Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Chinese "Cyber-Attack" US Department of Commerce 161

Posted by CmdrTaco from the and-you-thought-your-weekend-was-boring dept.
Kranfer writes "The register has an article about how the Chinese have recently launched an attack against the US Department of Commerce. From the article: '...attacks originating from computer crackers largely located in China's Guangdong province are aimed at extracting sensitive information from targets such as the Commerce Department's technology export office. Security consultants and US government officials reckon the assaults have at least the tacit support of the Chinese government...' This is not the first time Chinese hackers have attempted to gain access to US Government systems."
This discussion has been archived. No new comments can be posted.

Chinese "Cyber-Attack" US Department of Commerce More

Chinese "Cyber-Attack" US Department of Commerce

Comments Filter:

  • Not Chinese (Score:5, Insightful)

    by suv4x4 ( 956391 ) on Monday October 09, 2006 @09:11AM (#16363077)
    As mentioned before, the attack are most likely not from China at all.

    No decent hacker would leave traces from his own machine when he could easily use a zombie network to carry out the attacks and collect information.

    They keep claiming China, China, China.. I'm starting to think it's convenient for them to stick to that version for their own internal affairs.

    • Re: (Score:2, Insightful)

      by javilon ( 99157 )
      Al Quaeda is not going to last for ever, you know? they need a solid and real danger to wave in front of the US population in order to take more civil rights away. Apparently, China is second in the list.

      • Re: (Score:3, Insightful)

        by TopShelf ( 92521 )
        Instead of "danger", think "rival". This kind of espionage is more commercial, not military, and frankly stuff like this has happened before even between our closest allies.

      • Re: (Score:1)

        by einolu ( 841446 )
        you are retarded. you are not going to stop seeing 'made in china' on 90% of the things sold in the us any time soon. and for your information, the age of terror can techincally last forever, so there is no shortage of fear.

      • Re: (Score:2, Troll)

        by drinkypoo ( 153816 )

        China is a lot scarier than anything else on this planet right now, especially to the US. China should frighten the world though, there's no women for something like twenty-five percent of their male population and given the attitude of the Chinese culture towards women, they're not likely to find a bunch of willing mail-order brides. I mean people are still leaving their girl babies out to die of exposure in that country, you know what I mean?

        But to the US it's scary for a different reason: the trade i

        • Re: (Score:2)

          by Instine ( 963303 )
          I couldn't possible disagree more. The scariest people in the world are, ironically enough, people like you. Demonizing leads to improper, irrational decisions being made. You think missinformation is going to help solve something? Or destabalize it? Being second in a peacful world, is better than being first in a burning ball of shit. No?

          IF you're a troll, then I'm sadned a little that there seem to be so many turning to trolling as a pass time. If you're honestly suggesting that demonizing an entire na

          • IF you're a troll, then I'm sadned a little that there seem to be so many turning to trolling as a pass time. If you're honestly suggesting that demonizing an entire nation (a very big powerful nation at that) is a good idea, because it could keep America in the lead financially, simply illustrates the naivite of the right of politics.

            The thing is that we've been demonizing people who are not at fault instead of focusing on people who actually are a threat. I mean, the whole WMD thing was just a stupid

            • Re: (Score:2)

              by Instine ( 963303 )
              I'm afraid its you who are "a real and genuine threat." in their eyes. As well as mine I have to say! You are responsible for what you say. Thank you for noting that you over emphasized your statement. But wow what a statement.

              Sure you can say that they are a financial threat. Culturally though, America is in a glass house right now. Throw stones and you may find you get a draft. Obviously critisizing a culture is a dangerous thing. At the very least you risk getting unfairly modded down. But what's far w

              • Re: (Score:2)

                by rtb61 ( 674572 )
                China is a cultural minority. Only the Chinese leaders define the direction of the Chinese government and it lacks the inherent stability of a modern democracy. The affect of diminished democracy can clearly be seen in the laws that have only recently been passed in the US, as the pseudo Christian lobbyist party (aka conservative republicans) has made use of it's majority in the congress to end proper democratic debate and formulation of new laws.

