U.S. Commerce Department Hacked Again 164
evil agent writes "The Bureau of Industry and Security (BIS), a branch of the Commerce Department, has sustained several successful attacks. Chinese hackers were able to gain access to its computers and install rootkits and other malware." From the article: "This is the second major attack originating in China that's been acknowledged by the federal government since July. Then, the State Department said that Chinese attackers had broken into its systems overseas and in Washington. And last year, Britain's National Infrastructure Security Co-ordination Center (NISCC) claimed that Chinese hackers had attacked more than 300 government agencies and private companies in the U.K."
Chinese Hackers? (Score:5, Funny)
Re: (Score:2)
They were clearly $sys$not Chinese.
Meanwhile, at a government workstation... (Score:4, Funny)
Re: (Score:1)
HELLO! (Score:1)
Hacked by Chinese!
I don't buy it. (Score:1, Insightful)
Also, what's the OS? No mention of that in TFA. Why are they using an OS that allows this sort of thing to happen. Shall we take a guess as to the OS?
If they were serious about security they WOULD put a stop to this crap.
It's easy to batten down the hatches.
It makes even less sense in TFA. (Score:4, Insightful)
What the fuck? Aren't they even behind a firewall?
Wouldn't a simple firewall "mitigate" that "vulnerability"?
Re: (Score:3, Insightful)
and? (Score:2)
Since you've opted for pedantic, no, it is not. It is only more "secure" from Internet-based attacks. There is still physical security to be considered.
The most "secure" system is one that has been turned off, encased in cement and dropped into the deepest part of the ocean.
Now, can we possibly get back to a discussion of this specific situation instead of displaying our pedantic generalizations to the world?
Yes, a firewall can
Re: (Score:3, Interesting)
Hence more secure, and not "totally secure".
Yes, it would mitigate the risk. For many government computers, that
You don't understand "security", do you? (Score:2, Insightful)
By that "logic", a house with a 10' hole next to the open front door is "less" "secure" than the same house with the front door closed and locked.
No, it is not.
Which is what I said that you had previously taken exception to.
And for others it is an acceptable risk. What is it with you and the pedantic generalizations?
Re: (Score:2)
If, in your piss-poor analogy here, you mean that the front door is the firewall, and the 10' hole is the physical security issues, then you don't understand computer security in the least.
Physical access is an issue, yes, but physical access can only be accomplished by something in the same physical location. (You're saying duuh, but think about it
"secure" does not mean "inaccessible" (Score:2)
Congratulations on choosing the pedantic option. Commiserations on your failed definition. The system you describe would not be appropriatelyavailable, which is a fundamental quality of a "secure" system
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If NK tests, you can be sure that something else is happening in the background. We might find out what
Re: (Score:2, Funny)
Re: (Score:1, Informative)
Re: (Score:3, Insightful)
Re: (Score:2)
Fortunately for them, they can afford to be lax as long as the deployment is small - if they started to get 10-20% of market share, things might be different.
I think I read that wrong (Score:2)
Nothing real will happen (Score:5, Funny)
How sure? (Score:4, Interesting)
DON'T BE RIDICULOUS (Score:2, Funny)
Re: (Score:2)
Sheesh, some people really can't see the obvious.
Re: (Score:2)
Then again, a spy working for a friendly nation or even the US could have told us that it was going o
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
None of which can be faked or copied by others, of course.
Watching the actual routing tables and ip packets plus maybe sniffing a router on/in the area to look for other packets destined for those computers.
So the hakc originated in China - it's still a leap of supposition to go from "hackers located in CHina" to "Chinese hackers".
Re: (Score:2)
Think of it like criminal investigation, lacking a witness, they look at the clues. Sometimes the clues tell them exactly who done it while some other times it tells them where to look for who done it. Then combined with other tools and techniques, the possible suspect could be narrowed down untill you have the most likley person
Re: (Score:2)
this one [nytimes.com] had a different ending. In piece too but from another means.
