Norway Becomes First NATO Country To Accuse China of Stealing Military Secrets

An anonymous reader writes: A high-ranking general in the Norwegian Army and head of the Norwegian Intelligence Service E-tjenesten (Etterretningstjenesten) has made official statements accusing the Chinese government of launching cyber-attacks against his country. Gen. Lunde says that state-sponsored hacking groups have targeted many Norwegian companies during the past year. He says that these companies are suppliers and collaborators of the Norwegian army and that hackers have stolen information considered to be state military secrets. The statements were made to Norwegian TV station TV2 by General Lt. Morten Haga Lunde, who was detailing his agency's most recent intelligence report.

Chinese response

Let me guess, they'll accuse the Norwegians of being "irresponsible". That seems to be their favorite line, ever.

Re:Chinese response

"We were just window shopping.." Want to make a military contract with China? Create a series of honeypot servers containing the marketing material for your latest robotic grenade launchers and anti-ship missiles.

Re:Chinese response

[arglebargle_xiv]

Naah, it'll take them years to decrypt words like Etterretningstjenesten so the Norwegians are pretty safe.

Re:Chinese response

[Applehu+Akbar]

That's why they're not lifting military secrets from Iceland.

Re:Chinese response

[theshowmecanuck]

They'd be right. What is Norway using China for anything that could be used in military equipment. Why are systems with military secrets on the WWW (or accessible by that route)? Quite frankly it is no wonder that the new Chinese fighters look like F-22s as well.

Re:Chinese response

[interval1066]

Create a series of honeypot servers containing the marketing material for your latest robotic grenade launchers

You don't even have to do that. Create a server with an open ssl port, covered by an kind of password you want. The Chinese will soon be there, recompiling your kernel to do all kinds of DNS hijinks.

China is pretty much a shithead

Let's see... China has a truly awful record on human rights. China steals military secrets from Western countries. China makes cheap knock-offs of products designed by businesses in more developed countries. And lets not forget that China backs the DPRK, with a brutal nutjob of a dictator who threatens nuclear conflict and has an even worse human rights record. It's easy to point to countries where a regime change might help the world. In the case of China, we'd all be better off if the commie government was gone and they would play nice with their people and the rest of the world. Unfortunately for now China is pretty much the biggest shithead in the world.

Re:China is pretty much a shithead

[Etherwalk]

Unfortunately for now China is pretty much the biggest shithead in the world.

So what you're saying is, you haven't been following the Republican debates?

Re:China is pretty much a shithead

Nope. Logical people are sitting between a giant douche and a turd sandwich.

Re:China is pretty much a shithead

[unixisc]

Yeah, but this is not the Norway of the Viking era - they are completely emasculated - just like the rest of their continent. If Chinese feel the need to steal military secrets from NORWAY, they really have no standards. It's like car thieves stealing Chevy Metros. (There, the first time I did a /. car analogy to make my point, and yeah, Virginia, you're right, I do feel great about it.)

Re:China is pretty much a shithead

[ClickOnThis]

And lets not forget that China backs the DPRK,

You might want to get caught up on current events.

Re:China is pretty much a shithead

[Dahamma]

I suppose you are one of the Trump supporters he loves so much? I mean he said it best himself, "I love the poorly educated."

Re:China is pretty much a shithead

I'll bite. Let me guess, you are one of those people who have never traveled outside USA.

Re:China is pretty much a shithead

Unfortunately for now China is pretty much the biggest shithead in the world.

So what you're saying is, you haven't been following the Republican debates?

Have you been following debates in Russian Duma?

Re:China is pretty much a shithead

[SuricouRaven]

Trump has advocated torturing captive enemies as a deterrent against future attacks, and in a recent speech suggested that the way to end terrorism is to dip bullets in pig blood so muslims will believe getting shot sends them to hell.

The world loves to follow American politics. It's endlessly entertaining, the level of sheer insanity that drives it. But it is no way to run a country.

Re:China is pretty much a shithead

[SuricouRaven]

China's main concern with North Korea is stability. They just want the country to stay right where it is, because a war would be a great deal of trouble for China. NK's tendency towards sabre-rattling concerns them too.

Re:China is pretty much a shithead

Well, they don't really need to steal secrets from the US considering that they already own most of the stuff there.

Re:China is pretty much a shithead

[Opportunist]

Yeah, we have such a GREAT track record with replacing regimes recently. Let's mess with a country that has a billion people and nukes, what could possibly go wrong?

Re:China is pretty much a shithead

[Opportunist]

Clowns to the left of me, jokers to the right, here I am, stuck in the middle with you...

Should be the anthem of any presidential election.

Re:China is pretty much a shithead

[Opportunist]

So... he's in the tradition of Pol Pot? Do people with glasses have to fear for their lives, too, 'cause they're seen as "intellectuals"?

Re:China is pretty much a shithead

[Opportunist]

I have. And I have learned a lot of words that were strangely absent from my formal Russian courses...

Re:China is pretty much a shithead

Yeah, but this is not the Norway of the Viking era - they are completely emasculated

Yeah, because freely raping, looting and killing is how real men should be.

Re:China is pretty much a shithead

> Let's see...

Yeah, let us see.

> China has a truly awful record on human rights.

Just like Russia and the US.

> China steals military secrets from Western countries.

You cannot honestly say that after the spying scandals by the US and everybody and his dog knows the Russians spy (they give decoration objects with ears IIRC).

