Chinese Hackers Hit US Firms Linked To South China Sea Dispute (bloomberg.com)

← Back to Stories (view on slashdot.org)

Chinese Hackers Hit US Firms Linked To South China Sea Dispute (bloomberg.com)

Posted by msmash on Friday March 16, 2018 @02:41AM from the security-woes dept.

Chinese hackers have launched a wave of attacks on mainly U.S. engineering and defense companies linked to the disputed South China Sea, the cybersecurity firm FireEye Inc. said. From a report: The suspected Chinese cyber-espionage group dubbed TEMP.Periscope appeared to be seeking information that would benefit the Chinese government, said FireEye, a U.S.-based provider network protection systems. The hackers have focused on U.S. maritime entities that were either linked to -- or have clients operating in -- the South China Sea, said Fred Plan, senior analyst at FireEye in Los Angeles.

"They are going after data that can be used strategically, so it is line with state espionage," said Plan, whose firm has tracked the group since 2013. "A private entity probably wouldn't benefit from the sort of data that is being stolen." The TEMP.Periscope hackers were seeking information in areas like radar range or how precisely a system in development could detect activity at sea, Plan said. The surge in attacks picked up pace last month and was ongoing.

26 of 52 comments (clear)

Min score:

Reason:

Sort:

You just now noticed? by Virtucon · 2018-03-16 03:00 · Score: 3, Informative

I get hit thousands of times a day from port scanners, http/SSH vulnerability probes daily from IP addresses all pointing back to China, Korea, the Middle East and Amazon.. You're just now noticing?

--
Harrison's Postulate - "For every action there is an equal and opposite criticism"
1. Re:You just now noticed? by CodeHog · 2018-03-16 04:24 · Score: 1
  
  What do you use to monitor the scanning / probing?
  
  --
  Fat, drunk, and stupid is no way to go through life, son.
2. Re:You just now noticed? by CodeHog · 2018-03-16 06:06 · Score: 1
  
  so basically dump the log file into spreadsheet and review, got it. I thought maybe someone had an app that could do some smart graphing for you. Might have to look into it more, need a side project to keep from being bored.
  
  --
  Fat, drunk, and stupid is no way to go through life, son.
3. Re:You just now noticed? by richrz · 2018-03-16 07:27 · Score: 1
  
  Or maybe Trump Derangement Syndrome makes lefties see the whole universe through a Trump hatred lens.
Amazon?! by Anonymous Coward · 2018-03-16 03:22 · Score: 2, Funny

So Amazon, LLC is part of the Chinese hack?
Or are you talking Amazon Women who are attacking the US?
The latter may not be bad especially if there's an invasion and I'll be rounded up and executed by Snu Snu.
1. Re:Amazon?! by pnutjam · 2018-03-16 05:24 · Score: 1
  
  Or are you talking Amazon Women who are attacking the US?
  The ones on the moon?
  
  --
  Cheap storage VM.
The cost of Trump by Carewolf · 2018-03-16 03:30 · Score: 1, Flamebait

You allow Russia to hack you and don't retaliate, you can't really expect other people from not doing some consequence free hacking of their own.
1. Re:The cost of Trump by Actually,+I+do+RTFA · 2018-03-16 03:58 · Score: 3, Insightful
  
  China has been hacking the US for longer than Russia and far more pervasively. They just don't bother to monkey in our elections, because they're already winning either way. Russia actually has US politicians who will stand up to them (although they don't seem to have won many elections.)
  
  --
  Your ad here. Ask me how!
2. Re:The cost of Trump by budgenator · 2018-03-16 06:36 · Score: 1
  
  It's cute how you assume you would be privy to US retaliation to their election hacking. Personally I am more disturbed over the Russian nerve agent attack on the soil of a NATO ally than any computer hacking.
  
  --
  Apocalypse Cancelled, Sorry, No Ticket Refunds
3. Re:The cost of Trump by DigiShaman · 2018-03-16 06:44 · Score: 1
  
  China and Russian have essentially declared war on The West; unofficially of course. Once we actually call them out on what they're actually doing, then it will go full kenetic, nuclear in fact. Everything before then is just foreplay raping.
  Unless you're willing to die in WW3, you shouldn't be asking for lube, rather if they offer it in different flavors. IF, they're nice enough to offer lube in the first place we nations get repeatedly ass-raped.
  "You allow Russia to hack you and don't retaliate". Yeah.. hahaha right buddy. MIRVs away!!!
  
  --
  Life is not for the lazy.
4. Re:The cost of Trump by tomhath · 2018-03-16 06:58 · Score: 1
  
  We need to draw a red line in the sand. That'll scare them.
5. Re:The cost of Trump by Whibla · 2018-03-16 08:49 · Score: 1
  
  China has been hacking the US for longer than Russia and far more pervasively.
  You might want to look up "Moonlight Maze" before making statements like that.
6. Re:The cost of Trump by Whibla · 2018-03-16 08:56 · Score: 1
  
  I've just realised that the Wikipedia page I linked to in my previous reply was distinctly light on detail. Sorry.
  There's an excellent chapter on Moonlight Maze in Thomas Rid's book Rise of the Machines (The Lost History of Cybernetics). Well worth borrowing from the library, in my opinion.
7. Re:The cost of Trump by Actually,+I+do+RTFA · 2018-03-16 09:27 · Score: 1
  
  There are a lot of non-kinetic responses that could be effective, ranging from sanctions and embargoes (not even that costly in Russia's case), to confiscating assets of their leaders throughout the western world, to simply cutting them off the Internet. Keep in mind that no one wants to rule a parking lot (Putin, Xi and Kim don't want nuclear war).
  
