SSTeve From United States of America, joined Dec 2011, 535 posts, RR: 0 Reply 1, posted (10 months 4 days 2 hours ago) and read 1545 times:
The diplomats of the world are going to have to come up with what constitutes a "cyberattack" versus what constitutes just another new form of electronic surveillance. Yeah, reading what should be private is perhaps an "attack" but then again ... that's what intelligence agencies do. Absent some international accord about where the line is crossed into aggression from surveillance, it's not like we shouldn't expect that this happens quite a lot.
Yes, it is incredibly hard. And most hacks are done via "social engineering", where an someone/an employee opens an email or goes to a targeted site where malware is downloaded and installed. At that point the attackers are in.
I don’t know that I am unafraid to be myself, but it is hard to be somebody else. -W. Shatner
This has been known for years. I don't have any proof, so take it as a grain of salt, but I've heard multiple times that they've hacked and stolen the blueprints for the F-22 and F-35. They have the numbers, military wise, but they've lacked in military technology, but I can see them building some pretty crazy stuff coming up... have you seen a picture of their new stealth fighter? It's huge! And it's supposedly better than our F-22 and F-35... who knows
Espionage and copyrights aside, I think the overall sharing of information speeds up technology. Aren't some drugs patented, ones that could save lives but are patented so the price gets jacked up? Seems wrong to me, but I could be off the mark, and I am going off topic...
But to sum up, this has been going on for years, and China isn't the only one doing it. They just seem to be pretty good at it (or bad at it because they keep getting caught, who knows)
Quoting SSTeve (Reply 1): The diplomats of the world are going to have to come up with what constitutes a "cyberattack" versus what constitutes just another new form of electronic surveillance.
It won't be the US leading the way, as we are generally the other cyber-superpower along with China. Stuxnet, which is widely believed to be a US and Israeli collaboration, significantly set back the Iranian nuclear program.
Quoting DeltaMD90 (Reply 6): I've heard multiple times that they've hacked and stolen the blueprints for the F-22 and F-35.
I thought the F-35 hack was pretty well publicized.
Quoting Gatorman96 (Reply 4): I will be concerned when hardware at our power stations, water treatment plants, etc start being affected/shutdown.
It can be done, I'm sure. Stuxnet was specifically targeted at certain types of hardware and software known to be used by the Iranians. It just floated around the internet harmlessly on tons of computers.
Why do Aerospace Engineering students have to turn things in on time?
Gatorman96 From United States of America, joined Dec 2005, 767 posts, RR: 0 Reply 9, posted (10 months 3 days 23 hours ago) and read 1447 times:
Quoting BMI727 (Reply 7): It can be done, I'm sure. Stuxnet was specifically targeted at certain types of hardware and software known to be used by the Iranians. It just floated around the internet harmlessly on tons of computers.
It absolutely has and will be done again in the future. I will be concerned when it happens in the US. Until then, Unit 61398 can enjoy reading CEO's Gmail accounts.
Quoting TheCommodore (Reply 8): The ironic thing is though, western Governments are probably doing the same thing back.....
Not sure I see the irony...Iran is highly involved in cyber warfare, so is that fat guy that lives next door to you in his mom's basement trying to steal your bank information. Every single person with an internet enabled device has been affected by some type of cyber attack varying in degree....
seb146 From United States of America, joined Nov 1999, 10781 posts, RR: 16 Reply 10, posted (10 months 3 days 23 hours ago) and read 1445 times:
Hundreds of billions of dollars being spent on war ships, guns, jets. I think the US military is behind the times. Cyber attacks are the future of war. Americans want body counts but that is not what the future is.
Flighty From United States of America, joined Apr 2007, 7963 posts, RR: 3 Reply 12, posted (10 months 3 days 21 hours ago) and read 1354 times:
Quoting tugger (Reply 2): Yes, it is incredibly hard. And most hacks are done via "social engineering", where an someone/an employee opens an email or goes to a targeted site where malware is downloaded and installed. At that point the attackers are in.
While I agree with this, the Chinese method is a variation on this.
Of course, they do remote hacking. The phone part is tricky. I don't think they are big into that.
The other main strategy is, cultivate human assets inside major companies. People born in China. These persons have usernames and passwords. They are part of the company. Then, they slip out with flash drives, gigabytes of data etc. I am sorry to cast suspicion on Chinese born workers in general, and I wish it weren't necessary. But, that is where I would focus.
Naturally, any computers and/or data foreign visitors actually bring into China is considered their state property, and they can and will scan it.
