Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
China Government Privacy Security United States Technology

FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years (vice.com) 101

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: The feds warned that "a group of malicious cyber actors," whom security experts believe to be the government-sponsored hacking group known as APT6, "have compromised and stolen sensitive information from various government and commercial networks" since at least 2011, according to an FBI alert obtained by Motherboard. The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government's servers, their activities going unnoticed for years. [...] In the alert, the FBI lists a long series of websites used as command and control servers to launch phishing attacks "in furtherance of computer network exploitation (CNE) activities [read: hacking] in the United States and abroad since at least 2011."
This discussion has been archived. No new comments can be posted.

FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years

Comments Filter:
  • If the FBI a) know about it and b) are complaining then i's no mystery - it must be the CIA.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      I really wish you'd said "If the FrostyBI are pissed..." because it would have been such a lovely First Post pun.

      • I really wish you'd said "If the FrostyBI are pissed..." because it would have been such a lovely First Post pun.

        A missed opportunity as there's not been one in months.

      • Where I come from, pissed means drunk.

        Not saying they aren't, mind. It might explain a few things.

    • by Anonymous Coward

      F.B.I.: 'we need backdoors.'

      And now, F.B.I., you see what happens even when there are not backdoors. Stuff still gets cracked. So, if there are more ways to infiltrate, i.e. backdoors, you really think things will be more secure?

  • Comment removed based on user account deletion
  • This is why they think they can get into any phone.

    Despite their best effort, their stuff keeps getting owned. So they think that every other system has easy holes in it too.

    All these government servers, Hitlery's out of band leaky illegal bathroom depository, iPhones. All of it.

    • Well. They could just leave secret documents in the servers, addressed to the mysterious hackers:

      "Dear Mysterious Hackers,

      We're pretty sure you must be reading this, so, would you please download phone 555-45-33's records and send them to us, please?

      Pretty please?

      Federally yours,
      The FB of A
      "

      • Interesting. Kind of like writing letters to Santa and sending them up the chimney except they are more likely to be read.

        It makes me wonder if there was a...

        "Dear Mysterious Hackers,

        Please can you extract and distribute all the documents pertaining to offshore tax avoidance handled by firms like Mossack Fonseca.

        Thanks in advance,

        The actual tax payers of the world"

    • Re:This is why... (Score:5, Interesting)

      by Rob Y. ( 110975 ) on Tuesday April 05, 2016 @10:21AM (#51845727)

      Actually, from the sound of it, Hillary's home server was about the only 'government' server that hasn't been hacked.

      'Hitlery'? Really? At least it's not a play on the female anatomy. I commend your maturity.

      • by s.petry ( 762400 )
        Except that it was owned (read outside of main stream media and use your brain bucket just a little).
        • (read outside of main stream media and use your brain bucket just a little)

          You mean some wing-nut conspiracy website?

          • by s.petry ( 762400 )

            Okay, don't use anything but knowledge about security. How hard is it for someone to find the server information for an email server, and then hack into a server which is rarely managed.

            Every Government agency (FBI, NSA, CIA, etc...) has said the server was insecure. The only people that want to defend Clinton's poor ethics, morals, and poor decisions related to this server are people who believe that they gain if she wins. If GW Bush had done the same thing my position would remain exactly the same, but

            • How hard is it for someone to find the server information for an email server, and then hack into a server which is rarely managed.

              Rarely managed according to what source?

              Every Government agency (FBI, NSA, CIA, etc...) has said the server was insecure.

              Agencies known for their impeccable honesty with public disclosures...

              The only people that want to defend Clinton's poor ethics, morals, and poor decisions related to this server are people who believe that they gain if she wins.

              A political opinion that has nothing to do with the question about the security of her email server.

              • by s.petry ( 762400 )

                Rarely managed according to what source?

                All of them, including the person who set up the server and ended up handing it over to the authorities.

                Agencies known for their impeccable honesty with public disclosures...

                If those same authorities were on your side, you would defend those same agencies on other matters benefit your political beliefs. You fool nobody but yourself.

                A political opinion that has nothing to do with the question about the security of her email server.

                It has everything to do with why people like you attempt to lie to make her look good, which YOU did by perpetuating an easy to verify as false claim.

        • by Jawnn ( 445279 )

          Except that it was owned (read outside of main stream media and use your brain bucket just a little).

          [citation needed]
          Any bets on what he comes up with?

          • by s.petry ( 762400 )

            How about you do a simple web search instead of making _false_ claims about there being no information. Sources that came up in the top 10 on duckduckgo are Breitbart, Businessinsider, CNN, and the NationalReview which of course are all well known right wing extremist crank sites, right? Wholly fuck, even Bill Gates said that it was likely her server was compromised, but of course he is just another right wing conservative gun nut. Am I right?

