Norway Becomes First NATO Country To Accuse China of Stealing Military Secrets (softpedia.com) 120
An anonymous reader writes: A high-ranking general in the Norwegian Army and head of the Norwegian Intelligence Service E-tjenesten (Etterretningstjenesten) has made official statements accusing the Chinese government of launching cyber-attacks against his country. Gen. Lunde says that state-sponsored hacking groups have targeted many Norwegian companies during the past year. He says that these companies are suppliers and collaborators of the Norwegian army and that hackers have stolen information considered to be state military secrets. The statements were made to Norwegian TV station TV2 by General Lt. Morten Haga Lunde, who was detailing his agency's most recent intelligence report.
Re: (Score:2)
Create a series of honeypot servers containing the marketing material for your latest robotic grenade launchers
You don't even have to do that. Create a server with an open ssl port, covered by an kind of password you want. The Chinese will soon be there, recompiling your kernel to do all kinds of DNS hijinks.
Re:Chinese response (Score:5, Funny)
Re: (Score:3)
That's why they're not lifting military secrets from Iceland.
"Spies steal secrets. What's your problem?" (Score:2)
It would be SO refreshing if they'd just say that. B-)
Re: (Score:3)
China is pretty much a shithead (Score:2, Informative)
Let's see... China has a truly awful record on human rights. China steals military secrets from Western countries. China makes cheap knock-offs of products designed by businesses in more developed countries. And lets not forget that China backs the DPRK, with a brutal nutjob of a dictator who threatens nuclear conflict and has an even worse human rights record. It's easy to point to countries where a regime change might help the world. In the case of China, we'd all be better off if the commie government wa
Re:China is pretty much a shithead (Score:5, Funny)
Unfortunately for now China is pretty much the biggest shithead in the world.
So what you're saying is, you haven't been following the Republican debates?
Re: (Score:2)
I have. And I have learned a lot of words that were strangely absent from my formal Russian courses...
Re: (Score:3, Funny)
Clowns to the left of me, jokers to the right, here I am, stuck in the middle with you... [youtube.com]
Should be the anthem of any presidential election.
Re: (Score:2)
I suppose you are one of the Trump supporters he loves so much? I mean he said it best himself, "I love the poorly educated."
Re: (Score:2)
So... he's in the tradition of Pol Pot [wikipedia.org]? Do people with glasses have to fear for their lives, too, 'cause they're seen as "intellectuals"?
Re:China is pretty much a shithead (Score:4, Insightful)
The difference is Pol Pot, in addition to being a genocidal maniac, was actually very well educated himself...
Whereas Donald Trump probably thinks Khmer Rouge is a type of makeup. ("I know Khmer Rouge, I love Khmer Rouge. They sponsored several of my beauty pageants. My wife Melania is a loyal customer.")
Re: (Score:2)
I would pay for that soundbite.
Re:China is pretty much a shithead (Score:5, Funny)
Trump has advocated torturing captive enemies as a deterrent against future attacks, and in a recent speech suggested that the way to end terrorism is to dip bullets in pig blood so muslims will believe getting shot sends them to hell.
The world loves to follow American politics. It's endlessly entertaining, the level of sheer insanity that drives it. But it is no way to run a country.
And that really doesn't work (Score:2)
Variations on that have been proposed repeatedly. They just show the person proposing them is ignorant of actual Islam.
I'm not all THAT familiar with it myself, but I AM familiar enough to know the major madhhabs agree that being exposed to pig blood by an enemy as a tactic in war is not a problem for getting to heaven (while being killed in such a way is a f
Re: (Score:2)
"They just show the person proposing them is ignorant of actual Islam."
Yes, they do. And as President, part of his role is diplomatic. Which means maintaining reasonable relations with a number of countries in which Islam is of culture-defining importance. Ignorance is forgiveable, but only in those who are able to recognise it in themselves. Trump clearly does not. If a future President Trump were to say something of the pig-bullet nature, it would be the cartoon riots again - but ten times worse, and with
Re: (Score:1)
All of GP's critiques could have been made of the United States by a neutral party. There are a lot of things that The United States does better than China, but unloading on that list as if they were a uniquely Chinese problem makes GP more of a stereotype-induced-hatred-of-the-other than a legitimate critique of China.
