Forgot your password?
typodupeerror

U.S. Commerce Department Hacked Again 164

Posted by Zonk
from the uncomfortable-it-people dept.
evil agent writes "The Bureau of Industry and Security (BIS), a branch of the Commerce Department, has sustained several successful attacks. Chinese hackers were able to gain access to its computers and install rootkits and other malware." From the article: "This is the second major attack originating in China that's been acknowledged by the federal government since July. Then, the State Department said that Chinese attackers had broken into its systems overseas and in Washington. And last year, Britain's National Infrastructure Security Co-ordination Center (NISCC) claimed that Chinese hackers had attacked more than 300 government agencies and private companies in the U.K."
This discussion has been archived. No new comments can be posted.

U.S. Commerce Department Hacked Again

Comments Filter:
  • by IlliniECE (970260) on Saturday October 07, 2006 @11:39PM (#16352517)
    Chinese hackers installing root kits? Are you sure they weren't Japanese (aka Sony)?
    • by Jesus_666 (702802)
      Chinese hackers installing root kits? Are you sure they weren't Japanese (aka Sony)?

      They were clearly $sys$not Chinese.
  • by CompMD (522020) on Saturday October 07, 2006 @11:50PM (#16352557)
    Hm...so this here purple panda bear says he wants to be my buddy and help me out on the intarweb. Sounds good to me! (click) Gosh I wonder why my workstation is so slow, almost as if its sending all its files to ch!@$!$JGOJ!THIS POST 0WNZ0R3D BY CHINESE HAXORS
  • I don't buy it. (Score:1, Insightful)

    by pair-a-noyd (594371)
    They say they can't clean the systems. Bullshit, they just want to blow more of OUR tax dollars on new toys.

    Also, what's the OS? No mention of that in TFA. Why are they using an OS that allows this sort of thing to happen. Shall we take a guess as to the OS?

    If they were serious about security they WOULD put a stop to this crap.
    It's easy to batten down the hatches.
    • by khasim (1285) <brandioch.conner@gmail.com> on Saturday October 07, 2006 @11:58PM (#16352579)
      An August e-mail from acting Undersecretary of Commerce Mark Foulon quoted by the Washington Post said that BIS "had identified several successful attempts to attack unattended BIS workstations during the overnight hours." Last month, reported the Post, Foulon wrote: "It has become clear that Internet access in itself is a vulnerability that we cannot mitigate. We have tried incremental steps and they have proven insufficient."

      What the fuck? Aren't they even behind a firewall?

      Wouldn't a simple firewall "mitigate" that "vulnerability"?
      • Re: (Score:3, Insightful)

        by AuMatar (183847)
        No, it wouldn't. Firewalls themselves can be hacked. An internal network with no access to the internet is more secure than one with. The question is if access to the internet adds enough value to be worth the risk. The answer depends on what you're doing. Military plans- probably not. Joe Blow working for some small buisness- probably yes. In this case, no idea.
        • by khasim (1285)

          An internal network with no access to the internet is more secure than one with.

          Since you've opted for pedantic, no, it is not. It is only more "secure" from Internet-based attacks. There is still physical security to be considered.

          The most "secure" system is one that has been turned off, encased in cement and dropped into the deepest part of the ocean.

          Now, can we possibly get back to a discussion of this specific situation instead of displaying our pedantic generalizations to the world?

          Yes, a firewall can

          • Re: (Score:3, Interesting)

            by AuMatar (183847)

            Since you've opted for pedantic, no, it is not. It is only more "secure" from Internet-based attacks. There is still physical security to be considered.

            Hence more secure, and not "totally secure".

            Yes, a firewall can be cracked. But because it is a single point of access, it is far easier to monitor/secure than if all the workstations are directly connected to the Internet. Therefore, having a firewall would "mitigate" that "vulnerability".

            Yes, it would mitigate the risk. For many government computers, that

            • Hence more secure, and not "totally secure".

              By that "logic", a house with a 10' hole next to the open front door is "less" "secure" than the same house with the front door closed and locked.

              No, it is not.

