White House Confirms Chinese Cyberattack 212
New submitter clam666 writes "White House sources partly confirmed that U.S. government computers — reportedly including systems used by the military for nuclear commands — were breached by Chinese hackers. From the article: 'The attempted hack used 'spear phishing,' in which an attacker sends an email to a specific target that uses familiar phrases in hopes that the recipient will follow links or download attachments that unleash the hacker's malware. None of the White House's secure, classified computer systems were affected, said the official, who reached out to POLITICO after the Free Beacon story appeared — without having been asked for comment. Nor had there been any attempted breach of a classified system, according to the official.'"
Lets see if there's parity.... (Score:2, Insightful)
.... between what happens to the chinese perpetrators and what has happened to Gary McKinnon over the years!
Re: (Score:2)
.... between what happens to the chinese perpetrators and what has happened to Gary McKinnon over the years!
Why exactly is this modded as flamebait? It sounds like these breaches were actually more serious as they targeted computers involved in nuclear commands. How is that not more serious than what Gary McKinnon did?
Re:Lets see if there's parity.... (Score:5, Funny)
Are you really that stupid, or just trying to start a flamewar?
That is grossly unfair.
There's absolutely no reason it can't be both.
Re: (Score:3)
Re: (Score:2)
Nuclear weapons? (Score:5, Insightful)
Obligatory: Would you like to play a game of thermonuclear warfare?
Next up, petitioning the White House to find out why the fuck nuclear control systems are on the internet ...
Re:Nuclear weapons? (Score:5, Funny)
"Next up, petitioning the White House to find out why the fuck nuclear control systems are on the internet ..."
Well that is easy. That is because IE 6 is required to administer.
Re:Nuclear weapons? (Score:4, Funny)
IE6? You are being way too generous. Try Netscape 3.0.
Re: (Score:2)
Re:Nuclear weapons? (Score:4, Insightful)
Well that is easy. That is because IE 6 is required to administer.
If software had to go through the same rigorous background checks that the employees who use it have to at these facilities, I don't think IE6 would have gotten a security clearance. How is it that the government can refuse to grant a security clearance based on sexual orientation under the notion that it could be used to blackmail someone, but allow the use of software with a proven and highly publicized record of leaking information? What's more, people with security clearances are subjected to intense scrutiny -- their supervisors know about every little aspect of their lives, including that little dimple on the inside of your right thigh, yet routinely employ software that is essentially a big black box -- nobody knows how or why it works.
The government needs to start taking software review as seriously as it takes personnel review with regard to security clearances and access to classified and/or sensitive materials. From a security standpoint, it doesn't matter much whether it was a web browser or a person that passed information to an enemy; The end result is the same.
Many of our enemies are now seeing that it is comparatively less costly to exploit technology than people. You'd think we'd have learned this lesson after the second world war -- wasn't cracking Enigma enough of a wake up call?
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
They aren't on the internet (Score:2)
They aren't even on siprnet.
Re:They aren't on the internet (Score:5, Insightful)
Re:They aren't on the internet (Score:5, Insightful)
No matter how secure you think a network is, there's always some idiot that does something like:
1. Upload 50 GB of downloaded music onto a secure network.
2. Upload 1 TB of downloaded movies onto a secure network.
3. General wants his/her Wikipedia fix, so there's one hole in the network security.
4. General #2 wants to check his/her Fantasy Football team from a secure network, hole #2 in security.
5. Etc. Etc. Etc.
So-called "secure" networks are nothing of the sort. They leak like a colander.
Re: (Score:2)
The "air-gap" in SIPRNet is what they tell you, and how they say that it works. How far do you trust the US government to be honest?
That fact aside, when a General says they want something, it happens. Perhaps the act of shifting 2 feet to the right to access a standard network computer is too far for them to move. Whatever their reasons, all a General needs to do is go find his S-6 and order PV2 Snuffy to plug in some cables so he/she can access whatever they want on any computer they want. Do you thin
Re: (Score:2)
Because they have to be, stupid! They're SCADA!
Re:Nuclear weapons? (Score:5, Insightful)
"Next up, petitioning the White House to find out why the fuck nuclear control systems are on the internet ..."