> China makes cheap knock-offs of products designed by businesses in more developed countries.

China makes the parts that equip high-quality cars and US planes (!), too: they make bad-quality and good-quality parts and your economies cannot solve the low cost conundrum, so you'll continue to depend on China, Thailand, Malasya, Vietnam, Pakistan, India etc. etc.

> And lets not forget that China backs the DPRK, with a brutal nutjob of a dictator who threatens nuclear conflict and has an even worse human rights record.

China tolerates a barking dog. It's too easy for them to enter that POS country and finish the nuclear problem. But, as I see, they want to send a message that they are not in this invasion business or irritate the US by coming closer to South Korea. Just imagine if Cuba had nuclear weapons and rockets, how long would it exist without being invaded by the US? 1 year perhaps?

> It's easy to point to countries where a regime change might help the world. In the case of China, we'd all be better off if the commie government was gone and they would play nice with their people and the rest of the world.

They are playing nice. They're pressuring Japan, SK or other nations nearby (NK is!); for Japan and South Korea, I'd suggest keeping a VERY friendly stance with China -- to avoid future problems and create a good neighborhood while that is still possible (for Japan that might prove hard given its past).

> Unfortunately for now China is pretty much the biggest shithead in the world.

No way. Maybe the second biggest; Russia and the US fight daily for the topmost position.

And stop with that right x left, commie x capitalist talk, will you? This is rather upsetting, it's like seeing a monkey jumping with an AK-47. China and the US pollute equally and won't even discuss the subject of being the world's topmost fsckers regarding environment damage. So much for your cheap idiotic ideology.

Unionized workers have no chance in the USA (Corporations!) and also none in China (People's government!).

Please stop trying to sell us that you're any better than them. You're both scum! And no, I'm not pro-Russia, which tries to be scum but fails...

Re:China is pretty much a shithead

> They are playing nice. They're pressuring Japan, SK or other nations nearby (NK is!)

They're NOT pressuring Japan, SK or other nations nearby (NK is!)... sometimes I words...

Re:China is pretty much a shithead

Now I get it. You vote Trump, because Russia's got Putin.

Wait for Trump's remake of the Revenant, on which he kills the bear with his bare hands...

Re:China is pretty much a shithead

[Kjella]

To put it this way, I would dread the day the US said you wusses take care of yourself we're pulling out of NATO. Despite being occupied once in living memory, we're still so naive we'd be cheering on Chamberlain and "peace for our time" right up to the point Russian Spetsnaz or IS militants start parading in the capital, like they did the very same day the Nazis invaded. Fortunately Eastern Europe has been peeling away from Russia, so hopefully we're not put to the test because I think we'd epic fail again.

That said our military equipment is largely yours, today we fly American F-16s tomorrow we fly American F-35s. We do NATO exercises together, learning tactics from you. Our plans for defense are part of NATOs plan for defense, like forward storage of US military equipment for US troops to defend the alliance. And despite arms trade being a contentious topic we don't advertise much, we actually have some high tech missile systems and such we sell to the US and other allies. Granted the US keeps quite a few cards to themselves, but there's quite a lot worth stealing.

But when it comes to attitude, it's almost like we don't believe in evil anymore. That we're all good at heart and all the bad guys have just had bad childhoods or bad experiences or have been indoctrinated or brain washed. That hate should be met with love, that people are just misunderstood and have lost their way and that everyone can be rehabilitated back to upstanding members of society. And despite all the evidence to the contrary it's not their failure, it's our failure to get them off this destructive path. And if we could just find that, we'd all hold hands and sing kumbayah.

Re:China is pretty much a shithead

One super-power is - supposedly - "stealing", and another super-power is killing people, "militants", women, children, civilians, in smaller under-developed countries with little consideration for it. Who are the biggest shit-heads, really?

Re:China is pretty much a shithead

[sumdumass]

Considering they are claiming control of shipping and fishing lanes they previously never controlled and are building artificial islands to claim seas belong to them what could go wrong with doing nothing? The Philippines and India might be worried over nothing but let's ignore everything because what could go wrong.

Re:China is pretty much a shithead

[greenfruitsalad]

most car analogies on /. are made in a way that works across countries. yours is useless. is chevy metro a large luxurious expensive car or a small cheap-as-chips rustbucket? or are you alluding to its age? (is it old or new?) is it reliable or known to be the opposite? your analogy did not clarify anything.

Re:China is pretty much a shithead

Not advocating for the pigs blood thing, but its a fact that it worked in the Philippines during the 1930's. Not PC, for sure, but one can see why someone would advocate for a strategy that has been show to work in the past.

Re:China is pretty much a shithead

[bytesex]

Norway builds cryptos, radios, subs, guns and oilrigs.

Re:China is pretty much a shithead

You just described the policy of the new Canadian government. Embrace the tree. Give it a hug. Those bad guys are just misunderstood. They had a bad childhood. We need to embrace them with luuuv. Bombs don't make friends. Perhaps if we give them some of our money and some other stuff (pay them a lot of money) they will go away and not bother us anymore. I know it works that way when you give kidnappers money and food. They *never ever ever* try to hold you for ransom or try to kill you. Kumbayah everybody!

Re:China is pretty much a shithead

Nice try, Sweden.

Re:China is pretty much a shithead

[Dahamma]

The difference is Pol Pot, in addition to being a genocidal maniac, was actually very well educated himself...