              Yes, it would mitigate the risk.

              Which is what I said that you had previously taken exception to.

              For many government computers, thats still an unacceptable level of risk.

              And for others it is an acceptable risk. What is it with you and the pedantic generalizations?

              If a buisness/government computer doesn't hav

              • By that "logic", a house with a 10' hole next to the open front door is "less" "secure" than the same house with the front door closed and locked.

                No, it is not.

                If, in your piss-poor analogy here, you mean that the front door is the firewall, and the 10' hole is the physical security issues, then you don't understand computer security in the least.

                Physical access is an issue, yes, but physical access can only be accomplished by something in the same physical location. (You're saying duuh, but think about it

          • Since you've opted for pedantic...The most "secure" system is one that has been turned off, encased in cement and dropped into the deepest part of the ocean

            Congratulations on choosing the pedantic option. Commiserations on your failed definition. The system you describe would not be appropriatelyavailable, which is a fundamental quality of a "secure" system

      • by pipingguy (566974) *
        Perhaps it is politically useful to announce that you've been hacked when, in fact, you havent. Or if you *have*, in fact been hacked, it might be useful to "leak" to the press that you've been hacked, but you secretly know that the hacking occurred at a non-vulnerable point. Or, if you haven't been hacked by hackers, it could be hacky if the hackees hacked the hackiest hack node and then made it appear that hackers had [writer's brain explodes, end of post]
        • by sumdumass (711423)
          Actualy, this is a good point. Knowing that china is one of the ones holding the UN security counsel from making and definate actions on IRAN and thier nuke program. North korea is a concern too and many experts seem to think china can stop NK at any time. This might lead a little leverage over them. Simularly, the tarrif on shoes from china gives the EU some position of power over china too. So politicly, letting them know it might have worked could be a setup to allow threat of force and forgivness to man
          • by pipingguy (566974) *
            International politics is convoluted and mysterious and the post cold war era hasn't really changed much. It's still a game of favours, inside deals, secrecy and private agreements.

            If NK tests, you can be sure that something else is happening in the background. We might find out what /really/ happened in 2030.
    • Re: (Score:2, Funny)

      by Shadyman (939863)
      You mean you're going to ask the Department, "Does it run Linux"?
    • Re: (Score:1, Informative)

      by Anonymous Coward
      Don't assume it's Windows. The government is the largest Sun customer out there, and for the time being they are running Solaris and Linux on the hardware. I can't find a good link to this paper, but if you want to read about rootkits on Solaris that probably 99% of all SA's and huge numbers of Security Officers couldnt detect, search for 'SUN - Bloody Daft Solaris Mechanisms "B.D.S.M. The Solaris 10 Way"'
  • Bureau of Industry and Insecurity? Why would successful Chinese cracks be a surprise to them?
  • by frinkster (149158) on Saturday October 07, 2006 @11:53PM (#16352569)
    The Chinese have been trying for years to lose that pesky Most-Favored-Nation status, and this administration is not going to give in.
  • How sure? (Score:4, Interesting)

    by fredistheking (464407) on Sunday October 08, 2006 @12:10AM (#16352611)
    How can they be so sure that the attacks originated from China? Sure there may have been Chinese IP addresses involved but the attackers could have been anywhere. The chinese systems could have simply been compromised and used to cover the attackers tracks.
    • by Anonymous Coward
      ARE YOU CRAZY OR SOMETHING? let's not let obvious facts such as these get in the way of a good xenophobic rant and/or nationalistic orgy
    • by sumdumass (711423)
      There are some tell tale signs besides the ip addresses. Technique used, programs inserted (read root kits), codepage of files droped onto the hacked computers are just a few. Watching the actual routing tables and ip packets plus maybe sniffing a router on/in the area to look for other packets destined for those computers. Of course it would really help out if you actualy caught them in the act of doing it.

