Iranians, Russians, and Chinese Hackers Are After You, Says Lawmaker

Velcroman1 writes "The House Intelligence Committee is warning that 'time is running out' before the next major cyberattack: The Russians, Iranians, Chinese, and others are likely already on your computer. 'You have criminal organizations trying to get into your personal computer and steal your personal stuff. And by the way, the Chinese are probably on your computer, the Russians are probably on your personal computer, the Iranians are already there,' House Intelligence Committee chairman Mike Rogers (R.-MI) said. 'They're trying to steal things that they think are valuable or use your computer to help them steal from someone else,' he said. 'That's a real problem.'"

lol

1999 called, wants its headline back. You also left out the us government.

Re:lol

[cusco]

Amazing. A lawmaker from Michigan learned to read a newspaper headline.

Oh, wait, that's a lawmaker from Michigan. He's just spouting what the lobbyists from Symantec and McAfee are whispering in his year. False alarm.

Re:lol

[yurtinus]

Oh 1999, how I miss you. Back then I was working at the local CompUSA and had a lady come in looking for security software:

her: "I have a hacker in my computer"
me: "Oh, you mean a virus?"
her: "No, it's my neighbor. He's gotten in there and I need a program to get him out"
me: (head explode)

I do wish I had recorded the entire conversation, but I couldn't convince her that if the her modem wasn't connected to the internet, nobody could do anything with her computer from the outside. She'd gone as far as turning off and unplugging the computer. He was coming through the power lines, through the TV, he was already *in there* hacking away even with the power turned off... I eventually gave up and sent her off with some firewall software. These are the kinds of people we need to get some rational thought into, Gods help us.

Re:lol

[gmuslera]

They think we won't notice the elephant (and the donkey) in the room.

Re:lol

[Jeremiah+Cornelius]

NSA, CIA, FBI.

"Waiter, there a fusion center in my soup!"

Re:lol

"the Chinese are probably on your computer, the Russians are probably on your personal computer, the Iranians are already there"

That's a relief. I was worried it might be the Americans...

Re:lol

[Vlad_the_Inhaler]

My case is worse - the FSF have software on my computer. The horror of it all.

Re:lol

How soon was that after "Ghost in the Machine" came out?

Re:lol

[Xphile101361]

1999 - 1967 = 32 years

Re:lol

[mattizzle2013]

Schizophrenia. I've met a woman who thought the same things. She was actually Schizophrenic. It's a terrible disease. She also thought her neighbours were breaking into her home and planting bugs, etc.

Re:lol

[Synerg1y]

I thought that good salesmanship was to sell that lady the most comprehensive product you can without balking at the price.

The logic is the store gets paid and the lady gets peace of mind.

Sounds shitty right? Thus I won't be doing retail sales ever again.

Re:lol

[desdinova+216]

Amazing. A lawmaker learned to read a newspaper headline. Oh, wait, that's a lawmaker. He's just spouting what the lobbyists from Symantec and McAfee are whispering in his year. False alarm.

FTFA

Re:lol

[IWantMoreSpamPlease]

A very close friend of mine's sister suffers from that. Came on in her mid to late 20s, she threw away her entire life as she spiraled down the path of insanity. It really is heartbreaking to watch

Re:lol

[FatdogHaiku]

"Waiter, there a fusion center in my soup!"

Did you order the Spicy Dumpling Borscht with Arde?

Re:lol

[yurtinus]

It is shitty, and I never was a very good salesman.

Glad I'm out of that business as well.

Re:lol

[electron+sponge]

1999 called

Did you warn them about 9/11?

Re:lol

ha! That's nothing. I use to work for Geek Squad and had a guy come in stating that he was being hacked and spied on by the government. He was an old Vietnam war vet and was freakin' out. He kept saying that they know so much about him and that he doesn't understand how they could find out all that info. Turns out google analytics was tracking his website visits and was displaying ads that were relevant to him. He thought that someone was somehow telling him something through these ads....I guess someone was tracking him all along...Corporate Big Brother.

Re:lol

[blueturffan]

1999 - 1967 = 32 years

Unless the AC was referring to the album by The Police, which was released in 1981.

Re:lol

[Waffle+Iron]

1999 called

Did you warn them about 9/11?

NO! If you alter the past in that way, we could all poof out of existence.

Re:lol

[sconeu]

1999 called

Did you warn them about 9/11?

ObXKCD: http://xkcd.com/875

Re:lol

[KillAllNazis]

Don't we all?

Re:lol

[trazom28]

Oh, it's still happening. I was just told today that an iPad that couldn't connect to a WAP, that uses cablemodem must have also broken the phone line (not over cable, separate phone company). Was totally convinced. Nevermind we got a hellacious ice storm last night, with power lines down all over... nah.. that couldn't be it!

Re:lol

"Don't we all?"

^Trufax

Just look at what political campaigns and cleaning product ads try and sell you etc etc

Re:lol

[GodfatherofSoul]

Is it possible that some exploit had itself burrowed into her system so that whenever she turned it back on, she could see evidence it was working again? Keep in mind that the uninitiated don't have the vocabulary to express what's actually happening (boot scripts, hacked MBRs, etc). I can see how a non-techie could make those kinds of silly assumptions ("my laptop stays 'alive' so why can't my desktop?").

Re:lol

[cheater512]

So...the neighbour changed her background image to scare her?

Occam's Razor.

Re:lol

[runeghost]

Whispering in his ear? Please, that's so 19th Century. In the modern world, lobbyists have wireless access directly to their Congresscritters' brains via the Capitol Area Network. (Amount of bandwidth available to individual lobbyists is directly proportional to size and legality of past, present and future bribes.)

Re:lol

[yurtinus]

Dude, iPads are known to cause ice storms.

sheesh, some people don't know nothin'.

Re:lol

Oh, get over you bruised lady parts, both of you.

As professionals, probably working in the U.S., you certainly do far worse to people in your professional life, and in your private life, simply by existing, than the atrocities you allude to in the retail business.

You two belong to the plague of locusts that is America. The least you can do is own it.

Re:lol

[Beorytis]

1999 called

Did you talk to your grandpa?

Re:lol

[Ol+Olsoc]

She'd gone as far as turning off and unplugging the computer. He was coming through the power lines, through the TV, he was already *in there* hacking away even with the power turned off... I eventually gave up and sent her off with some firewall software. These are the kinds of people we need to get some rational thought into, Gods help us.