Re:China is pretty much a shithead (Score:4, Funny)
Re:China is pretty much a shithead (Score:5, Interesting)
To put it this way, I would dread the day the US said you wusses take care of yourself we're pulling out of NATO. Despite being occupied once in living memory, we're still so naive we'd be cheering on Chamberlain and "peace for our time" right up to the point Russian Spetsnaz or IS militants start parading in the capital, like they did the very same day [wikipedia.org] the Nazis invaded. Fortunately Eastern Europe has been peeling away from Russia, so hopefully we're not put to the test because I think we'd epic fail again.
That said our military equipment is largely yours, today we fly American F-16s tomorrow we fly American F-35s. We do NATO exercises together, learning tactics from you. Our plans for defense are part of NATOs plan for defense, like forward storage of US military equipment for US troops to defend the alliance. And despite arms trade being a contentious topic we don't advertise much, we actually have some high tech missile systems and such we sell to the US and other allies. Granted the US keeps quite a few cards to themselves, but there's quite a lot worth stealing.
But when it comes to attitude, it's almost like we don't believe in evil anymore. That we're all good at heart and all the bad guys have just had bad childhoods or bad experiences or have been indoctrinated or brain washed. That hate should be met with love, that people are just misunderstood and have lost their way and that everyone can be rehabilitated back to upstanding members of society. And despite all the evidence to the contrary it's not their failure, it's our failure to get them off this destructive path. And if we could just find that, we'd all hold hands and sing kumbayah.
Defense Budget of the world (Score:2)
Fundamentally, the United States foots the military budget for a huge portion of the developed world--Pretty much all of Western Europe, Japan, Australia, South Korea, etc...
While some of those countries have an impressive military budget, The UK, France, Germany, Japan, South Korea, Australia, Italy and Canada together spend only about 45% of what the US spends. (Not all are NATO members, but they all have significant military expenditures.)
If the US walked out of NATO it would lose 2/3rds of its military
Re: (Score:2)
most car analogies on /. are made in a way that works across countries. yours is useless. is chevy metro a large luxurious expensive car or a small cheap-as-chips rustbucket? or are you alluding to its age? (is it old or new?) is it reliable or known to be the opposite? your analogy did not clarify anything.
Re: (Score:2)
Re: (Score:2)
A large, luxurious expensive car with a Chevy badge? Surely you just.
The Chevy Metro is a re-badged Suzuki Swift. Happy now?
Re: (Score:2)
Norway builds cryptos, radios, subs, guns and oilrigs.
Re: (Score:2, Informative)
And lets not forget that China backs the DPRK,
You might want to get caught up on current events. [reuters.com]
Re: (Score:2)
China's main concern with North Korea is stability. They just want the country to stay right where it is, because a war would be a great deal of trouble for China. NK's tendency towards sabre-rattling concerns them too.
Re: (Score:2)
Yeah, we have such a GREAT track record with replacing regimes recently. Let's mess with a country that has a billion people and nukes, what could possibly go wrong?
Re: (Score:2)
Considering they are claiming control of shipping and fishing lanes they previously never controlled and are building artificial islands to claim seas belong to them what could go wrong with doing nothing? The Philippines and India might be worried over nothing but let's ignore everything because what could go wrong.
Re: (Score:3, Interesting)
> Let's see...
Yeah, let us see.
> China has a truly awful record on human rights.
Just like Russia and the US.
> China steals military secrets from Western countries.
You cannot honestly say that after the spying scandals by the US and everybody and his dog knows the Russians spy (they give decoration objects with ears IIRC).
> China makes cheap knock-offs of products designed by businesses in more developed countries.
China makes the parts that equip high-quality cars and US planes (!), too: they mak
Re: (Score:1)
One super-power is - supposedly - "stealing", and another super-power is killing people, "militants", women, children, civilians, in smaller under-developed countries with little consideration for it. Who are the biggest shit-heads, really?
