Governments, IOC and UN Hit By Massive Cyber Attack 122
fysdt writes "IT security firm McAfee claims to have uncovered one of the largest ever series of cyber attacks. It lists 72 different organisations that were targeted over five years, including the International Olympic Committee, the UN and security firms. McAfee will not say who it thinks is responsible, but there is speculation that China may be behind the attacks. Beijing has always denied any state involvement in cyber-attacks, calling such accusations 'groundless.'"
"Groundless" (Score:2)
Re: (Score:2)
Not to mention that 'attacks' that endure for several years are usually called 'war'.
Re: (Score:2)
or persistent criminal activity. really depends on scope and players.
Re: (Score:2)
Yeah, if we started presenting evidence and not conjecture, maybe we'd be doing a better job of convincing the world, if not China, that China is up to nefarious deeds. Also, what reason does China have to attack the olympics? They just got an olympic event a couple years back? I don't see any reason to hold a grudge there.
Re:"Groundless" (Score:4, Insightful)
Also, what reason does China have to attack the olympics?
Well, there were all of the accusations of the Chinese gymnastics team horribly under-age(10, 11 years old). We know the soviets cheated in the Olympics (lots of steroids), and if the Chinese were cheating in gymnastics, odds are they were probably cheating in other sports as well. It's possible that they would hack into the IOC to see if there were any allegations or investigations being circulated/planned for, so that they could prepare for them (changing evidence and all that).
Re: (Score:1)
The Chinese women cheated very recently in swimming using steroids as well in the 1990s.
Re: (Score:2)
Darn commie cheaters! [wikipedia.org]
Re: (Score:2)
Re: (Score:3)
You've never spent any time with northern Han, have you? There are some seriously paranoid, screwloose individuals there. With the amount of effort they spent on the Olympics, they would feel required to monitor Olympic Committee activity for years to come.
Re: (Score:3)
Re: (Score:2)
What exactly is racist about cultural understanding?
It is stupidly PC (or even post-modernist) to ignore the way that culture drives decisions. Of course some people do things different than others for difference reasons. And cultural diversity extends beyond food. In fact, it extends to (gasp) culture.
And seeing as how I have an entire family who are from that region, perhaps you'd like to reconsider your statement. Unless I'm self-hating. Oh, that must be it. Please excuse me while I head out to cut
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
Northern Han emigree? Let's see. Chauvinism? Check. An inability to accept even indirect cultural criticism? Check. A willingness to whine about racism? Check. An inability to articulate a contrary thought without reducing it to violence or swearing? Check.
FhnuZoag, you are a caricature of the Ugly Chinaman. Look in the mirror. You are what Bo Yang was warning of. [amazon.com]
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
You're confusing ethnicity and race. In the western world, which is how you describe this forum, Han Chinese are considered an ethnic group.
Re:"Groundless" (Score:5, Insightful)
Re: (Score:2)
I'm sorry, did you just claim that Northern Han share "little similarity beside their specifically pointed out racial subtype"? - LOL
I'll remember that the next time I'm in China - "Note to self, the Han Chinese in the north are only genetically similar, otherwise they are all different..."
Re: (Score:2)
Man, the Time to Racism on these China related articles...
Sorry, no, you don't get any virtue points for pointing at a useful cultural observation and shrieking "racism!!!1!".
I realize the other routes to virtue are a lot more work. We apologize for the inconvenience. Perhaps you'd find veganism to be adequately easy.
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
The belief that all members of each race possess characteristics or abilities specific to that race, esp. so as to distinguish it as inferior or superior to another race or races
Prejudice, discrimination, or antagonism directed against someone of a different race based on such a belief
Re: (Score:2)
Shhhh. That's a secret. ;)
Re: (Score:2)
OK, so China says the accusations are groundless. Obvious question: why were the accusations made? Is it just because of China's reputation, or is there a real reason to think that China is involved?
The accusations probably arise from a few things. First, how many time have you heard about the Chinese government, or Chinese firms, getting hacked? Not too many. Second, China is one of the few countries that has uniformed hacker units in their military. They also have hacking divisions in their state security and intelligence apparatus. Third, most professors and students of CS are basically kept on call by the government; almost a hacker National Guard.
Re: (Score:2)
How about this - the attacks are traced to China, or at least, they endpoint at their firewall. China monitors all internet traffic coming into and going out of their country. Their ISPs retain logs of all internet traffic as well. Governments ask for China's help tracking down an attack - China says "didn't come from here."
