Slashdot Mirror
Chinese Hackers Infiltrate US Army Database, Compromise Safety of Dams
coolnumbr12 writes "Chinese hackers have infiltrated a sensitive U.S. Army database that contains information about the vulnerabilities of thousands of dams located throughout the United States. The U.S. Army Corps of Engineers' National Inventory of Dams (NID) has raised concerns that information gathered in the hack could help China carry out a cyber-attack on the national electrical power grid."
You guys have nine years to knock that shit off or there is gonna be trouble.
quoted from "https://news.ycombinator.com/item?id=5642408"
Of course they can, what makes you think they aren't?
But a more interesting question is to look at what information is presented and what is missing. How much is new, how much is old. Then on policy stories like this one I sometimes pop over to the senate web site and look at what's coming up on the senate calendar [1] and oh look, on May 7th they are having a hearing to talk about
Hearings to examine the Department of the Air Force in
review of the Defense Authorization Request for fiscal
year 2014 and the Future Years Defense Program.
Hmm, who is in charge of Cyber Command? Why it's the Air Force! Who would have guessed.
(yes I can be that cynical)
From the article it isn't clear exactly what information was deemed sensitive. Does this information include very specific details (like, "here is the password to that plant's SCADA system?" Or does it cover broader details that the public had free access to prior to the September 11 attacks, such information now being withheld as "critical infrastructure information?"
Dam these Chinese!
Faster! Faster! Faster would be better!
I don't understand why anyone would want to connect really important things such as power plants and dams to the Internet. We have been running such things for about a century now and they work just fine. Anything behind a barbed wire fence should never be connected to the Internet. Why do people do this? Just for the convenience of some fat executive or lazy engineer who doesn't want to get his fat @$$ out of this office and see what is really going on with the machinery?
A sufficiently advanced simulation is indistinguishable from reality.
The vulnerabilities of the dams are the real problem, but for some reason the government prefers to lie about that. Most of these vulnerabilities are probably pretty obvious to an expert (and, yes, the Chinese have experts on damns and these can go to the US for vacation), so hiding these problems is pretty stupid in the first place.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
According to http://www.wired.com/threatlevel/2013/05/hacker-breached-dam-database/:
"Chinese hackers" = “the Chinese government or military cyber warriors” according to unnamed officials
"sensitive U.S. army database" is a database where users are emailed their username and password in cleartext
"Non-government users can query the database but cannot download data from it" (???)
Does everything these days have the security of a sheet of toilet paper? Either the Chinese are excellent hackers or we suck at security.
Is there proof that it actually was a Chinese citizen behind the keyboard? All they did so far is trace the origin back to a Chinese IP address.
Even if the culprit turned out to be a person with Chinese citizenship, it could very well be the same thing as some pimply faced youth somewhere in a fly-over state hacking into a Chinese database. It does not have to be related to the government. However, if it is, China has some explanation to do.
I'm also wondering whether or not the DOD is purposely saying "it's the Chinese" to avoid people asking them "why don't you secure your shit better?".
I'm not a complete idiot... Some parts are missing.
I'd guess that China's long term goal is not merely economic domination.
That's because if we actually made too big a stink, we'd have to deal with the dirty deeds we did in the first place to prompt such a response and the last thing we really want to do is to begin airing our dirty laundry. Grumbling under our breath about what a bunch of douches the Chinese are is about as far as we can go without having to scrape large amounts of egg off of our collective faces.
Oh Dam!
Table-ized A.I.
Yeah, because the Chinese have bases in countries all over the world... Oh, wait that's us. No, it's the Chinese who are spending themselves into oblivion on weapons of war... Oh, wait, that's us again. We spend more on our military than the next 13 nations combined (but we can't afford to educate our children... bright.) I dunno, perhaps if we moved from offense to defense, these things wouldn't be issues?
Just a thought.
If we really push how "uncool" it is to be a script kiddie, before long we will have hipsters calling themselves script kiddies. At that point, we can have someone to point and laugh at.
Someone flopped a steamer in the gene pool.
The U.S. Army Corps of Engineers doesn't keep classified information on civilian projects online, do they? Electrical distribution control systems are not accessible over the internet, are they? It looks to me like someone, whether Chinese, Lebanese, or Portuguese, got some not-so-sensitive information from the Corps of Engineers site, and the U.S. government is using it in its publicity campaign to pass laws giving the government (gasp!) more control over the internet.
Chinese hackers have infiltrated a sensitive U.S. Army database that contains information about the vulnerabilities of thousands of dams located throughout the United States. The U.S. Army Corps of Engineers'...
...got an immediate increase in budget, nothing was done to fix the vulnerabilites, and SOPA, CISPA, TPP, and a bunch of other crap got turned into law.