You do realize she was schizophrenic, don't you? Classic paranoia going on there.

Re:lol

[Linkreincarnate]

Not nearly as shitty as working in tech support but being reqired to upsell to people who's service wasn't working correctly.

Re: lol

[Xman73x]

It just proves as to how bad our national security is today! Shame on you FBI and CIA. America needs a better secure network or twice as much as the so called 64 bit encrypted network! Try over a million times by now secured network America!

Re:lol

[allseason+radial]

In the modern world, lobbyists have wireless access directly to their Congresscritters' brains via the Capitol Area Network.

Is that what it means when I hear a lobbyist say he's gotta go to the CAN?

Re:lol

[Genda]

No that would be a biological function, you can tell when they get their network marching orders when their eyes glaze over, flash blue for just a second and they suddenly have to leave to do something urgent.

Re:lol

[Genda]

That's right... all that Apple coolness can change the weather. In fact that's why they do the split tier release thing so as not to release all that coolness at once and precipitate a possible weather disaster. Before he died, Steve Jobs was working on a way to harness Apple Coolness to fight global warming, but he never got to finish.

Re:lol

[Genda]

No I ordered the Crab and Lobster Bisque with an extra helping of high energy neutrons!

Re:lol

[Genda]

He tried but he couldn't be heard over the people yelling and singing the Pince Song... I think they were partying!

Re:lol

[FatdogHaiku]

Three comments, three kinds of fusion...
If we could of worked the car in there it would have been a home run.
Oh, I know!
Persons commenting on this thread can tour Russia, China, and Iran in the Beautiful 2013 Ford Fusion *.
( *at their own expense. )

Not me!

[Endo13]

I'm wearing my trusty tin-foil hat!

Re:Not me!

[Forty+Two+Tenfold]

Alluminum doesn't rust.

Re:Not me!

[ColdWetDog]

He said 'trusty' not 'rusty'.

That's the problem with aluminum, all the noise it makes as it rattles around inside your head.

Re:Not me!

I swear you can't read, neither of you. Endo13 said tin-foil not aluminum foil. Sakes, get glasses please. :)

Re:Not me!

[Forty+Two+Tenfold]

Shoulda added the tilde...

Re:Not me!

Russians are our friends. Chinese and Iranians not so much. What is that you say comrade?

Re:Not me!

[Hillgiant]

Idiot.
http://en.wikipedia.org/wiki/Aluminum_Oxide

Re:Not me!

[Forty+Two+Tenfold]

NO. WAY. REALLY?

Re:Not me!

Idiot.
http://en.wikipedia.org/wiki/Aluminum_Oxide

Pedant.

Re:Not me!

Not on my computer. No way man.
I run the latest Windows and M$ says their OS is the most trust worthy and secure OS around.
No siree Bob, not heresy nein nyet nicht .. die infidel pig

So we need to snoop on your PC too

just to make sure they aren't and for your own protection.....

Re:So we need to snoop on your PC too

[DigiShaman]

I was about to say that this is the launching speech by which to regulate IT under the Executive branch. Pass a law that stays all IT personnel (devs and support) must have security clearance. Training and certification will be available. And you must renew upon expiration.

Of course, this is all to create more jobs and "tax" the wealthy IT industry all while maintaining national security. Oh, but Facebook will be excluded. Naturally.

Nothing, no matter how cynical surprises me anymore.

Re:So we need to snoop on your PC too

[cusco]

Always figured that if I was ever granted a security clearance it meant someone wasn't doing their job right. Then TSA gave me a TWIC (Transportation Workers Identification Credential) card, and confirmed that suspicion.

Welcome to 10 years ago

Except for the iranian part.

The danger of hyperbole...

"They're already ON your computer."
"The Red Menace is already AMONG us."

The desire to motivate people to take something seriously is admirable, the problem is that this kind of fear-mongering that will allow people to legally mandate restricted boot features and other lock-ins in the name of "security from the Red Menace."

Given that NK's best attempt at hacking Unix systems requires that you already gave root access keys to a Windows system, I can't say I'm that worried. There are lots of eyes on the keys with which my RedHat distros are signed, especially since they were social-engineered once. When [$bogeyman] can compromise those, I'll worry.

Re:The danger of hyperbole...

[Synerg1y]

No, fear-mongering of this intensity probably targets passing things like SOPA and CISPA, so that homeland security can protect us from our squinty eyed, dark colored, vodka loving enemies from somewhere abroad thus ensuring jobs for them and plenty of racy private photos & videos for their dicks.

Something like making computers come with an AV solution out of the box is almost incomprehensible to these people because they can't tell apart a computer from a washing machine.

Re:The danger of hyperbole...

[Cenan]

There are lots of eyes on the keys with which my RedHat distros are signed, especially since they were social-engineered once. When [$bogeyman] can compromise those, I'll worry.

Per your own reply, you should start worrying right now. You actually should have been worrying for a while. As you point out, even the securest of secrets can be compromised, all it takes is dedication; Well that and knowing that there is a secret to know.

Re:The danger of hyperbole...

>...knowing there is a secret to know.

Security by obscurity is a fools game. I want them to know exactly what secret they need to know, and have to burn 100 quadrillion Core/Ghz/Hours in computer time to learn it.

There's no better security than having a whole heap of security conscious people with their eyes on the same problem. The idea that "anyone who isn't worried doesn't understand" is the battle cry of the paranoid. Assuming they are running Linux, people can make their systems very secure with only a little extra effort.

don't put all computers online

[k6mfw]

I have a couple computers that I never connect to the internet. Besides hackers and viruses, you also have to worry about corporations penetrating your computer to gather information for sales and marketing profiles.

Re:don't put all computers online

How to you transfer files to those computers. USB drives? That's how hackers breach company networks.

Corporations penetrating my computer for data mining? No. Corporations tracking me every way they can without directly hacking? Yes.

What do you do with your never connected computers? The best I can come up with is watching movies or playing old games. Or do you have both side by side with your bank account open in the online computer and your other finical documents open of the offline computer? Though in that case criminals would be more interested in your banking password anyway. No one is going to manually look through your personal financial spreadsheets.

