Chinese Hacking of American Military Networks On the Rise

Anti-Globalism writes with this excerpt from the Guardian: "China is stealing sensitive information from American computer networks and stepping up its online espionage, according to a US congressional panel. Beijing's investment in rocket technology is also accelerating the militarization of outer space and lifting it into the 'commanding heights' of modern warfare, the advisory group claims. ... A summary of the study, released in advance, alleges that networks and databases used by the US government and American defense contractors are regularly targeted by Chinese hackers. 'China is stealing vast amounts of sensitive information from US computer networks,' says Larry Wortzel, chairman of the commission set up by Congress in 2000 to investigate US-China issues." The full study addresses these issues and others relating to the US-China relationship (PDF).

Obligitory...

[religious freak (1005821)]

But how much is the USA ramping up their attacks on China?

Well, you just saw the first propaganda salvos

[Colin Smith (2679)]

They'll escalate it from there.

From TFA:

"says Larry Wortzel, chairman of the commission"

Larry Wortzel was:
http://www.heritage.org/about/staff/larrywortzel.cfm [heritage.org]

who are:
http://www.heritage.org/about/ [heritage.org]

"Our Mission
Founded in 1973, The Heritage Foundation is a research and educational institute - a think tank - whose mission is to formulate and promote conservative public policies based on the principles of free enterprise, limited government, individual freedom, traditional American values, and a strong national defense."

Yah got to have a bogeyman.

Re:Well, you just saw the first propaganda salvos

[MrNaz (730548)]

In the democratic theater that is modern western politics, the two governments that the population choose between (Republican/Democrat in the USA, Liberal/Labour in Australia, Conservative/Labour in the UK) need to be effectively identical in order that the real decisions get made not by the people, but by the neo-nobility.

There's no difference between modern western politics and autocratic regimes such as monarchy or even dictatorships. It's just that the ruling class hides behind the veil democratic system, and like the Wizard of Oz, pulls the string without the vastly dumbed down population being any the wiser.

They are kept in this subjugated state with a combination of bread and circuses to keep them politically passive as well as carefully constructed media content that portrays a monoculture as though it's freedom.

This is actually an on-topic point, that meandered for a bit. The point I'm trying to make is that only a fool would believe that the US does not have a cyber-warfare (ugh, idiotic term) program, and all this reporting on online attacks by the Chinese is an example of the media reporting bias.

Re:

[TubeSteak (669689)]

The point I'm trying to make is that only a fool would believe that the US does not have a cyber-warfare (ugh, idiotic term) program, and all this reporting on online attacks by the Chinese is an example of the media reporting bias.

The burden of proof is upon you to show that the US has a cyber-warfare apparatus which is attacking foreign governments in the same way that the Chinese are attacking the US government.

The are only 2 reasons you shouldn't be able to provide credible support for your claims:
1. The US government doesn't actually conduct Chinese style hacking raids.
2. Foreign governments hacked by the USA do not publicly talk about it.

I'll accept any news stories from credible foreign or domestic media.

Re:

[religious freak (1005821)]

hides behind the veil democratic system

Well, that's your problem right there... we are not a democracy, we are a republic. And a republic functions exactly as you describe. The older I get, the more appreciation I have for this too. Some of the dumbass ideas I've seen and heard over the years that most everyone would support (if they actually voted) would ruin this country. There's a reason the founding fathers set us up this way.

If you and your ideas are truly worthy, you can get your message out and past the gatekeepers who keep dumb s

Re:

[TheLink (130905)]

"The people very loudly clamored against that, to no avail"

Bush still got reelected.

So either the voters didn't object to it that much, or the elections got significantly Diebolded...

You will have a problem as long as voters keep voting for candidates mainly because those candidates get a lot of money from greedy companies. Go figure.

Democracy is window dressing if the voters abdicate. Which is what many do.

Democracies: imperfect but not like dictatorships

[thaig (415462)]

IMHO Western countries are *not* comparable to dictatorships at all - not in the slightest. I am from Zimbabwe - that's all I claim as qualification.

Whether or not they are heavily influenced by powerful individuals, there are a lot more powerful and rich people in democracies so there are many interests to be satisfied and compromises to be made to keep parties in power. i.e. nobody can have it all their own way.

