Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

White House Confirms Chinese Cyberattack

samzenpus posted about 2 years ago | from the testing-the-waters dept.

China 212

New submitter clam666 writes "White House sources partly confirmed that U.S. government computers — reportedly including systems used by the military for nuclear commands — were breached by Chinese hackers. From the article: 'The attempted hack used 'spear phishing,' in which an attacker sends an email to a specific target that uses familiar phrases in hopes that the recipient will follow links or download attachments that unleash the hacker's malware. None of the White House's secure, classified computer systems were affected, said the official, who reached out to POLITICO after the Free Beacon story appeared — without having been asked for comment. Nor had there been any attempted breach of a classified system, according to the official.'"

cancel ×

212 comments

Sorry! There are no comments related to the filter you selected.

Lets see if there's parity.... (2, Insightful)

chizz (95740) | about 2 years ago | (#41516303)

.... between what happens to the chinese perpetrators and what has happened to Gary McKinnon over the years!

Re:Lets see if there's parity.... (0, Flamebait)

tgd (2822) | about 2 years ago | (#41516495)

.... between what happens to the chinese perpetrators and what has happened to Gary McKinnon over the years!

Are you really that stupid, or just trying to start a flamewar?

In either case, I'll hypothesize that you really are that stupid, serving either as an observation or as fertilizer to your flamewar, depending on your original intent.

Re:Lets see if there's parity.... (5, Funny)

wonkey_monkey (2592601) | about 2 years ago | (#41516953)

Are you really that stupid, or just trying to start a flamewar?

That is grossly unfair.

There's absolutely no reason it can't be both.

Re:Lets see if there's parity.... (0)

Anonymous Coward | about 2 years ago | (#41517455)

All I have to say to this is... "FLAME ON!!!"

So... (-1, Offtopic)

Sparticus789 (2625955) | about 2 years ago | (#41516313)

It takes the White House 2 weeks to acknowledge that the assassination of a U.S. Ambassador is a terrorist attack.

It takes the White House less than one day to acknowledge that Chinese hackers have breached an unclassified system.

Re:So... (2, Informative)

benjfowler (239527) | about 2 years ago | (#41516391)

I call right-wing partisan beatup.

Stupid talking point for dumb people, who don't realize that in real life, a crime can't be solve in 40 minutes, like on CSI: Miami.

Re:So... (1)

Sparticus789 (2625955) | about 2 years ago | (#41516503)

First off, CSI Miami is 42 minutes long.

Second, the Libyan President went on TV 1 week after the attack and said it was a terrorist attack. With the enormous intelligence budget we give to all the various Three-Letter Agencies, the U.S. should have known before a fledgling country with no intelligence agencies.

Need new goggles? (0, Troll)

s.petry (762400) | about 2 years ago | (#41516803)

Are you still under the delusion that the Politicians for the US Government or any of the 3 letter agencies really give a shit about the USA, or the people that live in the USA?

For anyone under this delusion, I can only ask you to look around. I'm not claiming that everyone working for these agencies is bad mind you, most I consider people that just want to do a job and get a pay check. The people running the shows however, are very bad people. I'm sure many people working at these agencies realize this, but fear opening their mouths for obvious reasons. We all saw what happened with a whistle blower in CA right? I mean, their house was raided, father was left to die having a heart attack. Of course their house was ransacked costing them money, they lost their job, and had to pay a fortune in legal fees. That's one of the few stories that made it to the public, and not an isolated incident.

Currently, we are pretty fucked. Way to many people sleeping through what's been going on, and those that are awake prefer complacency to action.

Re:Need new goggles? (2)

sakshale (598643) | about 2 years ago | (#41517237)

May I point you to Hanlon's razor?

"Never attribute to malice that which is adequately explained by stupidity."

http://en.wikipedia.org/wiki/Hanlon's_razor [wikipedia.org]

Re:So... (3, Interesting)

RabidReindeer (2625839) | about 2 years ago | (#41517373)

First off, CSI Miami is 42 minutes long.

Second, the Libyan President went on TV 1 week after the attack and said it was a terrorist attack. With the enormous intelligence budget we give to all the various Three-Letter Agencies, the U.S. should have known before a fledgling country with no intelligence agencies.

Oh yeah. Just like they did on September 10, 2001.

There's a country full of milling militias, any one (or more) which might seize an opportunity in a condition of general unrest. There's the possibility that one single militia had one single pre-prepared plan that they could roll out. There's the possibility that Al-Qaeda had a plan already set up and scheduled. Then again, there's a load of politically-based sensationalism a certain so-called "News" network wants to promote, which is basically trying to convince us that Osama, er, "Usama" bin Ladin personally led a wave of jihadis in a grand, pre-planned anniversary wave of jihadis - but only in one of the several unsettled countries making noise at that time.

Since when do we blindly believe what politicians say? Especially other people's politicians?

OK, I'm keeping an open mind. It's possible that this really was all an al-Qaeda plot. But I'd rather wait until the evidence was all collected, sifted and cross-checked. There's no ticking bomb here, and I'd really rather not have another pants-wetting rush to find ways to curtail our freedom just because some gang broke in and committed atrocities again.

Re:So... (0)

Anonymous Coward | about 2 years ago | (#41517637)

I agree with the GP.

I stubbed my toe on my kitchen table this morning. Are you claiming that wasn't a right-wing partisan beatup?

Re:So... (0)

Anonymous Coward | about 2 years ago | (#41516525)

Excuses excuses yet had this happened to a Republican executive you know exactly how you would be responding to it. Your double standards are showing leftist.

FYI Bill Gertz is a very credible reporter, benjfowler, not so much.

If you can't attack the message... (0)

Anonymous Coward | about 2 years ago | (#41516917)

...attack the messenger. Brilliant.

Re:If you can't attack the message... (0)

Anonymous Coward | about 2 years ago | (#41516979)

Distract, deflect. What you do when you have no response to a valid point.