                This of course is still considerably less than the ramifica

    • Re:Not Chinese (Score:5, Informative)

      by Shoten ( 260439 ) on Monday October 09, 2006 @09:38AM (#16363341)
      Well, yes and no. There are a few problems with this hypothesis; one, and the most important of them, is that attacks have been conclusively back-traced to China. And yes, the guy who did it actually broke the law in the process, but c'est la guerre, non? The event is known as "Titan Rain," [schneier.com] and it began with a series of targeted attacks against the Department of Energy. A computer security worker, in his spare time (and a wink/nod from the FBI) counter-hacked hosts that were the source of the attacks, eventually following the trail back to mainland China. There, he saw that the logins which executed commands were being performed locally, and that the devices were not forwarding pilfered data on to other hosts but were instead the repositories of that data.

      Other things involve the fact that when you see attacks from China, you usually get one of two kinds of hosts: you get a wildly unpatched Windows box that's being used as a bot, or you get a decently-secured (usually linux or *BSD) system that is doing some rather specific things to a specific target. And last of all, let's not forget that most of the seminal works on information warfare were written by Chinese military officers, and that it's no secret whatsoever that China actually does have a significant infowar capability. We have no rules of engagement that classify hacking as an act of war, so they can get away with it; what are we going to do, bomb them over it? They have the world's largest standing army, are a (increasingly) crucial economic partner, and we're already overburdened militarily with a two-front war where we've bogged down fighting insurgents. They do it because they know they can get away with it, and they're correct in that thinking.
      • what are we going to do, bomb them over it?
        stop giving people ideas. but if they do, make sure you have them email forigners@in.china.com mailing list to let us know to leave first! Mkay? -- Zie Nazi's are coming
      • ***We have no rules of engagement that classify hacking as an act of war, so they can get away with it; what are we going to do, bomb them over it? They have the world's largest standing army, are a (increasingly) crucial economic partner, and we're already overburdened militarily with a two-front war where we've bogged down fighting insurgents. They do it because they know they can get away with it, and they're correct in that thinking.***

        Moreover, I'll be suprised and mildly appalled if the NSA and CIA

        • Re: (Score:2)

          by Shoten ( 260439 )
          I'd say you're spot on with this. But conversely, I would expect that we'd be doing so anyways; we don't need an excuse to do spook-like things to other countries. So again, there's no disincentive for the Chinese to do the same. After all, the French spy on us, the Israelis spy on us...some of our closest friends with whom we have far less competitive motiviations, in other words, spy on us. So why wouldn't a country like China, with far less to lose and far more to gain not do the same? When you push

      • Re:Not Chinese (Score:4, Interesting)

        by suv4x4 ( 956391 ) on Monday October 09, 2006 @10:26AM (#16363821)
        I'd like to defend my viewpoint since I've been called, by some, an idiot and uninformed.

        Consider you have to hack into Us givernment servers with confidential data. Even if you're not an incredible hax0r, it's obvious that if they find out about you, you're totally screwed. So the first thing you do, the MOMENT you grab the data, is cut the PC off the network.

        Then encrypt and record the data on a mobile media (CD, DVD, Flash, whatever), and securely format the PC or even just destroy the original HDD.

        Even before this, you'd turn off all possible logging activity, lock up the security, stop unneeded services, so that you can be relatively secure during the attack.

        How is it that so much evidence in logs and what not was found on the "source" machines. This is WAY too much evidence. The contrast between the Windows hacked machines and the linux machines may be just a decoy to get the investigators stop tracing right there.

        If the boxes were so secure, how did they get in there?

        Why were the Windows boxes having "logs" of where the data was sent and so on. What kind of trojan would log their own activity on the compromised machine?

        And the million dollar question is: how the f*ck they tied the Chinese *GOVERNMENT* with a Chinese *HACKER*... In fact, the first thought to occur to a government trying to hack into US's servers would be to hire hackers from another country to do it.

        All the "evidence" presented is incredibly shallow and inconvincing if you try and put yourself in place of the people who did the attack.

        Add to this the constant FUD that US spread that Lenovo puts spying chips in ThinkPads and similar conspiracy theories. It's apparent US find China a convenient target to blame, just the way they did with Iraq after 9/11.
        • Add to this the constant FUD that US spread that Lenovo puts spying chips in ThinkPads and similar conspiracy theories.

          You know, the idea that Lenovo would put spying software/firmware in the system is an entirely logical one. It wouldn't even be the first time such a thing happened, although it would probably be the first time it happened on such a large scale.