They aren't, (also Read The Fucking Article) but tech reporting and public ignorance in the US are so horrid that all PCs owned by the military are presumed to be connected to each other.
Hint:
Unclassified networks are used for Unclassified activities, of which there are many. They are different from Classified networks of various types. The usual communications necessary to getting ordinary business done (ordering asswipe, telling folks physical training is rescheduled, what the fuck ever) don't go on command and control networks.
An office in one building may (shock, horror) have systems connected to DIFFERENT networks, technologically astounding as that concept may be.
freebeacon got its page hits (hence the sensationalist title) and you got modded Insightful for displaying no Insight.
Mods, "Insightful" doesn't mean "me like, yay!". :-)
Re: (Score:2)
Re: (Score:3)
I know you're an AC but I have to reply...
Unlikely. A large part of the US nuclear arsenal is actually on submarines these days. And if you really think a "cyber" attack could be so effective that not only the US but the entire NATO infrastructure could be permanently disabled (which is absurd outside of sci-fi) don't worry... the Brits still allow their subs to launch nukes at the discretion of the crew, yay!
So, a good enough attack would basically ensure the end of the world, so point #4 is pretty much
Wait, what? (Score:5, Insightful)
How can the attack include military systems used for nuclear commands, yet not include any secure classified systems?
When they made a list of which government systems should be secured, they decided to leave the nukes off that list?!
Re:Wait, what? (Score:5, Informative)
Key word: "reportedly".
The initial report claimed that those were the systems that were compromised. The White House insider denied that those systems had been compromised, but confirmed that a non-classified network had been compromised.
Re: (Score:2)
imo, the best way to saf
Re:Wait, what? (Score:5, Informative)
The press is most likely wrong. I've been on the news a couple of times, and they always get something wrong.
Any classified info is airgapped, end of story. I can do drawings on the [system] on the same computer I'm using for /. The vast, vast majority of drawings are not classified. (I joke that part of the OpSec is that if we get captured, I tell them everything I know, and when they fall asleep, we tiptoe out of the room. "In this circuit, we use cable LS2SJ-14. But in this circuit, we went to LS2SJ-12. Hey, PAY ATTENTION!" So like I was saying, we used LS2SJ-12 here...) If I want to look at anything that's classified, or even something that's CG, I have to do the following:
1. Have the clearance and the need to know.
2. Get a copy of the document sent to me, usually by FedEx.
3. Get a supervisor and go to the secure room, sign in, close the blinds and the door.
4. Get the HDD from the safe.
5. Check the computer, then put in the HDD.
6. Power up the computer. It's a stand-alone machine, that's what I was checking for.
7. Work.
8. Finish working. Print up stuff or burn it onto a disk. Fill out the form that shows that another copy of the material exists.
9. Power down the machine and put the HDD back in the safe.
10. Sign out of the secure room.
11. Mail the printout or CD to whoever it was that wanted it.
And that's for CG stuff. The TS stuff is watched constantly by people with weapons.
If someone can hack their way into a system where the info is not only powered off, but in a separate room from the equipment that can read it, inside a safe, then it's time to give the fuck up.
Re: (Score:3, Interesting)
That's funny. I was at a client site (aerospace contractor) doing some software training in the mid-2000s, and when I asked why IE wasn't working on the computer I was using to demonstrate something I was told, "Oh, that's a DoD station; use this one right next to it."
So it was sort of airgapped, but all that Men In Black access control you were talking about was nowhere in sight.
I've had similar experiences at other defense contractors, too; although in that case I wasn't allowed to actually use the clas
Re: (Score:2)
Re: (Score:2)
If someone can hack their way into a system...
The first step is enough.
The problem is the bureaucracy of secrecy; not that secrets exist. On the other hand if everything was open there would be no threats, but it's immensely difficult to let go of the selfish illusions.
Re: (Score:2)
The disks are encrypted, so it doesn't really matter.
Okay (Score:5, Insightful)
Backing up my suspicions for the last 2+ years:
How does the US know the actual nationality of the hackers and not just their end-proxy?
The US have been trying to insinuate a cyber-war for years now, and never said how they know who's behind it (if you said the *ATTACK* came from China, fair enough - to say it ORIGINATED there is more of a stretch, and to say it was Chinese hackers is just ludicrous).