Even more funny is the fact is that since we can't educate our chidlren, we'll have to import our talent to run our war machines since we'll be nothing but a bunch of ignoramous who believe that dinosaurs and Jesus got along or something silly that or that the earth is only 5000 years old.
How about the Iranian scientist who was assassinated? People thought it was CIA/Mossad, but it turned out that he was working undercover for the US, and was assassinated by the Iranian intelligence service.
By your logic, that single event should exonerate the US for any future occurrences of assassination inside Iran.
The issues with the US education system do not appear to be the result of insufficient funding.
..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
Al-Qaeda does not and never had the capability for a large terrorist attack in the US. September 11th was only possible due to terminal incompetence and arrogance on the side of the FBI and others. There is absolutely no point in keeping this data from them.
If there should be a terrorist organization in existence than can blow up US dams, then they do not need that database. The only thing that hiding this database accomplishes is to make sure the US population does not find out how their tax money is wastes by arrogant incompetents in power. That completely explains why this data got classified. The mess-up got so bad that even ordinary people would be able to understand it, and hence to hat to be hid.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Even if the culprit turned out to be a person with Chinese citizenship, it could very well be the same thing as some pimply faced youth somewhere in a fly-over state hacking into a Chinese database. It does not have to be related to the government. However, if it is, China has some explanation to do.
The great firewall of china won't allow any access to foreign sites that they don't like, but turns a blind eye to wholesale hacking by pimply faced kids? Who is THAT naive any more?
That it came from their IP and means nothing in and of itself. Especially when you RTFA and find this nugget
“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was GIVEN to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information,” Pierce said in a statement.
“[U.S. Army Corps of Engineers] immediately revoked this user’s access to the database upon learning that the individual was not, in fact, authorized full access to the NID,” he said.
So there was no hacking involved. Simply someone handing out a password to a database to someone else who was not authorized. Since someone in the US Army or someone the Army authorized handed over the credentials you can hardly call it an act of war.
Someone screwed up, and it took months to find out about it. It may well have been something entirely innocent (if ill advised) as allowing hydrological engineers to compare notes on some aspect of dam construction or dam safety.
Sig Battery depleted. Reverting to safe mode.
http://www.usgovernmentspending.com/year_spending_2013USbn_14bs1n_3036508031#usgs302
Looks like defense is ahead of education. That defense budget seems a little suspicious too. Lots of zeros. And does it include funding the wars?
You clearly dont own a server. There are always IPs belonging to China poking and prodding your server. Then when you report it, they dont respond at all, and the IP is never AUP'd. So yes... it was probably f'ing China.
How often are they from the US? Russia? And do you think it might be related to the reports that China has the greatest number of zombies?
Learn to love Alaska
“I know not what weapons world war III will be fought with, but world war IV will be fought with sticks and stones." Albert Einstein
Does it really matter? The thing which concerns me here is that this sort of critical infrastructure is wired to the net without any sort of airgap. Regardless of whether it's the Chinese government backing it or just some random anarchist group, it's deeply concerning that these systems are connect to the net at all.
The alleged "Operation Olympic Games" was not against China but Iran in an attempt to forestall a nuclear weapons conflict, and the mistaken bombing of the Chinese embassy, for which compensation was paid, was the result of incorrect coordinates for a Yugoslavian installation and didn't involve the internet.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
So there was no hacking involved. Simply someone handing out a password to a database to someone else who was not authorized.
It's called social engineering, and it is a well recognized hacking technique used in some infamous cases.
Since someone in the US Army or someone the Army authorized handed over the credentials you can hardly call it an act of war.
War, no. But it is still espionage apparently conducted by one of the last countries controlled by a Communist government whose officials periodically make public statements about attacking the United States with nuclear weapons.
The nature of the information they sought access to, and apparently obtained, isn't benign.
Dam - Sensitive Army database of U.S. dams compromised
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Proof? Who gives two $hits? I'm f$cking relieved that they haven't tried to pin it on Syria, Iran, Chechnya(?), The Tea Party, Occupy*, Iraq, Afghanistan, Pakistan, Mexican Drug Lords, Canadian pharmacies, poor people, rich people, unions, PETA, gun owners, gun makers, Muslims, drug addicts, Social Security, or Medicaid & Medicare, or smokers.
"Democracy." It's just a slogan.
The Russian story is apocryphal, snd there is not a shred of evidence of social engineering in the story.
In fact it seems to be a simple screw up on the part of someone in the Army.
Sig Battery depleted. Reverting to safe mode.
Wow, so a computer operator 500 miles away badly repaired a 29yr 10mo old turbine which had a history of vibration, and caused it to lift out of its seat (by 15ft, not 50ft), and caused it to explode and kill 75. Well at least the Washington Times got one part correct. The accident happened in August 2009 and a report was released in October 2009, and in 2013 the Washington Post made up a fictional story on cause of the accident. I'm going to jump to conclusions here and say the they needed to pad out a shitty article with an example of "Cyber Terrorism" to reel naive reader in.