Re:don't put all computers online

[Synerg1y]

Let me put it as simply as possible for everybody here:

Your data as an individual isn't worth a buck. Security professionals on the other hand cost much much more. Enjoy your tin-foil hat though, I'm sure it'll save you when shit actually hits the fan on the internet.

Re:don't put all computers online

[hackula]

But Captain Adama, we haven't seen the Cylons in over 40 years!!!

Re:don't put all computers online

How to you transfer files to those computers. USB drives? That's how hackers breach company networks.

Not if they are not attached to a network they aren't.

Those USB sticks might be used to gain entry, but the "breach" part of it is only in effect when data can actually been transferred to some computer onder the hackers control.

Without a connection to the outside world that is quite hard to do.

Re:don't put all computers online

[cusco]

As an employee of a security company my data can include plans of customers' security systems, passwords, building layouts, etc. I assure you, I'm not alone on SlashDot when I say that there is an awful lot of data on my computers that would be very valuable to interested parties.

Re:don't put all computers online

[Synerg1y]

At this point, corporate war games only exist in hollywood movies as far as the general public knows anyways.

Also, I really really hope you're not referring to your personal computer that houses this data.

Re:don't put all computers online

[cusco]

Mine? No, but we have a lot of subcontractors scattered around the world that may be using personal computers for work, or vice versa.

Re:don't put all computers online

[k6mfw]

Your data as an individual isn't worth a buck.

uhmm, actually it is for me, i.e. many images of Connie Francis and Gina Lollobrigida plus various concert, TV, and movie clips (many of these no longer exist, or if they do, good luck finding them). Plus many tech documents. Maybe not worth in terms of $USD but if data lost, it will be considerable time to replace it (much is not replacable). Yes, I gotta stay consistent with backups. fyi, I don't have any computer games.

Re:don't put all computers online

[Synerg1y]

I would think that security companies out of everybody would have strict policies around BYOD. Or at least preventing those subs from accessing critical data that a hacker may be interested in?

Re:don't put all computers online

[Synerg1y]

why would a hacker care about any of that? (hint: sentimental value vs. monetary)

Re:don't put all computers online

How to you transfer files to those computers. What do you do with your never connected computers?

In my research in the field of digital forensic analytics the computer(s) are not connected to an isolated network and no electronic data leaves this network. Notes are taken with pen and paper and/or keyed into a terminal which is connected to the primary network. In the event some research involves the Internet as a data resource a virtual machine instance is created on a server segregated on its own network, utilised, and subsequently deactivated and the VM container is moved to archival storage is appropriate, otherwise it is reformatted with zeros and ones before being deleted.

Re:don't put all computers online

[cusco]

One would think . . . We can tell the subs, and they can swear on a stack of bibles, but the word is not always passed on to the guys out in the field. There's a lot of inconsistency in the business, as well. One local company (not someone we use) doesn't even give their guys a vehicle or tools, much less a computer to use.

Wow.....

The linked article says it all. Nothing but more fearmongering from Fox News, and promotion of CISPA. Someone needs to have their editor's permissions revoked. oh wait....

Re:Wow.....

[Zemran]

The idea that any Russian hacker would want to steal the ID of some poor US guy is a little dreamy...

Re:Wow.....

[cbiltcliffe]

Forget the article. My question is, how do the Russians and Chinese as well as the Iranians all manage to fit on my computer? I mean, heck, there's hardly enough room for me to stand on the thing myself!

Re:Wow.....

The fox news article says : "Experts say Rogers may be stretching the truth: most people’s computers likely aren’t infected by agents of foreign governments.
“The Iranians, the Chinese, and the Russians are probably already on my computer? Sheesh ... I guess it must be getting pretty crowded in there,” joked Graham Cluley, a consultant with U.K. Web security company Sophos."
But don't let me stop your obligatory bashing of fox news. I'm guessing you don't consider your day complete until you've done so at least once.

Re:Wow.....

[spitzak]

According to the quote, only the Iranians are on your computer. The Russians and Chinese are still trying to get in.

I think it is probably best to just wait, the Russians and Chinese will kick the Iranians out, and then fight each other, since there is no way two or three of them will fit in a little computer. You only have to deal with the final winner.

Re:Wow.....

[LordLimecat]

I find it particularly amusing that people would moan about Fox's factual problems in a post on SLASHDOT of all places. Yea, slashdot really does set that bar high.

Re:Wow.....

[runeghost]

So which one of them does General Failure belong to. And why is he reading my disk?

Re:Wow.....

[Dragonslicer]

The fox news article says : "Experts say Rogers may be stretching the truth: most people’s computers likely aren’t infected by agents of foreign governments.

Where in the article does it say that, though? If they put it far enough down, a significant portion of the readers won't ever see it.

Re:Wow.....

[Maxo-Texas]

Compared to Fox News...

There are some lovely videos of all the anchors on Fox News stating both sides of a particular issue. For example... "Can the president affect oil prices?"

In each case, they say, "No the president can't affect oil prices" and "The president can affect oil prices- why isn't it he?"

They are quite humorous, you should give them a look.

Re:Wow.....

[CarbonShell]

Yep FUD at its finest. And Johnny Sixpack will be freaking out and calling for another war.
And then 'something will happen and we have to defend ourselves' and voila, they have what they wanted.

But thankfully THAT has never happened before.

Re:Wow.....

[LordLimecat]

Most news organizations have their share of issues, but Slashdot takes it to a new level. You will never see Fox having a headline that says "Meteor to crash into Earth in 2 days", and then a story which literally says the opposite.

That sort of thing happens on slashdot all the time, and often the story contradicts even the summary.

2 Computers per Person?

[BoRegardless]

One is for non-critical communications. Other is offline permanently.

Re:2 Computers per Person?

[BoRegardless]

Obviously, we can run "2 computers" in one box, so...?

Re:2 Computers per Person?

What is the use of an offline computer these days (I assume you mean no ethernet no usb no wifi no bluetooth, never plug external data)?

Re:2 Computers per Person?

Yes, I do the same. The one online gets re-imaged at least once a day, and I keep multiple images of the other one as well. Additionally, I have a third machine used for other experiments and it has no network connection at all.

Re:2 Computers per Person?

[CannonballHead]

Minesweeper.

Re:2 Computers per Person?

pR0n archive. Fill it up, disconnect it permanently, collection safe.