You cannot hold a candle up to Gertz, you cannot deny how the left would treat this same information were it to come out during a Republican presidency.

Go on, provide some substance, make your argument, prove me wrong, which of course, I am not.

Moron.

Re:So... (2, Insightful)

jesseck (942036) | about 2 years ago | (#41516537)

Stupid talking point for dumb people, who don't realize that in real life, a crime can't be solve in 40 minutes, like on CSI: Miami.

It took me less than a minute to realize a coordinated attack on an embassy is not "spontaneous". If anything, it should be easier to determine the Embassy attack was "terrorism" (or at least coordinated and planned) than a Chinese hacker spearfished a certain person on a certain system at a certain time. Just because you stick your head in the sand and ignore warning signs of attack and indicators of planning, it doesn't mean the attack was spontaneous. Even during deployment in Iraq, I saw sugarcoating of events... I see through that bullshit. The Embassy attack was planned, plain and simple. It was well executed. A mob doesn't have that coordination.

Re:So... (0)

Anonymous Coward | about 2 years ago | (#41517113)

Then how do you explain the White House jumping to the conclusion that it was all caused over a video instead of waiting for the results of said investigation?

There were no reported protests in Libya, unless you mean guys with mortars and heavy machine guns were just "protesting". There's "doing an investigation" and then there is dissembling known facts, like the people attacking used heavy weapons and indirect fire (mortars), that there was no protest, and that it was obviously a military attack and not a protest that just got out of control. But don't let reality dissuade you from what the "most transparent and honest administration ever" says.

But I see your point about dumb people.

Re:So... (0)

Anonymous Coward | about 2 years ago | (#41516533)

And it took people like you almost no time at all to turn the murder of four people who died in the service of their country into a prop for an absurd smear campaign.

Re:So... (0)

Sparticus789 (2625955) | about 2 years ago | (#41516595)

So tell me, how many years did you spend "serving your country"?

Re:So... (1)

publiclurker (952615) | about 2 years ago | (#41517271)

As opposed to what, serving yourself and now trying to play the victim?

Re:So... (0)

Anonymous Coward | about 2 years ago | (#41517205)

Oh right, because I'm sure the Obama administration is just wailing over their lax security or that CNN's scoop on the amabassador's journal showed that he had been requesting security upgrades for some time? If people don't hold the white house accountable for their abject incompetence, then why should the white house care? I mean it was Obama, not his detractors, who so eloquently stated that the murder of 4 Americans was a mere "bump in the road" for Libyan/US relations. How's that for callous and uncaring?

Re:So... (0)

Anonymous Coward | about 2 years ago | (#41517501)

He's just pissed because this is one thing they cannot blame on Bush. Personally, I'm getting sick and tired of always hearing, "I may not be good, but I'm not bush and look what he did".

Re:So... (2)

Sarten-X (1102295) | about 2 years ago | (#41516549)

Of course.

First, there's a "smoking gun" in the breach. The attack's general incoming direction can easily be traced to china, which at least indicates a proxy's sitting there. That gives China an opportunity to cooperate (if it really wasn't the government, or at least if they have a scapegoat handy), leading to some diplomatic goodwill and good PR all around. In an assassination, the evidence takes far longer to work out and get a general direction from, and accusing another country of assassination is a much more serious accusation, that can't be spun into happy cooperation as easily.

Then there's the target. An unclassified system being breached doesn't really matter, so even without any definite culprit or even many facts, the news can be released without too much worry. For an assassination, everyone involved in the investigation will immediately be inundated with requests for more information, taking precious time away from the investigation itself.

Less need for careful tact means the news can be released faster. This principle is unrelated to what politicians are in charge.

Re:So... (1)

postbigbang (761081) | about 2 years ago | (#41516687)

It's not so tough to look inside a payload and scoop out an address and say: oh look! Chinese! But that's not necessarily where the original attackers are from: they are from anywhere, but the address was in a Chinese CIDR block somewhere, on a system that may or may not have been externally controlled from anywhere in the world.

Politically, however, the finger was pointed at China. Whether it was pointed correctly or not isn't really known. For now, however, if you believe the WH, then it's Chinese. But Chinese "patriots" or Chinese military or Chinese officials or who? No mention is made. Could be someone over-stoked on caffeine at an all-night CyberCafe for all we know.

Re:So... (1)

Sarten-X (1102295) | about 2 years ago | (#41516907)

Of course. That was a point I made in my second paragraph. Now China can step up and help, offering some token gesture of cooperation, like extracting/forging logs pointing in some other direction. This is a chance for diplomatic small-talk, where a little good-faith effort on a task that's meaningless in the long run can help hold off the prospect of an upcoming war with China.

China also has the opportunity to take this flimsy accusation as a grave insult, so they could start rattling sabers and head closer to war... but then they look like aggressors just waiting for an excuse to pick a fight.

Re:So... (1)

postbigbang (761081) | about 2 years ago | (#41517017)

I wonder if: the WH picks up a phone and calls somebody in the Chinese Embassy or straight to the right contact and says: yo, is this yours? Do you realize we interpret these things as an act of war?

Or does this online Spy Vs Spy game continue until something really evil happens?

Re:So... (1)

Sarten-X (1102295) | about 2 years ago | (#41517231)

There are supposed to be secure channels for having informal diplomatic discussions that are kept private, where a conversation like the former could take place, but I suspect that diplomats are a bit wary [wikipedia.org] of making "private" comments these days. That leaves only the subtle dance of public politics, where the latter is likely.

Re:So... (5, Funny)

M0j0_j0j0 (1250800) | about 2 years ago | (#41516767)

If you read TFA "Soy sauce has been found all over port 21 and a Beijing duck was stuck on the firewall".