From Wikipedia
The report states that the accident was primarily caused by the turbine vibrations which led to the fatigue damage of the mountings of the turbine 2, including the cover of the turbine. It was also found that at the moment of accident at least six nuts were missing from the bolts securing the turbine cover. After the accident 49 recovered bolts were investigated from which 41 had fatigue cracks. On 8 bolts, the fatigue damaged area exceeded 90% of the total cross-sectional area.[2]
I've already made this reply once, but seeing as two people have used the exploding turbine as an example of "what could go wrong", I felt I needed to correct somebody who was "wrong on the internet".
Yeah, because the Chinese have bases in countries all over the world...
The People's Republic of China, A.K.A. communist China, has a growing number of military bases and access to facilities around the world. The Chinese fleet has been participating in anti-piracy actions around Somalia, giving them experience in extended naval deployments. The Chinese navy is planning to build something like four aircraft carriers and is currently flying aircraft off their first one that they are bringing into operation now after learning much from the Brazilian navy. Chinese special forces have been training the military in Venezuela. The Chinese are active in Africa.
The Chinese have also been bullying many of their neighbors, laying claim to distant islands and extensive land areas. Why don't you ask the Indians what they think of China's behavior, they are forming several new airborne infantry units to help deal with the threat? Or the Japanese, who are suffering a growing number of incursions by Chinese aircraft and sea vessels? Of perhaps the Philippines, which is seeing Chinese territory grabs on their doorstep?
No, it's the Chinese who are spending themselves into oblivion on weapons of war... Oh, wait, that's us again.
US military spending has recently generally been between 4% to 5% of GDP, well below historic levels. The army and navy and rumps of what they were at the end of the Cold War. Spending on social welfare programs is several times the military budget and is continuing to grow, and will grow for decades to come. It is Social Security, Medicare, Medicaid, now joined by Obamacare which really starts kicking in this year, that will bankrupt the US, not the military spending.
I'm afraid you don't know what you are talking about there.
We spend more on our military than the next 13 nations combined
A large part of that is personnel costs. The US has an all volunteer military that pays its members a salary competitive with the civilian sector unlike many other major nations that use conscription to fill their armies. An American corporal in the Army or Marines makes about what a Chinese general makes per month. I'm sure you can figure the impact of that out. Same thing applies to weapons purchases. Maybe you've heard that Chinese engineering staff and factory labor is cheaper than American?
On the other hand pretty much all European countries allied with the United States spend less than they should by treaty goals. As a result they had a hard time with the intervention in Libya without American assistance.
If it makes you feel better the Chinese are upping their military budget by 10.7% this year.
(but we can't afford to educate our children... bright.)
The US throws large amounts of money at education. The problem isn't with how much money, but what it is spent on, like growing numbers of administrators. There are also social factors that come into play that the education budget itself can't fix. The teachers unions don't help much either.
You don't really have this right either.
I dunno, perhaps if we moved from offense to defense, these things wouldn't be issues?
If platitudes could solve things they wouldn't be issues either.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Not necessarily. There are many, many insecure servers and desktops in China and Taiwan; the language barrier, reliance on Windows XP, high rate of piracy (meaning patches rarely get applied) all combine to make it a humungous petri dish for malware and botnets. If you were trying to cover your tracks, it's be the logical place to vector your probes and attack through.
the mistaken bombing of the Chinese embassy, for which compensation was paid, was the result of incorrect coordinates for a Yugoslavian installation
At least one investigation concluded that the bombing was a deliberate attack to try and stop Stealth Fighter technology being passed back to China.
Can you back up your confident assertion that it was a mistake?
In soviet Russia, dams damn you.
From the article:
In addition to causing a major disruption to the national power grid, hackers could access the systems that control a dam’s turbine generators. A computer mistakenly started one in a Russian damn in 2009, killing 75 people and destroying eight of the nine other turbines in the dam.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
But, I believe your motives in defense of the Rodina are pure, so I will award you a link [youtube.com].
Wow, I didn't see that coming. There I was thinking that I was citing a report from post-soviet Russia (which in no way supports the idea that it was switched on by accident, but that it was running as per usual). But it's interesting that you bring up the accusation of unerring defence of a nation, when you yourself appear (in comments on this article) to vigorously defend the actions of - from what I assume from your spelling of defence - you home country the USA. In fact, your apparent concern with Communism would have fitted in well in the 1950s!
It does state that
..and none of the workers present wanted to make or had no authority to make decisions about further actions regarding the turbine. It seems they were used to those high levels of vibration,
So, in stereotypical Russian fashion, nobody wanted to bring up the problem with the director. Something that appears to happen all too frequently in Soviet and post-soviet Russia.