          Ever think that maybe people are paranoid because they know just how plausible it is?

          • Re: (Score:2)

            by suv4x4 ( 956391 )

            You know, the idea that Lenovo would put spying software/firmware in the system is an entirely logical one. It wouldn't even be the first time such a thing happened, although it would probably be the first time it happened on such a large scale.

            Ever think that maybe people are paranoid because they know just how plausible it is?

            The ThinkPC's were produced in China even before Lenovo owned the department. So are most other laptop brands, macs and even mp3 players, including iPod.

            If you feel it's plausible, t

            • If you feel it's plausible, throw away all parts from your PC produced in China. You won't have much left.

              I'm not that worried. If the Chinese want my porn, they can just send me some blank media and some money for shipping, and a few bucks for my time, and they can have it.

        • Re: (Score:2)

          by Shoten ( 260439 )
          Okay...I'm going to take a path that starts with a single straightforward question. Why would you go through all that trouble if you were hacking someone? To protect yourself, yes? To make it so that you couldn't be prosecuted easily, if your machine were seized in the investigation of hacking, right? Okay. But what if...what if you were doing this on behalf of your own government, using GFE? Do you think that hackers for our own intelligence communities go through all this trouble, because they're af

        • Re: (Score:2)

          by Z34107 ( 925136 )

          You can turn of all logging on YOUR computer, perhaps, but every other server on the internet your packets hop across isn't likely to oblige you.

          Also, it doesn't seem they can just "cut the PC off the network" the "moment" they grab the data - it doesn't seem like they're looking for anything specific, just mining data and looking for holes. This is something ongoing. Besides, you can't assume the machines are perfectly "secure' just because it's what you would do - maybe they were dumb, or maybe they d

        • You need to learn the differences. Your "million dollar question" is invalid on it's face.

          FTA:

          Chinese hackers have ... ...attacks originating from computer crackers largely located in China's Guangdong province...

          It's not the first time hackers in China have been accused of launching cyber-attacks on the computer systems of Western governments. Attacks on UK government systems using a then unpatched Microsoft Windows Meta File (WMF) exploit last Christmas were traced back to China.

          The closest thing to sayin

      • Re: (Score:3, Interesting)

        by lawpoop ( 604919 )
        "attacks have been conclusively back-traced to China."

        How could one do this?

        ...you usually get one of two kinds of hosts: you get a wildly unpatched Windows box that's being used as a bot, or you get a decently-secured (usually linux or *BSD) system that is doing some rather specific things to a specific target.

        Isn't the first thing that a hacker does when they get their hands on a decent box is apply all security patches so that *another* hacker cannot get into it? What's the point of co-opting a wi

        • Re: (Score:3, Insightful)

          by Shoten ( 260439 )
          You're reading too much into individual components of my post, and not taking them as a whole. I'll answer your questions in turn. For one, how does someone backtrack to the original host? By gaining control of the next hop, one at a time, essentially. You know that your box got owned by 10.20.30.1, so you counter-hack it. Once in, you look around, and see who connects to it. More importantly, you see who is connected to it while it connects to your box. (This is detailed in a number of the articles

          • Re: (Score:2)

            by lawpoop ( 604919 )
            Let's take two competing models.

            1. a group of Chinese hackers, directly employed be the Chinese government (military, intelligence, whatever) is targetting US Dept. of Commerce for specific information.

            2. Another group of hackers, possibly Chinese themselves, but unaffiliated with the Chinese government, is targetting US Dept. of Commerce for specific information, and is making it look like the Chinese are doing

            Back-hacking, as you describe, is theoretically possible, but in practice, this stretches

            • Re: (Score:2)

              by Shoten ( 260439 )
              You don't need to back-track all connections. Let's say an intermediary host is a web server, with http and ssl running. For simplicity, let's say that nothing else, besides ssh, is listening. It gets hacked, and as a result, a new listening service...the backdoor...now exists. When you hack back to it, you'll be able to determine "which connection is not like the others" from a variety of methods. One, looking at traffic and port/binary association, you'll see that the listeners on 80 and 443 are ind

              • Re: (Score:2)

                by lawpoop ( 604919 )
                If you are hacking on a system, and you don't want people to know about it, why wouldn't you send your ssl traffic over port 80 or port 443, disguising it along with the legitimate https and SMTP traffic? Also, why wouldn't you rename your ssl binaries something like httpd or apache?