Re:2 Computers per Person?

[Tx]

How many layers does your tinfoil hat have exactly, if you don't mind my asking?

Re:2 Computers per Person?

[DogDude]

Each one has four, but he changes them at least once a day, because everybody knows that tinfoil that's too full of Omega waves is useless.

Re:2 Computers per Person?

How do you do critical communications? Everything by a wired, land-line phone?

Re:2 Computers per Person?

Its not the layers, its the material. The US government changed the composition of tin foil to use aluminum instead after they collected their nazi scientists at the end of WWII.

Re:2 Computers per Person?

You're not supposed to reused foil that's been wrapped in fish. All hats need to be made directly from pure, fresh tins (excluding tuna fish tins). Compress those tins into rolls of foil. Shape the foil to fit your head, leaving room for expansion as your brain grows bigger. Normal people's brains don't get bigger because the radio waves halt their growth. Yours my friend shall increase as your new hat will block the waves. Important: avoid beaches. Close sources told me there's more waves near beaches.

captcha: conquers. I think they've found me. Pass on my knowledge. Don't let my life be in vain. Take my hat: _/^\_

Re:2 Computers per Person?

But they keep making more every day!!1!

Re:2 Computers per Person?

After awhile, fake tits all look the same.

Re:2 Computers per Person?

[Synerg1y]

To demonstrate human stupidity and a non-understanding of basic computer security.

Re:2 Computers per Person?

[hackula]

Writing a Mystery novel... Duh!

Re:2 Computers per Person?

[desdinova+216]

I use carrier pigeons you insensitve clod!

Re:2 Computers per Person?

[hackula]

People with that level of security don't do communication. Psshh. Friendship is today's biggest attack vector.

Re:2 Computers per Person?

Truecrypt beat you to this by a decade.

The house intelligence committee

is a real problem.

Re:The house intelligence committee

[ChrisC1234]

And it's an oxymoron.

Re:The house intelligence committee

[Zemran]

an oxymoron...

Re:The house intelligence committee

[the+eric+conspiracy]

Close relation to the House Committee on Science, Space, and Technology.

Bunch of macaroons.

Re:The house intelligence committee

[hackula]

Surprisingly, however, the House Committee on Macaroons is quite capable.

Re:The house intelligence committee

[misanthropic.mofo]

...and the science committee, the House, the Senate and the White House. Pretty much any place that contains politicians is a huge threat to peace of mind, world peace and common sense.

Re:The house intelligence committee

[Anomalyst]

Sounds like a cookie-cutter response to me.

Oh noes...

[SmSlDoo]

The real problem is normal users that do not really know what is happening on their computers and really do not care.
It always brings me back to images of windows users with 20 different toolbars loaded in to IE.

Re:Oh noes...

[gandhi_2]

Just looking at my spam filter, boggling at all the RoadRunner, Comcast, Cox Cable, and Verizon Fios users I see sending more virus spam on behalf of one botnet or another.

There really are quite a few of them at any one time.

Re:Oh noes...

[SmSlDoo]

I agree, when I look in to spam on servers I do notice quite a bit coming from residential ISPs.

Hate to see what these computers are being used for that we are not seeing.

Re:Oh noes...

[semi-extrinsic]

I've also received ssh brute force attempts from Comcast users that I have checked the IP of, and probably several other US ISPs.

Re:Oh noes...

[SmSlDoo]

My all time favorite catch was when we noticed one of the IPs in an attack was from Microsoft's corporate office.
Needless to say they were probably running IE.

Re:Oh noes...

[ToxicBanjo]

The real problem is normal users that do not really know what is happening on their computers and really do not care. It always brings me back to images of windows users with 20 different toolbars loaded in to IE.

Maybe they were just toolbar collectors? There must be some reason for their psychosis.

Re:Oh noes...

[strikethree]

The real problem is normal users that do not really know what is happening on their computers...

Yes, but really, even the experts do not really know what is going on with their computers except possibly a few paranoid freaks who build their own Linux/OpenBSD based systems from scratch.

Let's talk about Windows or OS X for a moment: There are tons of things that you have no insight into what is happening at any given time. Some of that is by design (they want to control you/your experience) and some of that is because there is no reasonable way to even show you wtf is going on.

Honestly, I have lost count of how many different way there are to launch programs behind the users back on Windows. I recall it used to only be about 10 but god only knows how many there are now. I seriously doubt that even Microsoft knows. They may list 42 ways and then some engineer somewhere will poke out and say, "Yeah, but you forgot about this way."

Seriously, we do not control the software that we use on a daily basis, only the developer does. The will-to-control is so strong that even many Open Source projects (Gnome) try to take it away from you. It really shows a lack of respect to the person who ends up using the software to say something like, "I will deign to allow you to use the software that *I* created but *I* will retain control of how you use it."

Meh. We are all fucked until we learn to respect each other.

Re:Oh noes...

[ais523]

Is it possible that the address was spoofed? (Perhaps because they were reflecting attacks off your computer.)

But we've got the solution!

I'm betting his comments will be followed in the coming days by a new piece of legislation authorizing any and all branches of the U.S. government to conduct 'security audits' of your computers and other devices. For your protection, of course.

fox news

enough said

I have the Chinese convinced I'm a Russian hacker

targeting Iran.

Uhm yeah

[lesincompetent]

Lame attempt at distraction there uncle Sam!

No Surprise

I do have a sweet pr0n collection. I'm sure lots of hackers would love it too.

"criminal organizations"

You have criminal organizations trying to get into your personal computer and steal your personal stuff.

You mean like the RIAA/MPAA and the Federal government?

BULLSHIT

The last thing I am going to do is believe one of our lawmakers that skirt their own responsibilities, and spread the propaganda of the NWO.

big brother anti virus incoming

Effective immediately: government mandated state controlled anti-virus. Fuck off lawmakers, my PC is clean I don't need your help.

Re:faux news

FTFY

Welcome.

Welcome to TEN YEARS AGO!

Let the Fear Mongering Begin

[Laebshade]

What's wrong, Republican Rogers? Has the physical terrorism boogeyman waned to so little that you must now bring out a new candidate?

Re:Let the Fear Mongering Begin

[mi]

My own server gets dozens of ssh-probes per day -- if I were running Windows or even an older BSD or Linux distribution out of the box, some of them might have had succeeded by now. Popular PHP software packages hosted by major providers are exploited regularly. There is no doubt, criminals are doing it.

