China, Russia Try To Hack Australia's Upcoming Submarine Plans

An anonymous reader writes: Chinese and Russian spies have attempted to hack into the top secret details of Australia's future submarines (paywalled), with both Beijing and Moscow believed to have mounted repeated cyber attacks in recent months. One of the companies working on a bid for Australia's new submarine project said it records between 30 and 40 cyberattacks per night.

Cool paywall, bro

Nice ad for a subscription, and another link being a brief blurb. Journalism at its best.

Re:Cool paywall, bro

Anything that references an article behind a paywall should automatically get rejected.

Re:Cool paywall, bro

[ChunderDownunder]

It's a Rupert paper.

Any time I'm paywalled by News Corporation, he's doing *me* a favour by disallowing the reading of his trashy article.

Re:Cool paywall, bro

[guestapoo]

A bit off-topic, but I surprise that Slashdot not report this, Rupert Murdoch Takes Over at National Geographic, Immediately Starts Laying off Award-Winning Staff. I've read from SoylentNews.

Re:Cool paywall, bro

[megaronic]

This is the usual Murdoch media China and Russia bashing.
What's the big deal for China or Russia or anyone?
The subs haven't been designed yet. No tenders let. No specifications finalised.
More likely its the tenderers trying to get an inside edge on each other. They are from France, Germany and Japan.
When in doubt, Follow The Money.

Shocking!

[DaHat]

Foreign intelligence agencies trying to learn the specifics of a new military system? I am shocked, shocked!

The only news here is that there are signs of it, and seemingly attributable ones as well.

Re:Shocking!

[ShanghaiBill]

The only news here is that there are signs of it

That isn't news either. My home router gets more than 30-40 "cyber-attacks" per night.

and seemingly attributable ones as well.

The "attribution" is just speculation. They have no actual evidence.
They are just softening up the public for a money-grab to conduct "cyber-warfare".

Re:Shocking!

Let's just scrap the CIA.
America just isn't interested in "trying to learn the specifics of a new military system", unlike the nosy Chinese/Russians.

Re:Shocking!

my company website gets 10-100 "cyber-attacks" per hour, for last 3 years. More precisely, those are blind shots at admin login pages typical for popular CMSs.

After filling .http_access with reject for some 80 blocks covering mostly Russia, Ukraine, Belarus, Kazakhstan and China at least I'm not sending any bytes back.

Internet

[amiga3D]

Why do they have this kind of stuff where it can be reached from the internet? I don't see why that's necessary. If it's convenient for the designers then it's too damn convenient for your enemies.

Re:Internet

[TWX]

Why do they have this kind of stuff where it can be reached from the internet? I don't see why that's necessary. If it's convenient for the designers then it's too damn convenient for your enemies.

From the headline:

Chinese and Russian spies have attempted to hack into the top secret details of Australia's future submarines (paywalled)

Sounds to me like they didn't want to pay for them either...

*grin* In all seriousness, it is not practical to air-gap computer networks anymore. Operating systems need too much connectivity for updates, and commercial software wants to do authenticity checks to make sure that the corporations using it have actually paid for it. On top of that with the world basically standardized on TCP/IP it's not practical to even use alternate protocols to complicate access.

That's before you even get to the nature of corporate networks. It's very expensive to build networks that are singular in nature, building parallel networks doubles it. Then you have to account for communication between team members and all sorts of other productivity applications. It's just not practical to not put it on the network.

Re:Internet

In all seriousness, it is not practical to air-gap computer networks anymore. Operating systems need too much connectivity for updates, and commercial software wants to do authenticity checks to make sure that the corporations using it have actually paid for it. On top of that with the world basically standardized on TCP/IP it's not practical to even use alternate protocols to complicate access.

Actually what updates exactly do you need for a computer that's not on the network at large? Most security updates would be superfluous, and the vast majority of 'fix' updates fix stuff doesn't fix system or program breaking issues for most users, barring those introduced by another update. As for commercial software wanting to phone home, that's easily resolved by NOT choosing such software in the first place.

It's perfectly practical to air-gap networks if you go in with the mind set of it from the get go.

Re:Internet

[Lennie]

Then why don't they use Linux ?

Linux works just fine.

It doesn't need to talk to the outside world.

All it needs for updates is mirror it can contact. The mirror could be internal, getting it's packages from the Internet, logged, etc.

Re:Internet

Sounds like the solution then is to put this classified data on the newspaper's paywalled site. Then the Russians and Chinese hackers can't get it at without paying... Oh, wait...