So what are we to believe? Either China's government is covering up the attacks, they are behind them, or they are incompetent at running a network.
Re: (Score:2)
Re: (Score:1)
Maybe its just ignorance... China is really freaking big. Saying "its china" is about as pointlessly vague as saying "it was done by young males". In both cases theres about a billion suspects.
Also all the PCs in China are unpatched, owned zombies. Don't waste time claiming they based it on IP addrs.
Re: (Score:2)
Most other attacks are accompanied by Internet chatter. A business should not be surprised if it is hit by lulzsec or another social group attack. Typically, there are warning signs, and large businesses pay a good deal of money to be forewarned about such attacks. But a wide attack like this.... If there was no warning, chances are it was the Chinese.
Perhaps people need to start realizing what an authoritarian, reclusive, and paranoid regime can do to the world. After all, look at the damage the US has
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I would assume they're pointing the finger at China because the attacks originated from there.
That said, if I were to do something shady, I'd proxy through China so the authorities will just say "damn dirty Chinese!" instead of looking for me on the other side of the planet.
Re: (Score:2)
But other than that, no real reason to believe that China is the one who would want m
Re:"Groundless" (Score:5, Insightful)
I wonder the same but from a different perspective.
Time and time again security firms like Sophos and McAfee make these grand claims - "MASSIVE STATE ATTACK ON US DOD" or whatever, yet do they ever release any evidence?
Of the ones I've bothered to read TFA for so far they seem to be little more than claims, we never see any evidence, just speculation or arbitrary bullshit like they follow a "profile" - the profile probably being nothing more than the attacks were carried out on the internet or something stupid like that.
If anything it seems to be more a case of security firms loving the fact that all they have to do is come up with some sensationalist wankfest and all of a sudden their firm is advertised right across every section of the media across the globe.
I'm getting tired of it. Security firms- either publish all your relevant data to prove your claims, or shut the fuck up. Otherwise I'll just assume the best your firm can do is conjure up marketing stories, because you certainly can't produce trustworthy virus scanners.
Re: (Score:2)
A new Cold War could make money for many people. Follow the money.
I welcome "cyber attacks" because they can coerce immune responses and punish bad security practices.
It's unfortunate for overall internet health that the slowest zebras are "infected by parasites" instead of "killed outright".
Re: (Score:2)
You can show them actual proof of someone in china sitting behind a desk and hacking into a system, and they wouuld still deny it, saying all sorts of claims of fraud or whatever. Bottom line is the US as a whole is not recognized as a governing body in china as it might be for the rest of the world. I am not bashing americans, but i do think sometimes they think too highly of themselves, and expect others to just bow down each time they claim something.
Sort of like the big bully of the school yard who tend
That says it all (Score:2)
but there is speculation that China may be behind the attacks
OMG ya think? Who else has the ability to put something this massive together?
Re: (Score:1)
OMG ya think? Who else has the ability to put something this massive together?
Just off the top of my head.... The US, Russia, the UK, Israel, Germany Not saying they aren't behind it, just that they aren't the only game in town.
Re: (Score:2)
Re: (Score:2)
Who else has the ability to put something this massive together?
Judging from Stuxnet, I'd say the US and Israel at least. The Russians, almost certainly. Or hell, considering that they stole mostly industrial information (according to TFA), just about any company. Actually, its probably an underground cracking organization that contracts out to companies to get the information. Maybe funded by China, but it's most likely government independent. Governments rarely operate on that kind of scale illegally, especially against commercial targets. Too much risk of backlash sh
Re: (Score:2)
Re: (Score:3)
OMG ya think? Who else has the ability to put something this massive together?
Me?
Re: (Score:2)
Re: (Score:3)
OMG ya think? Who else has the ability to put something this massive together?
Absolutely. China is the only country with more than half a dozen bored and disaffected teenagers.
No one ever got fired for buying IBM (Score:3)
as the old saying claims.
today it's more like "No one ever got fired for blaming China" - it may be possible (even likely to some extent), but those rumours and speculations are IMO mostly based on political bias/reasons.
Re: (Score:1)
Re: (Score:2)
The Chinese and US both have huge governments who can and do exploit each other as "threats" so they can excuse the expenditure of even more money. Follow the money.
Never mind that the US has no rational military interest in Asia, we must FEAR the EVIL CHICOMS and spend sweet billions to defend our useless client states (so they can save on military budgets and spend the diff on economic competition WITH THE US).
Has anyone alerted Scotland Yard? (Score:1)
Quick, arrest a bunch of English teenagers and everything will be just fine!
