraq, I saw sugarcoating of events... I see through that bullshit. The Embassy attack was planned, plain and simple. It was well executed. A mob doesn't have that coordination.
Well, not directly. But clearly there's data from public networks leaking into it; Security is badly broken somewhere.
#fuckbeta #iamslashdot #dicemustdie
Of course.
First, there's a "smoking gun" in the breach. The attack's general incoming direction can easily be traced to china, which at least indicates a proxy's sitting there. That gives China an opportunity to cooperate (if it really wasn't the government, or at least if they have a scapegoat handy), leading to some diplomatic goodwill and good PR all around. In an assassination, the evidence takes far longer to work out and get a general direction from, and accusing another country of assassination is a much more serious accusation, that can't be spun into happy cooperation as easily.
Then there's the target. An unclassified system being breached doesn't really matter, so even without any definite culprit or even many facts, the news can be released without too much worry. For an assassination, everyone involved in the investigation will immediately be inundated with requests for more information, taking precious time away from the investigation itself.
Less need for careful tact means the news can be released faster. This principle is unrelated to what politicians are in charge.
You do not have a moral or legal right to do absolutely anything you want.
The web page is slow, but the phish is patient.
If you read TFA "Soy sauce has been found all over port 21 and a Beijing duck was stuck on the firewall".
No matter how secure you think a network is, there's always some idiot that does something like:
1. Upload 50 GB of downloaded music onto a secure network.
2. Upload 1 TB of downloaded movies onto a secure network.
3. General wants his/her Wikipedia fix, so there's one hole in the network security.
4. General #2 wants to check his/her Fantasy Football team from a secure network, hole #2 in security.
5. Etc. Etc. Etc.
So-called "secure" networks are nothing of the sort. They leak like a colander.
sudo make me a sandwich
Attribution.
Disclaimer: I am a Navy Information Warfare Officer.
First, it's important to note that the White House didn't confirm the suspected source. It was anonymous officials who said this appeared to originate "from China" -- take that as you will.
As you point out, an attack may appear to come from a particular (set of) IP address(es), network(s), or source(s). An attack may have a certain profile, or share a profile with other attacks. An attack may have an assumed motivation based on its target. The attacker(s) may even wish to make it appear that the attack is originating elsewhere.
Even if the "source" is established, is it a nation-state? Hacktivists? Nationalist hackers acting on behalf of government or at the government's explicit or implicit direction? Transnational actors? None of the above?
No one wants to "start a war" with China, but the error in balancing the cyber threat against the "hype" is assuming that all threats are bogus, or must be the result of hawks looking for neverending war, excuses to begin/escalate the next "Cold War", and similar. The threat from China is very real, long-established, and well-understood for anyone who cares to look. It has been discussed thoroughly, even for the Chinese, in their own strategic literature, and there are very public examples of China's offensive cyber capabilities. China's investment in offensive cyber capabilities comes because of the understanding that dominance of the information realm will essentially allow China to skip large chunks of military modernization and still be highly effective in any conflict with the United States.
Think of it this way: it's now assumed that the Stuxnet/Duqu/Flame family were created by the US and/or Israel. (Keep in mind that even overt admissions prove nothing, and can be self-serving...) Even before the books and articles about OLYMPIC GAMES, attribution was assumed because of the target and because of snippets of clues in the code. In general, why is that assumption any more or less valid than this? Is it because some are more inclined to believe that of course the US engages in cyber warfare; but any cyber attacks against us are suspect.
Of course, there are those who will assume that indications of any cyber attack will always be a "false flag" and/or used by those with ulterior motives who want war. It can't possibly be that there are aggressors who indeed want to attack the US, and who greatly benefit from the odd proclivity of those in free societies to see the enemy as their own government, while overlooking the actual adversary. Sun Tzu would be beaming.
Background:
Chinese Insider Offers Rare Glimpse of U.S.-China Frictions
http://www.nytimes.com/2012/04/03/world/asia/chinese-insider-offers-rare-glimpse-of-us-china-frictions.html?_r=1
"The senior leadership of the Chinese government increasingly views the competition between the United States and China as a zero-sum game, with China the likely long-range winner if the American economy and domestic political system continue to stumble, according to an influential Chinese policy analyst. China views the United States as a declining power, but at the same time believes that Washington is trying to fight back to undermine, and even disrupt, the economic and military growth that point to China’s becoming the world’s most powerful country."
China is on track to exceed US military spending in real dollars by 2025
http://www.economist.com/node/21542155
China’s military rise
http://www.economist.com/node/21552212
The dragon’s new teeth: A rare look inside the world’s biggest military expansion
http://www.economist.com/node/21552193
Essential
May I point you to Hanlon's razor?
"Never attribute to malice that which is adequately explained by stupidity."
http://en.wikipedia.org/wiki/Hanlon's_razor
For every problem there is a solution that is simple, obvious and wrong.
First off, CSI Miami is 42 minutes long.
Second, the Libyan President went on TV 1 week after the attack and said it was a terrorist attack. With the enormous intelligence budget we give to all the various Three-Letter Agencies, the U.S. should have known before a fledgling country with no intelligence agencies.
Oh yeah. Just like they did on September 10, 2001.