Re:Internet

[amiga3D]

When you're talking billions of dollars I think it might be possible to bypass the internet. I know I have two computers that never see the internet. Updates are done on one manually and the other never. It's entirely possible still to pass data over a telephone network with a modem. I just think when extreme secrecy is required then extreme actions need to be taken.

Re:Internet

[radarskiy]

Who says it can actually be reached from the internet?

Re:Internet

"it is not practical to air-gap computer networks anymore" Anything dealing with classified military information certainly should be air-gapped. It's not hard to do and only creates some minor inconvenience when you need to share that data to a 3rd party. Hand delivered encrypted USB drives is one example. The inconvenience is nothing compared to having a enemy or competitor get their hands on the data. And an air-gapped network will also cut down on the number of hours the employees waste surfing the web.
"It's very expensive to build networks that are singular in nature" It probably is expensive to run parallel networks but why would you have to that? You can use sub-nets and high-end routers to limit access both the outside and internal networks. This would allow a machine to access to internal network resources such as printers. Or just unplug the network cable from the machines with the most sensitive data.

And why do we never hear Russia or China accusing the US of attempting to breaking to their systems? Is the US not doing this? Are the US capabilities so good that nobody can detect their efforts? Maybe there is no good reason for the US to break into China's or Russia's military technology systems only to find nothing but the purloined US data?

Re:Internet

[Type44Q]

The actual blueprints are, in fact, safely air-gapped; the chicoms and the russkies are in fact eagerly downloading the plans for a huge nautically-themed device that simultaneously barbecues shrimp while dispensing XXXX...

Re:Internet

[AHuxley]

+1 for the "convenient for the designers"
US contractors need links back to their multinationals and mil, global sourcing of US parts and US/UK trained experts.
Australia could do all the work at a secure site, base, port but that is been blocked by the USA. The problem is the US would then not share its more secure export grade electronics.
So Australia has to keep its networks wide open to keep US contractors happy and ensure jobs and profits are shared with the US military–industrial complex.
Think of the US jobs and generational shareholders not getting in on the profits if Australia attempts computer systems itself again or buys EU systems.
Australia will be shut out of the package of US digital systems and have to create its own database of Soviet, Russian, UK, US, Korean, Japanese and other nations ship and sub profiles in real time again.
The US will sell, rent, update vital export grade databases only as part of a massive US only contract.
Australia is also facing pressure to just import a sub design from Japan as a turn key export system that is fully supported by the USA.
No more "union" mil/gov backed construction jobs in Australia and the US and Japan are very happy.
The final option for Australia is to consider EU designers and then build in Australia. Great for local jobs and the EU.

Re:Internet

[Ocker3]

Only if you never want to move data into or out of the network, ever, except by manual user input.

Really? 30-40/night

[guruevi]

If China/Russia are actively hacking the joint, I must be running something really interesting because I get about 2000/night from Russia and China on my web servers. This is just some scaremongering from a company that has no IT or an IT without a clue.

Re:Really? 30-40/night

[bobbied]

If China/Russia are actively hacking the joint, I must be running something really interesting because I get about 2000/night from Russia and China on my web servers. This is just some scaremongering from a company that has no IT or an IT without a clue.

Or someone with a political ax to grind who's making it all up...

Re:Really? 30-40/night

[dpidcoe]

That's why I wish they defined what a "cyberattack" is. The fact that there were only 40 of them makes me think that they may have limited the definition to "attacks" that are actually meaningful, but it's all pointless speculation without the details.

Re:Really? 30-40/night

[nnull]

I was just going to mention this. I will get over 1000 a night from just opening port 22 from my HOME server.

Re:Really? 30-40/night

[guruevi]

What is a meaningful attack though? An attack that goes through is meaningful and if they let pass 40 attacks/night, they're doing a really bad job. Security is pretty much black and white, you either get compromised or you don't.

Re:Really? 30-40/night

[dpidcoe]

What is a meaningful attack though?

That's what I wish they would define. An example of a "meaningful" attack might be a flurry of portscans from a single IP address hitting all of their known public IP addresses in sequence in a short timeframe (indicating they were the specific target of the scan). Otherwise they just sound like a software firewall trying to justify its own existence.

Nothing to see.

[dilvish_the_damned]

Back in my sat technology days, that would be an average night. It went on like that for years.
Its only news if they break in.

What Intelligence Agencies Should Be Doing

[Assoluto]

I see absolutely nothing wrong with this. This is exactly what intelligence agencies should be doing - investigating rival countries' military capabilities and assessing threats to the nation.

Meanwhile, what intelligence agencies most definitely shouldn't be doing is mass surveillance of their own people. Intelligence agencies don't exist to suppress descenting opinions. They don't exist to erode freedom. They don't exist to keep the populous inline. The reason they exist to assess external threats to the nation.