Re:So... (1)

sumdumass (711423) | about 2 years ago | (#41517409)

You made a mistake, it took 2 weeks to accuse the right party instead of blaming our free speech, some corny movie that would struggle to be B quality and the awesome tolerance other cultures have for ours.

Madeleine Albright was just in Ohio campaigning for Obama, and she said it's a difficult situation to understand and that Romney was wrong in criticizing the White House because it takes time and investigation to determine what happened. I hoping someone would ask "why was they speaking about it before having those crucial facts then?" but the topic didn't allow questions.

We put our spear in your (-1)

Anonymous Coward | about 2 years ago | (#41516339)

white house phish, bitch! -signed, chinaman

Meanwhile... (0)

Anonymous Coward | about 2 years ago | (#41516341)

You are NOT allowed to download and/or trade music/pr0n.

Nuclear weapons? (5, Insightful)

girlintraining (1395911) | about 2 years ago | (#41516349)

Obligatory: Would you like to play a game of thermonuclear warfare?

Next up, petitioning the White House to find out why the fuck nuclear control systems are on the internet ...

Re:Nuclear weapons? (1)

Anonymous Coward | about 2 years ago | (#41516491)

So the guys in the launch control centers can surf porn, duh!

I say LET LOOSE THE CYBER DOGS OF WAR

though they look like cats

and want cheeseburgers

Re:Nuclear weapons? (5, Funny)

Billly Gates (198444) | about 2 years ago | (#41516499)

"Next up, petitioning the White House to find out why the fuck nuclear control systems are on the internet ..."

Well that is easy. That is because IE 6 is required to administer.

Re:Nuclear weapons? (3, Funny)

Sparticus789 (2625955) | about 2 years ago | (#41516559)

IE6? You are being way too generous. Try Netscape 3.0.

Re:Nuclear weapons? (1)

Billly Gates (198444) | about 2 years ago | (#41516693)

Nah its not PHB approved by mega-lobbiest corp. With IE 6 anyone can send the missiles and it was made by state of the VBscript technology developed in India by contractors freshmen at Bangalore Institute of Technology. I mean with that what could possible go wrong!

Re:Nuclear weapons? (3, Insightful)

girlintraining (1395911) | about 2 years ago | (#41517411)

Well that is easy. That is because IE 6 is required to administer.

If software had to go through the same rigorous background checks that the employees who use it have to at these facilities, I don't think IE6 would have gotten a security clearance. How is it that the government can refuse to grant a security clearance based on sexual orientation under the notion that it could be used to blackmail someone, but allow the use of software with a proven and highly publicized record of leaking information? What's more, people with security clearances are subjected to intense scrutiny -- their supervisors know about every little aspect of their lives, including that little dimple on the inside of your right thigh, yet routinely employ software that is essentially a big black box -- nobody knows how or why it works.

The government needs to start taking software review as seriously as it takes personnel review with regard to security clearances and access to classified and/or sensitive materials. From a security standpoint, it doesn't matter much whether it was a web browser or a person that passed information to an enemy; The end result is the same.

Many of our enemies are now seeing that it is comparatively less costly to exploit technology than people. You'd think we'd have learned this lesson after the second world war -- wasn't cracking Enigma enough of a wake up call?

Re:Nuclear weapons? (0)

Anonymous Coward | about 2 years ago | (#41517527)

I suspect it is closer to,

    telnet icbm12bravo.nukular.mil

username: president
password: 12345

Fire missile (Y/n)?

You may think I'm being facetious, but there are TONS of legacy systems everywhere (not just military) for which the air-gap security is the only security. No encryption. No ACLs. Connecting these systems to any network is beyond retarded. I would consider it sabotage for these system to have network access.

They aren't on the internet (1)

wiredog (43288) | about 2 years ago | (#41516517)

They aren't even on siprnet.

Re:They aren't on the internet (4, Insightful)

girlintraining (1395911) | about 2 years ago | (#41516545)

Well, not directly. But clearly there's data from public networks leaking into it; Security is badly broken somewhere.

Re:They aren't on the internet (4, Insightful)

Sparticus789 (2625955) | about 2 years ago | (#41516801)

No matter how secure you think a network is, there's always some idiot that does something like:
1. Upload 50 GB of downloaded music onto a secure network.
2. Upload 1 TB of downloaded movies onto a secure network.
3. General wants his/her Wikipedia fix, so there's one hole in the network security.
4. General #2 wants to check his/her Fantasy Football team from a secure network, hole #2 in security.
5. Etc. Etc. Etc.

So-called "secure" networks are nothing of the sort. They leak like a colander.

Re:Nuclear weapons? (0)

Anonymous Coward | about 2 years ago | (#41516699)

Also, why is the password for them 00000000?

Re:Nuclear weapons? (1)

TheRaven64 (641858) | about 2 years ago | (#41517623)

I don't think it still is (it's probably 12345), but the idea was that it needed to be something that someone in the highest-stress situation possible (i.e. just about to kill a few million people and the likelihood that millions that he represents are already dead) would have to be able to remember it.

Re:Nuclear weapons? (1)

SmurfButcher Bob (313810) | about 2 years ago | (#41516705)

Because they have to be, stupid! They're SCADA!

Re:Nuclear weapons? (0)

Anonymous Coward | about 2 years ago | (#41516915)

I don't think they are, because I think this story is pure propaganda. The US will only ever "confirm" attacks from entities they want to portray as enemies.

Our next big attack/war (1)

Anonymous Coward | about 2 years ago | (#41517251)

The next time the US is attacked by a nation - in the sense of Dec 7, 1941, it will go down like this outline:

1. Cyber attack knocking out our infrastructure and parts of our military and government.

2. My fellow Americans run around like the scared sheep that they are.

3. Dorks with AR-15 with the M-4 conversion kits start running around shooting people to "protect" everyone. The cops hide.

3. Attacker sends over wave after wave of really cheap aircraft knocking out all the high tech planes like the f-22 and everything else.