                Or, why wouldn't you re-compile the apache already on the compromised system to also act as an ssl host on well-known email ports? The sources are available, you know.

                You only have to have *one* instance of such camouflagi

                • Re: (Score:2)

                  by Shoten ( 260439 )
                  Simple. Only one application can listen to a port at a time. You can't connect to your trojan on port 443 if there's an apache server on 443 already listening. That's why trojans use other ports. TCP sockets 101, my friend.

                  Trust me...I've done a lot of incident response, and I've never seen apache recompiled with a trojan built into it. Can you point me to the source of such code, so that I can have a look at it?

                  And no, you don't need only one instance of such camouflaging. You need a lot of them. Al
            • Hacking novels are designed to have fascinating twists. Life isn't a hacking novel.

              500 is not workable. Anybody who has ever used a connection through several computers will laugh at this. Even 50 is too painful to contemplate. Heck, a mere 5 hops is usually VERY miserable. (No, not like traceroute. You ssh from one box to the next, then to the next... and find that the damn connection sucks so bad that you say "screw it" and give up.)

              People don't cover their tracks as well as they think they do. People get

          • Re: (Score:2)

            by Bogtha ( 906264 )

            Rinse, repeat, until you are on a box where the person connecting to the next hop in the chain isn't on an SSH shell, but is local.

            You think that somebody able to conduct "a series of targeted attacks against the Department of Energy" is unable to set up a rootkit to show a fake local shell and hide a remote one? Or that they never considered the possibility that somebody might try to find them?

            • For those in the know, discovering that rootkit isn't all that hard. At the very least, it is possible to tell that something is amiss. Timing data is damn hard to fake.

              More importantly, these people have LITTLE REASON TO CARE. The government openly admits to such activities. The government supports these people. At worst it might look mildly bad on a salary review if word got back to your boss that the enemy noticed. Getting the info is more important than such concerns. Getting lots of good info probably

              • Re: (Score:2)

                by Bogtha ( 906264 )

                For those in the know, discovering that rootkit isn't all that hard.

                Is an attempt at discovery usually made? Are the people making the allegations against the Chinese government claiming to have made such attempts?

                More importantly, these people have LITTLE REASON TO CARE.

                Which makes them a perfect target for spoofing, wouldn't you say?

                The government openly admits to such activities.

                Have they admitted to this one?

                Don't get me wrong, I'm not saying that the Chinese weren't responsibl

                • Re: (Score:2)

                  by r00t ( 33219 )
                  You're not going to get the details, obviously. That would certainly be a classified investigation. I'm sure the people who tracked this back to China would love to tell you how.
      • 'They do it because they know they can get away with it, and they're correct in that thinking.'

        "I Fart in Your General Direction..."

        Since I live in that province, and work in the telecom sector, I think I'll ask the boys in R & D tomorrow if anyone knows of anyone knock, knock, knocking on USDCs' digital door...

      • Re: (Score:2)

        by TheCarp ( 96830 ) *
        The blurb on titan rain that you linked to was interesting. However, still just a claim of anonymous sources, with links to news articles that it calls "sensational" and "spotty". Still no detail like what you posted.

        What gets me is this one:
        http://www.ioltechnology.co.za/article_page.php?iA rticleId=3474082 [ioltechnology.co.za]

        The official, who requested anonymity, said the attacks had originated from websites registered with Chinese Internet service providers.

        Ok so another anonymous officual makes a claim. Now is this him mak

    • "As mentioned before, the attack are most likely not from China at all. No decent hacker would leave traces from his own machine", suv4x4

      It's not as if they had access to the hackers computers. They would use evidence of portscans being run against their own computers.

      "A few minutes ago, we received a complaint from the U.S. Department of Commerce [google.co.uk] about them being portscanned"

      "Attacks on UK government systems using a then unpatched ,Microsoft Windows [theregister.co.uk] Meta File (WMF) exploit last Christmas were tra

    • Re: (Score:2, Insightful)

      by Anonymous Coward
      Does everyone have to take every story about someone attacking the US and claim it is a lie? I'm guessing since it' safer to believe nothing is wrong than face reality then this is the reason. "They keep claiming China...." Yes, god forbid someone should point out the person who is doing something. If the guy accross the street keeps attacking you, stealing from you, and destroying your property it's bad to keep blaming him.