Of course we have suspicions and think we might know who's behind it and who owns the net-blocks, but what a wonderful way to discredit a nation and put the blame on someone else when you want to cyber-attack the US - just proxy through China and start WW3 when the US relatiates.
Really, US? How do you *KNOW*? On the scale that you can confidently state the Chinese "attacked" you (and coupled with your statements that cyber-attacks could be considered acts of war?)? You're REALLY that sure it was China that did it? That you can announce on the news that it was the country itself?
Or do you just want to start a war with China for some reason?
Re:Okay (Score:5, Insightful)
How does the US know the actual nationality of the hackers and not just their end-proxy?
Perhaps they have collaborating intel from another source (e.g., spies or signals intelligence).
Or do you just want to start a war with China for some reason?
I wouldn't be surprised if it was posturing for election rhetoric. Could have been done to preempt a GOP leak ahead of Wednesday's debate, or it could tie-in with Obama's recent "tough on China" talking points. I try not to follow this stuff too closely though, so take my speculation with a grain of salt...
Re: (Score:3)
Because they got an agent into the hacker's den and looked over his shoulder as he was working?
Maybe the same sources that assured our leadership that there were WMD in Iraq are still knocking around the intel branch?
Re: (Score:2)
They don't want to start to war, but as the wars in the Middle East are about to end the US military sector needs another reason to justify its massive funding.
Re: (Score:3, Funny)
How did they know? Easy! The e-mail went like this:
"Hello Sir, very fine day indeed. I would like to inquire you buy cheap Sony cameras from our company. Not Chinese product, 100% original product. Please, look our offer in attached brochure.
I hope the day is very generous and we may come to agreement soon. Thank you!
Yours faithfully,
Clint Eastwood, CEO
Sony Company LTD."
That's one problem with cyber (Score:5, Insightful)
Attribution.
Disclaimer: I am a Navy Information Warfare Officer.
First, it's important to note that the White House didn't confirm the suspected source. It was anonymous officials who said this appeared to originate "from China" -- take that as you will.
As you point out, an attack may appear to come from a particular (set of) IP address(es), network(s), or source(s). An attack may have a certain profile, or share a profile with other attacks. An attack may have an assumed motivation based on its target. The attacker(s) may even wish to make it appear that the attack is originating elsewhere.
Even if the "source" is established, is it a nation-state? Hacktivists? Nationalist hackers acting on behalf of government or at the government's explicit or implicit direction? Transnational actors? None of the above?
No one wants to "start a war" with China, but the error in balancing the cyber threat against the "hype" is assuming that all threats are bogus, or must be the result of hawks looking for neverending war, excuses to begin/escalate the next "Cold War", and similar. The threat from China is very real, long-established, and well-understood for anyone who cares to look. It has been discussed thoroughly, even for the Chinese, in their own strategic literature, and there are very public examples of China's offensive cyber capabilities. China's investment in offensive cyber capabilities comes because of the understanding that dominance of the information realm will essentially allow China to skip large chunks of military modernization and still be highly effective in any conflict with the United States.
Think of it this way: it's now assumed that the Stuxnet/Duqu/Flame family were created by the US and/or Israel. (Keep in mind that even overt admissions prove nothing, and can be self-serving...) Even before the books and articles about OLYMPIC GAMES, attribution was assumed because of the target and because of snippets of clues in the code. In general, why is that assumption any more or less valid than this? Is it because some are more inclined to believe that of course the US engages in cyber warfare; but any cyber attacks against us are suspect.
Of course, there are those who will assume that indications of any cyber attack will always be a "false flag" and/or used by those with ulterior motives who want war. It can't possibly be that there are aggressors who indeed want to attack the US, and who greatly benefit from the odd proclivity of those in free societies to see the enemy as their own government, while overlooking the actual adversary. Sun Tzu would be beaming.