4. They win.

Re:Nuclear weapons? (0)

Anonymous Coward | about 2 years ago | (#41517377)

I imagine that between command and control systems, with data aggregation and collection, and a lot of secondary but still important sensors, it would be impossible to not have at least some of all that on the ol' DARPA net. I understand that was at least one of the original reasons that the internet was funded in the first place...

Now the real question after that is... if every one of the sensors that could be outside compromised from being on the internet were to "go off" but none of the internal, "theoretically secure" sensors did (like direct satelite feed, or radar stations, and the like), could a nuke be coaxed into launching? (computer or missile command trained to flip the switch being irrelevant if the end result is the same...)

Re:Nuclear weapons? (0)

Anonymous Coward | about 2 years ago | (#41517633)

Its not. TFS is horribly misleading. Here's what happened:
- Conservative reporter releases story about nuclear computer being hacked
- White House acknowledges that an UNCLASSIFIED computer was hacked

Someone is lying here. TFS makes it look like there was a confession. There wasn't.

Wait, what? (5, Insightful)

Alphanos (596595) | about 2 years ago | (#41516383)

How can the attack include military systems used for nuclear commands, yet not include any secure classified systems?

When they made a list of which government systems should be secured, they decided to leave the nukes off that list?!

Re:Wait, what? (0)

Anonymous Coward | about 2 years ago | (#41516457)

Simply they hacked the U.S. Nuclear Command Computer used to control their Facebook and Twitter Account.
Now with them taking that computer down for security reasons we can no longer let our friends know we are about to launch global thermonuclear war and tweet about it.

Re:Wait, what? (4, Informative)

Anubis IV (1279820) | about 2 years ago | (#41516463)

Key word: "reportedly".

The initial report claimed that those were the systems that were compromised. The White House insider denied that those systems had been compromised, but confirmed that a non-classified network had been compromised.

Re:Wait, what? (4, Informative)

Beardo the Bearded (321478) | about 2 years ago | (#41516507)

The press is most likely wrong. I've been on the news a couple of times, and they always get something wrong.

Any classified info is airgapped, end of story. I can do drawings on the [system] on the same computer I'm using for /. The vast, vast majority of drawings are not classified. (I joke that part of the OpSec is that if we get captured, I tell them everything I know, and when they fall asleep, we tiptoe out of the room. "In this circuit, we use cable LS2SJ-14. But in this circuit, we went to LS2SJ-12. Hey, PAY ATTENTION!" So like I was saying, we used LS2SJ-12 here...) If I want to look at anything that's classified, or even something that's CG, I have to do the following:

1. Have the clearance and the need to know.
2. Get a copy of the document sent to me, usually by FedEx.
3. Get a supervisor and go to the secure room, sign in, close the blinds and the door.
4. Get the HDD from the safe.
5. Check the computer, then put in the HDD.
6. Power up the computer. It's a stand-alone machine, that's what I was checking for.
7. Work.
8. Finish working. Print up stuff or burn it onto a disk. Fill out the form that shows that another copy of the material exists.
9. Power down the machine and put the HDD back in the safe.
10. Sign out of the secure room.
11. Mail the printout or CD to whoever it was that wanted it.

And that's for CG stuff. The TS stuff is watched constantly by people with weapons.

If someone can hack their way into a system where the info is not only powered off, but in a separate room from the equipment that can read it, inside a safe, then it's time to give the fuck up.

Re:Wait, what? (0, Troll)

Anonymous Coward | about 2 years ago | (#41516573)

You shouldn't be revealing this stuff.

Re:Wait, what? (1)

Quakeulf (2650167) | about 2 years ago | (#41516945)

It is pretty obvious what security measures you can have. It's not like the whole thing was guarded by lasersharks and bahamuts trapped in a vortex existing between universes and only accessible between 11:54 and 11:57 every other Tuesday and you have to walk sideways in and backwards out again while saying the secret greeting three times and clap your hands, and failing to do so would only mean you would get teleported to a dark place beyond eternity.

Re:Wait, what? (0)

Anonymous Coward | about 2 years ago | (#41517201)

It is pretty obvious what security measures you can have. It's not like the whole thing was guarded by lasersharks and bahamuts trapped in a vortex existing between universes and only accessible between 11:54 and 11:57 every other Tuesday and you have to walk sideways in and backwards out again while saying the secret greeting three times and clap your hands, and failing to do so would only mean you would get teleported to a dark place beyond eternity.

Of course not, that's for talking to the Architect in The Matrix 2.

Re:Wait, what? (1)

Anonymous Coward | about 2 years ago | (#41516785)

Any classified info is SUPPOSED TO BE airgapped, end of story.

...

FTFY

Re:Wait, what? (0)

Anonymous Coward | about 2 years ago | (#41516947)

Yet Bradley Manning managed to (allegedly) get out a copy of all those classified and secret diplomatic cables.

That dude - Sandy Burglar - managed to remove and then subsequently destroy highly sensitive material from the National Archives. I don't know what classification level it was, but still.

While I suspect the gov has some good processes in place, it's obvious there are holes in the system to be exploited.

Re:Wait, what? (3, Interesting)

Anonymous Coward | about 2 years ago | (#41517023)

That's funny. I was at a client site (aerospace contractor) doing some software training in the mid-2000s, and when I asked why IE wasn't working on the computer I was using to demonstrate something I was told, "Oh, that's a DoD station; use this one right next to it."

So it was sort of airgapped, but all that Men In Black access control you were talking about was nowhere in sight.

I've had similar experiences at other defense contractors, too; although in that case I wasn't allowed to actually use the classified computers in the room with me, and it was suggested that I shouldn't really stare too long at the RC quad-copter some guys were working on over in the corner (although nobody put up a curtain or anything).

Re:Wait, what? (1)

jovius (974690) | about 2 years ago | (#41517447)

If someone can hack their way into a system...

