If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The New York Times)   And to the surprise of nobody, China's military is outed as a major hacker of the U.S   (nytimes.com) divider line 83
    More: Obvious, New York Times Company, advance copy, importer, Forensic identification  
•       •       •

4428 clicks; posted to Main » on 19 Feb 2013 at 7:09 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



83 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | » | Last | Show all
 
2013-02-19 06:44:35 AM
3.bp.blogspot.com

China engages in constant cyberwarfare against the US.
 
2013-02-19 07:12:43 AM
i314.photobucket.com

/Wanted for questioning.
 
2013-02-19 07:12:45 AM
Me are chinese. Me make joke. Me put pee-pee in your code.
 
2013-02-19 07:13:16 AM
Captain, there appears to be pee pee in my Coke!
 
2013-02-19 07:13:49 AM
i46.tinypic.com
 
2013-02-19 07:14:04 AM
Glad Mandiant is lighting them up.  More power to them.
 
2013-02-19 07:14:45 AM
NO!
It was IRAN, IRAN, IRAN!
IRAN, I tell you!
 
2013-02-19 07:16:03 AM
FTA: Under a directive signed by President Obama last week, the government plans to share with American Internet providers information it has gathered about the unique digital signatures of the largest of the groups, including Comment Crew and others emanating from near where Unit 61398 is based.

Well, that's something, anyways.

But the government warnings will not explicitly link those groups, or the giant computer servers they use, to the Chinese army.

So they're gonna be keeping that a secret, are they, NYT?

/Yeah yeah, "not naming something outright" != "trying to keep it secret"
//Anyone remember when Richard Clarke was begging Bush to do more on this back in the day?
///Good times, good times.
 
2013-02-19 07:16:33 AM

HotIgneous Intruder: NO!
It was IRAN, IRAN, IRAN!
IRAN, I tell you!


Shaddup Mcain
 
2013-02-19 07:16:35 AM
Tom Clancy called it....
 
2013-02-19 07:17:31 AM
what? its not like that's hard. .mil addresses still can't do more than basic 36 char authentication and the Pentagon wouldn't know a trusted root certificate if one flew a plane into its headquarters.
 
2013-02-19 07:18:35 AM
/sbin/iptables -N BLACKLIST
/sbin/iptables -I INPUT -j BLACKLIST
/sbin/iptables -A BLACKLIST -s 1.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 14.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 27.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 36.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 39.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 42.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 49.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 58.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 59.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 60.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 61.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 101.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 103.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 106.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 110.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 111.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 112.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 113.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 114.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 115.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 116.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 117.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 118.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 119.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 120.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 121.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 122.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 123.0.0.0/8 -j DROP


/problem solved.
 
2013-02-19 07:19:20 AM
Wake me up when someone is running around yelling causus belli because of this, till then its a non story
 
2013-02-19 07:19:57 AM
I'm generally not paranoid about China, but I have been noticing a lot of people running interference for them on stories like this on forums and comments sections. Impossible to tell if it is coordinated or means anything, but it's happening.

NPR had a report this morning where their guy in China went to the building. Said it was just a drab building but did have military signs, warnings against photography and a beat cop patrolling.
 
2013-02-19 07:19:58 AM
I opened up SSH service on my computer, and a month later checked my security logs. According to them, China is the #1 offender for trying to break into my SSH, with 31 percent of the offending IP addresses originating from there (US is 21 percent, 5 percent each from India and South Korea). In a month I found about 14,525 attempts (single username/password or SSH key attempt). Six IP addresses were the biggest offenders (64 percent of the attacks), and five of those were Chinese.

Good luck trying to guess the single username with SSH access, and the ridiculously long password guys. Also, once I made use of the advanced filtering function on my router and started blocking Chinese address space and instituted the denyhosts script, my logs got a lot quieter.

Fark you, China.
 
2013-02-19 07:21:07 AM
I guess they decided that killing our pets with melamine wasn't going to defeat us quickly enough.
 
2013-02-19 07:22:30 AM
But the cheap networking gear we purchase from Chinese factories is totally legit and free of any root kits.
 
2013-02-19 07:22:45 AM
I'm just guessing, but what are the odds that we are doing the same thing to China that they are doing to us?  Anybody remember who invented the internet.  Anybody want to hazard a guess how much data mining is going on by DHS, DOD, NSA, CIA, etc.?  I live near Quantico, I've had a drone fly over my house pretty much every day in the past year or two - I think that that are mostly training flights for gamers turned marines or DEA agents.  Stafford County, one of the riches in the nation, can't afford to pay its teachers a livable wage, but can fly regularly all summer planes and 'copters scouting for week patches.  We have really nasty problems here at home preserving our basic right against self-incrimination.
 
