connies4ever
Topic Author
Posts: 3393
Joined: Sat Feb 25, 2006 10:54 pm

Chinese Cyber Hacking Going To New Level?

Tue Aug 30, 2011 2:09 pm

Hmmm....seems like someone has been snooping at a pretty major league level:

http://www.aviationweek.com/aw/gener...0Contractor%20Data&channel=defense

Whatever 'solution' is arrived at will no doubt be expensive and time-consuming. And in the meantime, the adversary, and I think one can only conclude that it's China, is reaping the benefit of US R&D for a pittance. I know my firm has been 'probed' this year on aat least a couple of occasions and our IT people, despite investing a lot of time and effort, seem powerless to stop it. Unless of course we disconnect from the Internet 100% and build our own backbone.
Nostalgia isn't what it used to be.
 
Burkhard
Posts: 1916
Joined: Fri Nov 17, 2006 9:34 pm

RE: Chinese Cyber Hacking Going To New Level?

Wed Aug 31, 2011 10:21 am

Everbody who puts sensible information onto a computer that is coupled to the internet in any way knows that this information is available to every secret service.
The internet protocol by itself is unsafe. Any safety only can be applied at the application layer - and there it is cosmetics.
 
Burkhard
Posts: 1916
Joined: Fri Nov 17, 2006 9:34 pm

RE: Chinese Cyber Hacking Going To New Level?

Wed Aug 31, 2011 10:25 am

Quoting connies4ever (Thread starter):
Unless of course we disconnect from the Internet 100% and build our own backbone.

You should build your own network, and only attach those computers to the internet that are there to transport data, Still all internet meetings, video conferences, email and document exchange, take place in FULL public.
 
wingman
Posts: 2829
Joined: Thu May 27, 1999 4:25 am

RE: Chinese Cyber Hacking Going To New Level?

Wed Aug 31, 2011 1:58 pm

People have this idiotic new name for rented server farms they call "The Cloud". Might as well call it "The China" cause that's where your shit is going when it goes to The Cloud. Or maybe The Cloud refers to what's going on with your judgement when you decide to send your shit to The Cloud.

Today's Forecast: Cloudy, with a 100% chance of your shit going to China.
 
bennett123
Posts: 7456
Joined: Sun Aug 15, 2004 12:49 am

RE: Chinese Cyber Hacking Going To New Level?

Wed Aug 31, 2011 2:04 pm

Burkhard

I think you mean sensitive information.
 
Flighty
Posts: 7715
Joined: Thu Apr 05, 2007 3:07 am

RE: Chinese Cyber Hacking Going To New Level?

Wed Aug 31, 2011 3:34 pm

Quoting Burkhard (Reply 2):
You should build your own network, and only attach those computers to the internet that are there to transport data, Still all internet meetings, video conferences, email and document exchange, take place in FULL public.

I also bring up the issue of HUMINT. You need to background check / nationalize your staff. That means for example, no Chinese H1-B engineers. If you really care about espionage with respect to China. And another thing. Passwords are usually as close as the company tech support line. Passport regimes are no good if it is trivially easy to reset them and snoop the temporary password using email, or heaven forbid, the telephone.
 
mham001
Posts: 4287
Joined: Thu Feb 03, 2005 4:52 am

RE: Chinese Cyber Hacking Going To New Level?

Thu Sep 01, 2011 3:37 pm

Disconnecting from the internet guarantees nothing. Remember the Iranian nuclear program was not connected and was infiltrated with Stuxnet.
 
FoxTwo
Posts: 96
Joined: Thu Jul 14, 2011 10:49 pm

RE: Chinese Cyber Hacking Going To New Level?

Thu Sep 01, 2011 4:49 pm

Quoting mham001 (Reply 6):
nected and was infiltrated with Stuxnet.

Please educate me  
F2
 
connies4ever
Topic Author
Posts: 3393
Joined: Sat Feb 25, 2006 10:54 pm

RE: Chinese Cyber Hacking Going To New Level?

Thu Sep 01, 2011 5:29 pm

Quoting mham001 (Reply 6):
Disconnecting from the internet guarantees nothing. Remember the Iranian nuclear program was not connected and was infiltrated with Stuxnet.
Quoting mham001 (Reply 6):
Please educate me

About Stuxnet ? Or about the infiltration ?

Re Stuxnet:

http://www.pcworld.com/businesscente..._attack_irans_nuclear_program.html

http://www.computerworld.com/s/artic.../Is_Stuxnet_the_best_malware_ever_

http://www.wired.com/threatlevel/201...etectives-deciphered-stuxnet/all/1

Re the infiltration:

I'd say there are 3 possibilities:
- direct insertion into the local network via a USB port or similar. This would require an on-site agent.
- pre-loading of the malware at the plant where the PLCs were manufactured. Probably requires the collusion of the manufacturer.
- direct insertion of the malware from a distance, using some type of RF carrier. Maybe a little farfetched.