Whereas Donald Trump probably thinks Khmer Rouge is a type of makeup. ("I know Khmer Rouge, I love Khmer Rouge. They sponsored several of my beauty pageants. My wife Melania is a loyal customer.")

Re:China is pretty much a shithead

i.e. You would rather be a puppet of the US rather than a puppet of Russia. I'm sure the NSA really cares about the security of Noway and the privacy rights of its citizens.

Re:China is pretty much a shithead

[unixisc]

The Chevy Metro is one of the smallest, cheapest and weakest cars in the US market, available from GM. Probably the American answer to the Yugo or the Trabi. It's hard to merge on the freeway in such a car. The only good thing about it is its fuel efficiency. If a car thief wanted to break into and steal a car, he'd probably want to target a nice, expensive and powerful car that's worth the trouble of breaking into & stealing. The Chevy Metro ain't one of those. Which is why breaking into such a car would be the equivalent of China stealing military secrets from... Norway!

Re:China is pretty much a shithead

[Etherwalk]

All of GP's critiques could have been made of the United States by a neutral party. There are a lot of things that The United States does better than China, but unloading on that list as if they were a uniquely Chinese problem makes GP more of a stereotype-induced-hatred-of-the-other than a legitimate critique of China.

Re:China is pretty much a shithead

[Etherwalk]

One super-power is - supposedly - "stealing", and another super-power is killing people, "militants", women, children, civilians, in smaller under-developed countries with little consideration for it. Who are the biggest shit-heads, really?

That's not really accurate. The USA is killing those people after a lot of consideration. Obviously they're making the wrong call in at least some cases, and there are cases where they may make the right call (because they kill someone who would otherwise destroy thousands of lives) but the innocent still die.

But the USA is also *VERY* easy for anyone who is trying to distract from their own failings and problems to paint as the bad guy. While the USA has done some really bad things, the harm being done to the world by many of the people it tries to kill is also a massive evil. It's not so black-and-white.

Re:China is pretty much a shithead

[toddestan]

A large, luxurious expensive car with a Chevy badge? Surely you just.

The Chevy Metro is a re-badged Suzuki Swift. Happy now?

Re:China is pretty much a shithead

[Opportunist]

I would pay for that soundbite.

Re:China is pretty much a shithead

[dave420]

The US is very easy to paint as the bad guy simply on its own merits. Its lack of respect for democracy in other countries is disgustingly hypocritical, and the countless innocent civilians killed by its military misadventures and puppet governments are a stark testament to that.

NO MORE ANTI-CHINA RACISM

Such nonsense and rumor spreading is clearly against all laws regarding Internet communications as promulgated by the Chinese government. Millions of Chinese are insulted and demand Slashdot cease immediately or face consequences of the highest order.

Re:NO MORE ANTI-CHINA RACISM

What, did they say that without a trigger warning?

Re:NO MORE ANTI-CHINA RACISM

[Opportunist]

It's not millions. It's only one and he's CGI'ed to look like a million.

That's why they all look the same.

Small country

4.5 million people, but more balls than many (including the snow ones, of course.)

Re:Small country

[Opportunist]

It's a tough life up north. Don't mess with the Scands, they don't take no shit from nobody.

I think the main reason Finland was not allowed in the NATO is that they would've started a war with Russia long ago over the correct way of distilling Vodka if they only felt like there might be a hint of backing by someone.

Re:Small country

One day we'll get them and show the correct way of doing things... They gots to get got...

(btw Finland is not part of scandinavia)

Norway was probably pressured to lie...

by those Republicans.

Re: Norway was probably pressured to lie...

They do constantly look for ways to start wars.

Re: Norway was probably pressured to lie...

They want us to die. That's just how they be.

Sad reporte' on my country's lack of balls

So this tiny little country is willing to step up and call out the state-sponsored hacking from China that undermines the military posture of NATO? Meanwhile on a golf course somewhere in the continental US... the executive branch is silent on the topic. Time to re-connect with my Norwegian college buddy to find out their countries "man up" secret so I might be able to share.....

Re:Sad reporte' on my country's lack of balls

[icebike]

Bitching about it in the press us hardly something to praise. To paraphrase Stalin, "how many divisions does the press have?"

You get beat, you go back and clean up your act, plug the holes, and thank your lucky stars you didn't have to learn that lesson in wartime.

us first nation to implode itself?

spiritual etc... bankruptcy/paralysis intervention proceedings are underway... when way too much is never nearly enough? cease fire.. truth+mercy=justice .. in the moms we trust..

Re:us first nation to implode itself?

[lhowaf]

Nice job, comrade. That was 11% better than a random word generator.

Re:us first nation to implode itself?

[Opportunist]

I'm pretty sure it was all insightful and inspiring, but it loses a bit in the translation from Chinese.

Two words

[blindseer]

Air Gap.

Keep your state secrets off of internet connected systems and the only way that someone can steal those secrets is with a "Mission Impossible" team sneaking in and crawling through the duct work.

Oh, and maybe you shouldn't have a duct running to your super secret computer room that is large enough for a human to crawl through. Just a thought.

Re: Two words

It takes more than air gaps these days my friend.

Re:Two words

[Dutch+Gun]

The problem with isolating your computer from all other networks is that you tend to lose the advantages of having computers on a shared network, which are obviously rather significant. Military secrets don't exist in a vacuum. They need to be shared with selected other people to be useful. Projects are collaborated and worked on... orders are carried out... data must be analyzed. It's all well and good to say "lock up your secrets where no one can get to them", but remember, that includes the people that actually need access to that data to do their job as well. Suggesting that all state secrets be air-gapped is sort of like the old joke about building an entire airplane out of whatever (supposedly) indestructible materials are used to create the plane's black box. A great idea until you start thinking about the practicality of it.