That's not really accurate. The USA is killing those people after a lot of consideration. Obviously they're making the wrong call in at least some cases, and there are cases where they may make the right call (because they kill someone who would otherwise destroy thousands of lives) but the innocent still die.
But the USA is also *VERY* easy for anyone who is trying to distract from their own failings and problems to paint as the bad guy. While the USA has done some really bad things, the harm being done
Re: (Score:2)
The US is very easy to paint as the bad guy simply on its own merits. Its lack of respect for democracy in other countries is disgustingly hypocritical, and the countless innocent civilians killed by its military misadventures and puppet governments are a stark testament to that.
Re: (Score:1)
It's not millions. It's only one and he's CGI'ed to look like a million.
That's why they all look the same.
Re: (Score:2)
It's a tough life up north. Don't mess with the Scands, they don't take no shit from nobody.
I think the main reason Finland was not allowed in the NATO is that they would've started a war with Russia long ago over the correct way of distilling Vodka if they only felt like there might be a hint of backing by someone.
Sad reporte' on my country's lack of balls (Score:2, Funny)
So this tiny little country is willing to step up and call out the state-sponsored hacking from China that undermines the military posture of NATO? Meanwhile on a golf course somewhere in the continental US... the executive branch is silent on the topic. Time to re-connect with my Norwegian college buddy to find out their countries "man up" secret so I might be able to share.....
Re: (Score:3)
Bitching about it in the press us hardly something to praise. To paraphrase Stalin, "how many divisions does the press have?"
You get beat, you go back and clean up your act, plug the holes, and thank your lucky stars you didn't have to learn that lesson in wartime.
Re: (Score:2)
Re: (Score:2)
I'm pretty sure it was all insightful and inspiring, but it loses a bit in the translation from Chinese.
Two words (Score:3)
Air Gap.
Keep your state secrets off of internet connected systems and the only way that someone can steal those secrets is with a "Mission Impossible" team sneaking in and crawling through the duct work.
Oh, and maybe you shouldn't have a duct running to your super secret computer room that is large enough for a human to crawl through. Just a thought.
Re:That easy huh? (Score:5, Interesting)
I'm confused. Tell me what is easier, an air gap or buying and maintaining gobs of firewalls to keep the bad guys out?
Security is a process and somewhere along the line someone failed to maintain security or else this would not have happened.
I've worked on air gapped systems before. I'd have two computers on my desk, one on the air gapped network and the other on the internet connected corporate network. That way I could write my code and run my test cases on the secure computer and still have access to e-mail, be able do some internet research, and generally communicate with the outside world. We were not allowed to have our cell phones in the room, the closest they could be was a faraday cage box outside the lab.
There were few telephones in the room to discourage speaking to people outside but still allow people to make quick calls to family or coworkers. (Side note: It was an unlisted number so we'd sometimes get wrong numbers or phone surveys that used a random phone number generator that would normally black list known business numbers. We had to be careful how we answered the phone to not reveal where the phone was located.)
Transfer of information in or out of the lab had to follow a process to keep the lab secure. This is where failures usually happen, the process isn't followed and we'd get a virus or someone did not properly log out a disc. The network was monitored regularly to keep people from removing a computer from the network, a sign someone might take a hard drive or move the computer to the insecure network, or adding anything to the network.
Sharing of data between sites was done by discs sent by a trusted courier. My job did not require me to do this sort of thing so I was not trained on sending discs but I was trained on the process of receiving files from outside the air gap. If a courier was too slow then we'd get a secure network. I'm not sure I can talk on how that network was secured.
Once in a while we'd have the cleaning crew come in to clean the floors and carry out the trash. At that point all work was to stop, computers locked and screens cleared, file cabinets locked, a blinking red light was turned on to indicate the room was no longer secure, and we'd sit around and discuss hunting, sports, or the weather.