Background:
Chinese Insider Offers Rare Glimpse of U.S.-China Frictions
http://www.nytimes.com/2012/04/03/world/asia/chinese-insider-offers-rare-glimpse-of-us-china-frictions.html?_r=1 [nytimes.com]
"The senior leadership of the Chinese government increasingly views the competition between the United States and China as a zero-sum game, with China the likely long-range winner if the American economy and domestic political system continue to stumble, according to an influential Chinese policy analyst. China views the United States as a declining power, but at the same time believes that Washington is trying to fight back to undermine, and even disrupt, the economic and military growth that point to China’s becoming the world’s most powerful country."
China is on track to exceed US military spending in real dollars by 2025
http://www.economist.com/node/21542155 [economist.com]
China’s military rise
http://www.economist.com/node/21552212 [economist.com]
The dragon’s new teeth: A rare look inside the world’s biggest military expansion
http://www.economist.com/node/21552193 [economist.com]
Essential
Re: (Score:2)
Remember Japan? (Score:2)
The corruption is at worst a symptom of a larger problem. China appears to be suffering from the same problems experienced by Japan on its way to surpassing the US as an economic superpower. Now, that didn't happen, did it? Japan faltered because for the longest time Japan was virtually a one-party state. Now look at that other "great" one-party state, the Soviet Union.
There are otther factors of course, such as Japan's graying population, a problem that China is also facing because of its ill-conceived one
Re: (Score:3)
...and who greatly benefit from the odd proclivity of those in free societies to see the enemy as their own government, while overlooking the actual adversary.
After noting your disclaimer and then reading your post, two thoughts occurred to me. First, that they've trained you well. Your response was concise, well-articulated, and you were careful to define the limits of what you know (and what, by extension, anyone could know from the data). As a US citizen, this is comforting to me. The information and understanding of our military is often sensationalized, spun, and twisted to serve particular political ends to the point that a clear picture of what our milita
Re: (Score:3)
Re: (Score:2)
There are ways to serve in a similar capacity without coming anywhere near traditional military.
Re: (Score:2)
There are ways to serve in a similar capacity without coming anywhere near traditional military.
True, but they require security clearances and background checks. I have no criminal record save a speeding ticket, but I fail every time; They still consider anyone who isn't heterosexual to be a security risk. They aren't allowed to say that's the reason for the denial, of course, but I've been told by enough people who hold or have held them it's still going to be awhile before people who are LGBT are considered equal in that area... like so many others. The other thing is, and it's something not many pe
Re: (Score:2)
No idea about the trans portion, but the LGB part? You need to be applying to the right contractors with the right agencies. With the explosion of security theatre post 9/11, there are many openings, and an American boy who likes to kiss boys (or American girl who likes to kiss girls) is pretty low on the list.
Re: (Score:2)
This might be more true in the uniformed services (though I've certainly worked with a pretty diverse array of people and ideas; perhaps not as diverse as our society at large, but diverse nonetheless) and a lot of direct federal government employment at some of the intelligence agencies, but it's definitely not true of contractors. What you're describing is true in agencies that have a very established and rigid culture, like has been developed for a lot of the federal law enforcement positions (such as FB
Re: (Score:2)
One word:
Intent.
Intent matters. That's why we punish people who kill someone or cause property damage, etc., intentionally, and don't punish those who do the same things, but don't do so intentionally (and also don't do so because of negligence or reckless disregard). It's the same result:
Re: (Score:2)
Well, again, you're pretty much right clear across the board. I guess the only thing I can say is, I think the reason people have lost perspective is because we don't see the whole production, just the highlight reel. It's not really newsworthy to report that everything went according to plan. I don't have absolute confirmation or proof that terrorists are out there, planning to include me in their next political statement. I don't need to either. I know that yes, there's probably some asshole in a cave rig
Re: (Score:2)
ok, you trolled me into reading that first page of that one article, and then replying when drunk and stoned. So I read that, particularly the last lines of the page. As you seem to be someone doing a good job of portraying themselves as a rational actor- How do _you_ think the issue should come down on whether or not it is the civilians or the military that should have the crown of control over the internet? You make some legitimate references to people who too easily dismiss the foreign threat in the n
Re: (Score:2)
The answer is simple: in our country and system of government, the military fundamentally, and as a matter of law, answers to civilian authorities.
The military doesn't need to have day-to-day "control", but we need to have the capability, when attacked militarily, to defend ourselves militarily -- including in the "cyber" realm.