I'd agree with your suggestion if you're talking only about the ultra-level military secrets that only a handful of people need to know about. It's likely those are on completely isolated systems, but I don't think that's what we're talking about here.

Re:Two words

I think part of the problem (or possible problem) is that the US is adamant about keeping their secrets on a series of networks, each with differing levels of security. What's great for the USA isn't exactly what's great for everyone else- and even then, everything that is hooked to the internet gets compromised. That's all unclassified, but it's still a LOT of data. Expecting EVERY country to maintain the very costly setup the US has is very rough indeed, and even in the US, military related things get stolen by hackers all the time- just not classified stuff.

Re:Two words

An air gap does not require that no computer can be on a network. An air gap means that all computers that share sensitive information must be on a network that is separate from the internet. On the air gapped systems I've been on the files would be stored on a central file server with version control and backup systems. All the people I worked with had access to my work and vice versa. When files needed to move to another site the files would be put on a disc, the disc sealed in a proper container, and handed over to a trusted courier.

Air gaps are easy, a proper internet firewall is hard.

Re: Two words

Of course it takes more than air gaps. The people with physical access to the air gapped network must be trustworthy, intelligent, properly trained, and properly motivated. If there is some aspect I missed then, by all means, please explain.

Re:Two words

[KGIII]

> and even in the US, military related things get stolen by hackers all the time- just not classified stuff.

I'm pretty sure all of our data that was taking in the OPM attack is considered classified. I suspect classified data gets stolen more often than they tell us about it. Hell, it probably happens more often than they know about it.

As an aside; I've worked on an airgapped system. It's a kind of neat process. It was a little frustrating and I'm not sure that the data I was working with needed to be considered classified but they didn't actually want or ask for my advise on the subject. We couldn't even use our own hardware.

Re:Two words

Air Gap.

Keep your state secrets off of internet connected systems and the only way that someone can steal those secrets is with a "Mission Impossible" team sneaking in and crawling through the duct work.

Oh, and maybe you shouldn't have a duct running to your super secret computer room that is large enough for a human to crawl through. Just a thought.

You realize you're talking to every private company that deals with the government right? It's not like "state secrets" are all kept in a drawer in the basement of one government building like a bad TF2 map.

You say air gap, the government says air gap, all it takes one contractor being lazy... dems the facts.

Re:Two words

I'm pretty sure all of our data that was taking in the OPM attack is considered classified.

Wrong

I suspect classified data gets stolen more often than they tell us about it.

Correct

Hell, it probably happens more often than they know about it.

Also Correct

As an aside; I've worked on an airgapped system. It's a kind of neat process. It was a little frustrating and I'm not sure that the data I was working with needed to be considered classified but they didn't actually want or ask for my advise on the subject. We couldn't even use our own hardware.

I have worked on and helped protect "air-gapped systems", and the data they held definitely needed to be classified. (quotes due to arguability about what that term actually means since people have and will debate the point)

Re:Two words

[KGIII]

Are you certain that the data, once collected, isn't considered classified? I was under the impressions that the records were classified... It has been a *long* time since the training and the whole process. Early 2000s was when I went through it for that program and I've had nothing to do with anything of that nature since the end of 2003. I'm kind of annoyed that they'd retained the data but I'll be (hopefully) all good. I already have the 'do not issue credit' flag set as the records are locked at the credit reporting agencies. Regardless, it's mostly just annoying.

Oh, and no... No, I really don't think the data needed to be classified as secret in my case. I wasn't really working with anything that special. At the time, we all pretty much agreed that FOUO would have been fine. I suspect you probably worked with more significant data. I modeled traffic, vehicular and pedestrian, and I'm pretty sure that I'm not allowed to elaborate on what I did specifically.

It was a neat process. We had to use their hardware. I have no idea what they did with it when we were gone. And yes, I believe I know what you mean by air-gapped and that it might be debated. I'm inclined to agree with your definition, it works for me. We had two systems, the first had regular(ish) access. Hmm... You know? I don't think I'm actually at liberty to discuss the second one? I can say that data was often transferred physically but that options were available. I'm not actually sure what I can say about it and, equally important, I don't even know the technical details.

The physical access was kind of unusual. We had cell phones then but I don't think we had cameras in them. Even if we did, it wasn't allowed. We weren't even allowed to bring the phones in. No cameras at all. No discs could be brought in. No compute devices - that included my little Palm. We were subject to physical searches at any time and on entrance and egress. There was a bit more to it but I'm not actually sure I can disclose that.

Chances are pretty good that you're more familiar with it than I, have done so more recently than I, and are probably more aware of whatever changes have been made in the interim.

Re: Two words

[Ungrounded+Lightning]

If there is some aspect I missed then, by all means, please explain.

For starters there are now "administrative tools", touted as a "feature", built right into the chips. These allow complete powning of a machine by any major networking pathway, including WiFI even if the machine is turned off or the network not supported in the OS. It isn't enough to "air gap" a "secure" LAN - or even not HAVE a LAN and rely on sneakernet. You have to physically rip the stock networking devices out of the box to block this path.

Even if you do amputate, there ARE sneakernet attacks (which are as old as computer viruses). Stuxnet, for instance, breached Iran's air gap firewall quite effectively.