As much as the air gap process sucked it was liberating in some ways. One nice thing was that work would stop once I left the room. If we went out to lunch then work never came up while we ate. I didn't have to worry about a cell phone call interrupting me, family and friends learned I was effectively off the grid while working. If someone really needed to get a hold of me that someone would just have to call the front desk and I'd be paged.
An air gap does not require any fancy hardware. Where I worked it was a bit over the top in some respects such as how the front door was secured. Creating an air gap system is pretty cheap, all things considered. The primary thing is to make sure everyone involved is knowledgeable on the processes of maintaining security, those methods were pretty simple as well.
If these private companies and government agencies are not willing to go through the work to create an air gap then they can expect to see a network attack from some far off country. If the firewalls used to secure these systems fail then an attacker's ability to copy or corrupt sensitive data can be bound only by the network bandwidth. An air gap failure tends to be quite limited in scope.
You might find air gaps as a silly idea on computer security but if you have a better idea then I'd like to hear it.
Re: (Score:3)
Where I worked it was a bit over the top in some respects such as how the front door was secured.
If it was secured properly, then it was not possible for anything short of a small army to walk in.
I continue to be amazed at the fancy electronic security that is used in many businesses, yet you could just walk right in the front door if you physically wanted to and all they could really do is call the police (assuming you didn't prevent that from the start).
If you honestly have anything worth so much that electronic security of the level you described is required, then you also need physical security. A
Re: (Score:1)
I'm confused. Tell me what is easier, an air gap or buying and maintaining gobs of firewalls to keep the bad guys out?
Security is a process and somewhere along the line someone failed to maintain security or else this would not have happened.
Having an isolated network didn't help the Pentagon:
https://en.wikipedia.org/wiki/2008_cyberattack_on_United_States
Or Iran:
https://en.wikipedia.org/wiki/Stuxnet
Re: (Score:2)
If there is some aspect I missed then, by all means, please explain.
For starters there are now "administrative tools", touted as a "feature", built right into the chips. These allow complete powning of a machine by any major networking pathway, including WiFI even if the machine is turned off or the network not supported in the OS. It isn't enough to "air gap" a "secure" LAN - or even not HAVE a LAN and rely on sneakernet. You have to physically rip the stock networking devices out of the box to block th
Re: (Score:3)
The problem with isolating your computer from all other networks is that you tend to lose the advantages of having computers on a shared network, which are obviously rather significant. Military secrets don't exist in a vacuum. They need to be shared with selected other people to be useful. Projects are collaborated and worked on... orders are carried out... data must be analyzed. It's all well and good to say "lock up your secrets where no one can get to them", but remember, that includes the people th
Re: (Score:1)
> and even in the US, military related things get stolen by hackers all the time- just not classified stuff.
I'm pretty sure all of our data that was taking in the OPM attack is considered classified. I suspect classified data gets stolen more often than they tell us about it. Hell, it probably happens more often than they know about it.
As an aside; I've worked on an airgapped system. It's a kind of neat process. It was a little frustrating and I'm not sure that the data I was working with needed to be co
Re: (Score:1)
Are you certain that the data, once collected, isn't considered classified? I was under the impressions that the records were classified... It has been a *long* time since the training and the whole process. Early 2000s was when I went through it for that program and I've had nothing to do with anything of that nature since the end of 2003. I'm kind of annoyed that they'd retained the data but I'll be (hopefully) all good. I already have the 'do not issue credit' flag set as the records are locked at the cr
Re: (Score:1)
Thanks for the additional info and for the clarification. You actually just confirmed, sort of, something that I was confused about. How to explain this or ask this?
Back in the 1980s, I had my clearance because I transported detainees. I was already a driver so they sent me to school to become a chaser/escort. (I was in the Marines.) Because I had to deal with certain types of records that may be classified, because I had to physically handle them, I had to get my clearance. Even though they were often in s
Quit whining Norway (Score:1)
If you don't want your military secrets to be stolen, how about you don't put them on the internet? Simples, no?
Everyone spies. Rather than complaining cos you're not as good at the Game as they are, how about you secure yourself and do a little hacking right back?