Rosetta Stone Chinese, anyone? (Score:2)
Re: (Score:2)
Really, why invade a country on foot and turn things into a blood bath when you can slowly choke everyone out (i.e., virtual occupation!)
If you think Chinese Second Life Flying Penises (SLFP) can beat out American SLFP, you've got another think coming.
Re: (Score:2)
Every comrade knows, Soviet Russian SLFP are bigger than American SLFP. Soviet Russian SLFP are biggest SLFP! Sing to the Motherland [wikimedia.org] home of the FREE!
Re: (Score:2)
China isn't engaging in an undeclared war. War is when you use enforce your political policy through violence.
China, more than any other nation, knows how to play the long game. They've been very carefully avoiding violence, instead making long-term strategic maneuvers. They don't need war; in fact, they're playing by our own rules: they're using (and perhaps abusing, but that's not "war") the free market to compete us right into the ground.
Re: (Score:1)
Re: (Score:2)
The intent is to make China the world's number 1 superpower without starting a war.
I just object to diluting the term 'war' when what they're doing is something considerably more subtle.
Re: (Score:1)
Re: (Score:2)
Oh, I know this isn't a recent thing. As I said, China knows how to play the long game.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
major security company with international government and defense contracts has recently detected an enormous cyber attack! the attacks is from China, because the chinese manufacture our televisions and appliances and therefore are most identifiable in the minds of american senators congressmen and those who sign perpetual service contracts and license agreements. action is to be immediately taken in the form of Visa, Mastercard, American Express, Purchase Order, or your local security company sales team immediately! for only then can you rest assured the evil attacks of cyber will abate. additional: malfunctions in your television, home computer, blender, and dishwasher should immediately and unquestionably be attributed to this latest cyber attack.
All those things are made in....gasp........China!,
Assuming It Is China (Score:4, Insightful)
If they were concerned about national security, they would denounce the culprit (they know what country they're coming from), and work on hardening security. But it is not about national security. It is about corporate security and defending the status quo. That is why the US seeks to extradite file sharers, hell, link sharers, from other countries, but when massive ddos attacks are directed at us by governments that we trade with, nothing is generally done.
Oh, and this entire rant uses the word cyber once; in this sentence.
Re: (Score:2)
Re:Assuming It Is China (Score:5, Insightful)
Assume it is China. Why is it that when transnational attacks occur on a scale this large against our nations infrastructure, financial sectors, and defense systems the politicians shrug it off or turn a blind eye, but when citizen schmoe downloads some files or leaks some dox the entire system goes full assault on their asses with ICE raids, take down notices, special committees on intellectual property, etc. etc.
Simple - Citizen Schmoe doesn't control minerals, oil, access to SLOCs, etc that you need - so you play the diplomacy game since both sides don't really want to alienate the other; they just want an upper hand. OTOH, you have nothing to lose by smacking Citizen Schmoe to deter others so they don't drain resources while you play the diplomacy game.
Remember - today's enemy may be tomorrow's friend, because countries have permanent interests, not permanent friends or enemies.
If they were concerned about national security, they would denounce the culprit (they know what country they're coming from), and work on hardening security. But it is not about national security. It is about corporate security and defending the status quo. That is why the US seeks to extradite file sharers, hell, link sharers, from other countries, but when massive ddos attacks are directed at us by governments that we trade with, nothing is generally done.
Denouncing does nothing but cause a public fight. Instead, you harden your networks and work behind the scenes to let them know you are pissed off. In addition, watching what they do gains insights into hat the are doing and want; as well as the opportunity to plant information as well. Or, why not let them give you to add selected payloads as part of the info they d/l to make it easier to tap their systems? Plus, if they think their current tools are effective they may not try to develop better ones. If you let your enemy think they are smarter than they are and you are dumber than you really are you can win a lot of battles or make a whole lot of money.
Re: (Score:2)
Re: (Score:3)
There are more than enough competent federal employees. Don't make the mistake of assuming the lunacy of the generals also applies to the troops in the trenches.
Re: (Score:1)
If they were concerned about national security, they would denounce the culprit (they know what country they're coming from), and work on hardening security.
In most cases, we can't tell where traffic comes from. Between botnets, Tor, and other proxies, the best we can do is say "it looks like the attacks are coming from IP addresses from Karblockistan." Attack attribution is difficult, if not impossible. Hypothetically, I can attack your network and make it look like it came from anywhere in the world. If I want to be extra convincing, I'll use Chinese language tools so that you suspect the Chinese. An attack from Chinese IP's doesn't mean the PRC had anything
Re: (Score:2)
If politicians are all about "corporate security" and a large number of "corporations" got attacked then wouldn't the politicians be making a big stink?