Re:Two words

The equipment needs to be kept in a Faraday cage as well to prevent Van Eck phreaking. Anyone with physical access (cleaning staff, etc) is a threat vector.

Who manufactured your equipment? How many different people have worked on the code that is running on your systems? Was there a spy operative sabotaging those processes? You really do have to trust no one, verify everyhing if you want to have true security. I realize there are audits, but there is the potential for things to be missed, especially given how sneaky one can be in C.

Re:Two words

Are you certain that the data, once collected, isn't considered classified? I was under the impressions that the records were classified... It has been a *long* time since the training and the whole process. Early 2000s was when I went through it for that program and I've had nothing to do with anything of that nature since the end of 2003. I'm kind of annoyed that they'd retained the data but I'll be (hopefully) all good. I already have the 'do not issue credit' flag set as the records are locked at the credit reporting agencies. Regardless, it's mostly just annoying.

I was a classifier in the government for a long time, and also dealt with clearances, though I am out of it now. I believe what you are thinking of is classification by aggregation, namely that two unclassified items may become classified if combined since knowing that they relate to each other is really what is classified (it is referred to as a "classified paper clip"). In this case though, all of the information in the database is unclassified, and while very sensitive - especially in aggregation - does not make it classified. It is certainly FOUO (and HIPPA!) though. I too am affected by the breach, and honestly it pisses me off.

Oh, and no... No, I really don't think the data needed to be classified as secret in my case. I wasn't really working with anything that special. At the time, we all pretty much agreed that FOUO would have been fine. I suspect you probably worked with more significant data. I modeled traffic, vehicular and pedestrian, and I'm pretty sure that I'm not allowed to elaborate on what I did specifically.

...

Chances are pretty good that you're more familiar with it than I, have done so more recently than I, and are probably more aware of whatever changes have been made in the interim.

I lived in that environment for far too long and while you are correct that the data I dealt with was "more significant data" (it didn't get any higher), I also at times dealt with systems where they were classified mostly for the "just in case" reason even though there was nothing on them that should be classified. Before about 2000 there was a big push to error towards making things unclassified if in doubt (cough, Clinton), and a lot of damaging stuff was pulled off US systems by others (and we have a very good idea who they are but for equity reasons, don't want to lay our cards on the table lest lose our visibility). As others have said in these comments, it becomes a tradeoff between protecting the data, and being able to use it effectively. The reality is it still isn't being done well and I was fighting losing battles.

Re:Two words

Umm...you know WiFi works over airgaps, dont you?

Re:Two words

[KGIII]

Thanks for the additional info and for the clarification. You actually just confirmed, sort of, something that I was confused about. How to explain this or ask this?

Back in the 1980s, I had my clearance because I transported detainees. I was already a driver so they sent me to school to become a chaser/escort. (I was in the Marines.) Because I had to deal with certain types of records that may be classified, because I had to physically handle them, I had to get my clearance. Even though they were often in sealed envelopes (I had no need to know) and there were occasional bits that were classified, I never *did* anything with those records other than transport them and maybe observe them, heard them read aloud, etc. As an escort/chaser, I do not leave my prisoner alone and unattended, that may include even being present while they communicate with council - I can not be called to testify, I could not be a witness for or against.

I got out and had to re-apply in 1999. This time it was to work as a civilian, as a contractor, on a project. I'm given to understand that that's not actually required any longer? I have no idea but I had to re-apply as it had been longer than ten years since my initial approval. I have been told by someone claiming to have their clearance that they no longer need to reapply even if they've been idle/uninvolved for ten years. Actually, I could have sworn that it was not even ten years but seven? That's not really important but I wasn't sure if they were being dishonest. 'Cause I *know* I had to get my clearance and fill the forms out a second time in 1999. I am not sure if it was 10 or 7 years but, either way, it had been longer than 10 years so that's immaterial to me.

However... Here's the strange thing. I could have sworn that, at least when you're dealing with mixed classification data (for example, prisoner case/trial documents) if you're not sure then it defaults to classified. That anything near, around, similar, or whatnot - it was all considered classified unless not expressly marked. It was all handled as if it was classified. That's not the most articulate description, sorry. But, even though some prisoners, the majority actually, had no classified data in their court paperwork - all data was handled as if it was.

Now it gets slightly less clear... Oh, and I could have sworn that, at one time, "unclassified" was actually a classification itself? But, that's a whole other topic even though it's related.

Next, I had no choice but to work with mixed data. This was very, very much a case of a classified paperclip type of deal. This was a case where a certain data set was quite expressly classified as secret, some was unclassified, and some was classified as FOUO. Now here's the kicker - once they "touched" the results were considered classified. Except, I think they call them classification officers? Something like that... Except, once they got hold of it, quite a bit of it ended up unclassified. (Boy would it have been damned stupid for it to remain classified, I can't say what I'd done but I can say that would have been the exact opposite of what my goal was.)

At any rate, in that instance too - things defaulted to classified. They were later unclassified by the classification officer. The thing is, it was classified by default. Basically the training was and rules were, "Assume secret until told/marked otherwise. Even if not secret, consider it FOUO. Even if not FOUO, consider it need to know."

