U.S. Commerce Department Hacked Again

evil agent writes "The Bureau of Industry and Security (BIS), a branch of the Commerce Department, has sustained several successful attacks. Chinese hackers were able to gain access to its computers and install rootkits and other malware." From the article: "This is the second major attack originating in China that's been acknowledged by the federal government since July. Then, the State Department said that Chinese attackers had broken into its systems overseas and in Washington. And last year, Britain's National Infrastructure Security Co-ordination Center (NISCC) claimed that Chinese hackers had attacked more than 300 government agencies and private companies in the U.K."

Chinese Hackers?

[IlliniECE (970260)]

Chinese hackers installing root kits? Are you sure they weren't Japanese (aka Sony)?

Meanwhile, at a government workstation...

[CompMD (522020)]

Hm...so this here purple panda bear says he wants to be my buddy and help me out on the intarweb. Sounds good to me! (click) Gosh I wonder why my workstation is so slow, almost as if its sending all its files to ch!@$!$JGOJ!THIS POST 0WNZ0R3D BY CHINESE HAXORS

I think I read that wrong

[ndogg (158021)]

Bureau of Industry and Insecurity? Why would successful Chinese cracks be a surprise to them?

Nothing real will happen

[frinkster (149158)]

The Chinese have been trying for years to lose that pesky Most-Favored-Nation status, and this administration is not going to give in.

How sure?

[fredistheking (464407)]

How can they be so sure that the attacks originated from China? Sure there may have been Chinese IP addresses involved but the attackers could have been anywhere. The chinese systems could have simply been compromised and used to cover the attackers tracks.

DON'T BE RIDICULOUS

[by Anonymous Coward]

ARE YOU CRAZY OR SOMETHING? let's not let obvious facts such as these get in the way of a good xenophobic rant and/or nationalistic orgy

Re:

[sumdumass (711423)]

There are some tell tale signs besides the ip addresses. Technique used, programs inserted (read root kits), codepage of files droped onto the hacked computers are just a few. Watching the actual routing tables and ip packets plus maybe sniffing a router on/in the area to look for other packets destined for those computers. Of course it would really help out if you actualy caught them in the act of doing it.

Then again, a spy working for a friendly nation or even the US could have told us that it was going o

Re:

[finity (535067)]

That might also make the whole situation worse. It is important to get all the facts before pointing fingers, and unfortunately, with this kind of thing, it's very difficult to get all the facts.

Re:

[whathappenedtomonday (581634)]

How can they be so sure that the attacks originated from China?

They wouldn't say this if it wasn't true - just like they wouldn't put their systems online unless they are secure...

Ipv6

[growse (928427)]

Don't forget kids, all these problems will be solved when the US govt goes to ipv6. Since no-one else will be using it, it will confound and confuse anyone trying to hack in!

Its not about who did it

[in2mind (988476)]

Its not about whether the chinese or japanese did it. Its about whether the commerce dept knows enough to protect itself or not.

Re:

[ScentCone (795499)]

Its not about whether the chinese or japanese did it. Its about whether the commerce dept knows enough to protect itself or not.

It's not really an either/or thing. Yes, that bureau at Commerce needs to get its act together, of course. But it's actually very helpful to understand which spots around the world seem to be the largest sources of invasive nastiness, especially as it relates to economic/industry targets. Totally unscientific: of the many machines and networks I see administratively, the number

I've banned China's netblocks outright

[Sycraft-fu (314770)]

Well ok I should be more clear, I've banned the blocks allocated to an ISP which I'm told is the Chinese state ISP. The reason is that I get no legit traffic, tons and tons of hack attempts, and they just ignore abuse e-mails, including those translated to Chinese.

That's the real answer to this problem. If particular ISPs refuse to behave, just start banning them. I mean sure, all ISPs will have people who act bad, but if you contact them and get no response and if the bad/good ratio is vastly (or completel

Re:

[sumdumass (711423)]

I lost an account because of a chinese ip addressed hack attempt once. Well kind of.

It was at a small law firm with 4 workstations, A windows server, and a linux file server. The network would slow way down at times. Finaly I installed SNORT and saw someone was able to bypass the Dlink router used to distribute the cable internet and act like a firewall, take control of the microsoft server wich just did email and had a blackberry type program that could page, forward email to a cell phone and send automate

fight back

[ExploiT1001 (1010727)]

If they say it's most likely state sponsored hack attacks, why not fight back with state sponsored hack attacks, i doubt government agencies have people hacking away at china, and if they do, they arent doing it very well...why not supply the hacker community with what to attack and offer incentives for any help?

Re:

[Ignis Flatus (689403)]

If you really want to fight back, then the best thing to do is actually let them think they're getting in. Leave a few insecure holes here and there and plant some misinformation. If you're clever enough, then you can even use that misinformation to gain an advantage against them.

