Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Hackers Hit US Firms Linked To South China Sea Dispute (bloomberg.com)

Posted by msmash on from the security-woes dept.

Chinese hackers have launched a wave of attacks on mainly U.S. engineering and defense companies linked to the disputed South China Sea, the cybersecurity firm FireEye Inc. said. From a report: The suspected Chinese cyber-espionage group dubbed TEMP.Periscope appeared to be seeking information that would benefit the Chinese government, said FireEye, a U.S.-based provider network protection systems. The hackers have focused on U.S. maritime entities that were either linked to -- or have clients operating in -- the South China Sea, said Fred Plan, senior analyst at FireEye in Los Angeles.

"They are going after data that can be used strategically, so it is line with state espionage," said Plan, whose firm has tracked the group since 2013. "A private entity probably wouldn't benefit from the sort of data that is being stolen." The TEMP.Periscope hackers were seeking information in areas like radar range or how precisely a system in development could detect activity at sea, Plan said. The surge in attacks picked up pace last month and was ongoing.

52 comments

  1. Unencrypted system is being "attacked" by Anonymous Coward · · Score: 0

    News at 11

    1. Re:Unencrypted system is being "attacked" by Anonymous Coward · · Score: 0

      You would think that with all this Global Warming going on, that the islands in the South China Sea would soon be washed away by a Typhoon.

    2. Re:Unencrypted system is being "attacked" by OrangeTide · · Score: 2

      That scenario has been proposed already. I think it is likely, but murphy's law will make sure the sea level rise doesn't happen until after an exhaustive treaty is reached or a blood war is won.

      --
      “Common sense is not so common.” — Voltaire
    3. Re: Unencrypted system is being "attacked" by Anonymous Coward · · Score: 0

      Doesn't matter. They are building them. The goal is to spread border, expand maritime rights, and prevent US base building in South China Sea. They will go to war over it, too. Hacking story is just more fluff, the goal is too justify US expansion. Xi will be the next Putin for the media on current track.

    4. Re: Unencrypted system is being "attacked" by Brockmire · · Score: 1

      Unencrypted? Wtf are you talking about? These are attacks against firewalled networks. Fuck off.

  2. You just now noticed? by Virtucon · · Score: 3, Informative

    I get hit thousands of times a day from port scanners, http/SSH vulnerability probes daily from IP addresses all pointing back to China, Korea, the Middle East and Amazon.. You're just now noticing?

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
    1. Re:You just now noticed? by Anonymous Coward · · Score: 0, Interesting

      The /. article is is just clickbait. Headline should be "Trade war started by Trump motivates every other country to attack US interests everywhere"

    2. Re:You just now noticed? by CodeHog · · Score: 1

      What do you use to monitor the scanning / probing?

      --
      Fat, drunk, and stupid is no way to go through life, son.
    3. Re:You just now noticed? by Anonymous Coward · · Score: 0

      It's been that way for years, and is the world over. It's called the noise of the internet.

      But if there's political gain in reporting it, it suddenly "hackers". Well, by that logic msmash is a hacker for mashing the buttons leading up to this slashdot post. msmash is a hacker, Q.E.D. "Stupidity hacker" is the next "growth hacker".

    4. Re:You just now noticed? by Anonymous Coward · · Score: 0

      That's probably just NSA/CIA ip spoofing you, dumb-ass.

    5. Re:You just now noticed? by Anonymous Coward · · Score: 0

      You collect the rejected connection IPs and do a mass lookup. It shows the patterns you would expect.

    6. Re:You just now noticed? by Anonymous Coward · · Score: 0

      Just set up your PF firewall to log to your preference of detail and size. There are also nice GUI add-ons available for PF that makes setting rules, alerts, and logging relatively simple for those who are not comfortable working in a terminal.

    7. Re:You just now noticed? by CodeHog · · Score: 1

      so basically dump the log file into spreadsheet and review, got it. I thought maybe someone had an app that could do some smart graphing for you. Might have to look into it more, need a side project to keep from being bored.

      --
      Fat, drunk, and stupid is no way to go through life, son.
    8. Re:You just now noticed? by richrz · · Score: 1

      Or maybe Trump Derangement Syndrome makes lefties see the whole universe through a Trump hatred lens.

  3. The price of controversy by Anonymous Coward · · Score: 0

    It ain't right and it ain't fair, but if you attract controversy you attract people who want to make your life difficult.

    1. Re: The price of controversy by Type44Q · · Score: 1

      How many times are you going to post the same whine?

  4. Amazon?! by Anonymous Coward · · Score: 2, Funny

    So Amazon, LLC is part of the Chinese hack?

    Or are you talking Amazon Women who are attacking the US?