Sorry for the novella... It's not easy to explain all this. I'm not the most articulate. I seem to recall the protocol was the same if any record was misplaced - it was counted as spillage and treated as spillage. We made damned well sure to not misplace documents. I had a senior officer end up with an other-than-honorable for leaving a prisoner's records/trial documents on the front seat of a staff car while he went into the PX. We made damned sure to not misplace documents. He did not normally handle documents and was running the manila envelope acro

Quit whining Norway

If you don't want your military secrets to be stolen, how about you don't put them on the internet? Simples, no?

Everyone spies. Rather than complaining cos you're not as good at the Game as they are, how about you secure yourself and do a little hacking right back?

Re:Quit whining Norway

[aliquis]

If you don't want your military secrets to be stolen, how about you don't put them on the internet?

Alternatively find a location which has a great firewall and put the servers behind there!

Not China's only Internet-related misbehavior.

[Narcocide]

I'd be happy if they'd just knock it off with the phishing/malware spam already.

That easy huh?

If only putting an air gap around all possibly important information a variety of national and private companies was as easy as typing "Air Gap" in Slashdot comments.
Seriously, your post got _less_ fictional when you started talking about a movie.

Re:That easy huh?

I'm confused. Tell me what is easier, an air gap or buying and maintaining gobs of firewalls to keep the bad guys out?

Security is a process and somewhere along the line someone failed to maintain security or else this would not have happened.

I've worked on air gapped systems before. I'd have two computers on my desk, one on the air gapped network and the other on the internet connected corporate network. That way I could write my code and run my test cases on the secure computer and still have access to e-mail, be able do some internet research, and generally communicate with the outside world. We were not allowed to have our cell phones in the room, the closest they could be was a faraday cage box outside the lab.

There were few telephones in the room to discourage speaking to people outside but still allow people to make quick calls to family or coworkers. (Side note: It was an unlisted number so we'd sometimes get wrong numbers or phone surveys that used a random phone number generator that would normally black list known business numbers. We had to be careful how we answered the phone to not reveal where the phone was located.)

Transfer of information in or out of the lab had to follow a process to keep the lab secure. This is where failures usually happen, the process isn't followed and we'd get a virus or someone did not properly log out a disc. The network was monitored regularly to keep people from removing a computer from the network, a sign someone might take a hard drive or move the computer to the insecure network, or adding anything to the network.

Sharing of data between sites was done by discs sent by a trusted courier. My job did not require me to do this sort of thing so I was not trained on sending discs but I was trained on the process of receiving files from outside the air gap. If a courier was too slow then we'd get a secure network. I'm not sure I can talk on how that network was secured.

Once in a while we'd have the cleaning crew come in to clean the floors and carry out the trash. At that point all work was to stop, computers locked and screens cleared, file cabinets locked, a blinking red light was turned on to indicate the room was no longer secure, and we'd sit around and discuss hunting, sports, or the weather.

As much as the air gap process sucked it was liberating in some ways. One nice thing was that work would stop once I left the room. If we went out to lunch then work never came up while we ate. I didn't have to worry about a cell phone call interrupting me, family and friends learned I was effectively off the grid while working. If someone really needed to get a hold of me that someone would just have to call the front desk and I'd be paged.

An air gap does not require any fancy hardware. Where I worked it was a bit over the top in some respects such as how the front door was secured. Creating an air gap system is pretty cheap, all things considered. The primary thing is to make sure everyone involved is knowledgeable on the processes of maintaining security, those methods were pretty simple as well.

If these private companies and government agencies are not willing to go through the work to create an air gap then they can expect to see a network attack from some far off country. If the firewalls used to secure these systems fail then an attacker's ability to copy or corrupt sensitive data can be bound only by the network bandwidth. An air gap failure tends to be quite limited in scope.

You might find air gaps as a silly idea on computer security but if you have a better idea then I'd like to hear it.

Re:That easy huh?

[FlyHelicopters]

Where I worked it was a bit over the top in some respects such as how the front door was secured.

If it was secured properly, then it was not possible for anything short of a small army to walk in.

I continue to be amazed at the fancy electronic security that is used in many businesses, yet you could just walk right in the front door if you physically wanted to and all they could really do is call the police (assuming you didn't prevent that from the start).

If you honestly have anything worth so much that electronic security of the level you described is required, then you also need physical security. And I don't mean the rent-a-cop that is moonlighting from the mall, I mean you need trained armed guards in body armor with radios and a secure control center that they can communicate with.

All the air-gap in the world won't help if 5 armed men can walk in the door and simply shoot everyone and take what they like.

---

Note: The above is expensive to do correctly, which is why it is so rarely done. But if you need real security, it has to be both electronic and physical.

Re:That easy huh?

I'm confused. Tell me what is easier, an air gap or buying and maintaining gobs of firewalls to keep the bad guys out?

Security is a process and somewhere along the line someone failed to maintain security or else this would not have happened.

Having an isolated network didn't help the Pentagon:

https://en.wikipedia.org/wiki/2008_cyberattack_on_United_States

Or Iran:

https://en.wikipedia.org/wiki/Stuxnet

Re: That easy huh?

But, with government and business, the person working with may be a contractor. You have no control over contractors. Not even security wise. Used to work in a had to know departments, with security uncleared personnel, who were doing the same job, in government and private businesses. With access to secure and crypto level devices. And those devices could kill many. I had to do, like mr airgap, cages. They were sending photos to their girlfriends in where ever. Good security involves getting control of your situation first.

Re:That easy huh?

16 years after tons of documents indicating to the contrary were released by the CIA, and you really believe that?