2013-02-19 07:31:28 AM

HindiDiscoMonster: /sbin/iptables -N BLACKLIST
/sbin/iptables -I INPUT -j BLACKLIST
/sbin/iptables -A BLACKLIST -s 1.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 14.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 27.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 36.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 39.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 42.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 49.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 58.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 59.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 60.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 61.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 101.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 103.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 106.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 110.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 111.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 112.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 113.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 114.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 115.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 116.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 117.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 118.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 119.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 120.0.0.0/8 ...


the fark is all that nonsense.

looks linuxy/illegal to me.
 
2013-02-19 07:31:36 AM
'

Prank Call of Cthulhu: I opened up SSH service on my computer, and a month later checked my security logs. According to them, China is the #1 offender for trying to break into my SSH, with 31 percent of the offending IP addresses originating from there (US is 21 percent, 5 percent each from India and South Korea). In a month I found about 14,525 attempts (single username/password or SSH key attempt). Six IP addresses were the biggest offenders (64 percent of the attacks), and five of those were Chinese.

Good luck trying to guess the single username with SSH access, and the ridiculously long password guys. Also, once I made use of the advanced filtering function on my router and started blocking Chinese address space and instituted the denyhosts script, my logs got a lot quieter.

Fark you, China.


Just curious, if you took apart all of your gear, how many of the components are made in China or were assembled in China meaning they got their hands on it?

Just going to China with any electronics means they're going to go through it without your knowledge.  Did you see the hidden cameras they setup in hotels in China where "business men" left their laptops in their rooms.  As soon as they left the hotel employees and Chinese agents go into the room and look through the laptop.  They were caught on the hidden cameras.  SOP for them.  That's why lots of companies don't even let you go to China with your normal machine.  You bring a sanitized machine with almost nothing on it and limited access.  And when you come back they scan it so many times before re-imaging it and possible destroying it due it being compromised by them installing something on it.
 
2013-02-19 07:31:43 AM

HotIgneous Intruder: NO!
It was IRAN, IRAN, IRAN!
IRAN, I tell you!


But, Iran's so far away.
 
2013-02-19 07:32:56 AM

Jon iz teh kewl: /sbin/iptables -A BLACKLIST -s 119.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 120.0.0.0/8 ...

the fark is all that nonsense.

looks linuxy/illegal to me.



well... if you don't like iptables, you can always route those class a blocks to /dev/null0 on your closest convenient cisco/lucent/other router too... :)
 
2013-02-19 07:40:48 AM
Ah, Mandiant, the author of the Time Service my firm rolled out to our end users for security reasons.  A service with the very apt name systemeattime.exe...one that was so secretive it chewed up CPU like a madman on desktop after desktop.  They know security pretty well.  How to write a stable Windows service?  Not so much.
 
2013-02-19 07:41:11 AM
I find it hilarious (and worrying) that the vast majority of the mentioned "sophisticated spearfishing attacks" cited here could be confounded with a small piece of free software- used intelligently.

This isn't hacking, at least not the initial push to infect machines anyway.  It's amateurish.  Fortunately for the "hackers", the defense against such attacks among their victims is equally inept.

And once again, I'm reminded of my rule about our government and it's demonstrated understanding of computers and the internet in general: the ratio of words to which the prefix 'cyber' is appended is inversely proportional to the degree of actual intelligence being elicited on the subject.
 
2013-02-19 07:42:14 AM
Does anyone believe that there isn't an active effort by both sides to hack the others systems and gain information?
 
2013-02-19 07:44:11 AM

FullMetalPanda: Did you see the hidden cameras they setup in hotels in China where "business men" left their laptops in their rooms.  As soon as they left the hotel employees and Chinese agents go into the room and look through the laptop.


No, I didn't see that.  Got a link?
 
2013-02-19 07:46:09 AM

HindiDiscoMonster: /sbin/iptables -N BLACKLIST
/sbin/iptables -I INPUT -j BLACKLIST
/sbin/iptables -A BLACKLIST -s 1.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 14.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 27.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 36.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 39.0.0.0/8 -j DROP
...




Yes, because state sponsored cyber warfare agents dont know how to use a proxy.
 
