dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
767
share rss forum feed


Khaine

join:2003-03-03
Australia

1 recommendation

Mandiant Report on China-Sponsored Hacking

From »arstechnica.com/security/2013/02···inst-us/

quote:
Security firm Mandiant has published an unusually detailed report documenting China-sponsored hacking intrusions that have siphoned terabytes of sensitive data from 141 organizations over the past seven years.

The 74-page study is only the latest report to lay a battery of computer intrusions at the feet at hackers linked to China's government or military apparatus. But until now, many of those claims lacked crucial details, opening them up to skeptics who complained that the lack of specificity made it difficult or impossible to conclude Chinese actors were behind attacks targeting US governmental agencies, corporations, and human rights organizations.
More evidence of the hacking prowess of the Chinese.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
China Lashes Back at Hacking Claims

quote:
BEIJING—China fought back against a U.S. computer-security firm's accusations that a Chinese military group stole large amounts of data from U.S. companies.

The U.S. firm, Mandiant Corp., said in a 74-page report released Monday on its website that a group attached to China's People's Liberation Army has since at least 2006 stolen data from 141 companies, 115 of which were in the U.S., over a seven-year period. Mandiant didn't name specific targets of the attacks but said they spanned industries ranging from information technology and telecommunications to aerospace and energy. Mandiant's accusations were reported earlier by the New York Times.

Speaking at a daily news briefing on Tuesday, Chinese Foreign Ministry spokesman Hong Lei denied the accusations.
US prepares economic countermeasures in light of recent cyberattacks

quote:
The recent rash of hacking attacks shows no sign of slowing — Apple today announced it had fallen victim to the trend — but the US government is preparing some measures to help address the situation. The Associated Press is reporting that the White House will release a new strategy tomorrow, outlining penalties, fines, and trade restrictions designed to deter countries from participating in such efforts.

The announcement would come just days after The New York Times detailed a report from security firm Mandiant. That report traced many of the attacks on US corporations and business back to the People's Liberation Army base in Shanghai. While China has steadfastly denied any involvement in the recent attacks, both The Washington Post and the Times have stated that China was to blame. Facebook and Twitter have also been hit with cyberattacks, and while the details of the White House's proposal aren't known just yet, it's clear that government officials realize steps need to be taken beyond the recent cybersecurity executive order signed by President Obama.


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

2 recommendations

said by siljaline:

China Lashes Back at Hacking Claims

quote:
BEIJING—China fought back against a U.S. computer-security firm's accusations that a Chinese military group stole large amounts of data from U.S. companies.
...
Speaking at a daily news briefing on Tuesday, Chinese Foreign Ministry spokesman Hong Lei denied the accusations.
...

Such denials from officials and representatives of autocratic, despotic regimes carry zero weight and credibility.

A classic, textbook example:
- 4 September 1962, Soviet Ambassador Anatoly Dobrynin met with Robert Kennedy to state that he'd received instructions from Khrushchev to assure President Kennedy no surface-to-surface missiles or offensive weapons would be placed in Cuba.
- 6 September 1962, Ted Sorenson, special counsel to Kennedy, met with Dobrynin who repeated assurances that Soviet military assistance to Cuba was strictly defensive in nature and represented no threat to American security.
- 7 September 1962, Dobrynin assured American UN Ambassador Adlai Stevenson that the USSR was supplying only defensive weapons to Cuba.
- 11 September 1962, Official Soviet News Agency TASS announced the USSR neither needed nor intended to introduce offensive nuclear weapons into Cuba.
- 13 October 1962, Dobrynin, after being directly asked by US State Department official Chester Bowles, whether Moscow intended to put offensive weapons in Cuba denied any such intention.
- 17 October 1962, GRU Col. Bolshakov brought Robert Kennedy a personal message directly from Khrushchev to President Kennedy that "under no circumstances would surface-to-surface missiles be sent to Cuba."
- 18 October 1962, In a White House meeting between Dobrynin and President Kennedy, the Soviet stated that all Soviet military assistance to Havana was only for “the defensive capabilities of Cuba.”
- 22 October 1962, President Kennedy revealed to the world the Soviet surface-to-surface, offensive nuclear missile buildup already well-underway in Cuba, based on extensive US photo-recon made over several previous months, and the Cuban Missile Crisis burst onto the world scene.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
said by Blackbird:

Such denials from officials and representatives of autocratic, despotic regimes carry zero weight and credibility.

Of course but the mistake is thinking that they're for foreign consumption. Such propaganda is for internal consumption--that is the citizens of the regimes.

All dictatorships of any time anywhere must have an external enemy that is the source of all their woes to deflect blame from their own policies.
--
Don't feed trolls--it only makes them grow!


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
Perhaps, but this announcement was made at a daily press briefing at the Chinese Foreign Ministry... so it's rather likely it was aimed at foreign consumption.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1
reply to Khaine
Airstrike the building.. or arrange an accident that 90% of the hacking is coming from.

That should get their attention.


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
said by Mike:

Airstrike the building.. or arrange an accident that 90% of the hacking is coming from.
That should get their attention.