The mistake people make is believing it's a binary either/or; either civilian or military. The fact is that our information capabilities are so critical that they need appropriate le
Re: (Score:2)
The answer is simple: in our country and system of government, the military fundamentally, and as a matter of law, answers to civilian authorities.
That's not a simple answer at all. It's an easy 'corporate' line. But the truth is that strategic economic decisions made on the behalf of the US for the past 20 years have put China in a position to be able to use vast amounts of US currency to influence civilian businesses. But no, it's not like I think I'm telling you something you don't know. I just think that we deserve apologies from the companies that got rich selling out the human rights of the Chinese (e.g. the first public caving of Yahoo hand
Re: (Score:2)
A couple of things:
1. I thought your Google manifesto was very good (I know it's a work in progress).
2. I think you're reading WAY too much into certain things.
There is no grand conspiracy at play to "prevent people from running their own servers". There are many normal things on even client systems that can be described as a "server" such that the distinction is almost meaningless. Yes, there are plenty of traditional "server" and cloud services which many people use. The reason that Google has such langua
Re: (Score:2)
You do realize that even with proxies one can track down addresses right? Sorry, but if you get a few hundred thousand probes come in from addresses that belong to China, you can probably be sure that it's China making the attack. Here is why: The US generally reports these attacks to China and asks them to stop the attack, so the Chinese Government is aware of the attack. Being the Chinese Government, they can either investigate and shut it down, or allow it to happen. If they choose the latter, they
Re: (Score:2)
You make it sound so easy to hide, when in reality it's not. You are not talking about a secure services or networks like TOR, you are talking about open connections which are not obscured in most cases.
You also ignore the fact that even if it is originating elsewhere, and all you can do is find the origin and it happens to be in China.. are you saying China can't shut down the route? Working at a DOD contractor for almost a decade, this was routine. It's called "cooperatioin" and happens pretty often to
Re: (Score:2)
Why would the Great Firewall allow other countries to tarnish China's good name?
Re: (Score:3)
Whitehouse confirms
Yes, Obama wants to start a war with China. You have singlehandedly exposed this conspiracy. Enjoy your +5 Insightful
Re: (Score:2)
You should put away the tin-foil hat...
It's SOP that the US government doesn't disclose HOW they get their information, nor do they disclose how quickly they discovered such information.
The US most certainly has the resources and skilled personnel to track down the true perpetrators, even in the face of savvy use of chained proxies and zombie computer systems.
And finally, China is now the #2 economy in the world, and our major trading partner. There's practically nobody in government who wants to start a w
WTF? (Score:2)
Chinese hackers or just Chinese IP address? (Score:2, Insightful)
How do they know the phishing emails were sent by Chinese hackers? Are they just using the IP address of where the email originated to determine the nationality of the hackers?
May you live in interesting times (Score:2)
Definitely some interesting times ahead as the US's knee jerk SPREAD PEACE LOVE AND DEMOCRACY WITH BOMBS response meets the reality of that whole starting a war in Asia thing.
Proverb (Score:4, Insightful)
Wait a second... (Score:3)
Wow, that sounds bad.
Wait, so there are only a couple ways that these could both be claimed:
1. Someone is lying
2. Our gov't is actually dumb enough to not classify & secure systems used by the military for nuclear commands
3. Someone is lying
I'm guessing it's either 1 or 3.
Re: (Score:2)
Re: (Score:2)
Wow, that sounds bad.
Wait, so there are only a couple ways that these could both be claimed: 1. Someone is lying 2. Our gov't is actually dumb enough to not classify & secure systems used by the military for nuclear commands 3. Someone is lying I'm guessing it's either 1 or 3.
No. See it's easy. Only the insecure, classified computer systems were affected!
Re: (Score:2)
Re: (Score:2)
Horrible Summary (Score:3, Informative)
Shame on you samzenpus. The white house has only confirmed that an unclassified computer has been hacked. Not one capable of nuclear commands, not that it was a Chinese attack.
Its ok folks, they make our iphones. Sigh. (Score:2)
China is the enemy.