      This is why the United States will fall apart. We have two groups, one that se
    • I still think this came from North Korea [slashdot.org]. It's about the time for them to start demonstrating what they learnt this year.
    • You know... While its true that Hackers try to obscure where they came from, its also true that some of the best in the field are tracing them back to China.

  • WindowsUpdate (Score:3, Funny)

    by crazyjeremy ( 857410 ) * on Monday October 09, 2006 @09:13AM (#16363093) Homepage Journal
    They hacked WindowsUpdate.com [mtrx.net] as well... It must be them. The screen capture of the hacked website says "hacked by chinese".
    • 1) Chinese hacked US Govt computers
      2) Most of US Govt computers run MS Windows
      3) Bill Gates is in charge of MS

      Therefore, Bill Gates is a Chinese Spy!!1!!!!11

      • Re: (Score:2)

        by swb ( 14022 )
        I know you're making a joke, but what about a capitalist/communist China wouldn't any US corporation like?

        A few select business leaders are allowed to run massive monopolies, labor disputes are settled with an AK-47, and there's no noisy press to berate your crappy products or your business leadership.

        Sounds like Bill Gates might actually like the Chinese afterall.
        • I see what you are saying. But Bill Gates is probably a bad example since the guy needs creative smart people (whom he happens to pay very well I am told (H1-B or not)).

          Assembly-line industries employing low-skilled workers would like China better. Industries like auto manufacturing, textiles, consumer electronics, farming, etc.

  • Obviously (Score:2, Funny)

    by amliebsch ( 724858 )
    These are Chinese hacker infantry, who steal money from the internet to fund the war against the GLA.
  • et tu CmdrTaco
  • What could possibly be of importance on US Department of Commerce computers? Are they trying to download warez? Logs off steamy chat rooms? Minutes of another boring meeting a typical government official attended?

    • Re:US Department of Commerce? (Score:5, Informative)

      by acvh ( 120205 ) <`geek' `at' `mscigars.com'> on Monday October 09, 2006 @09:49AM (#16363465) Homepage
      Actually, the Department of Commerce has become as important to foreign relations as the Department of State. Maybe even more so. State is concerned with PR, diplomacy and such. Commerce cuts deals worth billions of dollars; the prospect of being able or not to do business with the US is a much bigger stick than threatening to refer someone to the UN.

      If a foreign power could gain access to internal Commerce discussions it would give them some leverage in negotiations; and in the realm of international business a little inside info can go a long way.

      • Right. China remembers what U.S. politicians so often forget: The economy is a tool, in war and in peace. Societies have economies, economies are not societies.

  • Does anyone on the Slashdot editorial staff even read the main page anymore?

  • Block China From the Firewall (Score:4, Interesting)

    by organgtool ( 966989 ) on Monday October 09, 2006 @09:27AM (#16363213)
    I was going to suggest blocking all traffic coming from the IP range of addresses from China, but they could easily circumvent that by using a proxy outside of China. Maybe the U.S. Department of Commerce could create a welcome message that promotes democrary and condemns the inhumane treatment of the Chinese government and have that message appear before prompting for the username. That traffic would probably get blocked by the Great Firewall of China. When your weapons fail to work, turn your enemy's weapons against them.
      • Why South Korea? The only relationship I see is the large number of Korean immigrants in Shanghai (and now I see shop signs in Korean a lot more in the "Korean-dominant" areas) and maybe the commercial relations (Pantech, Samsung, and LG are 3 companies that I can think of that are pretty big in China)

    • Re:Block China From the Firewall (Score:5, Interesting)

      by smilindog2000 ( 907665 ) <bill@billrocks.org> on Monday October 09, 2006 @10:07AM (#16363635) Homepage
      That would really PO the Chinese. They hate it when we point at their miserable human-rights record in public. A better way IMO to deal with the Chinese is to work behind the scenes to get them to improve while publicly praising their efforts. IMO, Chinese culture cares much about 'face', a concept of honor that requires the appearance of respect, even if we bicker shamelessly behind closed doors. Bush routinely shows his ignorance of the Chinese by publicly lashing them, and then he gets bent out of shape when the Chinese retaliate with substance rather than words.