I'm sure there'll be lots of other opinions.
Nostalgia isn't what it used to be.
 
mham001
Posts: 4287
Joined: Thu Feb 03, 2005 4:52 am

RE: Chinese Cyber Hacking Going To New Level?

Fri Sep 02, 2011 1:51 am

[quote=connies4ever,reply=8]I'd say there are 3 possibilities:
- direct insertion into the local network via a USB port or similar. This would require an on-site agent.


The 'on-site agent' would not know. He would have been infected on another machine, probably at home. He could have picked it up a number of ways but it was speculated that a certain hardware manufacturer in Taiwan was targeted with a break-in and the malware was somehow spread through a driver update.

I have often wondered what we are doing to them that nobody knows about. Very interesting stuff.

[Edited 2011-09-01 18:52:43]
 
connies4ever
Topic Author
Posts: 3393
Joined: Sat Feb 25, 2006 10:54 pm

RE: Chinese Cyber Hacking Going To New Level?

Fri Sep 02, 2011 2:14 am

Quoting mham001 (Reply 9):
The 'on-site agent' would not know. He would have been infected on another machine, probably at home. He could have picked it up a number of ways but it was speculated that a certain hardware manufacturer in Taiwan was targeted with a break-in and the malware was somehow spread through a driver update.

Hadn't thought about doing it through the supply chain. That's a very effective method, conceptually.   
Nostalgia isn't what it used to be.
 
willzzz88
Posts: 146
Joined: Mon May 30, 2011 4:22 am

RE: Chinese Cyber Hacking Going To New Level?

Fri Sep 02, 2011 3:25 am

It was a certificate forgery at one of the Taiwanese OEM manufacturers (their legit. gizmo USB whatever product sold worldwide).

It was soon revoked when Symantec Security Response and other IT Security firms were alerted of it per standard procedure.

Very ingenious of the US/Israel/Whoever else was doing it.

And I'm pretty sure it was Israel because if you haven't read this:
http://www.nytimes.com/2011/01/16/wo...east/16stuxnet.html?pagewanted=all

Then you haven't kept up with the Times /w the NYTimes.

The US/Israelis make a point with probably the collusion of the German (Siemens) PLC manufacturer possibly involved in order to electronically kill Iran's nuclear program.

The Chinese break-in's so far are low-tech script-kiddies that I see probing which is extremely retarded since any competent IDS/IPS hardware sensor/software/firmware can detect it unless they forge it with a existing protocol and slip in UN-detected.

Also it's pretty retarded that anything transmitted over the internet unless using UN-crackable encryption() is pretty much open for wholesale filtering/capture/etc by your local authorities in country X.

You just need to ask your local IT security firm that actually has a clue (aka someone who's up to date on ACTUAL TECHNICAL/ENGINEERING points and not bull-shit security I have no technical clue of WTF I'm doing like the recent Anonymous break-in's)...

Also a Israeli commander in the desert recently boasted about it per media reports:
http://www.physorg.com/news/2011-01-israel-stuxnet-iran.html

http://www.economist.com/blogs/babba..._worm?sort=recommend#sort-comments

http://www.telegraph.co.uk/news/worl...uxnet-as-one-of-its-successes.html

http://www.richardsilverstein.com/ti...yrian-nuclear-reactor-and-stuxnet/

So Israel admits Stuxnet /w US + possible Germany help...

All you have to do is to use Google News... News spread fast these days on the internet...
 
wvsuperhornet
Posts: 517
Joined: Sat Aug 18, 2007 4:18 pm

RE: Chinese Cyber Hacking Going To New Level?

Fri Sep 02, 2011 6:19 am

Quoting connies4ever (Thread starter):
Whatever 'solution' is arrived at will no doubt be expensive and time-consuming. And in the meantime, the adversary, and I think one can only conclude that it's China, is reaping the benefit of US R&D for a pittance. I know my firm has been 'probed' this year on aat least a couple of occasions and our IT people, despite investing a lot of time and effort, seem powerless to stop it. Unless of course we disconnect from the Internet 100% and build our own backbone.

Its our governments fault for putting all of our secrets on the internet anyway. Everything from the Fighter programs and any military programs should not be stored on any type of server its much easier to secure a paper trail. This shouldn't be a shock to anyone if their dumb enough to put it out there then the other side should be smart enough to steal it, its simple logic.

Who is online

Users browsing this forum: Ozair and 10 guests