Another fake news?

[zitintheass (1005533)]

There is no source cited etc. no example shown, no logs etc. only that "new york post" said that. If true, is that department admiting idiocy? Even simple rule on the router that restricts whole **ina IP block to only certaing data resources could do the job. Keeping us scary they want. Fear agenda again?

another sample of distraction fud ..

[rs232 (849320)]

"There is no source cited etc", zitintheass

I don't know if we've read the same text. The article clearly quotes at least two named sources in the Commerce department. It never mentions Windows or Linux. Yet we have the above and other commments coming out with: It's a fake news item, it must be Linux that got hacked, it wasn't Windows etc. We also have such posts getting modded up as 'interesting', more mod trolling.

"An August e-mail from acting Undersecretary of Commerce Mark Foulon quoted by the Wa

Why not use most secure operating system?

[zymano (581466)]

openbsd ?

This whole thing is fishy.

Re:

[commodoresloat (172735)]

This whole thing is fishy.

A reference to the mascot perhaps?

Microsoft should be charged

[toby (759)]

Another WINDOWS story, but no mention in headline. If you want this to stop, go after the enabling technology. Take them to court, lock them up, or at least change to a secure alternative.

Re:

[TrancePhreak (576593)]

I think you're off target. Take the person responsible for the machine and put them at fault. Any machine can be comprimised if you don't put proper security measures in place.

Honeypots?

[CodeBuster (516420)]

Perhaps some not too obvious honeypots should be left lying around next time so that we can get a better look at their attack methods when they come back and they will be back. Then we can catch them with their red hands stuck in the fortune cookie jar.

So What

[tacocat (527354)]

With China being the point of growth on this ball of dirt, no one is going to dare piss them off. Even Microsoft has decided to let them steal software in China but in the USA you're doing 10-20 in the Pound You in the Ass Federal Prison.

I would not be surprised if the response from our government is to send the Chinese government a list of the root passwords to all our computers with a note attached, "So sorry for the inconvenience."

Thanks Ted!

[bblboy54 (926265)]

Apparently the the head of commerce [youtube.com] has found a way to unclog the tubes. Now when chineese haxors put their message into the internet it won't be delayed.

Were government computers purposefully targeted?

[code65536 (302481)]

My network, connected to the Internet via a vanilla DSL service from Verizon, logs tons of break-in attempts on various ports. Most of them are from Chinese IP addresses. And unless the Chinese government has waaaaaaaaaaaaaay too much time on its hands (they are barely able to keep domestic order right now, so I doubt that they'd give a damn about some home computer), I think it's safe to say that the attacks against my system are blind, automated attacks by regular hackers trying to steal passwords, financial/identity info, or to pull me into a botnet for things like spam.

So, in the case of the Commerce Department, are these hackers "Chinese" in the sense that they represent the Chinese regime (and are thus hacking for national interests)? Or "Chinese" in the sense that they just happen to originate from that part of the world (and are thus hacking for petty selfish criminal interests)?
- Given the prevalence of hackers hacking for selfish crimes (vs. for national interests), I would think lean towards the latter.
- If the Chinese government really wanted to hack the US government, they could've picked a more useful department. Like Defense or State. But Commerce?!?!
- Attacks originating from Chinese IP addresses are extremely common, mostly because of software piracy. Because over 90% of the Windows installations there are illegal, it is common practice for software updates to be disabled (you can thank WGA for that), and thus, a HUGE number of computers in China are zombies out on a mission to zombify (is that a word?) other computers.

It makes even less sense in TFA.

[khasim (1285)]

An August e-mail from acting Undersecretary of Commerce Mark Foulon quoted by the Washington Post said that BIS "had identified several successful attempts to attack unattended BIS workstations during the overnight hours." Last month, reported the Post, Foulon wrote: "It has become clear that Internet access in itself is a vulnerability that we cannot mitigate. We have tried incremental steps and they have proven insufficient."

What the fuck? Aren't they even behind a firewall?

Wouldn't a simple firewall "mitigate" that "vulnerability"?

Re:

[AuMatar (183847)]

No, it wouldn't. Firewalls themselves can be hacked. An internal network with no access to the internet is more secure than one with. The question is if access to the internet adds enough value to be worth the risk. The answer depends on what you're doing. Military plans- probably not. Joe Blow working for some small buisness- probably yes. In this case, no idea.

and?

[khasim (1285)]

An internal network with no access to the internet is more secure than one with.

Since you've opted for pedantic, no, it is not. It is only more "secure" from Internet-based attacks. There is still physical security to be considered.

The most "secure" system is one that has been turned off, encased in cement and dropped into the deepest part of the ocean.

Now, can we possibly get back to a discussion of this specific situation instead of displaying our pedantic generalizations to the world?

