Slashdot Mirror
Chinese Hackers Infiltrate US Army Database, Compromise Safety of Dams
coolnumbr12 writes "Chinese hackers have infiltrated a sensitive U.S. Army database that contains information about the vulnerabilities of thousands of dams located throughout the United States. The U.S. Army Corps of Engineers' National Inventory of Dams (NID) has raised concerns that information gathered in the hack could help China carry out a cyber-attack on the national electrical power grid."
You guys have nine years to knock that shit off or there is gonna be trouble.
quoted from "https://news.ycombinator.com/item?id=5642408"
Of course they can, what makes you think they aren't?
But a more interesting question is to look at what information is presented and what is missing. How much is new, how much is old. Then on policy stories like this one I sometimes pop over to the senate web site and look at what's coming up on the senate calendar [1] and oh look, on May 7th they are having a hearing to talk about
Hearings to examine the Department of the Air Force in
review of the Defense Authorization Request for fiscal
year 2014 and the Future Years Defense Program.
Hmm, who is in charge of Cyber Command? Why it's the Air Force! Who would have guessed.
(yes I can be that cynical)
From the article it isn't clear exactly what information was deemed sensitive. Does this information include very specific details (like, "here is the password to that plant's SCADA system?" Or does it cover broader details that the public had free access to prior to the September 11 attacks, such information now being withheld as "critical infrastructure information?"
Dam these Chinese!
Faster! Faster! Faster would be better!
The vulnerabilities of the dams are the real problem, but for some reason the government prefers to lie about that. Most of these vulnerabilities are probably pretty obvious to an expert (and, yes, the Chinese have experts on damns and these can go to the US for vacation), so hiding these problems is pretty stupid in the first place.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
According to http://www.wired.com/threatlevel/2013/05/hacker-breached-dam-database/:
"Chinese hackers" = “the Chinese government or military cyber warriors” according to unnamed officials
"sensitive U.S. army database" is a database where users are emailed their username and password in cleartext
"Non-government users can query the database but cannot download data from it" (???)
Is there proof that it actually was a Chinese citizen behind the keyboard? All they did so far is trace the origin back to a Chinese IP address.
Even if the culprit turned out to be a person with Chinese citizenship, it could very well be the same thing as some pimply faced youth somewhere in a fly-over state hacking into a Chinese database. It does not have to be related to the government. However, if it is, China has some explanation to do.
I'm also wondering whether or not the DOD is purposely saying "it's the Chinese" to avoid people asking them "why don't you secure your shit better?".
I'm not a complete idiot... Some parts are missing.
Anything behind a barbed wire fence should never be connected to the Internet.
Earl! Unplug the cows!
I don't understand why anyone would want to connect really important things such as power plants and dams to the Internet. We have been running such things for about a century now and they work just fine. Anything behind a barbed wire fence should never be connected to the Internet. Why do people do this? Just for the convenience of some fat executive or lazy engineer who doesn't want to get his fat @$$ out of this office and see what is really going on with the machinery?
The issue isn't that individual devices are connected to the Internet per se, the problem is that many of these networks are not designed to isolate the sensitive systems from "vanilla" office computers. The problem is people in operations centers need access to weather, news etc and while they have news channels on video wall with various other readouts, sometimes they need to confirm stuff. If it really is going to freeze suddenly, that will require extra capacity as heaters, water heaters, and engine block-heaters get switched back on by some people.
They could run parallel LANs, with separate workstations and networks for the "sensitive" operational machines and the "regular" vanilla workstations where people do email and crap.
The risk is at the touch points, and good luck shutting them all down. How will the administrators receive alerts if the "sensitive" systems can't send SNMP pops to a monitoring system outside the virtual-wire--or to one inside of it that then emails you outside the wire. At some point, PEOPLE become the touch point and sneaker net with USB tokens becomes a problem. You can shutdown and cement over the USB ports but some applications require dongles somewhere and eventually something gets plugged into something and autorun.exe happens and the next thing you know, they're hacked by Chinese.
This problem runs many, many layers deep. If only "unplugging it" was that easy.
Who did what now?
Yeah, because the Chinese have bases in countries all over the world... Oh, wait that's us. No, it's the Chinese who are spending themselves into oblivion on weapons of war... Oh, wait, that's us again. We spend more on our military than the next 13 nations combined (but we can't afford to educate our children... bright.) I dunno, perhaps if we moved from offense to defense, these things wouldn't be issues?
Just a thought.
The U.S. Army Corps of Engineers doesn't keep classified information on civilian projects online, do they? Electrical distribution control systems are not accessible over the internet, are they? It looks to me like someone, whether Chinese, Lebanese, or Portuguese, got some not-so-sensitive information from the Corps of Engineers site, and the U.S. government is using it in its publicity campaign to pass laws giving the government (gasp!) more control over the internet.
How about the Iranian scientist who was assassinated? People thought it was CIA/Mossad, but it turned out that he was working undercover for the US, and was assassinated by the Iranian intelligence service.
By your logic, that single event should exonerate the US for any future occurrences of assassination inside Iran.
Even if the culprit turned out to be a person with Chinese citizenship, it could very well be the same thing as some pimply faced youth somewhere in a fly-over state hacking into a Chinese database. It does not have to be related to the government. However, if it is, China has some explanation to do.