Never assign to malice what can be attributed to stupidity.
Re: (Score:2)
Re: (Score:1)
Duh! (Score:2)
It was 'Al Quaida'....obviously!
Re: (Score:2)
The /bin/nedal rootkit binary gave it away. AQ thought, by misspelling the name nobody would notice but Ha!...security through obscurity just never works!
What was the plan? (Score:2)
Brute Force Attacks from IPs in China (Score:3, Interesting)
I get several emails a day alerting me to the fact that yet another IP address has been banned for brute force attacking a server I have on the internet. For a while I tried to track down where these attacks were coming from and I was amazed at both the diversity of countries of origin and also the sheer number coming from China.
Now just because the attack is coming from an IP address in China doesn't mean all that much. It would be a stretch to conclude the attacks are state sponsored. But I find it odd that for a country with such authoritarian control over 'net usage somebody somewhere in their government isn't either aware of this. I tend to think that if they're not supporting they're at least sanctioning the attacks.
I fully admit that this is anecdotal at best and would love to hear from others who have servers on the 'net that have kept more detailed records.
Re: (Score:3)
Re: (Score:3)
An attack coming from an IP address in China doesn't mean much to me -- It gets blocked and life goes on.
It could be a botnet client, or it could even be someone who compromised a machine just to make things look like it was an overt Chinese attack. If Elbonia hackers were probing a target, why not use Latveria's machines so the probes appear to be coming from there?
Regardless where the attack comes from, unlike most theaters of wars where the best defense is a good offense, the best defense on this front
Yea that sounds like Mcaffee (Score:2)
To tell you shit after it doesn't matter and wont do anything about it anyway
"Attack" vs. "Peek" Article Language (Score:3)
Re: (Score:1)
I read the NYT version of the article. I seems like we need more vocabulary to define "attack" vs. "tresspass" vs. "spying" vs. "wikileaking". The UN should by all rights be FOIA (Freedom of Information Act) accessible, providing this information to everyone. For five years, someone peeked through agency files. I wouldn't expect anything I sent to the UN to remain a secret.
From what I read in both articles, I wasn't able to gain an understanding as to what actually happened. The word "attack" in the online context is meaningless. Too many people try to apply physical world characteristics and descriptors to the internet when many of these carry over terms aren't appropriate. The vocabulary issue also demonstrates that many of those in power really don't understand the problem.
dear china/lulzsec/whoever.. (Score:2)
if you're going to wipe something off the internet, take out something that's just bad for the whole internet as it is: SORBS. Please obliterate them once and for all.
"Groundless" = "You have no Proof"... but not... (Score:2)
"We didn't do it."
This is Official Chinese Policy (Score:2)
This is part of China's asymmetric warfare strategy laid out in this document over ten years ago:
Unrestricted Warfare
by Qiao Liang and Wang Xiangsui
http://cryptome.org/cuw01.htm [cryptome.org]
Read through the document. China is at war with the US because the Chinese Politburo knows that the only way they can hold on to power in the long run is to crush all viable alternative economic systems. The accumulation of US debt, the hacking of US and Western systems, and the ongoing Charm Offensive are all designed to put the US
Re: (Score:2)
Re: (Score:2)
I never said it was secret. This brings me to a second point. China actively pays individuals to post on forums like this:
http://articles.cnn.com/2010-03-26/tech/china.astroturf_1_bloggers-china-government?_s=PM:TECH [cnn.com]
Looking through your posts clearly shows you are a pro-Chinese anti-American poster with comments such as:
"No, it's because the US is a democracy, and many Americans are
fucking stupid"
"Maybe we can get the Chinese to put this thing up"
"So, uh, murder is okay now because the US government exists"
Re: (Score:2)
Re: (Score:2)
Pictures or it didn't happen (Score:1)
I laughed when I read how they did it. (Score:2)
Re: (Score:1)
China's public image (Score:1)
What it comes down to is who held the last smoking gun, China got caught once or twice, didn't defend itself too well, and now everybody can just assume it's them. IMHO it probably is, they seem to have their IT down better than the rest of the world including the US, I mean they censored like 1/3 of the world's population from the internet and are seemingly keeping on top of their filters.
What China has to realize though is how long standing public image is, and how much it will mess with them in the futu