Yes, a firewall can

Re:

[AuMatar (183847)]

Since you've opted for pedantic, no, it is not. It is only more "secure" from Internet-based attacks. There is still physical security to be considered.

Hence more secure, and not "totally secure".

Yes, a firewall can be cracked. But because it is a single point of access, it is far easier to monitor/secure than if all the workstations are directly connected to the Internet. Therefore, having a firewall would "mitigate" that "vulnerability".

Yes, it would mitigate the risk. For many government computers, that

You don't understand "security", do you?

[khasim (1285)]

Hence more secure, and not "totally secure".

By that "logic", a house with a 10' hole next to the open front door is "less" "secure" than the same house with the front door closed and locked.

No, it is not.

Yes, it would mitigate the risk.

Which is what I said that you had previously taken exception to.

For many government computers, thats still an unacceptable level of risk.

And for others it is an acceptable risk. What is it with you and the pedantic generalizations?

If a buisness/government computer doesn't hav

"secure" does not mean "inaccessible"

[Vainglorious Coward (267452)]

Since you've opted for pedantic...The most "secure" system is one that has been turned off, encased in cement and dropped into the deepest part of the ocean

Congratulations on choosing the pedantic option. Commiserations on your failed definition. The system you describe would not be appropriatelyavailable, which is a fundamental quality of a "secure" system

Re:

[pipingguy (566974)]

Perhaps it is politically useful to announce that you've been hacked when, in fact, you havent. Or if you *have*, in fact been hacked, it might be useful to "leak" to the press that you've been hacked, but you secretly know that the hacking occurred at a non-vulnerable point. Or, if you haven't been hacked by hackers, it could be hacky if the hackees hacked the hackiest hack node and then made it appear that hackers had [writer's brain explodes, end of post]

Re:

[sumdumass (711423)]

Actualy, this is a good point. Knowing that china is one of the ones holding the UN security counsel from making and definate actions on IRAN and thier nuke program. North korea is a concern too and many experts seem to think china can stop NK at any time. This might lead a little leverage over them. Simularly, the tarrif on shoes from china gives the EU some position of power over china too. So politicly, letting them know it might have worked could be a setup to allow threat of force and forgivness to man

Re:

[pipingguy (566974)]

International politics is convoluted and mysterious and the post cold war era hasn't really changed much. It's still a game of favours, inside deals, secrecy and private agreements.

If NK tests, you can be sure that something else is happening in the background. We might find out what /really/ happened in 2030.

Re:

[Shadyman (939863)]

You mean you're going to ask the Department, "Does it run Linux"?

Re:

[anagama (611277)]

Just out of curriosity -- how many exploits for linux are there in which your machine can be rooted simply by viewing a website? How many such exploits have there been for windows? I honestly don't know the true answer but I'm betting there is a large difference between the frequency of this type of exploit with windows having the "high score" by a large margin. Please correct me if I'm wrong (with actual examples, not opinions).

Re:

[AaronLawrence (600990)]

I think that, while they have inherited some of the good security practices from *nix, they also seem to be making beginner mistakes in favour of making users lives easy - just like Microsoft did 10 years ago.
Fortunately for them, they can afford to be lax as long as the deployment is small - if they started to get 10-20% of market share, things might be different.

Re:

[rabbit994 (686936)]

Nice job linking to extremely old article. Before you go spouting off facts, you could check netcraft.

http://uptime.netcraft.com/up/graph?site=goarmy.co m [netcraft.com]

http://uptime.netcraft.com/up/graph?site=www.us.ar my.mil [netcraft.com]

Been running on Solaris for years. I'm sure your buddy Steve is happy your still drinking the kool-aid.

Re:

[Danga (307709)]

Does it suprise you he posted something like that when his handle is Macdaffy and he has a link to the website (and probably his business or where he works) called coffeemac.com.

Mac fanboys are the worst of all the fanboys IMO, they will always bring up how "superior" Mac's are no matter what, even if bringing it up is not relevant such as this case. The one area Mac's truly are superior at is graphic/video editing/authoring, other than that you can get much more functionality at a much lower price with an

Re:

[MacDaffy (28231)]

First of all, I was working at Apple when the Army made its change to Webstar. Since I retired from the company in 2001, a) EXCUUUUSE MEEE for being a little behind on current news and b) I got your "fanboy" swinging right here. I'm part of the original equipment, bitch, and whether you like it or not, Macs have NEVER been as susceptible to hacking as PC's are. I adopted the Mac platform in December of 1987 and from that day to this one I have not spent ONE CENT on measures to keep me safe from viruses, mal

Re:

[QuietLagoon (813062)]

Looks like Windows 2003 servers [netcraft.com] at the Department of Commerce.

That's more true than you think

[Travoltus (110240)]

In the US, globalist free trade advocates would rather trade with people that are attacking us, than take the necessary steps to sanction them and defend our country from them.