      Then again, a spy working for a friendly nation or even the US could have told us that it was going o
      • by finity (535067)
        That might also make the whole situation worse. It is important to get all the facts before pointing fingers, and unfortunately, with this kind of thing, it's very difficult to get all the facts.
        • by sumdumass (711423)
          I'm not going to pretend our current government or even the last administration got foreign policy right or has it as a strong point. Making things worse to benefit in the short run seems to be an occuring theme of the last 50 or so years. Go figure/.
      • by Tim C (15259)
        Technique used, programs inserted (read root kits), codepage of files droped onto the hacked computers are just a few.

        None of which can be faked or copied by others, of course.

        Watching the actual routing tables and ip packets plus maybe sniffing a router on/in the area to look for other packets destined for those computers.

        So the hakc originated in China - it's still a leap of supposition to go from "hackers located in CHina" to "Chinese hackers".
        • by sumdumass (711423)
          "Just a few" should let you know there are more ways to figure it out. BTW, I don't think any one tell is going to be used to determine who done it. It would take a few if not more.

          Think of it like criminal investigation, lacking a witness, they look at the clues. Sometimes the clues tell them exactly who done it while some other times it tells them where to look for who done it. Then combined with other tools and techniques, the possible suspect could be narrowed down untill you have the most likley person
      • by FhnuZoag (875558)
        Maybe I've been watching TV too much, but surely an obvious alternative is that another nation/private body did the hack, and dropped evidence to implicate China? Given that the government has been hacked once, all kinds of places would be on alert that security is weak, and would give it a go themselves. Plenty of motive and opportunity in place. What China has to gain from this hacking pales relative to what a competitor would have to gain from the increase of mistrust between two trading allies.
        • by sumdumass (711423)
          I'm sure all things considered were considered before someone actualy made the acusations. Unless it is some diplomatic stranglehold type thing that is.

          But they aren't (at least I hope not) going to place the blame on a breakin without having some creditible evidence pointing in that direction. Just like they won't pick up random people off the streets and start asking them about unsolved crimes from two years ago. You can about bet that if they are asking you about them, then there is a reason they think y
      • Re: (Score:2, Funny)

        by sgt_doom (655561)
        I hope I don't lose anyone by getting too technical - but another tell-tale sign is the presence of those nifty fortune cookie fortunes at the bottom of all their hax.
    • How can they be so sure that the attacks originated from China?

      They wouldn't say this if it wasn't true - just like they wouldn't put their systems online unless they are secure...

    • by b0r1s (170449)
      They may have been able to do a post-infection audit to discover the programming techniques / callsigns (if the strings in the program are all in chinese, there's a good chance it's not a romanian hacker).

      Of course, there were other security issues in the very recent past that have much more impact on the average American, say, the discovery that the medicare system was wide open without even basic audit logs [medicarehelpcenter.com].
  • Come on...don't be mean to the folks over at the Commerce Department. They were just in the process of transferring some money from a Chinese-Nigerian bank account to help out a buddy. Lay off of 'em.
  • Ipv6 (Score:3, Funny)

    by growse (928427) on Sunday October 08, 2006 @12:15AM (#16352647) Homepage
    Don't forget kids, all these problems will be solved when the US govt goes to ipv6. Since no-one else will be using it, it will confound and confuse anyone trying to hack in!
  • by in2mind (988476) on Sunday October 08, 2006 @12:20AM (#16352669) Homepage
    Its not about whether the chinese or japanese did it. Its about whether the commerce dept knows enough to protect itself or not.
    • by ScentCone (795499)
      Its not about whether the chinese or japanese did it. Its about whether the commerce dept knows enough to protect itself or not.

      It's not really an either/or thing. Yes, that bureau at Commerce needs to get its act together, of course. But it's actually very helpful to understand which spots around the world seem to be the largest sources of invasive nastiness, especially as it relates to economic/industry targets. Totally unscientific: of the many machines and networks I see administratively, the number
      • Well ok I should be more clear, I've banned the blocks allocated to an ISP which I'm told is the Chinese state ISP. The reason is that I get no legit traffic, tons and tons of hack attempts, and they just ignore abuse e-mails, including those translated to Chinese.