  --
  Your ad here. Ask me how!
8. Re:The cost of Trump by DigiShaman · 2018-03-16 09:57 · Score: 1
  
  Xi is walking a tightrope; I fully expect him focus on domestic control and protecting their man-made islands along with other bases in Africa and a new one in Pakistan to stave off India. Yet, he has to be careful to not generate turmoil inside China too.
  Kim has more to lose. Sanctions look to be working. Keep the pressure on.
  Putin, he's playing hardball. I think he gives zero fucks if a city is lost to a nuclear exchange so long as he benefits in the end. That man is willing to see the "bigger picture" to victory and make civilian sacrifices to do so.
  
  --
  Life is not for the lazy.
Re: I know the solution by GLMDesigns · 2018-03-16 03:33 · Score: 1, Interesting

ha ha ha.

You're funny.

How about going to Predict It and putting some money on it.

I love taking money from saps like you.

--
If you're scared of your govt then you need to further restrict its powers
Vote 3rd Party in 2016 and beyond
Keep your crown jewels off the Internet by Anonymous Coward · 2018-03-16 03:42 · Score: 1

"They are going after data that can be used strategically, so it is line with state espionage..."
Keep the parts of your internal network that have "crown jewel level" information unreachable from the outside as much as possible.
If you have to allow data to be moved to the "outside world - for example, so a manager can compose an email that contains summaries of important information - do it in a way that is heavily controlled and audited and extremely difficult to "penetrate from the outside" without triggering alarms. Also do it in a way that limits the amount of data that can be stolen.
There are even ways of moving data between the "hardened" network to the "non-hardened" network using "to dumb to be used as a hacking tool" air-gap data storage devices. Pro-tip: USB devices are usually too smart unless steps are taken to "dumb down" the USB interfaces on the "hardened" machines to the point that they are seen as nothing more than data-storage device.
Air-gapping isn't always needed:
A firewall/security device that has a "skinny pipe" to the secure network a "skinny pipe" to the "less secure in-house network" and a third "skinny pipe" to one or more "firewall management workstations" can be enough, provided that firewall audits all traffic, raises alarms and/or cuts off/modifies traffic as needed, and otherwise does its job can be enough for most environments.
---
You can still do this even if you have a multi-site network, but it won't be cheap.
It will cost you, but you can contract with long-haul telcos to run data over a "virtual private" non-IP-based network that never touches the public Internet. You can then control access to that network by controlling physical access to the endpoints. It goes without saying that all of your traffic should be encrypted site-to-site if to endpoint-to-endpoint using a combination of proven, publicly known encryption algorithms and additional encryption layers that are known only in-house (security through obscurity is hardly ever sufficient, but it can make an adversary's life a bit more difficult), so that a compromised telco provider won't be able to ex filtrate data.
Why isn't incoming traffic inspected and blocked? by Invisible+Now · 2018-03-16 04:18 · Score: 1

Couldn't something be done to choke off more suspicious incoming traffic? Or does it fan out to non-aligned proxy nations to be disguised and forwarded?

--
"Knowing everything doesn't help..."
Re:Unencrypted system is being "attacked" by OrangeTide · 2018-03-16 04:36 · Score: 2

That scenario has been proposed already. I think it is likely, but murphy's law will make sure the sea level rise doesn't happen until after an exhaustive treaty is reached or a blood war is won.

--
“Common sense is not so common.” — Voltaire
Re:I know the solution by OrangeTide · 2018-03-16 04:38 · Score: 1

Let's hire more women and minorities.
Wouldn't not hiring them mean leaving half of your potential workforce unused? Are you going to wait until another World War before sending the ladies to work?

--
“Common sense is not so common.” — Voltaire
Things countries notice by hyades1 · 2018-03-16 05:31 · Score: 3, Insightful

It appear's Uncle Sam's recent willingness to drop trou and put his bum in the air for Putin has been noticed elsewhere.
So now China's trying it on.
I wonder who will be next to have a go. Pretty soon, US cyberspace is going to look like Gangbang Night at a Hell's Angels clubhouse.

--
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Re:Why isn't incoming traffic inspected and blocke by budgenator · 2018-03-16 06:41 · Score: 1

Deny ALL; Allow Whitelisted_IP might help some

--
Apocalypse Cancelled, Sorry, No Ticket Refunds
Re: Unencrypted system is being "attacked" by Brockmire · 2018-03-16 07:33 · Score: 1

Unencrypted? Wtf are you talking about? These are attacks against firewalled networks. Fuck off.
clickbait. by Anonymous Coward · 2018-03-16 07:34 · Score: 1

Had to block 2 more subnets today ... 80.211.128.0/18 out of Italy and 86.49.128.0/17 out of the Czech Republic.
Already block Chinese mainland the last 8 yrs, but they know how to use VPNs.
Thousands of attempts against ssh, email and web servers ain't fun.
Re: The price of controversy by Type44Q · 2018-03-16 10:16 · Score: 1

How many times are you going to post the same whine?
Re:Things you never noticed before... by hyades1 · 2018-03-17 02:43 · Score: 1

Uhh, you do know that foreign hackers have never been more dedicated to targeting the various levels of the US government, right?
Did you never wonder when they realized, say, how easy it is to get away with it?

--
I've calculated my velocity with such exquisite precision that I have no idea where I am.