In dictatorships, anyone who appears even as if they *could* provide some challenge is mown dow

Re:Obligitory...

[narcberry (1328009)]

No no, we need to stop the creation of nuclear weapons by dismantling our nuclear facilities and reducing our workforce of experts. By spearheading this initiative, we can expect other nations to follow suite.

Or they will surpass our technology and stockpiles while we hold hearings on the effects of global climate change. But I am confident they will not do so.

WTF?

[Ritz_Just_Ritz (883997)]

Perhaps I'm just too simple minded, but WHY ON EARTH is ANY of that information even accessible from the interwebz?

Re:WTF?

[aliquis (678370)]

My first though to, why is it even accessible if they think it's such a problem? Guess at least the military should know such basic things. (Though I do understand it makes their sharing easier.)

Where's The F***?

[by Anonymous Coward]

No you're not simple minded. Why indeed is it anywhere near the internet ESPECIALLY with a report telling us WE KNOW THERE"S A PROBLEM!.

Get real.

[Colin Smith (2679)]

This is propaganda. It's simply preparing the public for adding China to the Axis of Evil, erecting trade barriers etc.

 

Re:Get real.

[moderatorrater (1095745)]

I'd agree with you if this were a few decades ago, but right now we're too dependent on China's production and cheap labor.

And even that is faked

[WindBourne (631190)]

The reason is that China controls the currency and pretty much fixes it against the dollar. When the euro rises against the dollar, then yuan rises a bit as well. BUT, China is the one with the monster holding of our dollars and increasing at exponential rate. The yuen should be rising against the dollar if it was traded freely. But it is not. BTW, same issue with India.

Re:And even that is faked

[wisty (1335733)]

Don't be to hard on them. China holding dollars gave the west cheap finance, which triggered an asset bubble, and encouraged overcapacity building in China (overcapacity and debt are the two main causes of depressions, depending on which economists you ask). Then they didn't pass on the wealth to their grunt workers, so Chinese demand won't be able to cushion the fall. Oh wait, that was pretty hard on them.

Re:Get real.

[zappepcs (820751)]

Bang on correct! When do people, especially government types admit that they have a problem and are hemorrhaging data to foreign states? Only when there is an advantage to doing so. In this case, I think you are right, it's part of a ramp up on public information to demonize the Chinese. Specifically who among the Chinese is yet to be determined, but the probably have a short list of targets.

Re:

[zappepcs (820751)]

I think the US was just testing the waters at that point. We signed the commerce deals, opened borders... that sort of shunted the communist thing to ground. Now we have to deal with the 21st century cold war problems. What we are seeing is that effort. Dealing with enemies that cannot be outed without revealing your own discrepancies. Cat and mouse in the age of social networking and video phones is much different than the post WWII cold war.

Everyone has forgotten the mysterious underwater cable cuts. Not

Re:

[sowth (748135)]

If that is true, then why have I received tons of scans from Chinese IP addresses? When I last looked at my firewall logs, most portscanning crap came from China, so I blocked a bunch of Chinese subnets.

What about the people injured or murdered by fake epogen and tainted food? Are the Chinese private sector and military out of control, or is this a deliberate effort?

Either way, this is a good reason for me to have an unfriendly attitude toward China. Maybe this is propaganda, but there must be some trut

No, it is not propaganda.

[WindBourne (631190)]

I have seen this. I used to work in a start-up and saw 2 seperate incidents. In one case, I was hiring for coders. Found a gal who was interesting. She had married a GI and moved to Northern Colorado Springs. Since we could do the work over the line, not an issue. I interviewed her and she was not interested. That is, until I mentioned taht we were doing work for DOD and NSA. Then her attitude changed dramatically. She very much wanted the job. Ok, not a big deal.