It's a sad state of affairs when China and Russia are setting an example to western agencies on how they should be acting.

Re:What Intelligence Agencies Should Be Doing

Go live in China or Russia if you think it's so great there... Moron...

Re: What Intelligence Agencies Should Be Doing

He does.

Re:What Intelligence Agencies Should Be Doing

[DNS-and-BIND]

China and Russia absolutely do spy on their own citizens. Where did you discover that they don't?

How do you know when you have the right plans?

[hawguy]

When you steal plans for a multi-billion dollar project, how do you know when you've got the real plans, and when you've got decoy plans that were carefully developed to be plausible, yet incorrect?

Re:How do you know when you have the right plans?

[AHuxley]

In the old days you had staff photocopy or walk out with images of the real plans. It was that simple to find staff willing to help other nations. They would and could pass any back ground tests, the files would be the same been used.
The problem with any files now found is the US ability to redesign fake plans for any project and have other nations waste decades on junk plans.
eg Operation Merlin https://en.wikipedia.org/wiki/...
Would any nation trust digital files found in Australia, unencrypted on an open facing network with expected gov and mil warnings at the top of each file?
Australia understands its subordinate role to the NSA and GCHQ. All files are encrypted and well looked after. If Australia ever lost files again it would not be getting to share with or free stuff from the US and UK mil again. Australia does not have the ability to just tell the US some locals lost some files again.
The story is bait, junk, propaganda or the files been found on open unencrypted networks are tainted junk, left to see who is looking around Australian dual use networks.
Honeypots to track well crafted spam, phishing. The networks are often self infected just to see the origins, networks, encryption out and methods used to try and find information.
Do the attempts try to list existing projects to appear trusted, list co-workers, VIP email accounts? All this story is about is the honeypot side with some propaganda cyber threat spin.

Re:How do you know when you have the right plans?

[LongearedBat]

We know from the efforts of the many Bothans who died to obtain the plans.

Re:How do you know when you have the right plans?

[thegarbz]

You give the government waaaay too much credit.

Amazing news.

[alexibu]

My home NAS records more cyberattacks than that every night, all you need is a computer and and IP adress.

only 30 to 40?

[tomhath]

China attacks random IP addresses more than that. Try it for yourself: register a domain, put up a web site, and see how many attempts are made every day, probably in the hundreds.

I wonder, how they count -- and what...

[mi]

between 30 and 40 cyberattacks per night

I wonder, what these numbers mean because I — without doing any classified research whatsoever — get log-entries like these every day:

...
Nov 7 02:42:15 symbion sshd[96507]: Invalid user admin from 186.64.69.136
Nov 7 02:42:15 symbion sshd[96507]: input_userauth_request: invalid user admin [preauth]
Nov 7 02:42:21 symbion root-ssh-watch: banned 186.64.69.136 (for pretending to be invalid user `admin')
Nov 7 02:54:34 symbion sshd[96528]: Invalid user pos from 47.19.134.118
Nov 7 02:54:34 symbion sshd[96528]: input_userauth_request: invalid user pos [preauth]
Nov 7 02:54:35 symbion sshd[96530]: Invalid user pi from 47.19.134.118
Nov 7 02:54:35 symbion sshd[96530]: input_userauth_request: invalid user pi [preauth]
Nov 7 02:54:35 symbion sshd[96532]: Invalid user manager from 47.19.134.118
Nov 7 02:54:35 symbion sshd[96532]: input_userauth_request: invalid user manager [preauth]
Nov 7 02:54:36 symbion sshd[96534]: Invalid user admin from 47.19.134.118
Nov 7 02:54:36 symbion sshd[96534]: input_userauth_request: invalid user admin [preauth]
Nov 7 02:54:36 symbion sshd[96537]: Invalid user ubnt from 47.19.134.118
Nov 7 02:54:36 symbion sshd[96537]: input_userauth_request: invalid user ubnt [preauth]
Nov 7 02:54:41 symbion root-ssh-watch: banned 47.19.134.118 (for pretending to be invalid user `admin')
Nov 7 04:17:05 symbion sshd[97127]: Invalid user admin from 187.19.101.110
Nov 7 04:17:05 symbion sshd[97127]: input_userauth_request: invalid user admin [preauth]
Nov 7 04:17:05 symbion sshd[97127]: Postponed keyboard-interactive for invalid user admin from 187.19.101.110 port 51224 ssh2 [preauth]
Nov 7 04:17:05 symbion sshd[97127]: error: PAM: authentication error for illegal user admin from 187-19-101-110.users.certto.com.br
...