And some (most?) of such criminals are sufficiently "patriotic" to be usable by their governments for cyber-warfare, when they see fit. This happened before and will happen again.

Re:Let the Fear Mongering Begin

That's right. Because cyberwar is just some buzz word bullshit.

Its not like the US and Israeli's have used malware to physically sabatage an adversaries weapons progrem.

Its not like Russia has been actively using its superior 'arsenal' to put pressure and actively sabatage opponents for years.

Its not like the Chinese are engaging in a wide range industrial and military espionage by purely electronic means.

Republicans, or more accurately the Hawk caucus, didn't invent these claims. They've been made by such varied sources as worldwide media, the likes of wikileaks/cryptome, and Google. Congress is a few years behind on this stuff (as usual), and are beginning to act, as this (multi-year old) information becomes more widely known, on the public side of such threats. (The most contraversial of which is just: providing companies some immunity if they fully disclose the details of attacks).

Thank you

[Ghjnut]

Was able to get a month's worth of FUD out of the way with that single quote.

republican shill

[nimbius]

banging his wardrum. this is the same asshole who thought iraq was trying to kill us all. how'd that turn out for ya mike? http://www.nbcnews.com/id/17707705/39591107

Re:republican shill

Isn't there a report yet to tell us that the current baddies have the capability to be on our computer within 45 minutes after the order is given?
Will there UN presentation?

Re:republican shill

[bill_mcgonigle]

the same asshole who thought iraq was trying to kill us

The two are unrelated. We've known that Russian Mafia has been running commercial botnets for, what, a decade? He's hopelessly behind the entire security industry, but he's not proposing a wild, unproven theory.

It's a mistake to choose politicians based upon who you agree with 100% of the time and who you disagree with 0% of the time. Support them when they're right, rain down righteous indignation when they're not. It's policy, not tribal warfare.

Re:republican shill

[Zontar_Thing_From_Ve]

banging his wardrum. this is the same asshole who thought iraq was trying to kill us all. how'd that turn out for ya mike? http://www.nbcnews.com/id/17707705/39591107

Well, I guess it worked out OK for him because he's been re-elected every election since then. This illustrates exactly what is wrong with the House of Representatives - at the House district level, voting is often about party affiliation only and nobody asks "Is this person deserving of my vote?" Voters just vote based on party affiliation. This does illustrate exactly why I abandoned the Republican Party a few years ago. I couldn't take the willful embrace of idiocy any more. Stupid people used to be Democratic voters, but somebody (Rove maybe?) realized around 2004 that the Republicans could tap into this "constituency" and make it their own. By 2008 the full on embrace of stupidity began by the Republican Party and I abandoned it, probably never to return.

Re:republican shill

[misanthropic.mofo]

It's policy, not tribal warfare.

I agree with most of what you said, but I have to disagree and say that American politics might as well be considered tribal war fare. The two tribes are equally ignorant on most things that they make decisions about. Any decisions they do make aren't for the good of the people, but for their own agendas. Wouldn't you want to do whatever was necessary to stay in a cushy government job, receiving off the books kick backs, favors and the like from everyone that wants to buy your vote. All while you blast the other tribe with redundant, over the top rhetoric and try to make your self as loud as possible so that you get more sheeple behind you. Having a job where you wield power, with next to no accountability. 'Murica, fuck yeah.

Re:republican shill

[nimbius]

No, im pretty sure hes still a republican shill. this time just for a different cause. %s/halliburton/RIAA/ from TFA: "Rogers believes the Cyber Intelligence and Sharing Protection Act (CISPA) can help counter that threat. "

Re:republican shill

[CBravo]

If someone is 50% wrong all the time I call him incompetent and fire his ass.

Re:republican shill

[LordLimecat]

Its PARTISAN warfare, get it right.

Obviously only republicans dream up bogeymen to infringe on personal rights, right?

Re:republican shill

[cusco]

I think the willful embrace of idiocy was a major plank of the Reagan Revolution.

ISP Egress Filtering...

[sillivalley]

How much of the crap we put up with would go away if ISPs instituted egress filtering?

Oh, that's not a panacea; it's not going to cure all the interweb's problems overnight, but it would sure as hell eliminate a lot of the low-level crap that goes on.

(grumble grumble grumble)

Re:ISP Egress Filtering...

[jbmartin6]

Comcast egress filters SMTP and CIFS, at least where I live. What sort of low level crap are you thinking of?

Re:ISP Egress Filtering...

[Qzukk]

It would fix nearly all DNS-based DOSes if they filtered source addresses of outbound packets to eliminate spoofed UDP packets. If it's leaving their network, the packet should say it came from their network.

Re:ISP Egress Filtering...

Useless. Everything can be packaged up into http, and that ain't gonna be filtered.

Re:ISP Egress Filtering...

I set that up on the firewalls I built at work (freebsd+ipfw). It seems like such common sense, you wonder why any ISP wouldn't have that set. Why allow spoofed packets?

# Allow the inside hosts to speak to registered mail servers, else drop outgoing port 25 traffic
#Inside mail servers
$cmd pass tcp from $InsideMailServers to any in via $InsideNic setup keep-state
#Outside mail servers
$cmd pass tcp from $InsideIPs to $OutsideMailServers 25,465 in via $InsideNic setup keep-state
# Drop 25 outgoing
$cmd drop log tcp from $InsideIPs to any 25,465 in via $InsideNic

# Allow the inside hosts to say anything they want, if they aren't spoofing
$cmd pass tcp from $InsideIPs to any in via $InsideNic setup keep-state
$cmd pass udp from $InsideIPs to any in via $InsideNic keep-state
$cmd pass ip from $InsideIPs to any in via $InsideNic
$cmd pass icmp from $InsideIPs to any in via $InsideNic icmptypes 0,3,4,8,11 keep-state ....
# Everything else is toast
$cmd drop log all from any to any

Re:ISP Egress Filtering...

[LordLimecat]

Spoofed TCP packets are every bit as big as a problem. What do you suppose happens when you send a spoofed TCP Syn packet to google? Might make it pretty difficult to trace where that packet originated, no?

Re:ISP Egress Filtering...