Re: (Score:2)
Re: (Score:2)
But they aren't (at least I hope not) going to place the blame on a breakin without having some creditible evidence pointing in that direction. Just like they won't pick up random people off the streets and start asking them about unsolved crimes from two years ago. You can about bet that if they are asking you about them, then there is a reason they think y
Re: (Score:2, Funny)
Re: (Score:2)
They wouldn't say this if it wasn't true - just like they wouldn't put their systems online unless they are secure...
Re: (Score:2)
Of course, there were other security issues in the very recent past that have much more impact on the average American, say, the discovery that the medicare system was wide open without even basic audit logs [medicarehelpcenter.com].
Be Nice (Score:1)
Ipv6 (Score:3, Funny)
Its not about who did it (Score:5, Insightful)
Re: (Score:2)
It's not really an either/or thing. Yes, that bureau at Commerce needs to get its act together, of course. But it's actually very helpful to understand which spots around the world seem to be the largest sources of invasive nastiness, especially as it relates to economic/industry targets. Totally unscientific: of the many machines and networks I see administratively, the number
I've banned China's netblocks outright (Score:3, Insightful)
That's the real answer to this problem. If particular ISPs refuse to behave, just start banning them. I mean sure, all ISPs will have people who act bad, but if you contact them and get no response and if the bad/good ratio is vastly (or completel
Re: (Score:2)
It was at a small law firm with 4 workstations, A windows server, and a linux file server. The network would slow way down at times. Finaly I installed SNORT and saw someone was able to bypass the Dlink router used to distribute the cable internet and act like a firewall, take control of the microsoft server wich just did email and had a blackberry type program that could page, forward email to a cell phone and send automate
fight back (Score:2, Interesting)
Re: (Score:3, Insightful)
Another fake news? (Score:4, Interesting)
another sample of distraction fud .. (Score:2)
I don't know if we've read the same text. The article clearly quotes at least two named sources in the Commerce department. It never mentions Windows or Linux. Yet we have the above and other commments coming out with: It's a fake news item, it must be Linux that got hacked, it wasn't Windows etc. We also have such posts getting modded up as 'interesting', more mod trolling.
"An August e-mail from acting Undersecretary of Commerce Mark Foulon quoted by the Wa
Re: (Score:2)
Well, the idea is interesting. Not the "OMG MIXRO$OFT IS FUDING TEH INTARNEWS" ones but those thinking about how this might be fake news plantd by the government in order to make people all xenophoic. Maybe it's not realistic but interesting nonetheless, especially to those who tend to liken recent political decisions (not only within the USA) to a certain book by George Orwell.
I'm curious. (Score:1)
Re: (Score:1)
oops (Score:1)
Re: (Score:2)
I don't believe this because.. (Score:1)
believe it (Score:2)
That could be two computers on their desk, connected to two separate networks, with separate user accounts and so on. Besides the hardware expense, there would be no ability to do a cut-and-paste between the two. The worker would be constantly reading stuff from one computer to type into the adjacent computer. This would be horribly wasteful.
Why not use most secure operating system? (Score:2)
This whole thing is fishy.
Re: (Score:2)
Microsoft should be charged (Score:2)
Re: (Score:2)
Honeypots? (Score:2)
So What (Score:2)
With China being the point of growth on this ball of dirt, no one is going to dare piss them off. Even Microsoft has decided to let them steal software in China but in the USA you're doing 10-20 in the Pound You in the Ass Federal Prison.
I would not be surprised if the response from our government is to send the Chinese government a list of the root passwords to all our computers with a note attached, "So sorry for the inconvenience."
Thanks Ted! (Score:2, Funny)
Child Sex Slaves in the Soft War (Score:2)
It's like a James Bond story, if Bond were a child molester posing as a religious gangster.
Were government computers purposefully targeted? (Score:4, Interesting)
So, in the case of the Commerce Department, are these hackers "Chinese" in the sense that they represent the Chinese regime (and are thus hacking for national interests)? Or "Chinese" in the sense that they just happen to originate from that part of the world (and are thus hacking for petty selfish criminal interests)?