There's a country full of milling militias, any one (or more) which might seize an opportunity in a condition of general unrest. There's the possibility that one single militia had one single pre-prepared plan that they could roll out. There's the possibility that Al-Qaeda had a plan already set up and scheduled. Then again, there's a load of politically-based sensationalism a certain so-called "News" network wants to promote, which is basically trying to convince us that Osama, er, "Usama" bin Ladin personally led a wave of jihadis in a grand, pre-planned anniversary wave of jihadis - but only in one of the several unsettled countries making noise at that time.
Since when do we blindly believe what politicians say? Especially other people's politicians?
OK, I'm keeping an open mind. It's possible that this really was all an al-Qaeda plot. But I'd rather wait until the evidence was all collected, sifted and cross-checked. There's no ticking bomb here, and I'd really rather not have another pants-wetting rush to find ways to curtail our freedom just because some gang broke in and committed atrocities again.
Wow, that sounds bad.
Wait, so there are only a couple ways that these could both be claimed:
1. Someone is lying
2. Our gov't is actually dumb enough to not classify & secure systems used by the military for nuclear commands
3. Someone is lying
I'm guessing it's either 1 or 3.
Shame on you samzenpus. The white house has only confirmed that an unclassified computer has been hacked. Not one capable of nuclear commands, not that it was a Chinese attack.
Anyone else do a double take while reading summary?
"White House sources partly confirmed that U.S. government computers — reportedly including systems used by the military for nuclear commands — were breached by Chinese hackers."
Check. Got it.
"Nor had there been any attempted breach of a classified system, according to the official.'"
Chinese breach nuke system, no classified systems were breached, so nuke systems aren't classified....?
HA! I just wasted some of your bandwidth with a frivolous sig!
Oh please! The DoD has been aware since, I don't know, the 1980s that anything important is not hooked up the public internet. I imagine that if they've been following their own doctrine, it's a treasonous offense to put any material not for public consumption on an internet-accessible machine, whether or not they think it's publicly accessible. Hell, it's been a long standing joke in the hacker / cracker communities -> "So tell me again, PH3@RMe, how you hacked a FBI / CIA / DoD server and got access to some uber-elite secret files" with full knowledge that nothing important is kept on those servers, and defacing the website (or serving up pr0n / warez on the FTP) is simply for bragging rights.
Frankly I wouldn't be surprised if the web servers for many of these organizations lacked a hard drive, and booted purely from a burned DVD. Just reboot the machine whenever the checksums on the files change.
I am John Hurt.
I wonder if: the WH picks up a phone and calls somebody in the Chinese Embassy or straight to the right contact and says: yo, is this yours? Do you realize we interpret these things as an act of war?
US Diplomat: We have found out that there are attempts to gain access to US secure systems coming from Chinese controlled IP addresses. We take offense at this activity, and request that you cease immediately.
....And both sides keep hacking.
China Diplomat: The Peoples Republic abhor illegal and immoral activity, and in now way condone such behavior. While we are on the topic, we have discovered similar attacks on our systems coming from US controlled addresses.
US Diplomat: It is not the policy of the US to engage in clandestine cyber attacks on state controlled computer systems. We do not condone any such action.
China Diplomat: Excellent, we are in agreement then!
HA! I just wasted some of your bandwidth with a frivolous sig!
How long will you excuse the stupidity before you realize that it's intentional? It took me quite a long time, and I ignored all the warnings from people around me at the time. Now that we have descended in to the state they predicted, bankrupted and near tyranny I get it.
Instead of wasting your time making excuses for them, do something productive. Go get some people you trust on ballots and campaign to get them in to offices, and get the turds out of the punch bowl.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Seriously. If the murder 3000+ Americans didn't put a dent in Saudi-US relations...
You're correct- It didn't put a dent in the relations the US has with a certain group of Saudis that hold power in their nation.
The ties of the powerful to any particular nation have been fading for a while now. The small groups in each wealthy nation across the world, groups that hold much of the assets and power, identify more with each other than their birth nations.
Remember the phrase "Any problem in computer science may be solved with another layer of abstraction"? Think of these groups of ridiculously wealthy and powerful people as a layer of abstraction placed above the nations of the world- In my opinion, the interactions between many nations that exist under this abstraction are largely attempts at scripted drama, random aberrations, or corrective actions brought about to manage those not yet aligned to the majority's interests.
I don't think it's any of this "New World Order" crap- It's just what people do, all the time: Those of similar socioeconomic position and means, with similar outlooks on how society should work, tend to clump together to their mutual benefit. I hang out with my neighbors, I belong to an investment group of similarly minded co-workers and friends that exist in roughly the same socioeconomic plane. If someone either fabulously wealthy or very poor were to join this group, it wouldn't work out very well.
I believe some of the extremely rich and powerful take this to a higher level in that they want to shape society to fit their own views, but this is the same principle writ large. I'm not trying to label this negatively or positively in regards to ethics or morality, just summarizing what I believe I have observed.
I know you're an AC but I have to reply...
Unlikely. A large part of the US nuclear arsenal is actually on submarines these days. And if you really think a "cyber" attack could be so effective that not only the US but the entire NATO infrastructure could be permanently disabled (which is absurd outside of sci-fi) don't worry... the Brits still allow their subs to launch nukes at the discretion of the crew, yay!
So, a good enough attack would basically ensure the end of the world, so point #4 is pretty much moot.