      When the Chinese accidentally rammed one of our surveillance planes was a great example. Bush immediately publicly blamed the Chinese overly-hostile pilots (who were, of course, at fault), and demanded back our plane and it's crew. The correct course would have been to call the Chinese first, and negotiate terms for getting our plane and crew back secretly. IMO, the Chinese can be far more reasonable if we agree to put on a face showing friendship, cooperation, and respect for each other. We could have agreed to publicly call it a freak accident, with no one to blame. That probably would have gotten our guys and maybe even the plane back far quicker.

      So, I think changing the web site to shame the Chinese government would be a bad idea. Instead, we should work with the Chinese behind close doors to solve the problem. Of course, that wont end Chinese spying on the US, nor will it end our spying on them. In general, I feel that it is good for world stability when we know the truth about each other. Fear of the unknown can cause major problems (like WMD in Iraq).

      • Re: (Score:2)

        by javilon ( 99157 )
        Fear of the unknown can cause major problems (like WMD in Iraq).

        I hate to break it to you, but the iraq invasion was not caused by lack of knowledge. It was actually the fact that Bush new that Iraq didn't have any meaningful WMD that allowed the invasion.

        Countries with real WMD like North Korea dont get invaded. If you disregard the US rethoric, invading Iraq has sent the message that you need WMD in order to keep the americans at bay. That is why Iran and NK pursue them as fast as they can.
      • IMO, Chinese culture cares much about 'face', a concept of honor that requires the appearance of respect, even if we bicker shamelessly behind closed doors.

        Then they should have responded immediately as you say we should have. Or is it a double standard? If you go to another country you should respect their customs when/where reasonable. However, when you wrong another you should not be expecting them to submit to your customs, rather you should accept theirs. In the case you mentioned, the Chinese should h
        • The Chinese do try to respect our culture. It's a two-way street, and other countries tire of living up to our norms, while we walk all over theirs. Bush Jr insults whole countries without even knowing. Remember early on when he refered to the fight against terrorism as a crusade? Remember when Bush Senior threw up during a Japanees dinner? Bush senior was trying desperately to deal with the Japanese culture, even their food. Bush Jr is simply clueless. Stupid Americans think the rest of the world is

  • I'm sure this is intended to provide an excuse... (Score:4, Insightful)

    by BlabberMouth ( 672282 ) on Monday October 09, 2006 @09:31AM (#16363271)
    for all the cracking attempts our own guys have launched against China. I'd be schocked if we (the United States) haven't been doing this type of thing against China, North Korea, Iran, or just about anybody all long.

  • "BIS discovered a targeted effort to gain access to BIS user accounts," Commerce Department spokesperson Richard Mills said. "They took a series of immediate action steps to ensure that no BIS data is compromised. We have no evidence that any BIS data has been lost or compromised," Mills said.

    Oh yeah, I too must be specifically targeted then, because I've seen these sequences in my log:

    May 31 13:06:27 gator sshd[18127]: Invalid user tony from 210.196.254.66
    May 31 13:06:30 gator sshd[18129]: Invalid user

  • Sorry for the OT, but I just can't get past the term "Cyber-Attack". Are the Chinese using concentrated electronic sex talk to assault the US Dept of Commerce?

  • Export Control, and the Information Age. (Score:5, Insightful)

    by lwap0 ( 866326 ) on Monday October 09, 2006 @09:54AM (#16363513)
    I frequently work with the U.S. government to prevent export control violations in the defense contracting world. While I can't name specific countries, I can tell you that East Asia accounts for 34% of all attacks both cyber and conventional targeting U.S. Industry and government agencies (as of 2005). My peers and I agree that this is likely directly or indirectly sponsored by the Chinese government. And contrary to popular belief, about 90% of what they want is export controlled information, not classified information.

    Why export controlled information? Think about how much money it takes to protect classified information - guards, safes, alarm systems etc., it's a lot of cash, and it's damn secure. Export controlled information doesn't enjoy those same protections, just export compliance waivers to sell or ship said products overseas. As an example: Say we have a dual use technology, both military and civilian use - like jet engines. We won't sell it to certain countries we compete with both economically, and militarily, but they will do their very damndest to steal it, either by forging state department waivers, lying, stealing, black-mailing, hacking - whatever it takes. Why do they want it? To equip their jets to compete with ours on the battlefield, or to sell, or maybe even find it's weaknesses to compromise if we ever went to war with them.