- Given the prevalence of hackers hacking for selfish crimes (vs. for national interests), I would think lean towards the latter.
- If the Chinese government really wanted to hack the US government, they could've picked a more useful department. Like Defense or State. But Commerce?!?!
- Attacks originating from Chinese IP addresses are extremely common, mostly because of software piracy. Because over 90% of the Windows installations there are illegal, it is common practice for software updates to be disabled (you can thank WGA for that), and thus, a HUGE number of computers in China are zombies out on a mission to zombify (is that a word?) other computers.
Re:Were government computers purposefully targeted (Score:2, Insightful)
BIS systems contain all sort of useful information regarding applications for US businesses wanting to do business overseas, including technology reviews for export controls.
Of course the fucking Chinese are interested in Commerce. This is only one small piece of an over all plan to steal US technology and business secrets. Read some Bill Gertz.
This should scare the crap of the west. By something like 2020, China will
It's just too bad ... (Score:2)
Re: (Score:2)
The solution is simple: the U.S. government should put all their important servers on IP addresses leased from Rogers, etc.
When I was in Beijing I could surf Slashdot without any problems at all, but the firewall wouldn't allow me to connect to my home server to get my email. I'm not sure if they were blocking the 24.0.0.0/8 network because they think the home servers are more likely to contain political messages
Chinese internet agency should be troubled by this (Score:2)
Countries who strictly control their citizens' internet access route all national traffic through proxies, and a block of IPs are assigned to each country. When hackers from China or Saudi Arabia go around messing with sites, a typical response is for the victim to block that IP. Over time, a large number of a country's IPs can
Re: (Score:3, Informative)
http://uptime.netcraft.com/up/graph?site=goarmy.co m [netcraft.com]
http://uptime.netcraft.com/up/graph?site=www.us.ar my.mil [netcraft.com]
Been running on Solaris for years. I'm sure your buddy Steve is happy your still drinking the kool-aid.
Re: (Score:2)
Mac fanboys are the worst of all the fanboys IMO, they will always bring up how "superior" Mac's are no matter what, even if bringing it up is not relevant such as this case. The one area Mac's truly are superior at is graphic/video editing/authoring, other than that you can get much more functionality at a much lower price with an
Re: (Score:2, Funny)
Re: (Score:2)
You were at least 5 years behind the current news, 4 years from now will you still not know the President is no longer George Bush? Check your facts before making claims.
I got your "fanboy" swinging right here. I'm part of the original equipment, bitch, and whether you like it or not, Macs have NEVER been as susceptible to hacking as PC's are.
I don't care if you are part of the original equipment, you still are a fanboy which is a person (I liked Wiki
Re: (Score:2)
I'm typing this on a MacBook. I've got Parallels installed running Windows XP SP2. I can install Linux on an additional virtual machine.
You were saying?
Re: (Score:2)
I do find it funny you said "begging for drivers and software that you don't get to have." and then you admit to running XP in parallels which proves Mac doesn't run all the software you need. I also would like an answer to my que
Re: (Score:2)
Re: (Score:1)
That's more true than you think (Score:4, Insightful)
They start throwing out off topic words like "protectionism" and "nativism", which when you ask them what it all means, alarmingly resembles "concern for national security" and "patriotism".
Ah, patriotism, that evil word. The notion that, just as caring for your family is more important than caring for someone else's, so is taking care of your country first.
Globalism. Another word for "screw national sovereignty, screw your own citizens, let's transfer all our wealth elsewhere". See: the national deficit and the national debt.
Re: (Score:2)
Globalism. Another word for "screw national sovereignty, screw your own citizens, let's transfer all our wealth elsewhere". See: the national deficit and the national debt.
Okay so, lets take a hypothetical situation. Lets say the US government applies a new law to state that all foreign workers must receive US-equivalent wages and benefits. The net result is that it makes no sense for companies to offshore anymore, except in cases where specific resources can't be found locally and it costs too much to
Re:That's more true than you think (Score:5, Insightful)
2) US companies already can't sell their goods abroad - or, more specifically, we're running a global trade deficit large enough to have its own gravitational field. Exactly what do we have to lose here?