            I do hope you can read sarcasm better than you can use a searc

      • Re:This is why... (Score:5, Informative)

        by SecurityGuy ( 217807 ) on Tuesday April 05, 2016 @10:38AM (#51845905)

        Nobody knows Hillary's home server hasn't been hacked. All that we know is that whatever logging they were doing didn't show evidence of hacking. All that tells you is that if it was hacked, it wasn't done by a complete incompetent.

        • by Anonymous Coward

          Nobody knows Hillary's home server hasn't been hacked. All that we know is that whatever logging they were doing didn't show evidence of hacking. All that tells you is that if it was hacked, it wasn't done by a complete incompetent.

          And since the logging wasn't set up to secrecy specs, they'll never know if it was hacked, or the extent of those hacks if it was.... so ALL the data on the server needs to be considered compromised.

        • Re: This is why... (Score:3, Informative)

          by Anonymous Coward

          Except that awkward moment everyone forgets the server was found because guccifer got in sharing screen caps.

          http://www.mrctv.org/blog/update-hillary-s-secret-email-revealed-romanian-hacker-had-its-own-internet-server

      • Uh...it was immediately penetrated by multiple foreign intelligence services. It had zero security. If China/Russia/EU/etc DIDN'T own Hillary's server then they are totally incompetent and shouldn't be running an intelligence service.
      • The server's domain name was clintonemail.com. To remind, whois registries are public, and in this case you really only need the domain name to figure out it would make a good target.

        And, according to the people who were running it, it wasn't even using SSL for the first few months. So you didn't even have to hack it, you could just do MITM on it.

        Given all this, it would be truly amazing if it wasn't hacked.

    • Or as Bernie says "The American people are sick and tired of hearing about your damn emails"

  • by Kinthelt ( 96845 ) on Tuesday April 05, 2016 @09:54AM (#51845515) Homepage

    Can't figure out wHo would want to have InterNal file Access.

    • by Matheus ( 586080 )

      Never easier... Only a Really peTulant arcH-nemesis would asK fOR such unfEttered Access!

  • by Lumpy ( 12016 ) on Tuesday April 05, 2016 @09:58AM (#51845537) Homepage

    Government systems.... built and secured by the lowest bidder....

  • Are these assertions verifiable? If they are not, the fact that they were made is irrelevant.

    Through which mechanism can the population verify this information is true?
    If such mechanism doesn't exist, why make this information public?
    Is Faith a required aspect of citizenship now?

    In other words:
    Information based on secret data is of value only internally to the sharers of the secret.
    This distribution of unverifiable information is simply propaganda.

    • by tomhath ( 637240 )
      Verifiable by whom? All they did was send out a warning that traffic related to certain domains is probably associated with an intrusion. Seems like a reasonable warning.
  • to encrypt the government to save it from those pesky things they never do to others.

  • by scorp1us ( 235526 ) on Tuesday April 05, 2016 @10:02AM (#51845573) Journal

    The contents of the San Bernardino iPhone wins, and proves Apple's point.

    • by sims 2 ( 994794 )

      That's one of those odd things at the point this all happened apple had been offered device locked mdm profiles for a while.

      The articles I read indicated that the owner of the phone san bernardino county did not opt to get mdm profiles when they purchased the phones.

      But its nice to see that apple hasn't given up on their deceptive business practices as they still do not show if a device has a irremovable mdm profile on the icloud lock check page.

      Really fucks over second hand dealers and makes the icloud act

  • The solution is obvious.

    Further restricting the rights of the American people will surely solve this problem.

  • by GeekWithAKnife ( 2717871 ) on Tuesday April 05, 2016 @10:11AM (#51845643)

    Ever heard an iteration of this BS before? "Why not let your government collect data on you? you have nothing to hide."

    I mean besides targeted ads, invasion of privacy, online profiling that will affect the prices of products and search results, being subjected to voyeurism by bored government agencies, attracting whatever weirdo or teen hacker that managed to somehow get the data, perhaps elongating the queue at the airport when you're "randomly" asked about that "funny" prank in college, or the widely used change of your insurance quote because some stupid filter found a word associated with higher risk somewhere in a database that has info about you...but let's get back on point:

    Why would I trust the government with my data when they cannot secure their own data? -Why should I still bend over and just accept their blatant and useless corrosion of individual privacy and freedom in lieu of their incompetence and carelessness?
    • Re:But why worry? (Score:4, Insightful)

      by burtosis ( 1124179 ) on Tuesday April 05, 2016 @10:21AM (#51845725)

      Ever heard an iteration of this BS before? "Why not let your government collect data on you? you have nothing to hide." I mean besides targeted ads, invasion of privacy, online profiling that will affect the prices of products and search results, being subjected to voyeurism by bored government agencies, attracting whatever weirdo or teen hacker that managed to somehow get the data, perhaps elongating the queue at the airport when you're "randomly" asked about that "funny" prank in college, or the widely used change of your insurance quote because some stupid filter found a word associated with higher risk somewhere in a database that has info about you...but let's get back on point: Why would I trust the government with my data when they cannot secure their own data? -Why should I still bend over and just accept their blatant and useless corrosion of individual privacy and freedom in lieu of their incompetence and carelessness?