Airstrike a building probably associated with the Chinese army, located inside a sovereign nation possessing nukes and numerous ICBMs to deliver them? You're right about one thing, though... that would certainly get their attention.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


DarkSithPro

join:2005-02-12
Tempe, AZ
kudos:2

1 recommendation

reply to Khaine


Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1
reply to Blackbird
Days like this I miss Reagan. He would be insane enough to actually do it. Thus they didn't really screw with us (even with cable intercepts.. ok it's not 1980) and let Russia take it.

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

2 edits
reply to Khaine
according to this "bloomberg" article, it wasn't "china", it was "an eastern european gang", which is what i would expect:

»www.bloomberg.com/news/2013-02-1···are.html

edit: it is possible that "the eastern european gang" is working together with the chinese gang, giving the chinese gang "plausible deniability"..


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

1 edit
reply to Blackbird

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to Khaine
Reminds me of a classis line (forget the source) where two countries were behaving like two gentlemen smoking
and endlessly playing cards. Both are cheating and both know the other is cheating, but they can't openly accuse
the other of cheating because it'd end the game... or till they find a new game to play.

...in other words, its business as usual.

Regards


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to redwolfe_98
said by redwolfe_98:

according to this "bloomberg" article, it wasn't "china", it was "an eastern european gang", which is what i would expect:
»www.bloomberg.com/news/2013-02-1···are.html

If you read the Mandiant report or the Arstechnia article about it, you'll note that this is about a great deal more than the recent Apple attack. Plus the linked-together episodes include a lot more military-specific targeting than what Bloomberg refers to. Certainly, there are a lot of other players on the field, but the Chinese themselves are long-time, exhaustive participants at this through the direct involvement and oversight of the PLA.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

1 edit
reply to Khaine
mandiant: chinese connection (youtube):

»www.youtube.com/watch?v=6p7FqSav6Ho


edit: i see now that "darksithpro" already posted a link to the same video.. sorry..


coldmoon
Premium
join:2002-02-04
Broadway, NC
Reviews:
·Windstream

1 recommendation

reply to Khaine
The issue that drives me crazy here is the over-hyped "OMG! Miltiary HAX0rs! WE ARE ALL GOING TO DIE WHEN THEY ATTACK THE INFRASTRUCTURE!"

/rant Where is the discussion of the sheer incompetence of the network admins in the companies getting hit and having their sensitive data and secret sauces stolen? What is the state of the security polices? Why are those policies not being followed? Why are companies cutting the very people they need to man the firewalls and beat back the hacking attempts? Where is the investment in making those private networks more secure?

Don't blame China or their military for doing what every military capable of trying to get a leg up on the competition is doing - get with it and fix the holes... /endrant

JMHO...
--
Returnil - 21st Century body armor for your PC


Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1
Security and competence costs money.

Non-garbage software does not exist.


coldmoon
Premium
join:2002-02-04
Broadway, NC
Reviews:
·Windstream
said by Mike:

Security and competence costs money.

Non-garbage software does not exist.

granted - but the issue will continue until these companies are forced to get their act together. All that is happening now is hand wringing and empty rhetoric with a smattering of the usual doom/gloom.

We know what is required to get a handle on this stuff and a great deal of the solution starts/ends with culture in these companies. The major issue is that it is cheaper to get hacked and then beg for forgiveness afterwards - why not make that forgiveness significantly more expensive than getting hacked in the first place? While I don't see every situation being solved via a free market approach, this one fits the criteria with significant benefits to the wider society as a whole...
--
Returnil - 21st Century body armor for your PC


Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1
Reviews:
·Verizon FiOS
Corporate bureaucracy takes time.

IT managers have to meet with project managers who meet with directors from initiatives from meetings from the CIO who hears from the CEO something about the Chinese. Then it has to go down into design, pass of to qa, pass off to design, then approval etc.

Frankly, IT in general is too big. It needs to move like special ops, not special ed.
--
"If something about the human body disgusts you, complain to the manufacturer" - Lenny Bruce
What this country needs is a good five dollar plasma weapon.


coldmoon
Premium
join:2002-02-04
Broadway, NC
Reviews:
·Windstream
Put their profits in jeopardy and that authority chain will get shorter in a quickness and subsequent resources needed for the ops team will suddenly appear...
--
Returnil - 21st Century body armor for your PC


Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1
Hey if your designs for super jet 3000 are stolen, you have a good reason to ask for even more money to design super jet 4000.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
reply to Mike
said by Mike:

Days like this I miss Reagan.

To quote Ripley in Aliens.

quote:
I say we take off and nuke the entire site from orbit. It's the only way to be sure.

»www.uselessmoviequotes.com/files/nukerip.wav
--
Don't feed trolls--it only makes them grow!


coldmoon
Premium
join:2002-02-04
Broadway, NC
Reviews:
·Windstream
reply to Mike
said by Mike:

Hey if your designs for super jet 3000 are stolen, you have a good reason to ask for even more money to design super jet 4000.

Not if the penalty for allowing the breach in the first place is equal to the cost of superjet 4000...
--
Returnil - 21st Century body armor for your PC