[WaffleMonster]

It would fix nearly all DNS-based DOSes if they filtered source addresses of outbound packets to eliminate spoofed UDP packets. If it's leaving their network, the packet should say it came from their network.

Oh bullshit the Internet is not trustworthy full stop. Continuing to tolerate protocols that depend on the network not telling big lies is fruitless, stupid and dangerous.

Why is TCP not subject to amplification and exhaustion attacks? Why is it just a handful of UDP based protocols causing all these problems? The answer is because they are shit protocols that would never pass review today.

All we need to do is implement stateless cookies in DNS and the problem goes away...conicidently so would most of the need for DNSSEC.

Perhaps after DNSSEC is deployed and people really start getting tired of the amplification attacks then maybe just maybe stateless cookies will have been added to DNS. It is such a trivial, fully backward compatible change with negligable network or processing overhead I can't help but invoke utter incompetence or DNSSEC promoting conspiracies as the reason this has not yet been implemented.

We added cookies to TCP years ago and today virtually all stacks support them. If we would have done the same then none of this shit would be a problem today. Servers would simply rate limit requests without cookies for the few remaining resolvers left without support.

Re:ISP Egress Filtering...

How would a cookie work in a protocol that is finished with one request/reply pair?

Re:ISP Egress Filtering...

http://tools.ietf.org/html/draft-eastlake-dnsext-cookies-03

FUD

Yeah, Mr "House Intelligence Committee chairman Mike Rogers (R.-MI)", where's the technical data supporting the claim that they are already there?

Consider: Microsoft is the majority operating system in the US, they want more H1B visas i.e. more foreigners programming for them meaning what? Less security than there is now? More malware/virus entry points & exploits? & where is all the security that Bill Gates tried to pound into them back in the 90's? I mean, do they even consider security an issue? Oh, yeah, right, they have a "Patch Tuesday" to fix all the holes.

So how upset should I get about all these individuals & businesses that end up with hundreds of viruses (virii?) & malwares on their computers, when no technical information is available to support "lessons learned". Or is it *all* FUD? Is it all click-trolling?

Re:FUD

[Em+Adespoton]

Yeah, Mr "House Intelligence Committee chairman Mike Rogers (R.-MI)", where's the technical data supporting the claim that they are already there?

Well, the answer to that question is classified, meaning "We looked all over your computer and saw traces that they had been there."

My concerns

[xs650]

As a USian, I'm more concerned about US corporations and US government agencies being after me, they are the ones that can do and are most likely to do me some harm. And, I'm not even concerned enough about them to wear a tinfoil hat.

Re:My concerns

[jc42]

As a USian, I'm more concerned about US corporations and US government agencies being after me, they are the ones that can do and are most likely to do me some harm.

This is probably the most important thing to get across. The US population has been far more damaged by the likes of HUAC and the various secretive "intelligence" agencies than by any foreign bogeymen.

This isn't just a US problem, either. I've read a few comments from historians on the topic, saying that the data shows that during the last century, far more people (in the world as a whole) died due to their own government's actions than from any foreign soldiers or other attackers.

The data isn't nearly as good for previous centuries, but what data there is supports the claim for the rest of our history. The biggest danger everywhere comes from our own rulers, who rarely have our interests at heart.

In the on-topic case of network security, it's fairly clear that the primary interest of the US and all other governments is in controlling the communication of their own citizens.

Re:My concerns

Buddy, this is 'murrica. (Cough!) Excuse me, America.

Call yourself an American, or git out.

But seriously, people who refuse to refer to residents of the United States of America as Americans (especially themselves!) are complete douchbags.

Macs don't get viruses

I use a Mac so there's no way Iranian viruses would work on it.

Others?

"The Russians, Iranians, Chinese, and others". So what your really saying is that the whole world has access to all our personal information and we should be afriad, very afraid. This guy should be careful or he might be look at like Ted Stevens was after the series of tubes comment.

or to put it another way:

case $attacker in
Russians)
youreScrewed()
;;
Iranians)
youreScrewed()
;;
Chinese)
youreScrewed()
;;
default
youreScrewed()
;;
esac
 
 

Re:Others?

def are_you_screwed(nation):
      if nation != ' '
                return True
=RESTART=
>>>print are_you_screwed('Iran')
True
>>>print are_you_screwed('China')
True
>>>print are_you_screwed('Russia')
True

Nothing new

[Chance+Phelps]

The Russians and the Chinese have been at it for decades. Also, they couldn't care less about the computers used by the general public; they're after military nets, defense contractors, and other high tech companies. As for the Iranians, I dunno. Its not as if the U.S. broke into their facilities and wreaked havoc..

Re:Nothing new

[Em+Adespoton]

The Russians and the Chinese have been at it for decades. Also, they couldn't care less about the computers used by the general public; they're after military nets, defense contractors, and other high tech companies. As for the Iranians, I dunno. Its not as if the U.S. broke into their facilities and wreaked havoc..

What the politician was saying amid the hubris was that these groups' methods for getting into the sensitive stuff is to go after the general public. Once they've graphed the data gathered from the public and co-opted their computers, they have an attack platform they can use to more intelligently go after the intended targets.

This really does happen on a regular basis. Of course, there's not all that much that an individual has to fear from this, other than the fact that they use the same techniques to break in that the Ransomware gangs etc. use.

Re:Nothing new

[sethradio]

Agreed

Sure, laugh...

But he's right, in a sense much broader than he intended. Distributed attacks rely on compromised personal computers, and many of those attacks originate from China and Russia. Between that and the way they can fill up a SQL log with repeated break-in attempts, I've found that my life is much easier if I just block most IPs based out of those two countries. You may lose one or two customers, but the enhancement to security and performance is worth it a thousand fold.

Wait a minute

[lbmouse]

How did they get through the tubes?

Re:Wait a minute

As Americans increased, we've had to widen the tubes. Sometimes there's room to sneak in behind another person.

ZOMG!!!!!!

[slashmydots]

Unplug that sucker and throw it out the windows, now! Oh wait, it's a Linux box lol.

For the record, MyWebSearch and Yontoo and Freeze and Babylon are after "you" too and since "you" are an idiot, "you" probably have them on your computer as well. They could have added that to the message too.

TFA Didn't even mention the real threats-

Microsoft, Facebook, Google, RIAA/MPAA, FBI, CIA, NSA, US Government (in case there are other shadow entities).