      Because terrorists! I'm sure this will all be addressed in the upcoming "America, land of the free" bill that will make encryption illegal.

  • I think the obvious answer is the need for more back doors in all systems. Obviously we need to get those responsible and the only way is to put the master keys in the hands of the most responsible, technically savvy people ever to walk this earth. It's really the only way to keep out children safe and get the bad guys.
  • by e70838 ( 976799 ) on Tuesday April 05, 2016 @10:19AM (#51845713)
    If they have implanted a virus in the Intel Management Engine, they have a permanent backdoor since 2008. See https://en.wikipedia.org/wiki/... [wikipedia.org]
    • by Qzukk ( 229616 )

      AMD has had the "Platform Security Processor" since 2013, which has the same problems (including Ring -3 level exploitability)

      Curious that it's hard to find a list of processors without these "features" online. Wikipedia barely mentions PSP as a footnote on AMD's APU list.

  • by ITRambo ( 1467509 ) on Tuesday April 05, 2016 @10:41AM (#51845921)
    During the Clinton administration the Chinese hacked into and took military secrets. What dos the US do? it outsources more work to China to make goods sold in the US. The US government can't handle security well at all and no longer cares to help its own citizens. That's why Trump is popular. People want to believe that an outsider can make things better, since the insiders keep screwing things up.
    • People want to believe that an outsider can make things better, since the insiders keep screwing things up.

      That's only a part of the reasons. If people really want to believe that an outsider can make things better, they would have thought further than just that. They would have looked at how the person would do to make things better from the person's both past and present speech & action, not from the person words coming out of his mouth. They would have determined what consequences are if they elect the person, not what the person promises and spout vaugely proposal that doesn't represent a well thought so

      • by DarkOx ( 621550 )

        I will vote for the first person who promises to build a gallows over the reflecting pool and eliminate the current occupants of cabinet positions, heads of three letter agencies, congress, senate, and federal reserve board.

    • Nice way to conflate the US government with US businesses with the US people. When you say "it outsources more work to China" what you really mean is "US businesses either shutdown local operations or expand new operations overseas, including in China". Don't try to make that "the US government" which, despite being a large, unwieldy and frequently ineffective multi-department entity, does not require US businesses to move production to China.

      Trump is *not* an outsider to all of this. Oh, sure, he hasn't be

    • They didn't steal them, the Clinton admin GAVE THEM to them.
  • by Anonymous Coward

    It's not a mystery, it is Israel. Up to their dirty little tricks as usual.

  • There are five known military espionage units spying on government files, the CIA, NSA, and the other two agencies none are permitted to know about.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      and the other two agencies none are permitted to know about

      Don't worry, we both know about you...

  • does anyone have the link to the alert from the fbi itself? all the links that I've seen just summarize.
  • "Let us exhume McCarthy immediately!!"

    With every action, the FBI reminds us why they never wanted to rename their HQ.
  • Senior System Engineer/Architect

    Where? Some bum-fuck tiny ISP? Some tiny shit business of some insignificant variety? Some community college IT department? A so-called contractor?

    Notice: If you post anonymously do not expect a reply.

    Typical arrogant nonsense from some basement dweller. In other words, go fuck yourself.

  • Am I the only one who noticed that the article is complete hype with no valid information? It even links to a user submitted OTX threat monitor pulse from February containing a list of malicious domain names, referring to it as an FBI Security Flash on the issue. This is nothing but a collection of random comments strewn together to sound scary. I am personally collecting a list of sites which mirror this article to build a simple "what not to read" site list for new security analysts...
    • by AHuxley ( 892839 )
      Think in terms of limited hang out operations and decades honey pots that never got fully understood or mentioned to lower gov levels or law enforcement never got in on the operation..
      For that to work a lot of real and fake information has to walk and has to be seen as originating in the depths of real US gov computer systems.
      Operations get renamed, staff move around and the resulting security networks are left wide open. Data used as bait or to see where it was going was completed or abandoned months or
    • Security analysts ought to read this, but you may still want to provide your perspective. A lot of security issues are caused by incorrect information and plain FUD. I think it is important for security analysts to know about this and be well informed about the content and sources rather than outright ignore it. If I'd ask a security analyst about this issue and she/he tells me that they have no idea what I'm talking about (because they followed some advice to not bother with reading about it) I reasonably
  • Can't be the NSA, then; they've been hacking that $#!+ since the dawn of time.
  • So maybe it was a good idea after all that Clinton ran her own email server? That one did not get hacked as far as we know.

To stay youthful, stay useful.

Working...