The first step is enough.

The problem is the bureaucracy of secrecy; not that secrets exist. On the other hand if everything was open there would be no threats, but it's immensely difficult to let go of the selfish illusions.

no, the real question is... (0)

Anonymous Coward | about 2 years ago | (#41516399)

...why does hacking is equated to phishing? Also, who designs a system like that? Right credentials.. that is all it takes,,

Okay (4, Insightful)

ledow (319597) | about 2 years ago | (#41516421)

Backing up my suspicions for the last 2+ years:

How does the US know the actual nationality of the hackers and not just their end-proxy?

The US have been trying to insinuate a cyber-war for years now, and never said how they know who's behind it (if you said the *ATTACK* came from China, fair enough - to say it ORIGINATED there is more of a stretch, and to say it was Chinese hackers is just ludicrous).

Of course we have suspicions and think we might know who's behind it and who owns the net-blocks, but what a wonderful way to discredit a nation and put the blame on someone else when you want to cyber-attack the US - just proxy through China and start WW3 when the US relatiates.

Really, US? How do you *KNOW*? On the scale that you can confidently state the Chinese "attacked" you (and coupled with your statements that cyber-attacks could be considered acts of war?)? You're REALLY that sure it was China that did it? That you can announce on the news that it was the country itself?

Or do you just want to start a war with China for some reason?

Re:Okay (0)

Anonymous Coward | about 2 years ago | (#41516487)

Backing up my suspicions for the last 2+ years:

How does the US know the actual nationality of the hackers and not just their end-proxy?

The US have been trying to insinuate a cyber-war for years now, and never said how they know who's behind it (if you said the *ATTACK* came from China, fair enough - to say it ORIGINATED there is more of a stretch, and to say it was Chinese hackers is just ludicrous).

Of course we have suspicions and think we might know who's behind it and who owns the net-blocks, but what a wonderful way to discredit a nation and put the blame on someone else when you want to cyber-attack the US - just proxy through China and start WW3 when the US relatiates.

Really, US? How do you *KNOW*? On the scale that you can confidently state the Chinese "attacked" you (and coupled with your statements that cyber-attacks could be considered acts of war?)? You're REALLY that sure it was China that did it? That you can announce on the news that it was the country itself?

Or do you just want to start a war with China for some reason?

Because they also went pee-pee in our coke.

Re:Okay (5, Insightful)

firewrought (36952) | about 2 years ago | (#41516497)

How does the US know the actual nationality of the hackers and not just their end-proxy?

Perhaps they have collaborating intel from another source (e.g., spies or signals intelligence).

Or do you just want to start a war with China for some reason?

I wouldn't be surprised if it was posturing for election rhetoric. Could have been done to preempt a GOP leak ahead of Wednesday's debate, or it could tie-in with Obama's recent "tough on China" talking points. I try not to follow this stuff too closely though, so take my speculation with a grain of salt...

Re:Okay (0)

Anonymous Coward | about 2 years ago | (#41516563)

Seriously, please quit the subterfuge. When a page is defaced in Chinese, based on a Chinese national talking point, from a Chinese IP address, it's harder and harder to blame say Romania.

In either case, hopefully the political pressure leads to either
A) Less attacks (my version)
B) Systems that aren't as exploited for "THEM" to use to pretend to China (your version)

Re:Okay (1)

Anonymous Coward | about 2 years ago | (#41517093)

The hack described in this story does not involve the defacement of a webpage saying 'hacked by chinese'.

Please RTFA next time.

Re:Okay (0)

Anonymous Coward | about 2 years ago | (#41516571)

there was duck sauce all over the keyboards.

Re:Okay (2)

JoeMerchant (803320) | about 2 years ago | (#41516601)

Because they got an agent into the hacker's den and looked over his shoulder as he was working?

Maybe the same sources that assured our leadership that there were WMD in Iraq are still knocking around the intel branch?

Re:Okay (0)

Anonymous Coward | about 2 years ago | (#41516635)

I don't know how they can tell where the actual originating machine is, but it's not like China is not hacking the US (and vice versa):

http://www.computerworld.com/s/article/9219437/China_hacking_video_shows_glimpse_of_Falun_Gong_attack_tool
http:/www.theglobeandmail.com/technology/tech-news/chinese-state-tv-shows-military-cyber-hacking-clip/article535217

Direct conflict's STUPID (as in real war) (-1)

Anonymous Coward | about 2 years ago | (#41516643)

The Chinese even have Sun-Tzu telling them this iirc! It's wisdom-to-the-max, but imo, also teaches a "wuss weasel" way of doing things in conflicts (then again, "all's fair in love & war", right?)

"Or do you just want to start a war with China for some reason?" - by ledow (319597) on Monday October 01, @02:46PM (#41516421) Homepage

I shouldn't answer for the person you're replying to, but I do NOT *think* anyone here is THAT stupid... especially with an opponent that one HAS to respect!

This?

Well, imo @ least - So far, this isn't "serious" enough to start a REAL war over - even though the U.S. has said it constitutes an "act of war" to do 'cyber-war' style attacks...

No, not serious enough - @ least, not yet, & there's no REAL "solid" proof as you noted too, that it IS the actual Chinese government behind it!

Hey - personally?

Yes - I suspect they ARE to some extent, but largely for "research" purposes...

(Why? This time, let's quote the Roman General Vegetius: "Si vis pacem, para bellum" (if you want peace, prepare for war)).

* In ANY event? I think it would be HELLISHLY interesting though I must admit, to see what nation actually WOULD "come out on top" in a 'cyber war' though, stupid as it sounds & contradicting myself above!

APK

P.S.=> Hey, it's "the primitive in me" man... lol! Everyone LOVES a good fight - what makes me laugh? Even though MOST FOLKS WILL DO ANYTHING TO AVOID GETTING INTO A FIGHT (rightfully so)?? They always watch when ones "goes down" though, don't they??? LOL!