3) US laws that tariff all goods made in sweatshop / undemocratic nations don't have that effect. If that law is put in place consistently, you can't undercut US companies in the US - not if you're Chinese, not if you're German, or British. Your rebuttal makes no sense - if Nike and its sweatshop operations moves to Singapore, they still have to deal with the tariff. If a Chinese Nike tries to undercut them, they too have to deal with the tariff. And if China decides not to buy any US goods... so what? We're in a deficit with them already! I propose that you don't even come into the US market unless you are an ethical player. Who's then going to undercut ethical companies in the US?
Oh, wait, offshoring to Europe won't hurt us as much because a) they also offshore heavily to us; and b) they have excellent worker protections and they're democratic.
4) Free trade with sweatshop nations / undemocratic regimes is going to ruin us any way. They're owning all our debt and they can also embargo us. (Oh yes, I know you think that despotic foreign nations can't embargo us. The 1970s and the oil embargo was all a lie. Sillyme.) Furthermore, we're transferring gobs of wealth to these monsters, impoverishing America and giving the world's most powerful enemies of freedom our cutting edge industrial capacity to boot. Germany should have sold us cheap shoes made of Jew labor, they would have won World War II with the help of the "surrender to globalism" agenda: there is nothing in your rhetoric that would provide for stopping them.
5) Free trade with nations that are attacking the United States will also lead to our annihilation. They can strike with impugnity, and others will follow.
Your theory is that fighting globalism leads to ruin. The facts say that giving into globalism leads to ruin anyway. I say die fighting; you say die in supplication.
Re: (Score:3, Insightful)
The global race for the bottom must eventually hit the rocks, because there is only so far wages can drop before the unrelenting cost of living becomes unbearable.
No, the mark that globalism leaves behind it is higher wages for the previously third world countries. Its already extant in India. So instead of lowering wages in first world countries, its increasing wages in poorer countries. Might take a while, but it gets there.
US companies already can't sell their goods abroad - or, more specifically
Re: (Score:2, Informative)
No, the mark that globalism leaves behind it is higher wages for the previously third world countries. Its already extant in India. So instead of lowering wages in first world countries, its increasing wages in poorer countries. Might take a while, but it gets there.
That works in free and democratic countries like India, where workers are free to do whatever they want. If we required the same safety standards and whatnot (1), and actually taxed companies there providing services here, just like they sho
Re: (Score:2)
It's working fine, and in fifty years or so we'll have a fairly serious competitor in the world economy.
Why do you see them as a competitor? Sounds to me like Disneyland for American businesses. A billion new people with plenty of money to spend?
However, that doesn't apply to China and other communist countries... but if you think that enough money from the US gets passed to workers in China to raise their standard of living you have another think coming.
This is flat out wrong. Not only do I thin
Re: (Score:2)
Actually, you're missing the point by a mile and a half.
It d
Re: (Score:2)
It doesn't matter how rich the workers are, in a dictatorship, they can still be executed at a moment's notice and all their money confiscated.
Which leaves you with... a billion angry workers. I don't know about you, but I don't see much of a future for that political system.
That's the problem with your line of reasoning - you hope the laws will be changed; but if they aren't, who cares?
If you'd wipe the froth off your chin for a moment and not accuse me of blithely dismissing the death of thous
Re: (Score:2)
And in China, that means a billion dead angry workers. China has purged 50 million people. What makes you think they won't nuke the dissidents to shut up a large uprising? What on EARTH makes you think they won't do that?
But you are dismissing
Re: (Score:2)
And lower wages for us. So we're still transferring our wealth to other nations. We get nothing out of this. Do you always settle for deals that perpetually take from you to give to others, with no benefit? Oh wait, don't answer that... Philip
Re: (Score:2)
And lower wages for us. So we're still transferring our wealth to other nations. We get nothing out of this.