Do I get to count each entry as a separate attack? Or one "attack" per remote IP?

Re:I wonder, how they count -- and what...

[thegarbz]

Jesus how many entries do you allow before you just ban the IP? I allow like 3 and then a 15min ban.

Re:I wonder, how they count -- and what...

[mi]

Jesus how many entries do you allow before you just ban the IP? I allow like 3 and then a 15min ban.

I also allow three (depending on the attempted login, actually — trying to get in as "root" will cause an immediate ban, because I would never attempt that myself), and then ban permanently (until the router is rebooted, rather). However, from the time the log-watching script decides to issue a ban and the time the ban is actually in place, there is a delay, because the router is slow and establishing an ssh-session with it takes time. During the operation, a few more attempts to talk to my sshd some times sneak in.

I'm thinking of writing a daemon, that would maintain a permanent ssh-session to reduce the latency, but that's much hairier, than the current simple implementation.

Everyone's got one

[jblues]

Meh - everyone has a submarine these days. . .

Even rebel separatist groups. Here in the Philippines the Moro Islamic Liberation Front (MILF) sadly have trouble with the Google ranking due to competition in the namespace for that acronym. However, that didn't stop plans for the purchase of a Swede-made MSM Type A midget submarine, which was to be used to disrupt the development of an oil and gas project in the now hotly disputed South-china Sea.

The MILFs are one of several separatist groups in the Philippines, which come in Islamic and Communist, and just-plain-thug varieties. The formation of the of the MILF is actually, unsurprisingly, a tragic story. In the 60s with the incumbent government of the Philippines, proceed with plans to invade and reunite neighboring Sabah, which was granted under a lease, but somehow after World War 2 ended up as Malaysian territory.

Troops from the western region of Mindanao were selected and trained to form an elite squadron. When the troops learned that their mission would involve lethal combat with their neighboring kin-folks they refused to participate, so they were massacred by the Philippines Armed Forces on March 18, 1968. This led to years of uprising and political unrest, and it was only recently that the Philippines Government formally acknowledged that the incident occurred.

Reading about this and other affairs helped me to learn about governments, terrorism, political intrigue and rebel groups. We live in a violent world where democracy and other formal government processes seem to be a thin, fragile structure over game-of-thrones style chaos.

Re:Everyone's got one

[jblues]

And during the years of Spanish influence nearly all of the tribes adopted adopted Catholicism, except for the Igorotte highlanders and the Aeta who held to their ancient animism, while the Moro proceeded with their adopted Islam. . . of courses over the years there have been Hindu influences - eg the Tagalog tribe had ties ties with the Kingdom of Medang in Java, and northern Philippines, with its proximity to China. . . . these are generalizations of course, individuals, obviously made many and varied personal choices . . . it is truly a melting pot here.

Actual text from paywalled article

Chinese and Russian spies have attempted to hack into the top secret details of Australia’s future submarines, with both Beijing and Moscow believed to have mounted repeated cyber attacks in recent months.

The hacking attempts have been aimed at the submarine builders in Germany, France and Japan bidding for the $20 billion contract to build the new fleet. The bidders are holding highly sensitive information about the Royal Australian Navy’s technical requirements for its new-generation submarines.

The hacking attacks have forced the bidders to rely more heavily on hand deliveries of the most sensitive information. And they are understood to have alarmed the federal government, which has raised the issue of cyber security with each of the three foreign bidders for the submarine contract: German shipbuilder ThyssenKrupp, France’s DCNS and the Japanese government.

Manfred Klein, campaign manager Australia for Germany’s TKMS, said at the company’s submarine shipyard in the German port of Kiel: “We have about 30 to 40 (hacking) attempts per night, that’s what our IT people say.”

MORE: New security plan needed
Mr Klein said the cyber attacks were all directed at the submarine facility in Kiel and came at a time when the shipyard had a team of 120 people finalising its design for the future Australian submarine.

“The Australian government has raised it with us, and they think it’s significant,” said TKMS Australia board member Jim Duncan, who is helping put together the German bid.

TKMS Australia chairman John White said the attempted industrial espionage was to be expected on such a sensitive and important defence project. “They’re trying to get into everyone’s communications,” Dr White said. “Espionage and breaches of security ... you just assume it is happening. Everybody is in that game. It’s a space that people play in. We don’t suspect anyone, we suspect everybody.”

The Australian understands Japan and France are concerned about attempts by suspected foreign powers to hack into information relating to the subs project.

TKMS declined to say which countries were behind the attempted hackings, but all three foreign bidders privately believe China is leading the push to glean information about the submarine project. Other strategic rivals, including Russia, are also suspected of recent hacking attempts and it is also possible the three bidders for the lucrative contract are seeking to spy on each other.

