Hackers From China Resume Attacks on U.S. Targets

[Sitting Out]

NY Times today:

"WASHINGTON — Three months after hackers working for a cyberunit of China’s People’s Liberation Army went silent amid evidence that they had stolen data from scores of American companies and government agencies, they appear to have resumed their attacks using different techniques, according to computer industry security experts and American officials....The hackers were behind scores of thefts of intellectual property and government documents over the past five years, according to a report by Mandiant in February that was confirmed by American officials. They have stolen product blueprints, manufacturing plans, clinical trial results, pricing documents, negotiation strategies and other proprietary information from more than 100 of Mandiant’s clients, predominantly in the United States.
http://www.nytimes.com/2013/05/20/wo...s.html?hp&_r=0"

I think this is one of the world's greatest threats. I've seen it firsthand. A couple of months ago, I was browsing my router's log and spotted several blocked attempted intrusions. Out of curiosity, I did an IP trace on one of them and it pointed to a city somewhere in China. It suggested to me that they were systematically testing every IP address out there for access. Something to be concerned about.

[Dan Druff]

Chinese (and other foreign country) hackers are constantly trying to hack the PFA server.

It's not specifically targeted at PFA, but just a wide attempt to catch anyone with their pants down.

[sonatine]

article is about APTs.

thread comments are about automated scans from compromised chinese boxen.


one is not the same as the other.

[Deal]

article is about APTs.

thread comments are about automated scans from compromised chinese boxen.


one is not the same as the other.

China has shutdown the internet.

[sonatine]

statistics for the carna botnet, underscores exactly how porous the chinese ip space is right now.

[Sitting Out]

just today, my anti-virus quarantined "trojan.js.blacoleref.bf", and I have no idea on which site I visited that was infected with it. The internet as we know it today is going to have to functionally change somehow, particularly if China and the other hackers were able to gain an upper hand over present security measures.

I don't know what it will take for the US gov't to take these threats more seriously. They seemingly aren't doing much now--just letting private firms to take care of it. It just too big of a problem technically, geographically, and politically. Maybe when Congress's or the White House web sites get hacked we might see more action.

[Sitting Out]

now this, just 2 days ago from Australia. It's hard for me believe though that this many "plans" could be accessed from the outside. I've worked in black boxes before and everything is locked down and impenetrable from the outside--there just weren't any links pass the walls, period. I'm skeptical regarding the accuracy of these reports. It's certainly can't be that widespread, and not through hacking. Something else must be behind these reports:
http://www.cbc.ca/news/world/story/2...a-hacking.html

U.S., Australia reports allege new spying by China hackers

Chinese hackers have gained access to designs of more than two dozen major U.S. weapons systems, a U.S. report said on Monday, as Australian media said Chinese hackers had stolen the blueprints for Australia's new spy headquarters.

Citing a report prepared for the Defence Department by the Defence Science Board, the Washington Post said the compromised U.S. designs included those for combat aircraft and ships, as well as missile defences vital for Europe, Asia and the Gulf.

Among the weapons listed in the report were the advanced Patriot missile system, the Navy's Aegis ballistic missile defence systems, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter, the F-35 Joint Strike Fighter, and the navy’s new Littoral Combat Ship, which is designed to patrol waters close to shore

The report did not specify the extent or time of the cyber-thefts or indicate if they involved computer networks of the U.S. government, contractors or subcontractors.

But the espionage would give China knowledge that could be exploited in a conflict, such as the ability to knock out communications and corrupting data, the Post said.....

[Walter Sobchak]

now this, just 2 days ago from Australia. It's hard for me believe though that this many "plans" could be accessed from the outside. I've worked in black boxes before and everything is locked down and impenetrable from the outside--there just weren't any links pass the walls, period. I'm skeptical regarding the accuracy of these reports. It's certainly can't be that widespread, and not through hacking. Something else must be behind these reports:
http://www.cbc.ca/news/world/story/2...a-hacking.html

U.S., Australia reports allege new spying by China hackers

Chinese hackers have gained access to designs of more than two dozen major U.S. weapons systems, a U.S. report said on Monday, as Australian media said Chinese hackers had stolen the blueprints for Australia's new spy headquarters.

Citing a report prepared for the Defence Department by the Defence Science Board, the Washington Post said the compromised U.S. designs included those for combat aircraft and ships, as well as missile defences vital for Europe, Asia and the Gulf.

