China-based Campaign Breached Satellite Operators, Defense Contractors and Telecommunications Companies in US: Symantec (reuters.com) 60
A sophisticated hacking campaign launched from computers in China burrowed deeply into satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, security researchers at Symantec Corp said on Tuesday. Reuters: Symantec said the effort appeared to be driven by national espionage goals, such as the interception of military and civilian communications. Such interception capabilities are rare but not unheard of, and the researchers could not say what communications, if any, were taken. More disturbingly in this case, the hackers infected computers that controlled the satellites, so that they could have changed the positions of the orbiting devices and disrupted data traffic, Symantec said. "Disruption to satellites could leave civilian as well as military installations subject to huge [real world] disruptions," said Vikram Thakur, technical director at Symantec. "We are extremely dependent on their functionality." Satellites are critical to phone and some internet links as well as mapping and positioning data. Symantec, based in Mountain View, California, described its findings to Reuters exclusively ahead of a planned public release. It said the hackers had been removed from infected systems.
Tesla (Score:2)
Re: (Score:1)
Even military school couldn't prevent his spoilage.
NSA subsidiary Symantec that is. (Score:1)
Getting rid of competition like Kasperski like Goldman Sachs got rid of Bank of America. Not only destroying them in the country, but making every blame them too. An age-old strategy, actually dating back to the OSS and Nazis, and well-documented in the Snowden leaks.
Symantec Breached, or Symantec Reported... (Score:2)
Spy vs. Spy (Score:4, Insightful)
How dare they do to us what we are probably doing to them.
Re: (Score:3, Insightful)
As the article says, they do not know what communication was intercepted and that the foreign actors had access to satellites controls.
If all it's true it's pretty serious defense issue, far beyond "how dare".
Re: (Score:1)
Do you mean spying in a "read-only" sense, or potential sabotage?
I'm sure the USA looks for holes in other countries' infrastructure to use in case of a conflict. Maybe even "add" holes for future use. Who knows.
Re: (Score:1)
Do you mean spying in a "read-only" sense, or potential sabotage?
The article suggest ability to take control of the satellites. With the control of the satellites quite a lot can happen - from manipulating of the transmitted data, through bricking it, to even trashing it and the orbit it is in (satellites have some fuel for maneuvering, usually enough to reach the final orbit after launch and to reach "trash" orbit or de-orbit at the end of life).
I'm sure the USA looks for holes in other countries' infrastructure to use in case of a conflict. Maybe even "add" holes for future use. Who knows.
I am pretty sure the spying game is well on, but regardless of this, having such a deep penetration of critical systems is qui
Re: (Score:2)
Foreign espionage, what does that even mean any more. The USA via the idiots in the NSA and especially in the CIA kicked off this game and now we all have to pay the price. Forget national interest espionage, this is all becoming corporate for profit hacking. You can destroy competing corporations with the right hack, you can free up the customers they have captured so you can take them, you can shut down operations, wipe out government contracts for security breaches, steal proprietary methods, capture cod
Re: (Score:2)
Yep, China and Russia and Iran would never have figured out how to use the interwebs to do espionage with the NSA and CIA showing them how it's done. Geeze, what a bunch of dolts.
Suspect (Score:4, Insightful)
A sophisticated hacking campaign launched from computers in China burrowed deeply into satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, security researchers at Symantec Corp said on Tuesday.
I have no problem believing this. Seems legit. However, the TIMING of this report is extremely suspect. Why now? When there's a nasty trade-war brewing between China and the US. Yeah, suspect and shady as FUCK.
Free advertising matters more to Symantec (Score:4, Informative)
What happens from this announcement, that Symantec cares about, is that their name is in the headlines. Free advertising.
Policy makers, the President and Congressional committees, already know from classified (an unclassified) intelligence that China is spying on the US all over the place. This latest marketing announcement by Symantec isn't going to make much difference to policy makers. Symantec doesn't care that much anyway - they don't have a major Chinese competitor they are trying to get rid of.
The free advertising is what Symantec cares about. If my company had uncovered this incident, we would absolutely put out a press release right away, in order to get our name in the press.
Heck, look at any of my CVEs, such as 2012-0206.
https://www.securityfocus.com/... [securityfocus.com]
Do you think I thought about what the president was doing when I found and reported that? No, but I do very much like the first three words in the official description of the vulnerability.
Why? (Score:2, Insightful)
Why are these critical systems connected to a public network, THE INTERNET, in the first place? Air-gap these things!
Re: (Score:2)
A contractor can support systems all over the USA, globally using the free internet and only need a few people with clearances and lawyers in any on nation.
In the internet is a cost saving network allowing staff in one nation to work on many projects globally.
The alternative is staff on site. Staff in that nation. Fly in fly out hours later to different
Re: (Score:2)
Stop letting EU brands sell their services into the USA as a contractor via the internet.
All workers have to be in the USA. That would allow the FBI to study the past of every worker. For their politics and for a split loyalty.
Make contractors fly out all over the USA. In person. That at least reduces the risk of the open "internet" needed for every service offered to the US mil.
Stop al
Re: (Score:2)
Not as "free", but you could do the same thing with dedicated connections, rather than thru the open internet. For a lot of stuff, POTS would be enough.
They used shit made ... (Score:3)
... by ZTE.
Re: (Score:2)
At least it wasn't Cisco. How many CVEs for hard coded tech support backdoors are we up to now?
Re: (Score:2)
I agree with you.
I can't name one goddam hardware/software that has no CVE.
China breached US! (Score:2)
Good for them; and a plague on both their houses!
DX all that shit (Score:2, Informative)
Christ almighty pull the jack already. It makes no sense at all that this type of stuff is connected to the internet.
Re: (Score:2)
New Term: Air Gap (Score:1)
Know it. Use it. Love it.
When I worked in space control centers, we had air gapped control rooms. No VPN. No inbound traffic except through encrypted satellite links to the systems in space.
BTW, cell phones and cameras weren't allowed in the building either.
What has happened to our smart people? Do they need their diapers changed?
Re: (Score:2)
Not only do I air-gap important digital electronics, I even air-gap my inductors and transformers! You never know when somebody is going to fuzz your inputs, you don't want to risk saturation leading to denial of service!
surprised? (Score:1)
Re: (Score:2)
Sophisticated hacking campaign launched from China (Score:2)
Re: (Score:2)
But... (Score:2)
"Following its customary stance, Symantec did not directly blame the Chinese government for the hack. It said the hackers launched their campaign from three computers on the mainland. In theory, those machines could have been compromised by someone elsewhere. "