Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
China Security IT

Chinese Hacker Singlehandedly Responsible For Exploiting 81,000 Sophos Firewalls, DOJ Says (cybernews.com) 16

An anonymous reader shares a report: A Chinese hacker indicted earlier this month and the PRC-based cybersecurity company he worked for are both sanctioned by the US government for compromising "tens of thousands of firewalls" -- some protecting US critical infrastructure, putting human lives at risk.

In a series of coordinated actions, the US Treasury Department's Office of Foreign Assets Control (OFAC), the Department of Justice (DoJ), and the FBI said the massive cyber espionage campaign, which compromised at least 36 firewalls protecting US critical infrastructure, posed significant risks to national security.

A federal court in Indiana earlier this month unsealed an indictment charging 30-year-old Guan Tianfeng (Guan) with conspiracy to commit computer and wire fraud by hacking into firewall devices worldwide, including one "used by an agency of the United States." Guan, employed by the Chinese cybersecurity firm Sichuan Silence -- a known contractor for Beijing intelligence -- was alleged to have discovered a zero-day vulnerability in firewall products manufactured by UK cybersecurity firm Sophos.

Chinese Hacker Singlehandedly Responsible For Exploiting 81,000 Sophos Firewalls, DOJ Says

Comments Filter:
  • A Chinese hacker indicted earlier this month and the PRC-based cybersecurity company he worked for are both sanctioned by the US government for compromising "tens of thousands of firewalls" -- some protecting US critical infrastructure, putting human lives at risk.

    "protecting US critical infrastructure"?

    US critical infrastructure should have at the very least 2 firewall from different vendors chained together before being able to access anything.

    • I've heard of IP over Carrier Pigeon. But never IP over Chain. What kind of throughput do chains provide?

    • No one HA pairs different vendor firewalls together.

      1.) All hardware vendor's are proprietary even if they use open source code.
      2.) All of the hardware back-planes are vastly different.

      You'll never see a Palo Alto and Cisco FTD HA paired together. It's best practice and cost efficient to use a next gen (layer 7) Palo Alto pair as your expensive edge wall and then something like a Juno or Checkpoint (layer 3) pair as an internal set to wall of network segments and then something else for your external VPN s

  • by Gravis Zero ( 934156 ) on Tuesday December 17, 2024 @01:47PM (#65019955)

    If you regard security as a reactive issue, merely going after the people who exploit weakness then you are enabling people to have weak systems. A more robust approach would be to actively seek out weaknesses in devices and take them offline by force in addition to prosecuting hackers.

    The way I see it, insecure equipment is like someone leaving a gun out on in their driveway. It's not technically illegal but only going after the people that steal the gun isn't going to solve anything.

    • While it can mean different things (depending on vendor), one needs to move more rapidly to a "Zero Trust" architecture, where one does not depend only on the "hard shell, soft center" approach that firewalls typically provide for most organizations.
    • Leaving a registered firearm anywhere in the US is a federal crime ask Hunter Biden about it.

    • Your under the illusion that enterprise security vendor's are not being proactive.
      All enterprise firewalls are updated daily, sometimes multiple times a day for threat and malware protection.

      What the article isn't telling you is Sophos is a mid grade British vendor that's about at the same level as a Barracuda or Fortigate firewall, not enterprise level.
      The scandal isn't that a security company got hit by a zero day that took two days to fix. It's that there are US based companies using foreign products.

    • by Slayer ( 6656 )

      If you regard security as a reactive issue, merely going after the people who exploit weakness then you are enabling people to have weak systems. A more robust approach would be to actively seek out weaknesses in devices and take them offline by force in addition to prosecuting hackers.

      Whichever entities got pwned again by this series of exploitations will not get a single dime out of this indictment. About the only thing resulting from this thing will be a Chinese individual, who should no longer travel to countries which extradite to the US. This can be seen as a restriction depending on life style and future plans of this individual.

      Sadly I don't really get the impression, that corporate America/Europe feels the heat yet from all these shenanigans. Chinese gov't behaves like unruly tee

  • A Chinese hacker indicted earlier this month and the PRC-based cybersecurity company he worked for are both sanctioned by the US government.

    I had to read that three times before I realized they meant the other "sanctioned".

    "Inflammable means flammable? What a country"

  • ... putting human lives at risk.

    Government rules made it obvious, that Boeing wasn't completing their duty of care. Likewise, the government examines cars to determine that Chinese car-builders aren't completing their duty of care.

    There are no rules demanding IT infrastructure perform a duty of care, no government department examining infrastructure software: That needs to change. I like the metaphor by Slayer [slashdot.org]: Anything less, is leaving a loaded gun lying around.

To thine own self be true. (If not that, at least make some money.)

Working...