Obama hoping it goes away ... (Score:2)
With the amount of US Debt that China holds, Obama will say nothing and hope this goes away. At any other time and with any other Administration, we would be floating 2 carrier groups into the Sea of Japan and preventing any Chinese trade vessels from docking at our ports.
They are nothing without the American consumer.
Re: (Score:2)
What're they going to do, stop buying US bonds? They're still one of the world's most stable investments. China getting into a disagreement with us won't change that much (though China deciding they're not as valuable could), so there will still be plenty of buyers. So the rate we're currently paying on bonds, which is incredibly low, will go up slightly? Big deal.
We sell bonds. As a result, we're not really beholden to the people who own that debt.
Which is it? (Score:2)
after the Free Bacon story appeared
Which is it, shortage or surplus??
Re: (Score:2, Informative)
Re: (Score:2)
First off, CSI Miami is 42 minutes long.
Second, the Libyan President went on TV 1 week after the attack and said it was a terrorist attack. With the enormous intelligence budget we give to all the various Three-Letter Agencies, the U.S. should have known before a fledgling country with no intelligence agencies.
Re:So... (Score:4, Interesting)
First off, CSI Miami is 42 minutes long.
Second, the Libyan President went on TV 1 week after the attack and said it was a terrorist attack. With the enormous intelligence budget we give to all the various Three-Letter Agencies, the U.S. should have known before a fledgling country with no intelligence agencies.
Oh yeah. Just like they did on September 10, 2001.
There's a country full of milling militias, any one (or more) which might seize an opportunity in a condition of general unrest. There's the possibility that one single militia had one single pre-prepared plan that they could roll out. There's the possibility that Al-Qaeda had a plan already set up and scheduled. Then again, there's a load of politically-based sensationalism a certain so-called "News" network wants to promote, which is basically trying to convince us that Osama, er, "Usama" bin Ladin personally led a wave of jihadis in a grand, pre-planned anniversary wave of jihadis - but only in one of the several unsettled countries making noise at that time.
Since when do we blindly believe what politicians say? Especially other people's politicians?
OK, I'm keeping an open mind. It's possible that this really was all an al-Qaeda plot. But I'd rather wait until the evidence was all collected, sifted and cross-checked. There's no ticking bomb here, and I'd really rather not have another pants-wetting rush to find ways to curtail our freedom just because some gang broke in and committed atrocities again.
Have you considered (Score:2)
that the intelligence services actually wanted to analyze the data and question people before making a conclusion?
Re: (Score:3)
May I point you to Hanlon's razor?
"Never attribute to malice that which is adequately explained by stupidity."
http://en.wikipedia.org/wiki/Hanlon's_razor [wikipedia.org]
Re: (Score:3, Interesting)
How long will you excuse the stupidity before you realize that it's intentional? It took me quite a long time, and I ignored all the warnings from people around me at the time. Now that we have descended in to the state they predicted, bankrupted and near tyranny I get it.
Instead of wasting your time making excuses for them, do something productive. Go get some people you trust on ballots and campaign to get them in to offices, and get the turds out of the punch bowl.
Re: (Score:2, Interesting)
And just to be clear, do you think Obama is just "Stupid" when he is spending 2 times what the Government income is every year? Does anyone not know what happens when they have 0 savings, and spend twice their income year after year? Come on now, you can't be that gullible can you?
Do you think that Fast and Furious was just a stupid idea, and of course ignore demand letters 1-3? I'm guessing so, because they are too stupid to make those kinds of mistakes intentionally right?
The NDAA was just another mist
Re: (Score:2)
The US economy is not your stupid household budget. Stop making that asinine comparison.
Re: (Score:2)
Have you bothered to study any history at all? Do you know what happens when a country goes bankrupt? I'm guessing not, since you seem to believe that it's no big deal. Go read some fooking history, the get back to us on the issue.
And to say it does not compare is completely asinine on your part, at least in the basics of an economy and budget. Since you fail to read history, I'm guessing that you really truly believe that comparing spending money I don't have is different between a Government and a Hou
Re: (Score:2)
Yes, countries can go broke. NO it's not like a household budget. It's not. Period.