Among the weapons listed in the report were the advanced Patriot missile system, the Navy's Aegis ballistic missile defence systems, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter, the F-35 Joint Strike Fighter, and the navy’s new Littoral Combat Ship, which is designed to patrol waters close to shore

The report did not specify the extent or time of the cyber-thefts or indicate if they involved computer networks of the U.S. government, contractors or subcontractors.

But the espionage would give China knowledge that could be exploited in a conflict, such as the ability to knock out communications and corrupting data, the Post said.....

I was thinking the same. Don't they isolate all that stuff, keep it self-contained away from the internet? But I don't know enough about it.

[BeerAndPoker]

Chinese (and other foreign country) hackers are constantly trying to hack the PFA server.

It's not specifically targeted at PFA, but just a wide attempt to catch anyone with their pants down.

So your saying the Joe Sebok's of the world should be worried?

China and Russia always seem to be the biggest hacking countries. Others attempt to but these two seem to be the biggest culprits.

Their are other countries that are popular for scamming money like Nigeria but they aren't even that creative about it.

[Deal]

now this, just 2 days ago from Australia. It's hard for me believe though that this many "plans" could be accessed from the outside. I've worked in black boxes before and everything is locked down and impenetrable from the outside--there just weren't any links pass the walls, period. I'm skeptical regarding the accuracy of these reports. It's certainly can't be that widespread, and not through hacking. Something else must be behind these reports:
http://www.cbc.ca/news/world/story/2...a-hacking.html

U.S., Australia reports allege new spying by China hackers

Chinese hackers have gained access to designs of more than two dozen major U.S. weapons systems, a U.S. report said on Monday, as Australian media said Chinese hackers had stolen the blueprints for Australia's new spy headquarters.

Citing a report prepared for the Defence Department by the Defence Science Board, the Washington Post said the compromised U.S. designs included those for combat aircraft and ships, as well as missile defences vital for Europe, Asia and the Gulf.

Among the weapons listed in the report were the advanced Patriot missile system, the Navy's Aegis ballistic missile defence systems, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter, the F-35 Joint Strike Fighter, and the navy’s new Littoral Combat Ship, which is designed to patrol waters close to shore

The report did not specify the extent or time of the cyber-thefts or indicate if they involved computer networks of the U.S. government, contractors or subcontractors.

But the espionage would give China knowledge that could be exploited in a conflict, such as the ability to knock out communications and corrupting data, the Post said.....

I was thinking the same. Don't they isolate all that stuff, keep it self-contained away from the internet? But I don't know enough about it.

Banks are notoriously paranoid about their internal systems and all e-banking services or any customer access points are all very secure behind what they call their DMZ (demilitarized zone) which is typically a series of locked down Unix boxes that have very controlled access to any backend systems. They are not easy targets to exploit. The easy targets are the 10's of thousands of employee PC's that have access to the corporate intranet which is full of access points into backend systems.

[anonamoose]

2 important things to acknowledge here:

1. A lot of this "documents" that are getting leaked were on closed shell systems that one of the following things happened to:
a. Someone put something into the system that they shouldn't have
b. Someone took something out of the system that they shouldn't have

Whether this was a spy or just some idiot sticking an infected USB drive into the system or someone trying to take work home, who knows. That's for the government to investigate.

2. Just because it traces back to China doesn't always necessarily mean that the hack was done by the Chinese. I know someone that, when I worked in China, reached out to me to set up a system in China so he could "re-route" his VPN for "anonymity". He said he knew several other people who did this. I insta-declined to do this. Now, I'm not saying that his, or any person that he knew, reasoning was for shady practices, but it does go to show that there are ways to make it look like something is coming from China when in fact it isn't.

Don't get me wrong, China is full of hackers. I think one of the most interesting moments I had in China was when I went to buy a new power cable for my 360 and went through this giant "computer cafe" full of crazy ass computer rigs and parts with people sitting everywhere fucking around on banned websites. It made it kind of obvious to me that some people in China are crazy serious about computers.

However, I think simply pointing the blame at China is asinine. We need to start educating our government workers on IT and such before they're ever allowed to access these files.

There also needs to be better screening for employees in these fields. I went to a class on Long Island that several workers with high security clearances with the government were at. One of these workers included a native Chinese guy who had obtained US Citizenship. He spoke little to no English. That's a little scary, considering "Secret" and "Top Secret" level clearances are suppose to have almost no affiliation with foreign entities.

[sonatine]

Its kind of a shame that the white paper I wrote on the People's Liberation Army's offensive digital warfare platform for DonkDown has been shitcanned by Micon. What with it answering all the confusion, FUD, and questions being posed in this thread 4 years ago.