Far more to fear from THEM then foreign hackers.... cc fraud and id theft are issues but impact fewer people than the criminal organizations* listed above.

*No they are not strictly speaking criminal but the definitely commit criminal acts and they all have/can have a far more detrimental impact on the average US computer user than the groups in the article. Never mind those computer users who are NOT US citizens...

Always need boogeymen

[Hoi+Polloi]

It could be worse. What if they started flying remote controlled drones around the world killing people with impunity?

Re:Always need boogeymen

[Anomalyst]

Indeed, the lethality of impunity is what is wrong with this world.

Yawn if you've heard this before

From TFA in April 2013

You have criminal organizations trying to get into your personal computer and steal your personal stuff. And by the way, the Chinese are probably on your computer, the Russians are probably on your personal computer, the Iranians are already there,” House Intelligence Committee chairman Mike Rogers (R.-MI). told Fox News.

From a June 1998 prepared statement by former Senator Fred Thompson, then chairman of Governmental Affairs Committee, given during the 1998 Congressional Hearings on Intelligence and Security

This Is well understood by our potential adversaries, whether it be other nations, terrorists, drug cartels, or organized crime groups. They can reach deep into our homeland from the sanctity of their's This is not just a theory. We know for a fact that terrorist and organized crime groups are developing information weapons. A recent Newsweek article claims there are about ten countries, in addition to China and Russia, with Information warfare programs, including Libya, Iraq and Iran -- none of which are considered friends of the U.S., and all of which sponsor anti-American terrorists.

Well, as far as the ME goes, two down, one to go.

captcha:avenge

Whatever shall we do!!?!?!???!!!!

Oh, PLEASE save us Government! You do so well understanding personal-level technology with your warrantless searching and tracking of so many things. I want nobody but you to have backdoor access!

Won't somebody THINK of the Children???

make everyone personally responsible

If your computer is infected by malware, a virus, or even an evil hacker; You are responsible for your portion of the damage done. Therefore it would be in your best interest to make sure your computer is secured. It might even make sense to shut off your high speed pr0n connection when you are not actively downloading images from goatse. No need for big brother oversight...

Robots

Robots are everywhere and they eat old peoples medicine for fuel. You need to feel safe, and that's harder and harder to do these days because robots could strike at any time. And when they grab you with those claws you can't break free. Because they're are made of metal, and robots are strong.

http://www.digyourowngrave.com/saturday-night-live-old-glory-robot-insurance/

Fox's parent company NewsCorp

[Presto+Vivace]

is very knowledgeable about hacking. they should fly the Jolly Roger over their HQ

Run the Microsoft Malicious Software Removal Tool

[Animats]

Microsoft offers the Malicious Software Removal Tool (IA32 version) , (AMD64 version) which they update monthly. It's not perfect, but it's worth running on Windows machines.

If Congress wants to apply pressure to somebody, it might be worthwhile to investigate how well that's working, and what it's missing.

Another Blowhard

[gcerullo]

Trying to be the Joseph McCarthy of the 21st century.

Did I miss something?

[SirGarlon]

In order for there to be a next major cyberattack, there must have been a last major cyberattack. When was that?

Seriously, what constitutes a "cyberattack"? Does it have to be nation-state sponsored, or does a lone script kiddie count? What is the threshold to make it "major"? Does it have to kill more people than 9/11, or is installing an unwanted browser toolbar enough?

Depending on what your definitions are, a "major cyberattack" might be unlikely to ever happen, or it could be happening *right now*! :-)

Re:Did I miss something?

[cusco]

That's one of the (many) issues that I have with the "ZOMG Chinese hackers" headlines. China represents 1/4 of the world's population, and has a rapidly growing computer-literate class, and a rapidly growing criminal class. The assumption that every attack from China is authorized/conducted by the Chinese government is absurd, but as we've all seen many times in the past military and political management is consistently a decade or two behind the times so I expect we'll continue to see more of these announcements.

Re:Did I miss something?

[Anomalyst]

I want to seee the list of majors that have been cyberattacked.

Re:Did I miss something?

[VanessaE]

Nevermind that, do anyone other than government agencies use the "cyber-" prefix in any serious manner? This ain't 1995 anymore, can't we finally bury that stupid term?

Re:Did I miss something?

[VanessaE]

does*

One solution for a lot of the ID theft parts ...

[Skapare]

... is to require businesses to do a better job of distinguishing between mere identity, and actual authenticated authorization. For example, your SSN is just some numbers that can refer to you. Having an SSN is absolutely not authorization. If someone uses you SSN and a business chooses to charge your or open accounts to allow such charges, then they have failed to obtain authorization. In such a case, it should be required by new sensible law that if you state for the record that you did not authorize the transactions or whatever, then that business may not take any action whatsoever unless and until they can prove that you actually did authorize it. The "not take any action" means they cannot collect on debts, cannot place debts with a debt collector, cannot put it on your credit report (must take it off if already did). It has to be like it never happened.

The big problem with ID theft is that these businesses are not checking authorization. They need to start checking authorization or simply eat the loss.

but

The NSA was there first.

Huh?

What was wrong with the headline: "Iranian, Russian ,and Chinese Hackers Are After You, Says Lawmaker"?

Should I be upset?

[Xcott+Craver]

If they don't email me a phone number attached as a word document, then they're more welcome than the usual idiots I have to see on my computer.

Just more Xenophobic alarmism

[PhamNguyen]

Just more xenophobic alarmism. I'm surprised they didn't mention Israel's spying on the US, since crazy xenophobes also tend to be antisemitic too.

Re:Just more Xenophobic alarmism

[Cosgrach]

That's because Israel is our most trusted friend.

Re:Just more Xenophobic alarmism

[runeghost]

Not if they're Republican's being quoted on Faux.

Ah, here it is!

[ThatsNotPudding]

The beginning of justifications to monitor all communications and online activities of all Americans at all times.

It's For Your Safety, Loyal Citizen. After all: if you have nothing to hide...

Re:Ah, here it is!

[ColdWetDog]

Where the hell have you been this past decade?

'beginning'?

The only intruders on my PC are..

..EA, Blizzard, Microsoft, and by extension the US government plus probably some agencies from allied states as well. Who's doing anything about that?

...and the Czechs...