Re: (Score:1)
If you don't want your military secrets to be stolen, how about you don't put them on the internet?
Alternatively find a location which has a great firewall and put the servers behind there!
Not China's only Internet-related misbehavior. (Score:1)
I'd be happy if they'd just knock it off with the phishing/malware spam already.
Seriously, the first (Score:2)
I thought America has been accusing them of stealing all kinds of secrets. Was that accusation limited to business *secrets?
*Where "business secrets" means "please build this for us at absurdly cheap prices, but don't learn anything about it".
Re: (Score:2)
Don't worry. Judging from all the Chinese junk that ends up in the Dollar Store, they haven't.
Is eezy (Score:1)
Anyone thinks (Score:2)
that this will have an effect on snooping? Like - make them stop trying after succeeding?
Bork bork bork (Score:2)
Der eenternet in dem pot is zu zecure zu breaka eento. Bork bork bork!
Re: (Score:2)
Bork bork bork is Swedish. The rest of the sentence looks like Dutch.
Yeah, but Norwegian can to non-speakers sound like higher pitched Swedish, so it would be: Beerk beerk beerk.
Re: (Score:3)
Dude, Norwegian IS high pitched Swedish. Don't try to fool us into thinking otherwise.
For fucksake slashdot .. (Score:1)
Re: (Score:2)
Yes, and a burglar coming to my home stealing my stuff is also just doing his job. He still gets one over the head with the baseball bat.
Someone doing his job doesn't mean I have to like him doing his job. Or even that it's a good thing he's doing it.
It's what militaries do (Score:1)
Shuddup and steal back
Re: (Score:2)
What for? That would be like torrenting from someone who got his whole library exclusively from you.
Important cultural difference (Score:4, Interesting)
The Western standard is that you don't directly steal things someone is trying to keep secret. You pass a few laws making the behavior illegal, and that's it. Anyone who breaks the law and steals your secret is a "shithead" (to quote another comment), and should be tried and jailed. You can infer the secret from afar, based on secondary information which leaks out, but stealing it directly is a no-no.
The Eastern standard is that if you want to keep something secret, you'd better do everything you can to keep it secret. If someone manages to hack you and steal your secrets, it's your own damn fault for not protecting yourself. Corporate and state-sponsored espionage isn't just encouraged, it's expected. You can be fired if you refuse your company's orders to spy on a competing company. Just don't get caught doing it. That'll result in you being fired in order for the company to save face - everyone pretends they respect each others' secrets, even while they're secretly trying to steal them.
The Hainan Island incident [wikipedia.org] is a good example. The U.S. felt justified spying because they flew the EP-3 just outside Chinese territorial waters. They weren't breaking any laws, so by Western standards the behavior was OK. By Eastern standards, the behavior became unacceptable the moment it was clear they were spying. If the U.S. had been spying secretly, it'd be OK. But doing it overtly and openly by flying the EP-3 in plain sight just outside the Chinese border was a faux pas.
Because of this difference in standards of behavior, I read about all the joint technology deals Western companies make with China, and just shake my head in disbelief. Like the German company agreeing to manufacture high speed trains in China, instead of manufacturing them in Germany and shipping them to China. After a couple years, the Chinese told them they didn't need their help anymore, and didn't renew the contract. Obviously what happened was the Chinese went over every inch of the production facilities during off-hours to glean every nugget of information they could about manufacturing these trains. And after a couple years when they felt they had a good enough handle on how it all worked, they ditched the German company and started manufacturing the trains themselves. The Germans expected the Western standard of behavior - that the Chinese would "respect" the sanctity of their production secrets and not try to copy them. (Kawasaki did the same thing to my surprise, since they knew going in that this would happen.)
So don't expect the Chinese hacking and spying to stop. As long as there's plausible deniability, they're going to keep at it. The onus is on Western companies and governments to protect themselves as best they can, because the Eastern standard wins in a race to the bottom.
Re: (Score:2)
You are ignoring the corporate espionage that happens in the west. That kind of defeats your strange, rambling argument.