This crap has been going on for 40 years. It's nothing new at all. People just have to shift their perspective. China is doing everything possible, at all levels, in all social groups, to collaborate to steal all data. They'd be stupid not to. Final point, they are not stupid.
wingman From Spain, joined May 1999, 2034 posts, RR: 5 Reply 14, posted (10 months 3 days 10 hours ago) and read 1241 times:
Two comments: I agree with anyone that says we do this better than anyone else. We have an entire government agency in operation exclusively for this purpose, the NSA. Add the CIA, the FBI, and the NFL and our national organizations devoted to eavesdropping, hacking, and electronic warfare are second to none. I'm pretty sure every time we trace a hack back to the Chinese government we probably send them a nasty little virus in response.
But I certainly wouldn't show them my full hand. We should wait on that until they invade Taiwan or The Philippines. You always get the best results when the other side doesn't even know what you're up to. Essential reading includes Blind Man's Bluff, one of the great stories of electronic spying, conducted by US nuclear submarines that tapped directly into Soviet naval telephone cables undersea for something like 10 years. We knew every move Crazy Ivan made before their colonels did.
It's very possible on smaller networks that are tightly regulated. Have a few computers with absolutely NO contact with the outside world and somehow disable portable media (taking USB drives or whatever out) and have some stringent security physically present, it's very possible to keep that information secure. I've never actually had access to something like this, but I know there are a lot of schools in the Navy where there are very secure rooms kinda like this.
Problem is that is expensive and communication is greatly hindered. I'm sure some of our greatest secrets are kept that way, but you can't keep everything isolated like that.
On a separate note, why can't we just use 256 bit (I think) encryption like the Wikileaks file that no one knows what's in it? I assume the answer is "they do, but they key to open it is what gets stolen" but IDK
I saw a DARPA document back about 1989 discussing why allowing the Internet to be opened to the whole civilian world was a bad idea.
Among the problems were that not ever user would be positively identified, that it would be easy to pretend to be someone else, and that once a system was connected to this international net - there would be no way to keep the system from being hacked at some point.
The document actually predicted cyber attacks, but the most important threat was that the people using secure systems would become complacent. That keeping systems separated would fail because of the human tendency to want to communicate.
It was not classified because it was a talking points for fighting the move by Senator Gore to open up the civilian side of the network. There was great concern that the gateways to MILNET were already subject to compromise, and the situation would only get worse.
Flighty From United States of America, joined Apr 2007, 7963 posts, RR: 3 Reply 20, posted (10 months 2 days 8 hours ago) and read 1042 times:
Quoting DeltaMD90 (Reply 18): somehow disable portable media (taking USB drives or whatever out)
That does exist. It can be disabled and often is at secure sites (even corporate)
Quoting rfields5421 (Reply 19): The document actually predicted cyber attacks, but the most important threat was that the people using secure systems would become complacent. That keeping systems separated would fail because of the human tendency to want to communicate.
Yes. Human engineering is alive and well.
Medical field -- huge liability for security. Yet, every MD has to be able to get in. The reality is, MDs don't really keep their passwords very well. If you call Help Desk and act intimidating, you can get any medical records from any hospital. And, so it goes. Most days in the military or at banks are boring days. People forget passwords all the time. Especially senior people.
And especially when *$% passwords expire every 60 days and can't be repeated. Then it becomes a pure HUMINT target. Encryption falls to zero. There is no corporation or federal office I've worked for whose security measures were really better than sounding proper on the telephone.
Revelation From United States of America, joined Feb 2005, 11478 posts, RR: 24 Reply 21, posted (10 months 2 days 7 hours ago) and read 1022 times:
Yes, espionage has existed for as long as we've had governments, if not longer.
I think the key point of this article is about how China's military is conducting espionage on commercial, non-military entities for the gain of its own commercial sector.
I haven't heard of the US government going this far. I certainly have heard of the US government sharing information about military and intelligence technology with corporations, but I haven't heard of them doing so for other technologies, outside of times of all-out war when learning, for instance, how the Axis was producing synthetic fuel would be shared with US corporations.
Commercial entities certainly spy on their competition. They will quite happily analyze their competitor's products and try to use whatever they learn to the greatest extent possible. That's different, than, for instance, the German government tearing down a Japanese car and then telling MB/VW/BMW/etc what they've learned.
As for the difficulty of security, you don't have to go very much further than the head of the CIA's affair being discovered via email tapping to see how even very intelligent people do very stupid things.
Good security is possible but quite expensive. You really need to have a lot of defenses, and your own 'tiger team' actively probing the defenses as well as the employees. This is expensive and can make some Perfect security is impossible. All it takes is one mistake by one human and it's all over.
You cannot prevent a hack. If someone wants access bad enough, they will get it.
Quoting Flighty (Reply 20):
That does exist. It can be disabled and often is at secure sites (even corporate)
Regardless, if the physical port exits, it can be exploited.
The easiest way to hack a secure system is not by brute force, but by social engineering (the newfangaled term for a confidence trick, or con-job). There's a ton of stuff out there that shows just how easy it is to make someone slip up.