        That's the real answer to this problem. If particular ISPs refuse to behave, just start banning them. I mean sure, all ISPs will have people who act bad, but if you contact them and get no response and if the bad/good ratio is vastly (or completel
        • by sumdumass (711423)
          I lost an account because of a chinese ip addressed hack attempt once. Well kind of.

          It was at a small law firm with 4 workstations, A windows server, and a linux file server. The network would slow way down at times. Finaly I installed SNORT and saw someone was able to bypass the Dlink router used to distribute the cable internet and act like a firewall, take control of the microsoft server wich just did email and had a blackberry type program that could page, forward email to a cell phone and send automate
  • fight back (Score:2, Interesting)

    by ExploiT1001 (1010727)
    If they say it's most likely state sponsored hack attacks, why not fight back with state sponsored hack attacks, i doubt government agencies have people hacking away at china, and if they do, they arent doing it very well...why not supply the hacker community with what to attack and offer incentives for any help?
    • Re: (Score:3, Insightful)

      by Ignis Flatus (689403)
      If you really want to fight back, then the best thing to do is actually let them think they're getting in. Leave a few insecure holes here and there and plant some misinformation. If you're clever enough, then you can even use that misinformation to gain an advantage against them.
  • Another fake news? (Score:4, Interesting)

    by zitintheass (1005533) on Sunday October 08, 2006 @12:42AM (#16352755)
    There is no source cited etc. no example shown, no logs etc. only that "new york post" said that. If true, is that department admiting idiocy? Even simple rule on the router that restricts whole **ina IP block to only certaing data resources could do the job. Keeping us scary they want. Fear agenda again?
    • "There is no source cited etc", zitintheass

      I don't know if we've read the same text. The article clearly quotes at least two named sources in the Commerce department. It never mentions Windows or Linux. Yet we have the above and other commments coming out with: It's a fake news item, it must be Linux that got hacked, it wasn't Windows etc. We also have such posts getting modded up as 'interesting', more mod trolling.

      "An August e-mail from acting Undersecretary of Commerce Mark Foulon quoted by the Wa
      • by Jesus_666 (702802)
        We also have such posts getting modded up as 'interesting', more mod trolling.

        Well, the idea is interesting. Not the "OMG MIXRO$OFT IS FUDING TEH INTARNEWS" ones but those thinking about how this might be fake news plantd by the government in order to make people all xenophoic. Maybe it's not realistic but interesting nonetheless, especially to those who tend to liken recent political decisions (not only within the USA) to a certain book by George Orwell.
  • A bit off topic but I wonder how many of you /.ers get port scans from China based computers on a regular basis, as I do. The scans are alway for port 88, presumably looking for kerberos keys, and always from computers behind the same IP servers in Beijing. I've never sent the IP a complaint, even though they list an abuse email address, because I'm sure nothing would be done.
    • by CompMD (522020)
      I constantly get scanned and have break-in attempts on port 22. However I beefed up my security and don't get as many people trying. I sort of miss those "the following host has been blocked" emails my IDS would give me.
    • by fuego451 (958976)
      I said IP when I ment ISP. Also, my router ignores these requests but logs the pertinent information, of course.
    • I get scans from China, and a lot from India. Also, I get continual attempts to get in on my FTP server. I had one guy from an Indian IP address that spent days trying to guess a password. I finally set up a dummy account with a simple password and let him guess it. He came in, looked around for a while, saw a bunch of Gutenberg Project text files that I left him, and went away again. Hasn't been back since. Weird.
  • There is no reason for these databases to be physically connected to the outside world, or even allow physical installation of untrusted software or hardware. Its probably just a sand box instance that they allowed them to pierce for intelligence reasons, with a nice feed of propaganda. If it is accessable in this manner, they deserve the intrusion.
    • A worker needs access to some sort of database. They also need email.

      That could be two computers on their desk, connected to two separate networks, with separate user accounts and so on. Besides the hardware expense, there would be no ability to do a cut-and-paste between the two. The worker would be constantly reading stuff from one computer to type into the adjacent computer. This would be horribly wasteful.
  • openbsd ?