Seriously, the first

[penguinoid]

I thought America has been accusing them of stealing all kinds of secrets. Was that accusation limited to business *secrets?

*Where "business secrets" means "please build this for us at absurdly cheap prices, but don't learn anything about it".

Re:Seriously, the first

[freeze128]

"please build this for us at absurdly cheap prices, but don't learn anything about it".

Don't worry. Judging from all the Chinese junk that ends up in the Dollar Store, they haven't.

Re:Seriously, the first

*Where "business secrets" means "please build this for us at absurdly cheap prices, but don't learn anything about it".

More like "Figure out why the stuff you delivered doesn't work as intended and fix it, but don't learn anything about it".

The good manufacturers have in-house developers. That means that they are much more capable at finding productions errors.
If you manufacture a product somewhere you trust them with your design and your product. Mounting twice the amount of units and dumping them on the local market doesn't require much effort. They have layouts and component lists. They know what every component does, they need the datasheets to get the thermal information needed for soldering. People reverse engineer products with a lot less information than that.

When you decide to manufacture a product somewhere then you need to trust that manufacturer. Finding the cheapest one might not be a smart choice.

Is eezy

China no have many fjords. We steal fjords.

Re:Is eezy

But we buy Buicks made in China. We like Buicks. We even sell Buicks back to US. PROFIT!!!

Anyone thinks

[no-body]

that this will have an effect on snooping? Like - make them stop trying after succeeding?

Bork bork bork

[xxxJonBoyxxx]

Der eenternet in dem pot is zu zecure zu breaka eento. Bork bork bork!

Re: Bork bork bork

Exactly. China might steal Norway's secrets, but it will never understand them.

Re:Bork bork bork

Bork bork bork is Swedish. The rest of the sentence looks like Dutch.

Re:Bork bork bork

[Carewolf]

Bork bork bork is Swedish. The rest of the sentence looks like Dutch.

Yeah, but Norwegian can to non-speakers sound like higher pitched Swedish, so it would be: Beerk beerk beerk.

Re:Bork bork bork

[Opportunist]

Dude, Norwegian IS high pitched Swedish. Don't try to fool us into thinking otherwise.

For fucksake slashdot ..

[tetraverse]

For fucksake slashdot, enough with these cyber bullshit stories. Has Norway ever considered not keeping its 'state military secrets' on Microsoft Windows connected to the Internet.

Morale?

Sigh, and what would we do with America spying and stealing peoples data? Even the so called "terrorists" are lame compared to actions of the land of "freedom".

Norway

Mil secret? How to make igloos with a swedish army knife while at the same time clubbing seals for their fur secret?

Doing their job?

So, when it was discovered that NSA has been intercepting and storing Internet traffic from all over the world, isn't there a whole slew of patriotic Americans flooding with responses basically saying that was just NSA doing their job?

Now, the ball is on the other court, what's the problem? Chinese spies stealing military secrets? They are just doing their job. Obviously it was the Norwegian Army who were not doing their job to prevent their secrets being stolen.

Re:Doing their job?

[Opportunist]

Yes, and a burglar coming to my home stealing my stuff is also just doing his job. He still gets one over the head with the baseball bat.

Someone doing his job doesn't mean I have to like him doing his job. Or even that it's a good thing he's doing it.

Re:Doing their job?

Norwegian Army came home and discovered burglar in the house. Identified burglar. Good job. Now what? Public shaming is all they can think of?

Re:Doing their job?

Norwegian Army came home and discovered burglar in the house. Identified burglar. Good job. Now what? Public shaming is all they can think of?

Well the standard tactic of trying to feed them lutefisk might not work on the Chinese as I think they might like it. So beyond that, what is Norway going to do exactly? I suspect the most Norway is going to do is demand the Chinese ambassador come by and explain what they were doing. Beyond that all they can do is yell loudly about it.

It's what militaries do

[Tablizer]

Shuddup and steal back

How rude!

I'm sure NATO would never dream of trying to penetrate Chinese military computer systems.

Re:How rude!

[Opportunist]

What for? That would be like torrenting from someone who got his whole library exclusively from you.

Cool!

Setup a honey pot

Norway has just figured out fusion power but decided it was too crude in favor of anit-mater and warp drive.

Folks invading should beware of the defense system using pulse cannons, photons and phasers.

Oh god no, not the Norwegians

please don't fall into the same ugly-bucket as the Americans and whine about "hacking". Stop the accusations of "stealing" and that you wholly and fully invented metal, or the airplane, or exposives, or electronics, or whatever. You are more sensible than this.

Re: Air Gap

Air Gap.

That worked so well for Iran against Stuxnet.

It would be native to think otherwise.

It would be native to think otherwise.

So, which will be the first NATO country to understand the simple rules that govern this world?
Only time will tell...

And that really doesn't work

[Ungrounded+Lightning]

... in a recent speech suggested that the way to end terrorism is to dip bullets in pig blood so muslims will believe getting shot sends them to hell.

Variations on that have been proposed repeatedly. They just show the person proposing them is ignorant of actual Islam.

I'm not all THAT familiar with it myself, but I AM familiar enough to know the major madhhabs agree that being exposed to pig blood by an enemy as a tactic in war is not a problem for getting to heaven (while being killed in such a way is a free first-class ticket).

Choosing to expose one's SELF to it as an act furthering even a holy war is more controversial - which is why, back in the muzzle-loading era, waterproofing a pre-assembled powder/wad/bullet charge (for quicker reloading by biting it open and pouring the contents into the barrel) by dipping it in bacon fat, was an issue for Britain's Islamic soldiers. (Also for Hindus, by the way.)