Immigrant workers depress local wages, not outsourcing. And as for what you get out of this, lets start with the computer you are typing on. Or did you whittle it yourself out of mom's apple tree?
Good. We'll make our own products and sell to ourselves. What do we lose?
As profound economic theories go, Adam Smith's zombified corpse has risen from the tomb and is hunting your ass. If you seal
Re: (Score:2)
Why can't computers be made in the USA or Europe?
more than cheap labor (Score:3, Insightful)
Re: (Score:2)
To use an IT term, china has the whole stack.
How long did it take for China's economy to turn around? Five years? Six at the outside? Thats exactly how long it would take to move the lot somewhere else. Probably even less, since the ships don't have to be rebuilt. When their wages begin to rise, watch and see what happens. Even now. they need to artificially keep their currency low in order to remain competitive.
while everyplace else has been concerned with next quarter's profits, they have been wor
it's different now (Score:2)
Re: (Score:2)
Chairman Mao died. The moment he did, the Chinese began switching to a relatively free-market economy and getting back the educated middle class. It's taken some time of course, but they did it.
Chairman mao is still largely revered in China. They have the first glimmerings of a middle class, but they are nowhere near where they were previous to the "great leap forward". Maybe in another couple of generations, if they can maintain the growth.
Pebble bed reactors, astronauts in space (Score:2)
They did a good job of reverse engineering pebb
Re: (Score:2)
They did a good job of reverse engineering pebble bed reactors and putting men in space, did they not?
And some day soon, indoor plumbing for all! Hurray!
Exactly which advanced technology has China failed to reproduce?
Do keep up with the program, please. [slashdot.org] And that was one of the founders of the chip manufacturing industry in the country.
Re: (Score:2)
They have the technology for that. What they lack is the desire to provide it.
So they stole some technology. How does that mean they've failed to reproduce something? We've been trying since methuselah to steal Russia's swivel-nozzle technology (I forgot the scientific name they use) for their fighters.
What does that have to do with the
Re: (Score:2)
The investment guys who have dropped their cash there want a return,. they are getting it now, so I don't see them just deciding to abandon all of that real soon after spending all this time and cash getting it set-up.
Which investment guys? If you mean the Chinese government (which accounts for a lot of Chinese businesses), there are similar people in every government in the world, who care not a whit that China has invested in infrastructure. Except as a blueprint on how to do it themselves.
And bac
Re: (Score:2)
Entire factories from the rust belt here have been dissasembled, crated up and shipped over.
Yes, but they neither designed nor originally constructed those factories.
it's brand name western consortiums and banks and large corporations that have dropped *serious* cash over there over the last 20 years-those investors, and at least from the US side they got *tax breaks* to do this.
Aha, but here you are confusing infrastructure with industry. Investors certainly built factories and plants over there
Agreed (Score:2)
Agreed. Good debating with you.
Re: (Score:2)
English muthfucka!! Do you read it!?
Why haven't they already moved, Einstein?
There are no tarriffs like that in place. Hypothetical situation. You might want to look that up.
Re: (Score:2)
Their population is more than 3-times that of the US's. In an all-out hacker war, the nation with the biggest population would most likely win.
In a world where a lone hacker can compromise tens of thousands of machines and turn them into a bot net, I beg to differ.
looks like BIS workstations .. (Score:4, Informative)
It's not a server but hundreds of workstations. What OS do you think they are running on the desktop.
"Hundreds of computers must be replaced to cleanse the agency of malicious code, including rootkits and spyware."
"had identified several successful attempts to attack unattended BIS workstations during the overnight hours."
"The official also confirmed that BIS has limited Internet access to stand-alone workstations that are not connected to the bureau's internal network."
http://www.bis.doc.gov/ [doc.gov] was running Microsoft-IIS on Windows 2000 [netcraft.com] when last queried at 7-Oct-2006 02:01:33 GMT
was Re:What OS? Looks like Linux
Re: (Score:2)