    I'm willing to bet here that the network used to launch the attack was a University school network, which to most people seems pretty innocent - except that in China, all schools are state run and owned. Is it an academic institution, or an extension of the Chinese government? Likely both. In this instance, the Chinese government gets plausible deniability - they had no control over, or knowledge of any cyber attack. I'll don my tin-foil hat, and disagree with that assertion only because I'm jaded and cynical enough to know better.
    • In your field, you've probably run across the Israel-to-Chinese tech-transfer problem. I hate linking to this obviously BS site, but I'd like to know if this article it carries has any truth to it:

      http://www.americanintifada.com/2005/5/05-06.htm [americanintifada.com]

      I've seen similar stories elsewhere. Have we in fact indirectly sold F-16 technology to the Chinese through Israel? Thanks.

      • Re: (Score:1)

        by lwap0 ( 866326 )
        To my knowledge, no, we've never sold something to Israel, and then watched them turn and sell it to China. Now, we have provided them (Israel) with F-16's, but these are really stripped down versions of the plane. We don't provide them our avionics package, radar, or targeting software. They have a likewise system they might install, but that's on them, not us as the seller. The U.S. government will not sell military technology to another country, without holding a trump card of more superior technology i
  • Like Chinese folks just looking around for info and news.
    What has the Commerce department released recently?
    whats the news about in China at the moment?

    This is just one big Chinese style slashdotting?

  • Why is this info internet-accessable anyways? (Score:3, Informative)

    by knorthern knight ( 513660 ) on Monday October 09, 2006 @10:20AM (#16363759)
    According to the Register article...
    > Information housed on the department's systems includes sensitive commercial and
    > economic data on US exporters as well as data involving law enforcement records.

        How many times does this have to be drilled into people? If you put something on an internet-accessable server, it *WILL* be accessed from the internet, and not only by "authorized personnel". For additional giggles, put the following key into a Google search...

    inurl:.gov confidential "do not distribute"

        The f***ing idiots who put sensitive government data on publicly accessable servers should be shot by a firing squad for treason.
    • Cheers! I did this and now I'm off to Gitmo...
    • For additional giggles, put the following key into a Google search...

      I am quite frankly suprised the result is only "286 English pages". I'd expected high, much higher. especially given that at least a few on the front page are clearly not related to the parent poster's intent.
  • Is government stupid enough to expose information that is incredibly sensitive to the internet? (Please, don't answer this).

    If they had clear information and data policies, their data would all be on private networks, without access to the outside. Not doing so is just an invitation for crackers who love challenges.
    • Least we forget how people cry about "the Govt should provide the people all the information that we want because we pay taxes and we should know what they are doing!" Well, to provide information to the US population, would be providing information to the entire globe. That is why many things that seem harmless on the surface (budget for one) but could be used as a valuable piece of intel for many other nations/companies.

      Now, unless you want the govt to spend more money on a larger priv network to exchang
  • Ok, assuming for just a moment that it is government backed ( which i honestly doubt ), wouldn't this be considered a declaration of war and a 'first strike' ?

    And all we are going to do is sit on our hands and let them?
    • Yeah, I mean look how well things are going for us in Iraq! We should get into that situation with at least a few more countries. Especially China - I hear their millitary is really small.

      • Re: (Score:2)

        by nurb432 ( 527695 )
        The mistake we made in iraq was playing 'nice'. If we went in to win as the only objective, it would have been a lot different.
        • So our objective wasn't to win? If so Mission Accomplished! I believe our 3rd or 4th stated (after the WMD thing and a few others fizzled) objective was to liberate the Iraqi people from the oppression of Saddam. Well, we did, but I don't think they exactly see us as "liberators" but actually as more of "occupiers". You may disagree, but if so you may not know the meaning of the word "insurgency" or even "civil war". You may have also noticed that the Iraqis didn't greet us with open arms and flowers, but w

          • Re: (Score:2)

            by nurb432 ( 527695 )
            50000 is nothing. thats playing nice.

            Not bombing 'sacred' buildings. thats playing nice

            Not going all out and leveling the place in the beginning. thats playing nice.

            To hell with being 'liberators' and the politically correct game, that only gets us in the mess we are in now.