2013-02-19 07:46:59 AM

Alonjar: Yes, because state sponsored cyber warfare agents dont know how to use a proxy.


I've heard they're behind eight of them, in fact.
 
2013-02-19 07:48:32 AM

SkunkWerks: Alonjar: Yes, because state sponsored cyber warfare agents dont know how to use a proxy.

I've heard they're behind eight of them, in fact.


Yeah, good luck.
 
2013-02-19 07:48:32 AM
 
2013-02-19 07:49:10 AM

jso2897: HotIgneous Intruder: NO!
It was IRAN, IRAN, IRAN!
IRAN, I tell you!

But, Iran's so far away.


I couldn't get away.
 
2013-02-19 07:52:03 AM

ZzeusS: Better Article


In what way?
 
2013-02-19 07:54:09 AM

Alonjar: HindiDiscoMonster: /sbin/iptables -N BLACKLIST
/sbin/iptables -I INPUT -j BLACKLIST
/sbin/iptables -A BLACKLIST -s 1.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 14.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 27.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 36.0.0.0/8 -j DROP
/sbin/iptables -A BLACKLIST -s 39.0.0.0/8 -j DROP
...

Yes, because state sponsored cyber warfare agents dont know how to use a proxy.


yes, and you apparently are unable to identify snark... i'm sorry for you.
 
2013-02-19 07:54:45 AM
While a large part of the attacks are feeling you out from the outside. Every successful attack has been through social engineering. An infected memory stick at a trade show, an email that looks just legitimate enough to open the attachment. And once the payload is inside and on your network, all the nice hardening you did on the outer edge isn't going to help much.
 Also you cannot completely depend on security software to defend against the level of these attacks. The attackers are writing code just for you, so most detection tools will not have the pattern down to compare against. You have to learn the communication patterns of your network and users and latch on to sudden though subtle changes.
 
2013-02-19 07:56:44 AM

SkunkWerks: I find it hilarious (and worrying) that the vast majority of the mentioned "sophisticated spearfishing attacks" cited here could be confounded with a small piece of free software- used intelligently.

This isn't hacking, at least not the initial push to infect machines anyway.  It's amateurish.  Fortunately for the "hackers", the defense against such attacks among their victims is equally inept.


Well, duh.

Not every opponent on the battlefield is a tank.  Most, in fact, are infantry soldiers with significantly less protection.  You develop sophisticated missiles to go after the tanks, but you use soldiers with rifles to go after the infantry guys.

This is the PLA we are talking about.  They are going to think in military terms.  Also, they may not want to use their best stuff, for fear of it losing it's effectiveness.  Sophisticated zero day exploits are the "secret weapons" of cyberwarfare, the kind of thing you hold in reserve until you really need them.
 
2013-02-19 07:57:47 AM

Krusty_the_Barbarian: a large part of the attacks are feeling you out from the outside.


So, it's like how I handled my dates as a teenager.
 
2013-02-19 07:58:27 AM

Krusty_the_Barbarian: The attackers are writing code just for you


Um...  no.

FTA: For more than six years, Mandiant tracked the actions of Comment Crew, so named for the attackers' penchant for embedding hidden code or comments into Web pages. Based on the digital crumbs the group left behind - its attackers have been known to use the same malware, Web domains, Internet protocol addresses, hacking tools and techniques across attacks - Mandiant followed 141 attacks by the group, which it called "A.P.T. 1" for Advanced Persistent Threat 1.

Again, I'm going to go with "attacks have no need of sophistication because targeted defenses aren't very sophisticated either".
 
2013-02-19 08:00:13 AM

SkunkWerks: I find it hilarious (and worrying) that the vast majority of the mentioned "sophisticated spearfishing attacks" cited here could be confounded with a small piece of free software- used intelligently.

This isn't hacking, at least not the initial push to infect machines anyway.  It's amateurish.  Fortunately for the "hackers", the defense against such attacks among their victims is equally inept.

And once again, I'm reminded of my rule about our government and it's demonstrated understanding of computers and the internet in general: the ratio of words to which the prefix 'cyber' is appended is inversely proportional to the degree of actual intelligence being elicited on the subject.


I think some of those are decoys to make you think you're actually blocking them.  As mentioned, look at the components on your gear.  How much of it was made in China or assembled in China?  This means they already have a backdoor in that you will never see.  THey just have idiots generate fake attacks to make you think you're blocking them.
 