    This whole thing is fishy.
  • Another WINDOWS story, but no mention in headline. If you want this to stop, go after the enabling technology. Take them to court, lock them up, or at least change to a secure alternative.
    • I think you're off target. Take the person responsible for the machine and put them at fault. Any machine can be comprimised if you don't put proper security measures in place.
  • Perhaps some not too obvious honeypots should be left lying around next time so that we can get a better look at their attack methods when they come back and they will be back. Then we can catch them with their red hands stuck in the fortune cookie jar.
  • With China being the point of growth on this ball of dirt, no one is going to dare piss them off. Even Microsoft has decided to let them steal software in China but in the USA you're doing 10-20 in the Pound You in the Ass Federal Prison.

    I would not be surprised if the response from our government is to send the Chinese government a list of the root passwords to all our computers with a note attached, "So sorry for the inconvenience."

  • Thanks Ted! (Score:2, Funny)

    by bblboy54 (926265)
    Apparently the the head of commerce [youtube.com] has found a way to unclog the tubes. Now when chineese haxors put their message into the internet it won't be delayed.
  • In our ongoing "Soft War" with China, Jack Abramoff and Dennis Hastert are a double agents [dailykos.com].

    It's like a James Bond story, if Bond were a child molester posing as a religious gangster.
  • by code65536 (302481) on Sunday October 08, 2006 @10:29AM (#16354717) Homepage Journal
    My network, connected to the Internet via a vanilla DSL service from Verizon, logs tons of break-in attempts on various ports. Most of them are from Chinese IP addresses. And unless the Chinese government has waaaaaaaaaaaaaay too much time on its hands (they are barely able to keep domestic order right now, so I doubt that they'd give a damn about some home computer), I think it's safe to say that the attacks against my system are blind, automated attacks by regular hackers trying to steal passwords, financial/identity info, or to pull me into a botnet for things like spam.

    So, in the case of the Commerce Department, are these hackers "Chinese" in the sense that they represent the Chinese regime (and are thus hacking for national interests)? Or "Chinese" in the sense that they just happen to originate from that part of the world (and are thus hacking for petty selfish criminal interests)?
    - Given the prevalence of hackers hacking for selfish crimes (vs. for national interests), I would think lean towards the latter.
    - If the Chinese government really wanted to hack the US government, they could've picked a more useful department. Like Defense or State. But Commerce?!?!
    - Attacks originating from Chinese IP addresses are extremely common, mostly because of software piracy. Because over 90% of the Windows installations there are illegal, it is common practice for software updates to be disabled (you can thank WGA for that), and thus, a HUGE number of computers in China are zombies out on a mission to zombify (is that a word?) other computers.
    • by Anonymous Coward
      could've picked a more useful department. Like Defense or State. But Commerce?!?!

      BIS systems contain all sort of useful information regarding applications for US businesses wanting to do business overseas, including technology reviews for export controls.

      Of course the fucking Chinese are interested in Commerce. This is only one small piece of an over all plan to steal US technology and business secrets. Read some Bill Gertz.

      This should scare the crap of the west. By something like 2020, China will

  • that the "Great Firewall" doesn't work so well in the other direction.
    • by Jetson (176002)

      It's just too bad that the "Great Firewall" doesn't work so well in the other direction.

      The solution is simple: the U.S. government should put all their important servers on IP addresses leased from Rogers, etc.

      When I was in Beijing I could surf Slashdot without any problems at all, but the firewall wouldn't allow me to connect to my home server to get my email. I'm not sure if they were blocking the 24.0.0.0/8 network because they think the home servers are more likely to contain political messages

  • Beyond any concern for internal net security, the Chinese internet agency should be concerned about acts like this because of their effect on internet access for the average citizen.

    Countries who strictly control their citizens' internet access route all national traffic through proxies, and a block of IPs are assigned to each country. When hackers from China or Saudi Arabia go around messing with sites, a typical response is for the victim to block that IP. Over time, a large number of a country's IPs can

"Trust me. I know what I'm doing." -- Sledge Hammer

Working...