But a year later, we were looking for funding. Found a Tawain born guy from Loveland who use to own the chinese restaurant there. He wanted to invest. But he insisted on getting control of the hardware (which was the important part) if we defaulted. When would company be considered defaulted? When he said so. Told him no way. So, then he wanted to buy hardware and said that he would sell it in mainland china and we could all be worth 30 million or more. The hardware was only 1M. But he explained that mainland was willing to pay 30 for it and might go higher. I was actually shocked since I considered him Tawainese and would not do that. My opinion changed when at a slashdot posting, a tawain native said that the chinese who came there STILL consider themselves chinese, not tawainese. The original guy may not have been a spy. But, he was all too happy to sell tech to them. More interestingly, he indicated that he had been in touch WITH mainland china.

No, this is absolutely not propaganda. This is VERY real. Chinese ppl are happy to see their country coming up. And I understand that. But chinese gov is STILL in a cold war with us. They are very much spying on the west and buying tech. whenever possible. And yes, it is the west, not just America. That includes countries like Japan, Australia, Canada, France, UK, Israel, etc and even Russia. In fact, I consider your statement far more propaganda, because you have NO IDEA of what you are talking about.

Re:

[LingNoi (1066278)]

My opinion changed when at a slashdot posting, a tawain native said that the chinese who came there STILL consider themselves chinese, not tawainese.

Are you kidding me? Your evidence is based on a slashdot post?! The biggest hive of Asperger syndrome whining twitter morons on the internet? That's your proof?!

Huh?

[TheLink (130905)]

"Chinese ppl are happy to see their country coming up"

And that Taiwanese guy was also "all too happy" to sell something that costs 1 million to the Chinese Government for 30 million.

30 million dollars. Not 2 million, not 1.5 million.

Oh yeah, it was because of patriotism or "The Love of China" that he gave them 50% off the original price of 60 million. That must be it eh?

Given what I know of Chinese people, it's far more likely that the Taiwanese guy was just seeing it as a great business opportunity - a cha

Re:

[TheLink (130905)]

Not surprised he had millions in the bank. It's good business if you can keep selling 1 million dollar stuff for 30 million.

So what's your point? That he'd stop trying to make lots more money because he already had millions in the bank?

That's hilarious if you knew how a typical chinese businessman thinks.

Most Chinese care about Family and Money (for some - Money first then Family ;) ), Country at most is a distant 3rd place. Yes they will get that patriotic spirit from time to time, but that's about it.

Just

Re:

[ahabswhale (1189519)]

It's not available. The military has had regulations preventing the placement of confidential information on publicly accessible networks for over 20 years (which is back when I was in the Air Force). I'll leave it to the amazingly brilliant posters of /. to figure out why they might make such statements...

This TF

[fm6 (162816)]

Really, really sensitive information isn't available that way. I'm told that organizations like the DoD that have separate networks with no physical connection to the Internet for the "burn before reading" stuff.

But you can't hide all your sensitive data behind that kind of security. Your organization would grind to a halt. Besides, not all data really merits that level of protection. You don't want the bad guys to have it, but it isn't the end of the world if they do.

Security is always a tradeoff of cost (

WTF?-Tasters Choice.

[Ostracus (1354233)]

"Those people have needs while at work and it'd be inhumane to not address them!"

Well that explains the secret ingredient in MREs.

Re:

[compro01 (777531)]

"+1 Wishful Thinking" would be nicer.

Why would they bother?

[Colin Smith (2679)]

America is sending all of it's wealth to China anyway and is happily enslaving future generations to chinese investors.

"Supreme excellence consists in breaking the enemy's resistance without fighting." Sun Tsu. 2500 years ago so.
 

Re:

[vux984 (928602)]

America is sending all of it's wealth to China anyway and is happily enslaving future generations to chinese investors.

Hee hee jokes on them. Its not going to get paid back. And at the end of the day all the stuff they sent us is worth more than all the paper we printed to get it.

I'm only half joking. Seriously... Maybe I'm being too cynical, but I think if this debt spiral continues... when it collapses under its own wate, the US is going to undergo an internal 'revolution', declare that it has no intentio

Re:Why would they bother?

[Nerdfest (867930)]

You can have the oil, but only if you take Celine Dion and Ben Mulroney as well.

It's not one way

[Caedes.Leighton (1186201)]

US hacks China, China hacks US, where is the news in that? It's like watching two kids fight and both of them saying "He started it!" when in fact, they're both annoying little bastards.