2013-02-19 08:01:05 AM

HindiDiscoMonster: /problem solved.


upload.wikimedia.org

Problem un-solved.

SkunkWerks: Alonjar: Yes, because state sponsored cyber warfare agents dont know how to use a proxy.

I've heard they're behind eight of them, in fact.


That, too.
 
2013-02-19 08:03:22 AM

HindiDiscoMonster: yes, and you apparently are unable to identify snark... i'm sorry for you.


Sarcasm is difficult to detect on the interbutts and can easily be mistaken for ignorance (Poe's law and similar and all that).  Should've used a snark mark.
 
2013-02-19 08:04:23 AM

dittybopper: Also, they may not want to use their best stuff, for fear of it losing it's effectiveness.


Again, the primary reasoning is that they have no need to.  We're not supplying them with much of a challenge.  People calling these attacks "sophisticated" generally do so from a perspective of either computer illiteracy, or computer ineptitude.

That said, I've worked in places where I've watched programmers infect their machines with this kind of stuff- and on a regular basis.  So maybe it's not just understanding- it's a willingness to trade some degree of convenience for reasonable degrees of security.

Sure, in any conflict you might want to save your bunker busters for the real "hardened" targets.  I'd contend that, on the field right now, very few targets actually warrant them.
 
2013-02-19 08:04:46 AM
MythDragon
encrypted-tbn0.gstatic.com

Black Lotus has trained us well.

Than why is only one of you working?
 
2013-02-19 08:07:04 AM
I would be mad at their DNS poisoning attempts and attempted packet injection, but Comcast does way more damage there to its own customers.  Do I wish China would DIAF?  Sure, but for other reasons.  Until then, they can keep watching the animal breeding videos on the honeypot.  I may have to change that to unwatched Kardashian vids after this egregious action, though lol.  It would be nice if the LUGs around here would write a "lead poisoning" program that packet shapes their traffic.  That was the one thing that really pissed me off was the melanine poisoning of our cat.  Feeding lead-based newspapers to a Chinese youth is one thing, but to a domesticated cat, it is a slow death.
 
2013-02-19 08:09:06 AM

sendtodave: FullMetalPanda: Did you see the hidden cameras they setup in hotels in China where "business men" left their laptops in their rooms.  As soon as they left the hotel employees and Chinese agents go into the room and look through the laptop.

No, I didn't see that.  Got a link?


This is "common" knowledge now.  Just do some searches, Slash Dot talks about it:  http://it.slashdot.org/story/12/12/04/234242/the-trouble-with-bringin g -your-business-laptop-to-china
 
2013-02-19 08:09:17 AM

FullMetalPanda: I think some of those are decoys to make you think you're actually blocking them. As mentioned, look at the components on your gear. How much of it was made in China or assembled in China? This means they already have a backdoor in that you will never see. THey just have idiots generate fake attacks to make you think you're blocking them.


granitegrok.com

Though, to be honest, I'd take Paranoid Schizophrenia over the kind of lazzez-faire attitude I see pretty routinely and even at high levels- regarding computer security.  It's apt to at least be somewhat more effective.
 
2013-02-19 08:12:19 AM
I don't really care, attack away, but if they fark with the farkin yoga thread, I'd say nuke the bastards.
 
2013-02-19 08:18:11 AM

DoBeDoBeDo: But the cheap networking gear we purchase from Chinese factories is totally legit and free of any root kits.


I always wondered why more wasn't made of this, and whether anyone is actively testing samples of popular routers and other electronics.

The only real safeguard I can think of is that if such tactics by China were exposed, we might boycott their shiat and they'd be farked economically, so they actually do care about us as "customers" when it comes to consumer goods. Kind of like how the lead paint factory foreman offed himself out of shame.
 
2013-02-19 08:19:51 AM

SkunkWerks: ZzeusS: Better Article

In what way?



In the way in which I couldn't pass the paywall and read the BBC article first.  Which is to say not better at all.  But don't tell anyone else!
 
2013-02-19 08:21:51 AM
Personally, I think it was a setup and the building is empty.   But the more attention to this kind of stuff, the better, so it's all good.
 
2013-02-19 08:21:58 AM

ZzeusS: In the way in which I couldn't pass the paywall and read the BBC article first.


Ahh, yeah, I got a blank screen for about ten seconds, then the article loaded.

ZzeusS: But don't tell anyone else!


Oh, no worries there...
 
Displayed 50 of 83 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report