There is no evidence to suggest that any classified information has so far been compromised by the attempted hacks, which are thought to be from state-run intelligence agencies, commercial companies and individuals.

Cabinet minister Simon Birmingham today said any reports of security threats to Australia were “always of concern” to the government and “every possible precaution” would be taken to protect sensitive information.

“There is always a lot of foreign interest in matters such as technology that goes into submarines or the like,” Senator Birmingham said on Sky News.

“That’s why we invest a lot in the security of information, that’s why we make sure that our security services are well equipped and why we have protocols in terms of the handling of information throughout government.

“I’m sure that these matters will be looked into just as of course any other security threats are and that every possible precaution is taken to protect the sensitivity of information that is critical to Australia’s national security interests.”

The espionage comes at a time of growing strategic naval competition in the Asia-Pacific, with China ramping up its submarine building program and asserting its territorial claims on disputed islands in the South China Sea. Russia has also stepped up naval activities in the region, while other Southeast Asia

Re:Actual text from paywalled article

[KaiserGuy]

IANAL but there must be something immoral or illegal about posting content from behind a paywall.

Damn those spies!

[trawg]

I guess these are the same spies that are trying to hack into my website every night! I guess they're lucky they're only getting Chinese and Russian ones!

Seriously though, three news articles are linked to in this story and zero of them have any more information that differentiates this even remotely from the standard brute force hacking attempts that I'm sure everyone that reads Slashdot puts up with on a daily basis on their various servers and systems.

As far as I can tell for anyone in IT here in Australia, there's no way to distinguish this from an actual threat from foreign nation states attempting to CYBER-espionage us, and just the typical random background noise of automated exploit scriptkiddie stuff.

Any real tech journos want to try to get some actual information?

Re:Damn those spies!

[AHuxley]

re "an actual threat from foreign nation states attempting to CYBER-espionage us, and just the typical random background noise of automated exploit scriptkiddie stuff."
So many nations want the contracts, jobs, cash that *anyone* could be using random internet cover to find out more. Not so much mil secrets just the governments staffs thinking on keeping local jobs vs fully importing a turn key sub.
A lot of cash of decades is in play. Just knowing what to present and when could be a winning contract. What the Australian gov wants from a builder is the only 'secret' not the design specs.

Huh?

[s.petry]

DoD work is supposed to be air gaped when classified. Sure, there is a difference between military contractors and Government. Guess which ones give up information? Not the guys building the military gear, because they are held accountable for their actions.

A great trolling opportunity wasted..

[dsmatthews9379]

Could have thrown in the plans for the secret moon base for free....

30 to 40 a night?

[OrangeTide]

I get 30 to 40 attempts an hour, and that's just the ssh attempts.

Secret 'Submarine Plans' and the Internet ..

[nickweller]

What kind of idiot keeps his secret 'Submarine Plans' on a computer connected to the Internet.

Paywalled? WTF?

[Elixon]

> Chinese and Russian spies have attempted to hack into the top secret details of Australia's future submarines (paywalled)...

If the secret details are paywalled why those stupid spies didn't simply pay to access them? Budget cuts?

30 and 40 cyberattacks per night? LOL

[Elixon]

:-) This amount of attacks simply means that they don't care. I am working on one website of known Japanese corporation and this is the log from my IDS - how many attacks were detected/prevented a day - on average between 100 - 200... and that is just one commercial company: ....
        105x 2015-11-02
        122x 2015-11-03
        226x 2015-11-04
        108x 2015-11-05
        125x 2015-11-06
        149x 2015-11-07
        107x 2015-11-08
        231x 2015-11-09
          40x 2015-11-10

Statistics by attacker's country:
        27.5% CN
        14.8% US
          5.8% IN
          5.1% RU
          3.8% BR
          3.5% KR
          2.2% NL
          1.8% FR
          1.8% DE
          1.7% GB

I guess that it is because we don't use paywall as Australian government to protect our customer. That is why we see such high rate of hacking attempts. :-D

BTW This PR statistics means really nothing when we all know that it takes just 1 successful hack...

Re:old new you off-topic slob

[guestapoo]

I'll take the bait.

Don't fool me, bro. I read this before.
You don't bother to check the date, don't you? The day Murdoch announced to buy National Geographic was 2015/09/10, the day Murdoch FIRED the magazine's staff was 2015/11/04.

You either did not mention the difference of two stories, Murdoch bought the magazine and in other one, he laid off the staff.

Damn you, before name calling other, check your stupid measure.