    The latter may not be bad especially if there's an invasion and I'll be rounded up and executed by Snu Snu.

    1. Re: Amazon?! by Anonymous Coward · · Score: 0

      Actually I think he is serious. Amazon AWS servers are always scanning and running attack bots against my servers. It's too easy for someone to spin up some bot scripts and let them go wild.

      I'm sure any server admin that checks their logs enough gets the same type of traffic.

    2. Re:Amazon?! by pnutjam · · Score: 1

      Or are you talking Amazon Women who are attacking the US?

      The ones on the moon?

      --
      Cheap storage VM.
    3. Re:Amazon?! by Anonymous Coward · · Score: 0

      It's actually a concerted effort of obscure Amazonian tribes to collect information about the outside world. In the light of this information, many have declined to emerge from the rain forest.

  5. The cost of Trump by Carewolf · · Score: 1, Flamebait

    You allow Russia to hack you and don't retaliate, you can't really expect other people from not doing some consequence free hacking of their own.

    1. Re:The cost of Trump by Actually,+I+do+RTFA · · Score: 3, Insightful

      China has been hacking the US for longer than Russia and far more pervasively. They just don't bother to monkey in our elections, because they're already winning either way. Russia actually has US politicians who will stand up to them (although they don't seem to have won many elections.)

      --
      Your ad here. Ask me how!
    2. Re:The cost of Trump by Anonymous Coward · · Score: 0

      These politicians only "stand up to them" because Russia doesn't pay them bribes, not because of some moral/ethical superiority.

    3. Re: The cost of Trump by Anonymous Coward · · Score: 0

      Sure thing comrade! War is over you say?

    4. Re:The cost of Trump by Anonymous Coward · · Score: 0

      Seriously, this is standard nation-state espionage. Carebear was just looking for an opportunity to gripe about Trump.

    5. Re:The cost of Trump by budgenator · · Score: 1

      It's cute how you assume you would be privy to US retaliation to their election hacking. Personally I am more disturbed over the Russian nerve agent attack on the soil of a NATO ally than any computer hacking.

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
    6. Re:The cost of Trump by DigiShaman · · Score: 1

      China and Russian have essentially declared war on The West; unofficially of course. Once we actually call them out on what they're actually doing, then it will go full kenetic, nuclear in fact. Everything before then is just foreplay raping.

      Unless you're willing to die in WW3, you shouldn't be asking for lube, rather if they offer it in different flavors. IF, they're nice enough to offer lube in the first place we nations get repeatedly ass-raped.

      "You allow Russia to hack you and don't retaliate". Yeah.. hahaha right buddy. MIRVs away!!!

      --
      Life is not for the lazy.
    7. Re:The cost of Trump by tomhath · · Score: 1

      We need to draw a red line in the sand. That'll scare them.

    8. Re:The cost of Trump by Whibla · · Score: 1

      China has been hacking the US for longer than Russia and far more pervasively.

      You might want to look up "Moonlight Maze" before making statements like that.

    9. Re:The cost of Trump by Whibla · · Score: 1

      I've just realised that the Wikipedia page I linked to in my previous reply was distinctly light on detail. Sorry.

      There's an excellent chapter on Moonlight Maze in Thomas Rid's book Rise of the Machines (The Lost History of Cybernetics). Well worth borrowing from the library, in my opinion.

    10. Re:The cost of Trump by Actually,+I+do+RTFA · · Score: 1

      There are a lot of non-kinetic responses that could be effective, ranging from sanctions and embargoes (not even that costly in Russia's case), to confiscating assets of their leaders throughout the western world, to simply cutting them off the Internet. Keep in mind that no one wants to rule a parking lot (Putin, Xi and Kim don't want nuclear war).

      --
      Your ad here. Ask me how!
    11. Re:The cost of Trump by DigiShaman · · Score: 1

      Xi is walking a tightrope; I fully expect him focus on domestic control and protecting their man-made islands along with other bases in Africa and a new one in Pakistan to stave off India. Yet, he has to be careful to not generate turmoil inside China too.

      Kim has more to lose. Sanctions look to be working. Keep the pressure on.

      Putin, he's playing hardball. I think he gives zero fucks if a city is lost to a nuclear exchange so long as he benefits in the end. That man is willing to see the "bigger picture" to victory and make civilian sacrifices to do so.

      --
      Life is not for the lazy.
  6. Re: I know the solution by GLMDesigns · · Score: 1, Interesting

    ha ha ha.

    You're funny.

    How about going to Predict It and putting some money on it.

    I love taking money from saps like you.

    --
    If you're scared of your govt then you need to further restrict its powers
    Vote 3rd Party in 2016 and beyond
  7. Keep your crown jewels off the Internet by Anonymous Coward · · Score: 1

    "They are going after data that can be used strategically, so it is line with state espionage..."