... apk

Re:Okay (1)

Hentes (2461350) | about 2 years ago | (#41516721)

They don't want to start to war, but as the wars in the Middle East are about to end the US military sector needs another reason to justify its massive funding.

Re:Okay (3, Funny)

Anonymous Coward | about 2 years ago | (#41516845)

How did they know? Easy! The e-mail went like this:
"Hello Sir, very fine day indeed. I would like to inquire you buy cheap Sony cameras from our company. Not Chinese product, 100% original product. Please, look our offer in attached brochure.

I hope the day is very generous and we may come to agreement soon. Thank you!

Yours faithfully,
Clint Eastwood, CEO
Sony Company LTD."

That's one problem with cyber (5, Insightful)

daveschroeder (516195) | about 2 years ago | (#41516877)

Attribution.

Disclaimer: I am a Navy Information Warfare Officer.

First, it's important to note that the White House didn't confirm the suspected source. It was anonymous officials who said this appeared to originate "from China" -- take that as you will.

As you point out, an attack may appear to come from a particular (set of) IP address(es), network(s), or source(s). An attack may have a certain profile, or share a profile with other attacks. An attack may have an assumed motivation based on its target. The attacker(s) may even wish to make it appear that the attack is originating elsewhere.

Even if the "source" is established, is it a nation-state? Hacktivists? Nationalist hackers acting on behalf of government or at the government's explicit or implicit direction? Transnational actors? None of the above?

No one wants to "start a war" with China, but the error in balancing the cyber threat against the "hype" is assuming that all threats are bogus, or must be the result of hawks looking for neverending war, excuses to begin/escalate the next "Cold War", and similar. The threat from China is very real, long-established, and well-understood for anyone who cares to look. It has been discussed thoroughly, even for the Chinese, in their own strategic literature, and there are very public examples of China's offensive cyber capabilities. China's investment in offensive cyber capabilities comes because of the understanding that dominance of the information realm will essentially allow China to skip large chunks of military modernization and still be highly effective in any conflict with the United States.

Think of it this way: it's now assumed that the Stuxnet/Duqu/Flame family were created by the US and/or Israel. (Keep in mind that even overt admissions prove nothing, and can be self-serving...) Even before the books and articles about OLYMPIC GAMES, attribution was assumed because of the target and because of snippets of clues in the code. In general, why is that assumption any more or less valid than this? Is it because some are more inclined to believe that of course the US engages in cyber warfare; but any cyber attacks against us are suspect.

Of course, there are those who will assume that indications of any cyber attack will always be a "false flag" and/or used by those with ulterior motives who want war. It can't possibly be that there are aggressors who indeed want to attack the US, and who greatly benefit from the odd proclivity of those in free societies to see the enemy as their own government, while overlooking the actual adversary. Sun Tzu would be beaming.

Background:

Chinese Insider Offers Rare Glimpse of U.S.-China Frictions
http://www.nytimes.com/2012/04/03/world/asia/chinese-insider-offers-rare-glimpse-of-us-china-frictions.html?_r=1 [nytimes.com]

"The senior leadership of the Chinese government increasingly views the competition between the United States and China as a zero-sum game, with China the likely long-range winner if the American economy and domestic political system continue to stumble, according to an influential Chinese policy analyst. China views the United States as a declining power, but at the same time believes that Washington is trying to fight back to undermine, and even disrupt, the economic and military growth that point to China’s becoming the world’s most powerful country."

China is on track to exceed US military spending in real dollars by 2025
http://www.economist.com/node/21542155 [economist.com]

China’s military rise
http://www.economist.com/node/21552212 [economist.com]

The dragon’s new teeth: A rare look inside the world’s biggest military expansion
http://www.economist.com/node/21552193 [economist.com]

Essential reading on China cyber:

The Online Threat: Should we be worried about a cyber war? (The first page of this is a must read wrt China.)
http://www.newyorker.com/reporting/2010/11/01/101101fa_fact_hersh [newyorker.com]

Great snippet: "“The N.S.A. would ask, ‘Can the Chinese be that good?’ ” the former official told me. “My response was that they only invented gunpowder in the tenth century and built the bomb in 1965. I’d say, ‘Can you read Chinese?’ We don’t even know the Chinese pictograph for ‘Happy hour.’"

U.S. cyber warrior accuses China of targeting Pentagon
http://news.yahoo.com/u-cyber-warrior-accuses-china-targeting-pentagon-011916520.html [yahoo.com]

Chinese Military Advocates Cyber Offensive Capability
http://www.infosecisland.com/blogview/21194-Chinese-Military-Advocates-Cyber-Offensive-Capability.html [infosecisland.com]

China used downed U.S. fighter to develop first stealth jet
http://www.dailymail.co.uk/news/article-1349906/Chengdu-J-20-China-used-downed-US-fighter-develop-stealth-jet.html [dailymail.co.uk]

Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation
http://www.uscc.gov/researchpapers/2009/NorthropGrumman_PRC_Cyber_Paper_FINAL_Approved%20Report_16Oct2009.pdf [uscc.gov]

Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage
http://www.uscc.gov/RFP/2012/USCC%20Report_Chinese_CapabilitiesforComputer_NetworkOperationsandCyberEspionage.pdf [uscc.gov]

How China Steals Our Secrets
http://www.nytimes.com/2012/04/03/opinion/how-china-steals-our-secrets.html [nytimes.com]

China cyberspies suspected in new caper: what has experts worried
http://www.csmonitor.com/USA/2012/0927/China-cyberspies-suspected-in-new-caper-what-has-experts-worried [csmonitor.com]

China's Cyber Thievery Is National Policy—And Must Be Challenged
http://online.wsj.com/article_email/SB10001424052970203718504577178832338032176-lMyQjAxMTAyMDAwOTEwNDkyWj.html [wsj.com]