Re:And that really doesn't work

[SuricouRaven]

"They just show the person proposing them is ignorant of actual Islam."

Yes, they do. And as President, part of his role is diplomatic. Which means maintaining reasonable relations with a number of countries in which Islam is of culture-defining importance. Ignorance is forgiveable, but only in those who are able to recognise it in themselves. Trump clearly does not. If a future President Trump were to say something of the pig-bullet nature, it would be the cartoon riots again - but ten times worse, and with serious economic implications. America could actually lose out on trade deals as the governments of every muslim-majority country in the world would have to react to public pressure to distance themselves from the blasphemous nation, and it might even lead to some seeking closer ties with another superpower.

China good country

Only seek cookie recipe

"Spies steal secrets. What's your problem?"

[Ungrounded+Lightning]

It would be SO refreshing if they'd just say that. B-)

I don't understand. Isn't the US a NATO country?

Therefore the US is the first NATO country to accuse China of stealing military secrets.

Defense Budget of the world

[Etherwalk]

Fundamentally, the United States foots the military budget for a huge portion of the developed world--Pretty much all of Western Europe, Japan, Australia, South Korea, etc...

While some of those countries have an impressive military budget, The UK, France, Germany, Japan, South Korea, Australia, Italy and Canada together spend only about 45% of what the US spends. (Not all are NATO members, but they all have significant military expenditures.)

If the US walked out of NATO it would lose 2/3rds of its military budget and a lot of its logiistical and nuclear capability. https://en.wikipedia.org/wiki/...

Re:Defense Budget of the world

that explains why Australia paid more for second hand M1 Abrams than it costs to make new M1A2's, thanks for footing the bill for us!

Important cultural difference

[Solandri]

I'm Asian and I keep having to emphasize this with my Caucasian friends. Standards of behavior are arbitrary. Just because you're used to one standard doesn't mean you should expect other people elsewhere in the world to adhere to the same standard.

The Western standard is that you don't directly steal things someone is trying to keep secret. You pass a few laws making the behavior illegal, and that's it. Anyone who breaks the law and steals your secret is a "shithead" (to quote another comment), and should be tried and jailed. You can infer the secret from afar, based on secondary information which leaks out, but stealing it directly is a no-no.

The Eastern standard is that if you want to keep something secret, you'd better do everything you can to keep it secret. If someone manages to hack you and steal your secrets, it's your own damn fault for not protecting yourself. Corporate and state-sponsored espionage isn't just encouraged, it's expected. You can be fired if you refuse your company's orders to spy on a competing company. Just don't get caught doing it. That'll result in you being fired in order for the company to save face - everyone pretends they respect each others' secrets, even while they're secretly trying to steal them.

The Hainan Island incident is a good example. The U.S. felt justified spying because they flew the EP-3 just outside Chinese territorial waters. They weren't breaking any laws, so by Western standards the behavior was OK. By Eastern standards, the behavior became unacceptable the moment it was clear they were spying. If the U.S. had been spying secretly, it'd be OK. But doing it overtly and openly by flying the EP-3 in plain sight just outside the Chinese border was a faux pas.

Because of this difference in standards of behavior, I read about all the joint technology deals Western companies make with China, and just shake my head in disbelief. Like the German company agreeing to manufacture high speed trains in China, instead of manufacturing them in Germany and shipping them to China. After a couple years, the Chinese told them they didn't need their help anymore, and didn't renew the contract. Obviously what happened was the Chinese went over every inch of the production facilities during off-hours to glean every nugget of information they could about manufacturing these trains. And after a couple years when they felt they had a good enough handle on how it all worked, they ditched the German company and started manufacturing the trains themselves. The Germans expected the Western standard of behavior - that the Chinese would "respect" the sanctity of their production secrets and not try to copy them. (Kawasaki did the same thing to my surprise, since they knew going in that this would happen.)

So don't expect the Chinese hacking and spying to stop. As long as there's plausible deniability, they're going to keep at it. The onus is on Western companies and governments to protect themselves as best they can, because the Eastern standard wins in a race to the bottom.

Re:Important cultural difference

[dave420]

You are ignoring the corporate espionage that happens in the west. That kind of defeats your strange, rambling argument.

Re:Important cultural difference

USA; YOU ARE DOOMED if all these people think this way. PLASE, just play a few Civilization games so you see how things go in practice.

Hardly the first

Last I checked, the US was a NATO country, and they have been accusing China of stealing secrets for *years*. Canada too is a NATO country, and I recall China being accused of trying to break into several government systems at least 2 years ago. At one point Huawei was accused of having backdoors in their routers, and the Chinese PLA Unit 61486 (31.349286N, 121.573539E) was fingered by Canadian officials (the US has pointed fingers at them too). So I don't think Norway is the first.

Kim yung-un stole 2000 volvos from Sveden

Learn2car analogy like Bess Kowea you stinky Chinese Norwegian whasian haffbrreed. Norf Kowea massa race reportung!

Hypocrisy

Oh irony. Not that Chinese spying is acceptable but Norway's current government is incompetent. They should be be looking far more closely at what NATO "ally" America and even Britain have been doing when it comes to dis-respecting privacy of its citizens. Staying blind to the NSA and GCHQ shenanigan while lecturing China on spying is hardly morally credible.