Re:It's not one way

[moderatorrater (1095745)]

The news is that they're fighting and that the fighting's escalating. The two kids on the playground are more like Godzilla and Mothra - if they fight, there's going to be lots of explosions and buildings falling over. Plus, there's going to be some terrible dub work and the Japanese are going to somehow be involved. Also, we're going to find out about new powers that Godzilla has that he didn't have in the last movie. And then Steven Spielberg will do a remake that'll flop.

That got out of hand fast. Anyway, just because "they're both annoying little bastards" doesn't mean you shouldn't keep an eye on them. Especially if you live in Tokyo.

Time to do what we did to the USSR

[istartedi (132515)]

One of the largest non-nuclear explosions ever came as a result of US technology that was stolen by the Russians. Except, the CIA knew it was happening and instead of stopping it they decided to plant faulty chip designs. Once the USSR knew the tech was unreliable, they were stuck with one helluva an auditing problem, beyond their capability.

How much do you want to bet that somewhere on a "vulnerable" network, there are some designs that are just... a little... bit... off.

Here's the Link

[istartedi (132515)]

It was part of the Farewell Dossier [wikipedia.org]

Boo!

[ISoldat53 (977164)]

Every age needs bogey man.

Old School Security

[Plekto (1018050)]

Perhaps this seems a bit extreme, but exactly WHY are these military computers even connected to the Internet? If it's really secret information, shouldn't they have their own network or just not put these things online?

Beijing's investment accelerating militarisation?

[krou (1027572)]

Beijing's investment in rocket technology is also accelerating the militarisation of outer space

Funny, I thought it was the US [commondreams.org] stance [eetimes.com] of space dominance [defensetech.org] that was accelerating militarisation of space.

For chrissakes!

[erroneus (253617)]

Why don't we just take measures to sanction China? Oh wait, we let our economy fail to the point that China owns us. Somehow all this business-favoring government has managed to allow everything to get outsourced and allowed everyone to source everything from China.

China's internet link needs to be severed or otherwise blocked from passing through U.S. routers. US influence should also persuade similar actions in other nations as well. This sort of behavior should not be tolerated. CUT CHINA OFF. The

Very off-topic pdf, except part of ch. 2

[billsf (34378)]

The pdf may be of interest to those studying relationships with China, but very little mention of any "cyber war" except part of chapter two that stresses its 'non-classified' information. The biggest hole in US computer security is Windows and how people use it. It is very common for 'users' of Windows not to set passwords, which just makes it even easier easier to penetrate the whole network. Hopefully, no Windows machine can even access classified information in the first place.

Unix isn't perfect either and again, its the human aspect that is the biggest risk. Anyone caught using an account with access to 'sensitive' or 'classified' without an adequate password should be warned, explained what a good password is and fired if they can't comply. It would seem that there is high compliance and regular audits anywhere 'classified' information can be accessed. Chapter 2 of the pdf only mentions 'unclassified' material, never mind all 'classified' material is created from 'unclassified' resources. Truly classified data should never be accessible from The Internet in any way, in the first place. Any information placed on, or close to The Internet should be considered 'public' on a worldwide basis.

Generally speaking, China uses the simplest, known techniques, to penetrate servers. Any admin can tell you how many dictionary attacks come from China. It is impossible to determine which ones are just 'script kiddies' or students and which are serious organized efforts. There is a very small rate of success from this method. Today it seems that these (Unix) machines are simply used to spread the simple scripts on a wider scale. Simply moving off port 22 (even to port 23) will stop 99% of the problem. Statistical programs that temporarily deny access to a certain IP address can be very effective as most scans never return, even if the access is denied for as little as five minutes. To combat the hardcore attempts where the attack returns, simply increase the 'access denied' time and ultimately blacklist the IP address and the whole net if necessary. (It is very rare it ever goes that far.)

In conclusion: Don't put classified information in the reach of The Internet. Never use any Microsoft product to view 'classified' or 'sensitive' information unless it can be assured there will never be any Internet connections of any sort. It is highly unlikely any government secrets leak out unless that was the intention, such as a "trial balloon". At this time, this is a non-problem that can be stopped. If absolutely nothing is done, it could escalate in much the way spam did. The official report appears to draw the same conclusion, however that is buried in a pile of irrelevant and off-topic material.

