Forgot your password?
typodupeerror

Chinese "Cyber-Attack" US Department of Commerce 161

Posted by CmdrTaco
from the and-you-thought-your-weekend-was-boring dept.
Kranfer writes "The register has an article about how the Chinese have recently launched an attack against the US Department of Commerce. From the article: '...attacks originating from computer crackers largely located in China's Guangdong province are aimed at extracting sensitive information from targets such as the Commerce Department's technology export office. Security consultants and US government officials reckon the assaults have at least the tacit support of the Chinese government...' This is not the first time Chinese hackers have attempted to gain access to US Government systems."
This discussion has been archived. No new comments can be posted.

Chinese "Cyber-Attack" US Department of Commerce

Comments Filter:
  • Re:Not Chinese (Score:5, Informative)

    by Shoten (260439) on Monday October 09, 2006 @09:38AM (#16363341)
    Well, yes and no. There are a few problems with this hypothesis; one, and the most important of them, is that attacks have been conclusively back-traced to China. And yes, the guy who did it actually broke the law in the process, but c'est la guerre, non? The event is known as "Titan Rain," [schneier.com] and it began with a series of targeted attacks against the Department of Energy. A computer security worker, in his spare time (and a wink/nod from the FBI) counter-hacked hosts that were the source of the attacks, eventually following the trail back to mainland China. There, he saw that the logins which executed commands were being performed locally, and that the devices were not forwarding pilfered data on to other hosts but were instead the repositories of that data.

    Other things involve the fact that when you see attacks from China, you usually get one of two kinds of hosts: you get a wildly unpatched Windows box that's being used as a bot, or you get a decently-secured (usually linux or *BSD) system that is doing some rather specific things to a specific target. And last of all, let's not forget that most of the seminal works on information warfare were written by Chinese military officers, and that it's no secret whatsoever that China actually does have a significant infowar capability. We have no rules of engagement that classify hacking as an act of war, so they can get away with it; what are we going to do, bomb them over it? They have the world's largest standing army, are a (increasingly) crucial economic partner, and we're already overburdened militarily with a two-front war where we've bogged down fighting insurgents. They do it because they know they can get away with it, and they're correct in that thinking.
  • by acvh (120205) <geek.mscigars@com> on Monday October 09, 2006 @09:49AM (#16363465) Homepage
    Actually, the Department of Commerce has become as important to foreign relations as the Department of State. Maybe even more so. State is concerned with PR, diplomacy and such. Commerce cuts deals worth billions of dollars; the prospect of being able or not to do business with the US is a much bigger stick than threatening to refer someone to the UN.

    If a foreign power could gain access to internal Commerce discussions it would give them some leverage in negotiations; and in the realm of international business a little inside info can go a long way.
  • by knorthern knight (513660) on Monday October 09, 2006 @10:20AM (#16363759)
    According to the Register article...
    > Information housed on the department's systems includes sensitive commercial and
    > economic data on US exporters as well as data involving law enforcement records.

        How many times does this have to be drilled into people? If you put something on an internet-accessable server, it *WILL* be accessed from the internet, and not only by "authorized personnel". For additional giggles, put the following key into a Google search...

    inurl:.gov confidential "do not distribute"

        The f***ing idiots who put sensitive government data on publicly accessable servers should be shot by a firing squad for treason.
  • by heybo (667563) on Tuesday October 10, 2006 @01:24PM (#16380337) Homepage

    People seem to forget. The US does this kind of thing all the time. Not only to other countries but to their own Citizens. Remember we have all those three letter agencies that do this sort of thing all the time. So what is good for the goose is it not good for the gander? Or is it like torture these days? We gasp and cry when we see someone get their head lopped off on TV, and say "What savages!" Still it is ok for us to torture people for weeks on end because we are the good guys so this is good torture. Who is the savage really? The person that quickly puts and end to the pain of the enemy by whacking off their head or the person that makes their enemy suffer for weeks without end?

    You see I come from a group of people that was once "Branded" savages by the US goverment. One example that even lives up to today. We were savages for taking scalps of our enemies. The part that is ALWAYS left out is we only took scalps in revenge for taking the scalps of our women and children for $5.00 a scalp. Payable by the US Goverment. Funny how that part of history is left out and still scalping is always related back to Native Americans even today. "Scalp'm Braves"

    So are the Chinese really the bad guys or are they protecting their own assests? We're trying to pick their pockets all the time so why is it so bad when they try to pick ours?

    The simple truth for people and goverments is you can't run around beating up other people all the time. Sooner or later someone bigger and badder than you will finally get tired of your shit and your continued assaults against them and in defense will either gang up with the other guys you are beating up on or if big enough on their own will turn around and beat the shit out of you.

    The solution is simple. Leave them alone and they will leave us alone. It is all "Cause and Effect" Don't be the "cause" and you won't feel the effect. You can't blame someone for taking a defensive position to your offenceive moves.

    The same rule of "cause and effect" applies to networks. You choose to run Windows that can access sensetive areas then YOU are setting yourself up to get hacked. I find it strange that the NSA would build something as secure as SELinux and the rest of the goverment not use it. Maybe not strange just stupid. The point is they have the tools to lock everything down and if they don't well too bad should have bought a better lock for the front door.

I took a fish head to the movies and I didn't have to pay. -- Fish Heads, Saturday Night Live, 1977.

Working...