    Keep the parts of your internal network that have "crown jewel level" information unreachable from the outside as much as possible.

    If you have to allow data to be moved to the "outside world - for example, so a manager can compose an email that contains summaries of important information - do it in a way that is heavily controlled and audited and extremely difficult to "penetrate from the outside" without triggering alarms. Also do it in a way that limits the amount of data that can be stolen.

    There are even ways of moving data between the "hardened" network to the "non-hardened" network using "to dumb to be used as a hacking tool" air-gap data storage devices. Pro-tip: USB devices are usually too smart unless steps are taken to "dumb down" the USB interfaces on the "hardened" machines to the point that they are seen as nothing more than data-storage device.

    Air-gapping isn't always needed:

    A firewall/security device that has a "skinny pipe" to the secure network a "skinny pipe" to the "less secure in-house network" and a third "skinny pipe" to one or more "firewall management workstations" can be enough, provided that firewall audits all traffic, raises alarms and/or cuts off/modifies traffic as needed, and otherwise does its job can be enough for most environments.

    ---

    You can still do this even if you have a multi-site network, but it won't be cheap.

    It will cost you, but you can contract with long-haul telcos to run data over a "virtual private" non-IP-based network that never touches the public Internet. You can then control access to that network by controlling physical access to the endpoints. It goes without saying that all of your traffic should be encrypted site-to-site if to endpoint-to-endpoint using a combination of proven, publicly known encryption algorithms and additional encryption layers that are known only in-house (security through obscurity is hardly ever sufficient, but it can make an adversary's life a bit more difficult), so that a compromised telco provider won't be able to ex filtrate data.

  8. Why isn't incoming traffic inspected and blocked? by Invisible+Now · · Score: 1

    Couldn't something be done to choke off more suspicious incoming traffic? Or does it fan out to non-aligned proxy nations to be disguised and forwarded?

    --

    "Knowing everything doesn't help..."

  9. Re:I know the solution by OrangeTide · · Score: 1

    Let's hire more women and minorities.

    Wouldn't not hiring them mean leaving half of your potential workforce unused? Are you going to wait until another World War before sending the ladies to work?

    --
    “Common sense is not so common.” — Voltaire
  10. Re: Thats Wacist! by Anonymous Coward · · Score: 0

    Don't you mean mandawin?

  11. Things countries notice by hyades1 · · Score: 3, Insightful

    It appear's Uncle Sam's recent willingness to drop trou and put his bum in the air for Putin has been noticed elsewhere.

    So now China's trying it on.

    I wonder who will be next to have a go. Pretty soon, US cyberspace is going to look like Gangbang Night at a Hell's Angels clubhouse.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  12. Re:Why isn't incoming traffic inspected and blocke by Anonymous Coward · · Score: 0

    Sophisticated attacks are masked as legitimate traffic. Deep packet inspection (DPI) screens are generally build using regular expressions, also known as signatures. Most vendors have those in open access. Knowing the regex it isn't hard to build an attack, that would avoid being detected this way.
    Filtering out China's IPs won't work, just blocks noise from port scanners. Dedicated attackers will use hacked servers in US or other countries to proxy the attack, they go ten dollars per bunch in deep web.

  13. What about the 50 cent party? by Anonymous Coward · · Score: 0

    > They just don't bother to monkey in our elections, because they're already winning either way.

    Has anyone actually looked into that? They have an organization of paid online trolls and I have no idea why they wouldn't push China's view of things with respect to the US elections as they do on every other matter.

  14. Re:Why isn't incoming traffic inspected and blocke by budgenator · · Score: 1

    Deny ALL; Allow Whitelisted_IP might help some

    --
    Apocalypse Cancelled, Sorry, No Ticket Refunds
  15. clickbait. by Anonymous Coward · · Score: 1

    Had to block 2 more subnets today ... 80.211.128.0/18 out of Italy and 86.49.128.0/17 out of the Czech Republic.

    Already block Chinese mainland the last 8 yrs, but they know how to use VPNs.

    Thousands of attempts against ssh, email and web servers ain't fun.

  16. Things you never noticed before... by Anonymous Coward · · Score: 0

    Uhh, you do know that foreign hackers have been doing the same things for basically as long as there's been an internet, right?

    Did you never wonder why people wanted to, say, block China from hitting their SSH ports?

    1. Re:Things you never noticed before... by hyades1 · · Score: 1

      Uhh, you do know that foreign hackers have never been more dedicated to targeting the various levels of the US government, right?

      Did you never wonder when they realized, say, how easy it is to get away with it?

      --
      I've calculated my velocity with such exquisite precision that I have no idea where I am.