Slashdot Mirror
Chinese Hackers Breach US Navy Contractors (wsj.com)
Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, triggering a top-to-bottom review of cyber vulnerabilities, WSJ reported Friday, citing officials and experts. From the report: A series of incidents in the past 18 months has pointed out the service's weaknesses, highlighting what some officials have described as some of the most debilitating cyber campaigns linked to Beijing. Cyberattacks affect all branches of the armed forces but contractors for the Navy and the Air Force are viewed as choice targets for hackers seeking advanced military technology, officials said. Navy contractors have suffered especially troubling breaches over the past year, one U.S. official said. The data allegedly stolen from Navy contractors and subcontractors often is highly sensitive, classified information about advanced military technology, according to U.S. officials and security researchers. The victims have included large contractors as well as small ones, some of which are seen as lacking the resources to invest in securing their networks. One major breach of a Navy contractor, reported in June, involved the theft of secret plans to build a supersonic anti-ship missile planned for use by American submarines, according to officials.
Clearly, contract requirements should also now include proof of engagement in best practices of network and data security.
Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: General Protection Fault. [Paroty Error.]
"One major breach of a Navy contractor, reported in June, involved the theft of secret plans to build a supersonic anti-ship missile planned for use by American submarines, according to officials."
When contractors are held criminally responsible for their poor security resulting in military secrets being stolen by our enemies, then maybe they'll get serious about plugging the holes.
Contractors using Windows. After all, the Navy seems to be married to Windows, even when it cripples its battleships.
I worked for years as a security analyst mainly just developing exploits and pen-test frameworks. I have to say that I'm now completely disillusioned with IT security and it now bores me to tears. The Chinese and/or other state actors have stolen soooooo fucking much from us. The F35, hypersonic missiles, complete lists of government agents/employees from the OMB, the list is very very long. You partisans will probably all assume I am a Trump-lover but I don't like him. I do, however, have to admit that he seems to at least be able to talk about Chinese IP theft unlike 99% of other politicians who just seem so sprung on the globalism gravy train they can't see that these people are behaving like *enemies*. Love or hate Trump, we gotta address this problem. My preference would be to emulate the Skunkworks and be super militant about physical security and just crucify a few people for bringing in USB sticks and smart phones in to flaunt the rules. I'd also force people to stop using computers for things they didn't need them for and just put the data/research at greater risk. Computers don't solve all problems with equal effectiveness, despite some people wanting to use them everywhere. However, I'd also take action against China. I bet if you started de-coupling all their domains from DNS root servers you'd get their attention. If they broke off and formed "Chinanet" then that'd be just fine - fewer hacks on our servers from their dirtbag inhabitants and government. When I geoip block China on my firewalls hack attempts go down by about 90%. They are rarely smart enough to use on-shore machines to hack from (it happens, but rarely, I found some Chinese hosting asshole in LA that had a nest of them once).
what about an code red for the ceo/vp/board? or maybe an treason trial with death on the table?
The solution to internet insecurity is simple: stop prioritizing convenience over security. We don't leave the door to our house unlocked because remembering to take the key with you is too inconvenient.
It is a well-known fact, that ethnic Chinese abroad spy for China en-masse. Some willingly, some — under coercion.
One immediate step a country could take is to treat them with increased suspicion, which in the US is both against the laws and the morals — targeting expats from a particular country is denounced (and even prosecuted) as "racial profiling" — a trait Chinese society itself does not poses.
Until we overcome this weakness against Chinese — the way we are overcoming it with the Russians, for example, our highest-tech research will remain at risk.
In Soviet Washington the swamp drains you.
We don't need contractor names but It would be nice to learn from other people's mistakes.
Seed networks with many bogus strategies, projects, blueprints. Many of these could even be AI-generated. Then see whether they can separate the wheat from the chaff. Sound like the basis for a DARPA proposal from some AI academics.
But, but they had no criminal intent!! So no reasonable prosecutor should ever go after them!
In Soviet Washington the swamp drains you.
This is precisely the cure --- litigation --- and in this case it's the feds.
Look at Snowden. He's a contractor who walks in and out with the fucking keys to the store. How much has the government learned since then? Apparently, not much. Contractors are not committed military personnel, though that does open the door to criticize the Manning deal where "need to know," was replaced by, "must have Lady Gaga CD."
Companies are hacked daily and they don't know about it until the data shows up for sale on the Dark Web. Somebody has to tell them. That negligence should have ramifications.