FBI Traces Trail of Spy Ring to China
http://online.wsj.com/article_email/SB10001424052970203961204577266892884130620-lMyQjAxMTAyMDAwNzEwNDcyWj.html [wsj.com]

NSA: China is Destroying U.S. Economy Via Security Hacks
http://www.dailytech.com/NSA+China+is+Destroying+US+Economy+Via+Security+Hacks/article24328.htm [dailytech.com]

Chinese Espionage Campaign Targets U.S. Space Technology
http://www.businessweek.com/news/2012-04-18/chinese-espionage-campaign-targets-u-dot-s-dot-space-technology [businessweek.com]

Report: Hackers Seized Control of Computers in NASA’s Jet Propulsion Lab
http://www.wired.com/threatlevel/2012/03/jet-propulsion-lab-hacked/ [wired.com]
http://oig.nasa.gov/congressional/FINAL_written_statement_for_%20IT_%20hearing_February_26_edit_v2.pdf [nasa.gov]

Chinese hackers took control of NASA satellite for 11 minutes
http://www.geek.com/articles/geek-pick/chinese-hackers-took-control-of-nasa-satellite-for-11-minutes-20111119/ [geek.com]

Chinese hackers suspected of interfering with US satellites
http://www.guardian.co.uk/technology/2011/oct/27/chinese-hacking-us-satellites-suspected [guardian.co.uk]

Former cybersecurity czar: Every major U.S. company has been hacked by China
http://www.itworld.com/security/262616/former-cybersecurity-czar-every-major-us-company-has-been-hacked-china [itworld.com]

China Attacked Internet Security Company RSA, Cyber Commander Tells SASC
http://defense.aol.com/2012/03/27/china-attacked-internet-security-company-rsa-cyber-commander-te/ [aol.com]

Chinese Counterfeit Parts Keep Flowing
http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news%2Fasd%2F2012%2F03%2F27%2F04.xml&headline=Chinese+Counterfeit+Parts+Keep+Flowing [aviationweek.com]

China Corporate Espionage Targets U.S. Firms
http://www.businessweek.com/news/2012-03-15/china-corporate-espionage-boom-knocks-wind-out-of-u-dot-s-dot-companies [businessweek.com]

U.S. Official on Cyber Attacks: "It's Getting Harder for China's Leaders to Claim Ignorance"
http://www.securityweek.com/uscc-commissioner-cyberattacks-getting-harder-chinas-leaders-claim-ignorance [securityweek.com]

China's Role In JSF's Spiraling Costs
http://www.aviationweek.com/aw/generic/story.jsp?id=news%2Fawst%2F2012%2F02%2F06%2FAW_02_06_2012_p30-419987.xml&channel=defense [aviationweek.com]

I could go on...

I thought I was "bad" with links! (0, Interesting)

Anonymous Coward | about 2 years ago | (#41517129)

Thanks for them though, I have "interests" in this area's why!

* One of the dumbest things we've also done (in a way, it does have a "good side", as do ALL 'hack/crack' attempts (yes, I do believe in making lemonade out of lemons))?

When Microsoft licensed out the sourcecode to Chinese educational institutions (as well as other nations). This can be a real "double-edged sword" for step-tracing & finding potential 'bugs' to exploit.

Then again, as I noted above? Once they're exposed in these "cyber attacks", it's 1 time that "trickledown" thinking, works - since you can BET that MS or other OS makers will patch for it, once it's discovered + used.

(The ones that spook me most? The ones you DON'T know about & haven't been exposed...)

I've met & worked with Chinese programmers since 1994 here & there in both academia, AND in professional environs: They're as good as anyone else is, & quite clever!

APK

P.S.=> Plus, we both noted Sun-Tzu in our posts as well, so, I had to reply (good read from you, must be an INTERESTING job you have there)...

... apk

Re:Okay (0)

Anonymous Coward | about 2 years ago | (#41516879)

unicode comments

Re:Okay (1)

s.petry (762400) | about 2 years ago | (#41516925)

You do realize that even with proxies one can track down addresses right? Sorry, but if you get a few hundred thousand probes come in from addresses that belong to China, you can probably be sure that it's China making the attack. Here is why: The US generally reports these attacks to China and asks them to stop the attack, so the Chinese Government is aware of the attack. Being the Chinese Government, they can either investigate and shut it down, or allow it to happen. If they choose the latter, they are at least accomplices correct?

Now are you fool enough to believe that China would allow free-for all hacking if they did not want it to happen or were not behind it? I guess you need to learn what they do to people that bypass their firewall system, or perhaps make a visit and try it yourself.

So yeah, we can usually be sure of where attacks come from. It's really not technically difficult, but rather politically difficult to stop.

Which does lead to the question of "Why the fuck do we have military installations, especially that sensitive, on the Public Internet to begin with?

Re:Okay (0)

Anonymous Coward | about 2 years ago | (#41517425)

Even with a definitive IP address and no proxies, the true identity can still be very much obscured.

Was it a transnational actor that took a trip to China to make this attack?
Was it through a TOR proxy chain and only the endpoint was in China?
Was the network in any way compromised (think C&C botnet)?

It is a dangerous game tying identities to IP addresses, as seen in the RIAA/MPAA war on intellectual property. Don't be so quick to place the blame on the easy target, for reasons the GP already outlined.

Re:Okay (0)

Anonymous Coward | about 2 years ago | (#41517519)

You're REALLY that sure it was China that did it? That you can announce on the news that it was the country itself?

Apparently yes, since that's exactly what they did.

The dumbest people work in government (0)

Anonymous Coward | about 2 years ago | (#41516479)

Proof positive the dumbest people on the planet work for government.
Who in this day and age opens email from people or companies they haven't first contacted.
Who in this day and age clicks on a URL they don't know that arrives in an email from someone they don't know.