Re: (Score:2)
Deficit spending is the same, no matter who's budget you are looking at. Whether Government or you at home, spending what you don't have with no plan to get out of debt ensures bankruptcy. The difference of course is a matter of whom gets fucked when the bankruptcy occurs, in which case a Government should never have been allowed to spend money it does not have since every citizen gets fucked over on a default. See here [wikipedia.org].
To claim there is no similarity without qualifiers screams of ignorance. If you had
Re: (Score:3, Insightful)
Stupid talking point for dumb people, who don't realize that in real life, a crime can't be solve in 40 minutes, like on CSI: Miami.
It took me less than a minute to realize a coordinated attack on an embassy is not "spontaneous". If anything, it should be easier to determine the Embassy attack was "terrorism" (or at least coordinated and planned) than a Chinese hacker spearfished a certain person on a certain system at a certain time. Just because you stick your head in the sand and ignore warning signs of attack and indicators of planning, it doesn't mean the attack was spontaneous. Even during deployment in Iraq, I saw sugarcoating
Re: (Score:3)
Of course.
First, there's a "smoking gun" in the breach. The attack's general incoming direction can easily be traced to china, which at least indicates a proxy's sitting there. That gives China an opportunity to cooperate (if it really wasn't the government, or at least if they have a scapegoat handy), leading to some diplomatic goodwill and good PR all around. In an assassination, the evidence takes far longer to work out and get a general direction from, and accusing another country of assassination is a
Re: (Score:2)
It's not so tough to look inside a payload and scoop out an address and say: oh look! Chinese! But that's not necessarily where the original attackers are from: they are from anywhere, but the address was in a Chinese CIDR block somewhere, on a system that may or may not have been externally controlled from anywhere in the world.
Politically, however, the finger was pointed at China. Whether it was pointed correctly or not isn't really known. For now, however, if you believe the WH, then it's Chinese. But Ch
Re: (Score:2)
Of course. That was a point I made in my second paragraph. Now China can step up and help, offering some token gesture of cooperation, like extracting/forging logs pointing in some other direction. This is a chance for diplomatic small-talk, where a little good-faith effort on a task that's meaningless in the long run can help hold off the prospect of an upcoming war with China.
China also has the opportunity to take this flimsy accusation as a grave insult, so they could start rattling sabers and head close
Re: (Score:2)
I wonder if: the WH picks up a phone and calls somebody in the Chinese Embassy or straight to the right contact and says: yo, is this yours? Do you realize we interpret these things as an act of war?
Or does this online Spy Vs Spy game continue until something really evil happens?
Re: (Score:2)
There are supposed to be secure channels for having informal diplomatic discussions that are kept private, where a conversation like the former could take place, but I suspect that diplomats are a bit wary [wikipedia.org] of making "private" comments these days. That leaves only the subtle dance of public politics, where the latter is likely.
How it works (Score:5, Insightful)
I wonder if: the WH picks up a phone and calls somebody in the Chinese Embassy or straight to the right contact and says: yo, is this yours? Do you realize we interpret these things as an act of war?
US Diplomat: We have found out that there are attempts to gain access to US secure systems coming from Chinese controlled IP addresses. We take offense at this activity, and request that you cease immediately.
....And both sides keep hacking.
China Diplomat: The Peoples Republic abhor illegal and immoral activity, and in now way condone such behavior. While we are on the topic, we have discovered similar attacks on our systems coming from US controlled addresses.
US Diplomat: It is not the policy of the US to engage in clandestine cyber attacks on state controlled computer systems. We do not condone any such action.
China Diplomat: Excellent, we are in agreement then!
Flase flag op? (Score:2)
Of course. That was a point I made in my second paragraph. Now China can step up and help, offering some token gesture of cooperation, like extracting/forging logs pointing in some other direction.
This was a state acting, as cyber criminals likely don't care about nuclear delivery infrastructure. Assuming that I am a black hat in the official service of state intelligence attempting to compromise highly sensitive information, I am going to work through compromised foreign proxies ("I'm behind 7 proxies!"), burning one or more of them after each use, via drive wipes and deliberate infection with destructive viruses.
It seems weird that you would try something this daring directly from your home soi
Re: (Score:2)
Politically, however, the finger was pointed at China.