BillSF

                       

zeros

[cpankonien (964575)]

the DoD network will continue to be vulnerable as long as they insist on using windows. lest you think i'm a peacenik or something, i was a boom operator in the USAF for 20 years. i retired in 1997, and joined the local LUG. Alot of the members were NCO sysadmins from the base, who related that "all the officers coming out of the zoo (USAF Academy) only knew windows, and policy did not allow for anything else". So, being good NCOs, they snuck linux in the back door and had it running all over the place, as proxy servers, firewalls, etc. their officers didn't know about it, but as long as nobody complained and it made them look good, they were happy. then when they found out, and had it removed. problems increased dramatically soon thereafter. fuckin' zeros...they don't listen! MSgt, USAF (Ret.)

I wonder if it is personal?

[victim (30647)]

The DoD takes everything personally, and for good reason, but I have a steady stream of chinese hackers attempting to break into the router in my tool shed that reports battery voltage and temperature at a cabin that is inaccessible for 6 months of the year.

I really should put a webcam in there so they can see what they have achieved if they ever do manage to get in.

(22.1F, batteries 25.3V, 600 watt hours of energy stored today.)

poisoned Honey pots

[dotmax (642602)]

And you guys claim to read Schneiier?? Consider this: if the Chinese are spying on our tech, we can stick it to them rather badly by lettng them find pointless dead end projects upon which to waste their treasure. everything is an opportunity... .max

Counterfeit IC's in Cisco Routers

[Ex-MislTech (557759)]

It is not too hard to hack a network if you got
counterfeit hardware inside the network giving
you a backdoor in.

http://www.infoworld.com/article/08/05/12/FBI-worried-as-DoD-sold-counterfeit-Cisco-gear_1.html [infoworld.com]

So once they got in, they learned what they needed
to know to stay in, and put other methods in place
to stay in.

They are going to have to rebuild their network one segment
at a time from the ground up.

They need several things with one of them being segment
monitoring IDS system that can detect the outbound traffic.

Something that can track all outbound traffic against
a white-list of acceptable IPs, think a reverse peer guardian
that tracks what IP's are reached and snds alarms if they
are not on the list.

In any event they will have a monumental task of clearing
all the backdoors in the system, and should consider going
totally to a secure hardware+software encrypted VPN that
does not even travel over the public internet.

There is enough dark fiber out there to do it for the classified
material they transmit.

Also if most of your military traffic goes over the old
global crossing network, don't allow the public sale of
that network to a foreign nation with an oppposing ideology.

Namely China !

http://www.hereinreality.com/likashing.html [hereinreality.com]

When you do stupid things, bad things happen.

Re:

[Sta7ic (819090)]

What's the worst that could happen [if we put up a trade embargo against China]?

When was the last time you went into a Wal-Mart and looked at the 'Made In..." tags? 70%-plus of the stuff in that store is from China, from trash cans to seasonal stuff to lego-like shelving units.

Re:

[Loibisch (964797)]

Major "woosh"

Re:Communist China! Your days are numbered!

[bleh-of-the-huns (17740)]

This sends the message to the rest of the world that the US may not pay its debt to them if they do something the US does not like.... That would be a bad precedent, as we would soon find ourselves very isolated when it comes to finance and commerce...

Re:

[djradon (105400)]

chines checkers != go

http://en.wikipedia.org/wiki/Chinese_Checkers [wikipedia.org]

Re:

[idlemachine (732136)]

Chinese Checkers (Go).

Chinese Checkers & Go are two entirely different games.

Re:

[sexconker (1179573)]

There are -zero- smelting plants for steel based alloys in the US.

Completely false.
I won't even read the rest of your comment.

Re:

[sowth (748135)]

Electronics manufacturing is not done in the US? Then what is Wolf Electronix [wolfelectronix.com]? Were the semiconductor facilities run by Intel and Philips just my imagination? Holy shit! I must be really fucked up to have hallucinated all that!

Re:

[bleh-of-the-huns (17740)]

because most of the attacks do not come directly from them, they come via proxies from infected systems the world wide....