Re:The dumbest people work in government (0)

Anonymous Coward | about 2 years ago | (#41516685)

You're more vulnerable to a spear phishing attack than you might think you are...

Re:The dumbest people work in government (1)

Sarten-X (1102295) | about 2 years ago | (#41516723)

Very few people will click links from unknown sources, even in government.

However, when the email comes through saying it's from a common company such as Intuit or Chase (both of which have been used in phishing attacks I've seen lately), and comes from an email address from that domain, and looks legitimate (pictures and all), and it tells them that they can either click the link or type in the address, and can even address the target by name, most people won't think twice about clicking that little link to save some time.

As far as they can easily see, it's an email from a company they're in contact with, offering them a convenient link to take care of some important issue.

Re:The dumbest people work in government (1)

jgtg32a (1173373) | about 2 years ago | (#41517137)

You want to know how I know you don't work in security?

How do you know? (0)

Anonymous Coward | about 2 years ago | (#41516483)

WHen Obama first arrived in the whitehouse in 2009 the computers still had floppy drives and Exchange was down 25% of the time!

I highly doubt even with the new CIO Obama quickly hired to fix this that the whitehouse has any real security if the infrastructure was that poor? That scares me more than the president not receiving his email. I could imagine all the printers, servers, routers, and everything being rootkitted just lke the Chamber of Commerce was where even the thermastat sent data to Chinese IP addresses.

Some may be thinking... (0)

Sir_Eptishous (873977) | about 2 years ago | (#41516519)

October Surprise. Or a lame attempt at one.

Also, have fun reading the ridiculous comments on the Politico site.

WTF? (1)

Lucas123 (935744) | about 2 years ago | (#41516521)

White House sources partly confirmed that U.S. government computers ...including systems used by the military for nuclear commands, were breached by Chinese hackers. I'm speechless. May heads roll!

Chinese hackers or just Chinese IP address? (2, Insightful)

Anonymous Coward | about 2 years ago | (#41516531)

How do they know the phishing emails were sent by Chinese hackers? Are they just using the IP address of where the email originated to determine the nationality of the hackers?

Hurray! We've been Saved! (0)

Anonymous Coward | about 2 years ago | (#41516561)

They were able to save us from doom this time, but we might not be so lucky the next time.... ... unless we give them all of our privacy rights and billions of dollars.

May you live in interesting times (1)

subreality (157447) | about 2 years ago | (#41516633)

Definitely some interesting times ahead as the US's knee jerk SPREAD PEACE LOVE AND DEMOCRACY WITH BOMBS response meets the reality of that whole starting a war in Asia thing.

Re:May you live in interesting times (0)

Anonymous Coward | about 2 years ago | (#41517439)

Peace? Who said anything about peace?

"We are the United States Government! We don't do that sort of thing."

Budget Appropriations (0)

Anonymous Coward | about 2 years ago | (#41516649)

I'll bet appropriations for cyber security have a lot less trouble passing in the next budget session.

Proverb (3, Insightful)

ThatsNotPudding (1045640) | about 2 years ago | (#41516697)

The web page is slow, but the phish is patient.

Closing days (-1, Flamebait)

ThatsNotPudding (1045640) | about 2 years ago | (#41516741)

Chinese or the GOP? Down the strech, shenanigans like this are very possible from a trailing party. Crooked voting machines? Check. Must be this white to vote? Check. Cyberattacks? WHY THE HELL NOT.

Re:Closing days (0)

Anonymous Coward | about 2 years ago | (#41517603)

Wow... HOW tight is your tinfoil hat?

Ridiculous Headline (0)

Anonymous Coward | about 2 years ago | (#41516903)

"Chinese Cyberattack" WTF?

Just because the attack came from someone in China doesn't mean China is attacking the USA, the headline implies that.

If some hacker in US attacks a govt computer in another country the headline would not be "US Cyberattacks Country X"

This just shows US Chinese paranoia

Re:Ridiculous Headline (1)

Anonymous Coward | about 2 years ago | (#41517019)

Every person in China is sovereign property of the Communist Chinese Government. Therefore, if any person in China attacks the US, China is attacking the US.

This is a blatant Act of War that deserves an immediate response.

YOU FAIL IT. (-1)

Anonymous Coward | about 2 years ago | (#41517147)

alike to reap States that there lagged behind, kked to be Kreskin

LoL (0)

Anonymous Coward | about 2 years ago | (#41517215)

God Doman MONGORIANS!!! Why they gotta break my SHEEETY FIREWAWL!!!!

Propaganda time (0)

Anonymous Coward | about 2 years ago | (#41517235)

And it starts up again. The propaganda about how unsafe cyberspace is from other countries, and therefor we should accept and want our government to have more authority, more power over how it functions. We are supposed to like them having all kinds of additional power, because its for our own good.

BULL!

And we will NOT TOLERATE it.

FREEZE BARACK! (0)

Anonymous Coward | about 2 years ago | (#41517427)

Latest update to the situation room:
These were from one Uighur Muslims with a slight limp in China (obvious from scrutinizing at the IP address by our experts).
Of course Islam absolves the perpetrator from guilt especially if done in response to endless western insult of the Prophet Muhammad.

Unrelated Events (0)

Anonymous Coward | about 2 years ago | (#41517593)

In unrelated news: a recently de-throned Nigerian prince has acquired US missile codes, along with "$15.000.000 USD".

Wait a second... (2)

asylumx (881307) | about 2 years ago | (#41517613)

White House sources partly confirmed that U.S. government computers — reportedly including systems used by the military for nuclear commands

Wow, that sounds bad.

None of the White House’s secure, classified computer systems were affected

Wait, so there are only a couple ways that these could both be claimed:
1. Someone is lying
2. Our gov't is actually dumb enough to not classify & secure systems used by the military for nuclear commands
3. Someone is lying

I'm guessing it's either 1 or 3.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>