            We would never have won wwii with the pansy ass directive we have now. ( i am *not* saying the troops are pansy.. not at all, they just cant go out and do the rest of the job they were trained to do )
            • So you argee that the terrorists who attacked us on 9/11 were "playing nice"? They only killed 5,000 and I don't believe the Twin Towers were "sacred" excpet maybe to yuppies worshipping the almighty dollar. Seems a little different when the shoe is on the other foot.
              Even Bush Sr. knew we could never occupy Iraq, that's why he didn't attempt to in the first Gulf War. He even warned Dubya not to do a full scale land invasion - it wasn't necessary or particularly smart. He took out Saddam's military, hence e
  • aimed at extracting sensitive information from targets such as the Commerce Department's technology export office.

    Why is sensitive governmental data even connected to the public internet? Surely the government can afford it's own private network that doesn't even have connections to the general public internet. They couldn't hack into something that's not there... Sure, the government started the internet, that doesn't mean they have to continue using the same one we do, does it?
  • One has to wonder, with all the uproar about hacking from China into US Gov't computers, why don't they just block all the IP blocks in China? Download the list from APNIC, use something like Perl's Net::CIDR to merge the blocks and add to your firewall. It's rather easy...

    • Re: (Score:2)

      by ErikZ ( 55491 ) *
      Because then whatever organisations that are doing this in China will simply move elsewhere and attack from there.

      Hows this for your next headlines? "Mexico and Canada jointly attack the US commerce department."
  • I'm a bit surprised by this. Not that the Chinese Government would approve such action, but that somebody is able to perform it. My indirect experience with the culture suggests that finding individuals capable of the type of on-the-fly problem solving necessary to attack a protected network is very difficult. While the application of such skills is a bit maligned, I'd say it's a good sign for them that such people do in fact exist and can be motivated to utilize their abilities. I know of a few groups
  • Based on the other recent post, many government employees browse pron and gambling sites and get infected with bots.

    That would probably be a better vector.

    Plus they might make a profit while doing it.
  • Jesus, Kranfer - it's not "the Chinese", but "some Chinese people". Lumping all Chinese folks into one group, then to say they did something somewhat-underhanded is fucked up.

  • People seem to forget.... (Score:3, Informative)

    by heybo ( 667563 ) on Tuesday October 10, 2006 @01:24PM (#16380337) Homepage

    People seem to forget. The US does this kind of thing all the time. Not only to other countries but to their own Citizens. Remember we have all those three letter agencies that do this sort of thing all the time. So what is good for the goose is it not good for the gander? Or is it like torture these days? We gasp and cry when we see someone get their head lopped off on TV, and say "What savages!" Still it is ok for us to torture people for weeks on end because we are the good guys so this is good torture. Who is the savage really? The person that quickly puts and end to the pain of the enemy by whacking off their head or the person that makes their enemy suffer for weeks without end?

    You see I come from a group of people that was once "Branded" savages by the US goverment. One example that even lives up to today. We were savages for taking scalps of our enemies. The part that is ALWAYS left out is we only took scalps in revenge for taking the scalps of our women and children for $5.00 a scalp. Payable by the US Goverment. Funny how that part of history is left out and still scalping is always related back to Native Americans even today. "Scalp'm Braves"

    So are the Chinese really the bad guys or are they protecting their own assests? We're trying to pick their pockets all the time so why is it so bad when they try to pick ours?

    The simple truth for people and goverments is you can't run around beating up other people all the time. Sooner or later someone bigger and badder than you will finally get tired of your shit and your continued assaults against them and in defense will either gang up with the other guys you are beating up on or if big enough on their own will turn around and beat the shit out of you.

    The solution is simple. Leave them alone and they will leave us alone. It is all "Cause and Effect" Don't be the "cause" and you won't feel the effect. You can't blame someone for taking a defensive position to your offenceive moves.

    The same rule of "cause and effect" applies to networks. You choose to run Windows that can access sensetive areas then YOU are setting yourself up to get hacked. I find it strange that the NSA would build something as secure as SELinux and the rest of the goverment not use it. Maybe not strange just stupid. The point is they have the tools to lock everything down and if they don't well too bad should have bought a better lock for the front door.

Slashdot Top Deals

Neutrinos have bad breadth.

Close