Technically, the finger should be pointed at Microsoft.
Speaking of classified... (Score:5, Interesting)
"White House sources partly confirmed that U.S. government computers — reportedly including systems used by the military for nuclear commands — were breached by Chinese hackers."
Check. Got it.
"Nor had there been any attempted breach of a classified system, according to the official.'"
Chinese breach nuke system, no classified systems were breached, so nuke systems aren't classified....?
Re: (Score:2)
No, the computer that stores the OSHA training videos and viewing records for the janitorial staff does not need to be classified, no matter what floor the janitor mops.
"Systems used by the military for nuclear commands" can have a very broad scope. Very few of them actually have classified information, or can access other classified systems.
Re: (Score:2)
No, what it means is some systems used by "Military for nuclear commands" are not classified systems. In any environment you will find both classified and unclassified systems, so it is no surprising that some systems used by them are unclassified.
Re: (Score:3)
Oh please! The DoD has been aware since, I don't know, the 1980s that anything important is not hooked up the public internet. I imagine that if they've been following their own doctrine, it's a treasonous offense to put any material not for public consumption on an internet-accessible machine, whether or not they think it's publicly accessible. Hell, it's been a long standing joke in the hacker / cracker communities -> "So tell me again, PH3@RMe, how you hacked a FBI / CIA / DoD server and got access to
Re:So... (Score:5, Funny)
If you read TFA "Soy sauce has been found all over port 21 and a Beijing duck was stuck on the firewall".
Re: (Score:2)
You made a mistake, it took 2 weeks to accuse the right party instead of blaming our free speech, some corny movie that would struggle to be B quality and the awesome tolerance other cultures have for ours.
Madeleine Albright was just in Ohio campaigning for Obama, and she said it's a difficult situation to understand and that Romney was wrong in criticizing the White House because it takes time and investigation to determine what happened. I hoping someone would ask "why was they speaking about it before ha
Re: (Score:2)
Re: (Score:2)
What victim? The only victims are the 4 people who died. They died after 6 hours of fighting. There's an entire Brigade stationed in Italy, a few hours flight away. Where were the Marines to stage a rescue? Those 4 men died because of the administrations failures. We should have reminded the residents of Libya why the Marine Corps Song start with "From the halls of Montezuma to the shores of Tripoli."
Re:So... (Score:4, Insightful)
Seriously. If the murder 3000+ Americans didn't put a dent in Saudi-US relations...
You're correct- It didn't put a dent in the relations the US has with a certain group of Saudis that hold power in their nation.
The ties of the powerful to any particular nation have been fading for a while now. The small groups in each wealthy nation across the world, groups that hold much of the assets and power, identify more with each other than their birth nations.
Remember the phrase "Any problem in computer science may be solved with another layer of abstraction"? Think of these groups of ridiculously wealthy and powerful people as a layer of abstraction placed above the nations of the world- In my opinion, the interactions between many nations that exist under this abstraction are largely attempts at scripted drama, random aberrations, or corrective actions brought about to manage those not yet aligned to the majority's interests.
I don't think it's any of this "New World Order" crap- It's just what people do, all the time: Those of similar socioeconomic position and means, with similar outlooks on how society should work, tend to clump together to their mutual benefit. I hang out with my neighbors, I belong to an investment group of similarly minded co-workers and friends that exist in roughly the same socioeconomic plane. If someone either fabulously wealthy or very poor were to join this group, it wouldn't work out very well.
I believe some of the extremely rich and powerful take this to a higher level in that they want to shape society to fit their own views, but this is the same principle writ large. I'm not trying to label this negatively or positively in regards to ethics or morality, just summarizing what I believe I have observed.
Re: (Score:2)
Very few people will click links from unknown sources, even in government.
However, when the email comes through saying it's from a common company such as Intuit or Chase (both of which have been used in phishing attacks I've seen lately), and comes from an email address from that domain, and looks legitimate (pictures and all), and it tells them that they can either click the link or type in the address, and can even address the target by name, most people won't think twice about clicking that little link t
Re: (Score:2)
Re: (Score:2)
Yep.. Remember farm sluts?
http://www.youtube.com/watch?v=snjCj0ntG8E [youtube.com]