They start throwing out off topic words like "protectionism" and "nativism", which when you ask them what it all means, alarmingly resembles "concern for national security" and "patriotism".

Ah, patriotism, that evil word. The notion that, just as caring for your family is more important than caring for someone else's, so is taking care of your country first.

Globalism. Another word for "screw national sovereignty, screw your own citizens, let's transfer all our wealth elsewhere". See: the national deficit and the national debt.

Re:

[Darkman, Walkin Dude (707389)]

Globalism. Another word for "screw national sovereignty, screw your own citizens, let's transfer all our wealth elsewhere". See: the national deficit and the national debt.

Okay so, lets take a hypothetical situation. Lets say the US government applies a new law to state that all foreign workers must receive US-equivalent wages and benefits. The net result is that it makes no sense for companies to offshore anymore, except in cases where specific resources can't be found locally and it costs too much to

Re:That's more true than you think

[Travoltus (110240)]

1) If we continue to accept globalism, the US economy is ruined anyway. The global race for the bottom must eventually hit the rocks, because there is only so far wages can drop before the unrelenting cost of living becomes unbearable.

2) US companies already can't sell their goods abroad - or, more specifically, we're running a global trade deficit large enough to have its own gravitational field. Exactly what do we have to lose here?

3) US laws that tariff all goods made in sweatshop / undemocratic nations don't have that effect. If that law is put in place consistently, you can't undercut US companies in the US - not if you're Chinese, not if you're German, or British. Your rebuttal makes no sense - if Nike and its sweatshop operations moves to Singapore, they still have to deal with the tariff. If a Chinese Nike tries to undercut them, they too have to deal with the tariff. And if China decides not to buy any US goods... so what? We're in a deficit with them already! I propose that you don't even come into the US market unless you are an ethical player. Who's then going to undercut ethical companies in the US?

Oh, wait, offshoring to Europe won't hurt us as much because a) they also offshore heavily to us; and b) they have excellent worker protections and they're democratic.

4) Free trade with sweatshop nations / undemocratic regimes is going to ruin us any way. They're owning all our debt and they can also embargo us. (Oh yes, I know you think that despotic foreign nations can't embargo us. The 1970s and the oil embargo was all a lie. Sillyme.) Furthermore, we're transferring gobs of wealth to these monsters, impoverishing America and giving the world's most powerful enemies of freedom our cutting edge industrial capacity to boot. Germany should have sold us cheap shoes made of Jew labor, they would have won World War II with the help of the "surrender to globalism" agenda: there is nothing in your rhetoric that would provide for stopping them.

5) Free trade with nations that are attacking the United States will also lead to our annihilation. They can strike with impugnity, and others will follow.

Your theory is that fighting globalism leads to ruin. The facts say that giving into globalism leads to ruin anyway. I say die fighting; you say die in supplication.

Re:

[Darkman, Walkin Dude (707389)]

The global race for the bottom must eventually hit the rocks, because there is only so far wages can drop before the unrelenting cost of living becomes unbearable.

No, the mark that globalism leaves behind it is higher wages for the previously third world countries. Its already extant in India. So instead of lowering wages in first world countries, its increasing wages in poorer countries. Might take a while, but it gets there.

US companies already can't sell their goods abroad - or, more specifically

more than cheap labor

[zogger (617870)]

For the past several years china has been using their surplus cash to buy up resources around the planet, long term heavy deals in you-name-it, oil, natgas, various minerals and metals, etc. Manufacturing takes labor and energy and raw resources combined with an infrastructure that can combine those three things into manufactured goods then you need a shipping industry to move stuff in and out. You might be able to shift just the labor part in theory easily, but without the actual factory built and without

Re:

[Darkman, Walkin Dude (707389)]

Their population is more than 3-times that of the US's. In an all-out hacker war, the nation with the biggest population would most likely win.

In a world where a lone hacker can compromise tens of thousands of machines and turn them into a bot net, I beg to differ.

looks like BIS workstations ..

[rs232 (849320)]

"doesn't mean the hacked server wasn't using Windows, but there's also a good chance it was running Linux", xswl0931

It's not a server but hundreds of workstations. What OS do you think they are running on the desktop.

"Hundreds of computers must be replaced to cleanse the agency of malicious code, including rootkits and spyware."

"had identified several successful attempts to attack unattended BIS workstations during the overnight hours."

"The official also confirmed that BIS has limited Internet access to stand-alone workstations that are not connected to the bureau's internal network."

http://www.bis.doc.gov/ [doc.gov] was running Microsoft-IIS on Windows 2000 [netcraft.com] when last queried at 7-Oct-2006 02:01:33 GMT

was Re:What OS? Looks like Linux

Re:

[wes33 (698200)]

Mod parent up! The original was little more than a troll. The idea that the commerce department has 100s of linux workstations is, while a beautiful dream, just a dream.