[David_Hart]

... are definitely in my computer. I am using Avast! Anti-Virus software.

Just as long as they aren't constantly reading and writing to my SSD drives... If I catch them doing that I will be pissed....

STFU troll

You spammed this crap by the 100's in March 2013 http://slashdot.org/comments.pl?sid=3581857&cid=43276741 last month all over slashdot in nearly every article, but you forgot to submit that one as anonymous coward like you did all the others and you slipped, posting it as your registered username here instead by mistake on your part (trolling scumbag that undeniably have shown us all that you are). You got played: You played yourself, moron.

Re:One solution for a lot of the ID theft parts ..

[semi-extrinsic]

Starting around ten years ago, we stopped using SSNs for such purposes here in Norway. Not in small part because a certain phone operator leaked a few hundred thousand of them through a poorly-written webpage.

Probably they are on my computer

[houghi]

Indeed those countries are probably on my computer. Obviously the Americans are not on my computer. They do not have to be. They are on my providers provider computers. they are on my routers along the way. They are reading my mail. They analyze my postings. They look at my profile.

They are not targeting my computer or even my money. They who I am. I think I would settle for a few Russians, Chinese or Iranians. They just want my money. They do not want my ID (as in ID and Ego).

No, I am not paranoia. Paranoia is when you think you are being followed. I _KNOW_ that I am being followed.

When Muzzies are concerned

[Chrisq]

Except for the iranian part.

When Muzzies are concerned its a relief when they only want to hack your computer. More often they want to murder unbelievers

Re:When Muzzies are concerned

[CheshireDragon]

Except for the iranian part.

When Muzzies are concerned its a relief when they only want to hack your computer. More often they want to murder unbelievers

When Muzzies are concerned its a relief when they only want to hack your computer. More often they want to murder anyone who doesn't believe in their god.

FTFY

Good Lord!!!

[sethradio]

Only Losedows systems get broken into. Why not pass a legislation making Losedows illegal? It's not like it's going to be any more unconstitutional then CISPA is already...

Totally using this in the future...

[ZeroPly]

Hell, I'm using this... I'm printing this story out and laminating it. If I'm lucky I'll be able to buy a print copy that has this.

<< fast forward to where the US is a fully fascist state, maybe 2015 or so >>

FBI/other fascist type: Zeroply, explain the 8TB of encrypted data on your home computer?
Me: To prevent people hacking in and getting my data.
FBI: The only reason you would need a 4096 bit RSA key, and AES/Twofish/Serpent cascade is to hide things from the government.
Me: It's to keep the Chinese and Russians out, they just got into my computer two years ago.
FBI: Lol wut?
Me: (whips out article) Here's the official press release from Congress. I'm not changing jack shit until I get an OK from my elected representative.

Ta-da!!!

Re:Totally using this in the future...

[ZiakII]

fast forward to where the US is a fully fascist state, maybe 2015 or so

Fully fascist state and you expect an old newspaper article to protect you. Good luck with all of that....

Re:Totally using this in the future...

[ZeroPly]

No, no, no... you misunderstand...

I'm not looking to get out of trouble. I just want something to laugh about while they're doing the waterboarding...

And the founders?

[sethradio]

They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety. ~ Benjamin Franklin

screws Rogers and the other fraudsters

[sgt_doom]

All need be said: Narus (Boeing subsidiary) and its customer for its DPI/deep packet inspection tech: China, Iran, Syria, Tunisia, Egyup....

And never forget the Trovicor Monitoring Center.......(Fear the State)

if I believed a tenth of what Congress said

[peter303]

I'd be an ignorant, prejudiced fool.

google

i often wonder how many people have, and frequently use, a google email account. i think any user of that service has more to worry about than the russia, or china or iran. google probably could tell you more about my family than i could.

Bad timing

[moeinvt]

It's mid-April and this politician in the federal government is trying to explain how it's the evil Russians, Chinese and Iranians that are trying to steal from us?

No worries

[AllenABQ]

Grumpy Cat is already in my computer. He'll protect me.

"It's just us Chinese hackers wanting to inspect your--"
"No."

Re:One solution for a lot of the ID theft parts ..

[Zagnar]

You've hit the nail on the head. If a credit company's security is so lax that anyone who knows my SSN can claim to be me, then the bloody credit company should be penalized for having awful security measures. I wish I had modpoints to give you.

Dual Core

[V!NCENT]

"Connect it to the internet and someone's going to own it!" --Dual Core

Hat Noob

Please be aware that "tin" and "aluminum" are two completely different elements, with completely disparate mind-ray blocking capabilities.

More worried about...

[SeanBlader]

Realistically, I'm more worried about my own government getting into my data than I am about the Chinese or Iranians trying to bother understanding what's in my email.

Re:More worried about...

[Hypotensive]

Exactly. Pretty funny that this article was followed almost immediately by one on how the IRS has a policy of reading your private email without a warrant.

i also shit in his mouth

ya and like hollywood or the us military and fbi, cia , mi6 or is it mi7 aren't after everyone else.

Nuke, Nuke, NUKE!

There's so many of us
There's so many of us
There's so many [x2]
There's so many of us
There's so many of us
There's so many

Let's have a war
So you can go and die!
Let's have a war!
We could all use the money!
Let's have a war!
We need the space!
Let's have a war!
Clean out this place!

It already started in the city!
Suburbia will be just as easy!

[Chorus]

Let's have a war!
Jack up the Dow Jones!
Let's have a war!
It can start in New Jersey!
Let's have a war!
Blame it on the middle-class!
Let's have a war!
We're like rats in a cage!

It already started in the city!
Suburbia will be just as easy!

[Chorus]

Let's have a war!
Sell the rights to the networks!
Let's have a war!
Let our wallets get fat like last time!
Let's have a war!
Give guns to the queers!
Let's have a war!
The enemy's within!

It already started in the city!
Suburbia will be just as easy!

Others?

[allseason+radial]

The Russians, Iranians, Chinese, and others are likely already on your computer.

"Others"? You mean that 13-year-old kid in his parent's basement in Tennessee?

Who cares!

I'm more concerned about our government... spying on our e-mails, personal life and other things as citizens we do. Just look how the IRS can do what they want with our e-mails. Anyway, this news is great for big government - more hirees to protect us from the far off boogiemen.

Faux News

[DiEx-15]

'nuff said.