The basic problem, as I see it, is CaptainDork's 6th Corollary:
For every motherfucker out there with a computer, there's another motherfucker out there with a computer.
Sensitive entities should be using different hardware/software using an isolated "Internet."
It little behooves the best of us to comment on the rest of us.
My opinion is this is worse than Snowden.
"Action without philosophy is a lethal weapon; philosophy without action is worthless."
If our militaries and defence contractors are THIS fucking stupid, maybe we DESERVE to get our arses kicked by Russian and Chinese fascists. We'll then have a LONG time to regret not pulling our heads out of our arses and waking up to the threat, because a world ruled by Russians and Chinese will be a dark, dark place indeed.
Similar stupidity with the American obsession with aircraft carriers. Each costs upwards of $13b with 6000 sailors on each. China and Russia, when the shooting starts, will send a bunch of them to the sea floor with salvos of high-speed long-range missiles.
Even so, I doubt our fucking idiot leaders will wake up to themselves. They're all sitting around wanking each other off, playing stupid culture-war games (no doubt egged on by Russian trolls), and figuring out how to enrich themselves and their donors to get a grip on the situation.
HOW MUCH bad shit will need to happen before we get our act together? Come ON!
We're getting to the point of 'Battlestar Galactica' -- the enemy (Russia and China) is now so good at cyber, anything attached to a network will get compromised.
Putin certainly understands this. Of the massive damage Snowden's treachery inflicted on us -- the Russians know what we're capable of, and Putin became a "technophobe" -- meaning everything on paper and typewriters, or hardwired secure telephone lines. There is a big black hole in the heart of the enemies' camp.
The enemy has wised up. Why aren't we?
So contractors can make money on all kinds of new mil work they can do on a network.
:)
A large international company can hire a few US lawyers and approved gov/mil staff and use the "internet" to bid for US gov/mil work.
Using a larger number of low wage staff outside the USA do the work. Low wages and a small "trusted" front company in the USA to win any US mil bid with.
The NSA likes the wide open "network" too as they can spy back down the "internet" at who is spying so well and deep on the US mil.
A few NSA people can spy on the world as the spies have to network into the USA.
The CIA creates fake files and see who they can fool into starting projects in their own nations from "fake" advanced US projects and files.
Everyone gets their very own version of Operation Merlin https://en.wikipedia.org/wiki/...
Want some "free" laser isotope separation files?
Nations waste money and show their own spy networks trying to work on junk US bait projects found deep in US mil networks
A few CIA "projects" found by other nations can set other nations mil spending back decades.
Th FBI likes the networks as they can detect who is moving large amounts of files around to sell to spies.
The FBI can stay waiting deep in networks and see who is looking for what files and moves files around using what methods and accounts.
A few FBI people can track a lot of US contractors all over the world.
The FBI in an undercover role can ask any contractor to copy files out from a mil network and see if they do that task for money.
The FBI can then watch such files and see in the contractor reports the "approach" to spy or starts to copy the files.
The FBI kind of expects spying in the traditional way. A file structure will be searched in real time and the FBI can spy on words/names and terms in real time.
What the FBI finds is the other nations just copy out the entire US database. No security, no encryptions allows all the US data to walk. The FBI never finds out what was so interesting as all the data is copied out.
That's why so many US systems are kept wide open - its a trap.. Security wants to see what is getting look for/at/search terms used from what account. The bad nations just copy it all out.
Spies know they are watched on US networks and dont show what they are looking for on US networks anymore.
Consider the comfort of staying in the USA. No having to follow the US mil work around the world and do months of security work in person at some cold/hot/dusty/isolated US camp/fort/base/port. For an average wage and then get taxed a lot.
A wage lost to US taxes and rent in some other nations to work on a US base in person. That can all be done on a network?
Do US internet security globally for the US mil from some nice US city. Keep the wage and save on rent.
Nations trusted like the UK and New Zealand can place their own bait "files" deep in wide open US mil networks.
The CIA and trusted 5 eye workers wait to see who looks for a project in say ~ the UK. MI5 uncovers a real spy network in the UK for free using a fictional file placed as bait in the USA.
The "internet" was great for everyone around US mil projects.
Except for the ability to copy out all the US secrets in plain text.
Domestic spying is now "Benign Information Gathering"
Can u say something about a https://mrecorder.com/ mobile recorder on Android? How does it work with other applications?