The great firewall of china won't allow any access to foreign sites that they don't like, but turns a blind eye to wholesale hacking by pimply faced kids? Who is THAT naive any more?
That it came from their IP and means nothing in and of itself. Especially when you RTFA and find this nugget
“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was GIVEN to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information,” Pierce said in a statement.
“[U.S. Army Corps of Engineers] immediately revoked this user’s access to the database upon learning that the individual was not, in fact, authorized full access to the NID,” he said.
So there was no hacking involved. Simply someone handing out a password to a database to someone else who was not authorized. Since someone in the US Army or someone the Army authorized handed over the credentials you can hardly call it an act of war.
Someone screwed up, and it took months to find out about it. It may well have been something entirely innocent (if ill advised) as allowing hydrological engineers to compare notes on some aspect of dam construction or dam safety.
Sig Battery depleted. Reverting to safe mode.
http://www.usgovernmentspending.com/year_spending_2013USbn_14bs1n_3036508031#usgs302
Looks like defense is ahead of education. That defense budget seems a little suspicious too. Lots of zeros. And does it include funding the wars?
You clearly dont own a server. There are always IPs belonging to China poking and prodding your server. Then when you report it, they dont respond at all, and the IP is never AUP'd. So yes... it was probably f'ing China.
“I know not what weapons world war III will be fought with, but world war IV will be fought with sticks and stones." Albert Einstein
So there was no hacking involved. Simply someone handing out a password to a database to someone else who was not authorized.
It's called social engineering, and it is a well recognized hacking technique used in some infamous cases.
Since someone in the US Army or someone the Army authorized handed over the credentials you can hardly call it an act of war.
War, no. But it is still espionage apparently conducted by one of the last countries controlled by a Communist government whose officials periodically make public statements about attacking the United States with nuclear weapons.
The nature of the information they sought access to, and apparently obtained, isn't benign.
Dam - Sensitive Army database of U.S. dams compromised
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Wow, so a computer operator 500 miles away badly repaired a 29yr 10mo old turbine which had a history of vibration, and caused it to lift out of its seat (by 15ft, not 50ft), and caused it to explode and kill 75. Well at least the Washington Times got one part correct. The accident happened in August 2009 and a report was released in October 2009, and in 2013 the Washington Post made up a fictional story on cause of the accident. I'm going to jump to conclusions here and say the they needed to pad out a shitty article with an example of "Cyber Terrorism" to reel naive reader in.
From Wikipedia
The report states that the accident was primarily caused by the turbine vibrations which led to the fatigue damage of the mountings of the turbine 2, including the cover of the turbine. It was also found that at the moment of accident at least six nuts were missing from the bolts securing the turbine cover. After the accident 49 recovered bolts were investigated from which 41 had fatigue cracks. On 8 bolts, the fatigue damaged area exceeded 90% of the total cross-sectional area.[2]
I've already made this reply once, but seeing as two people have used the exploding turbine as an example of "what could go wrong", I felt I needed to correct somebody who was "wrong on the internet".
Yeah, because the Chinese have bases in countries all over the world...
The People's Republic of China, A.K.A. communist China, has a growing number of military bases and access to facilities around the world. The Chinese fleet has been participating in anti-piracy actions around Somalia, giving them experience in extended naval deployments. The Chinese navy is planning to build something like four aircraft carriers and is currently flying aircraft off their first one that they are bringing into operation now after learning much from the Brazilian navy. Chinese special forces have been training the military in Venezuela. The Chinese are active in Africa.
The Chinese have also been bullying many of their neighbors, laying claim to distant islands and extensive land areas. Why don't you ask the Indians what they think of China's behavior, they are forming several new airborne infantry units to help deal with the threat? Or the Japanese, who are suffering a growing number of incursions by Chinese aircraft and sea vessels? Of perhaps the Philippines, which is seeing Chinese territory grabs on their doorstep?
No, it's the Chinese who are spending themselves into oblivion on weapons of war... Oh, wait, that's us again.
US military spending has recently generally been between 4% to 5% of GDP, well below historic levels. The army and navy and rumps of what they were at the end of the Cold War. Spending on social welfare programs is several times the military budget and is continuing to grow, and will grow for decades to come. It is Social Security, Medicare, Medicaid, now joined by Obamacare which really starts kicking in this year, that will bankrupt the US, not the military spending.
I'm afraid you don't know what you are talking about there.
We spend more on our military than the next 13 nations combined
A large part of that is personnel costs. The US has an all volunteer military that pays its members a salary competitive with the civilian sector unlike many other major nations that use conscription to fill their armies. An American corporal in the Army or Marines makes about what a Chinese general makes per month. I'm sure you can figure the impact of that out. Same thing applies to weapons purchases. Maybe you've heard that Chinese engineering staff and factory labor is cheaper than American?
On the other hand pretty much all European countries allied with the United States spend less than they should by treaty goals. As a result they had a hard time with the intervention in Libya without American assistance.
If it makes you feel better the Chinese are upping their military budget by 10.7% this year.
(but we can't afford to educate our children... bright.)
The US throws large amounts of money at education. The problem isn't with how much money, but what it is spent on, like growing numbers of administrators. There are also social factors that come into play that the education budget itself can't fix. The teachers unions don't help much either.
You don't really have this right either.
I dunno, perhaps if we moved from offense to defense, these things wouldn't be issues?
If platitudes could solve things they wouldn't be issues either.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell