Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Chinese Hackers Infiltrate Firms Using Malware-Laden Handheld Scanners

timothy posted about a month and a half ago | from the location-location-location dept.

China 93

wiredmikey (1824622) writes China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world. According to security firm TrapX, the attack begins at a Chinese company that provides hardware and software for handheld scanners used by shipping and logistics firms worldwide to inventory the items they're handling. The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices.

Experts determined that the threat group targets servers storing corporate financial data, customer data and other sensitive information. A second payload downloaded by the malware then establishes a sophisticated C&C on the company's finance servers, enabling the attackers to exfiltrate the information they're after. The malware used by the Zombie Zero attackers is highly sophisticated and polymorphic, the researchers said. In one attack they observed, 16 of the 48 scanners used by the victim were infected, and the malware managed to penetrate the targeted organization's defenses and gain access to servers on the corporate network. Interestingly, the C&C is located at the Lanxiang Vocational School, an educational institution said to be involved in the Operation Aurora attacks against Google, and which is physically located only one block away from the scanner manufacturer, TrapX said.

cancel ×

93 comments

Sorry! There are no comments related to the filter you selected.

Problem traced (5, Insightful)

invictusvoyd (3546069) | about a month and a half ago | (#47436813)

The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices.

Re:Problem traced (3, Interesting)

K. S. Kyosuke (729550) | about a month and a half ago | (#47436821)

With the code size these things tend to have, you could embed an office package into it and nobody would notice. I wonder what happened to the habit of making embedded systems simple and transparent...

Re:Problem traced (4, Interesting)

drinkypoo (153816) | about a month and a half ago | (#47437207)

I wonder what happened to the habit of making embedded systems simple and transparent...

I remember some 20 years ago a friend of mine was telling me that sooner or later, your microwave would have a whole operating system on it, even though it only performed simple tasks. It was already cheaper even then to use a MCU over discrete logic for many devices which were not staggeringly complex. It's about development time. As long as we fail to demand quality, we will continue to get what is convenient to produce in quantity. Pity about quality.

Re:Problem traced (2)

K. S. Kyosuke (729550) | about a month ago | (#47440241)

I fully understand how an MCU saves time over using discrete logic. That is a trivial issue. But I sort of fail to see how dealing with complex software on top of complex hardware beats using simple (not trivial!) software on top of simple hardware, perhaps with the exception of this being The Only Way for a lot of solution vendors ("What, you don't want to program in C++ with our 3GB environment? But that's how we do things!").

Re:Problem traced (4, Informative)

plover (150551) | about a month and a half ago | (#47437271)

The "scanner" portion of these devices is typically an embedded system that drives a hardware sensor, and speaks USB out the back side. You could probably open one up, solder a cable to the right points on the scanner board, and you'd have exactly the simple and transparent scanner you requested.

But because the business wants a truckload (no pun intended) of functionality out of these scanners, they need it to have more capabilities. First, it needs to be on the network, or it won't give them any benefit. Next, it needs to be multi-tasking so it can display alerts, etc. Its primary task may be to inventory the stuff coming off a truck, its other tasks may include assigning work items to line employees, displaying alerts on the supervisors' screens, punching the timeclock for breaks, and possibly even employee email. To a lot of businesses, a browser based interface lets them run whatever kind of functions they want, without the expense of continually pushing a bunch of apps out to a bunch of random machines. So taking all that together, embedded XP is one (bloated) way of meeting all that.

So while the scanner itself is simple, it's the rest of the hardware in the device that was infested with XP and other malware.

Re:Problem traced (0)

Anonymous Coward | about a month ago | (#47438523)

So in other words, what they really want is a scanner hardware bit that clips onto a droid or iphone. Unless they're scanning bar- or QR-codes, in which case the phone can already do that on its own...

We've long since reached the point that for handheld specialty devices, it's far more sensible to take advantage of an existing, highly extensible and highly capable brain - the smartphone or tablet - and clip on any needed speciality hardware. See: Square (turns your phone into a card reader), cash register systems, etc. One of the fairly few exceptions is high-end cameras, since you basically need a smartphone-class system just to handle a 20MP sensor in the way users expect, but even so there's apps that let a remote computer control it.

Re:Problem traced (0)

Anonymous Coward | about a month ago | (#47438609)

These boards tend to also double as signature pads, GPS naviagation, route planning, tracking, and purchase systems for delivery drivers. Go ahead and pay attention the next time you get a package from UPS or FedEx.

Re:Problem traced (1)

K. S. Kyosuke (729550) | about a month ago | (#47440219)

FedEx used to do these things in Forth. Given how featureful Forth software can be even in tiny amounts, I just still don't see a reason for embedded XP. But then again, what do I know, I'm a brain-damaged Wirthian/Mooreian.

Re:Problem traced (2)

saleenS281 (859657) | about a month ago | (#47437657)

It would be just as, if not easier to put a backdoor in a proprietary embedded system. Unless the companies in question both demand and inspect the entire source code for their scanners, it doesn't matter WHAT is running on them.

Re:Problem traced (0)

Anonymous Coward | about a month and a half ago | (#47436837)

For some reason I found this story funny (and also creepy), that just makes it hilarious (and much less creepy).

Re:Problem traced (1)

sillybilly (668960) | about a month and a half ago | (#47436995)

All I can say is "duh." Btw China is just playing catchup, just like with space exploration, and now with snooping, as every time I see Intel Inside, or AMD, guess what? It's rigged, the same way, snooping or modifying your data, and not much you can do about it. The only chip you can trust is the one you make. And the US military is dependent on all this Mitutoyo and Doosan chip based things. I'll take a mechanical dial instrument over an LCD one lately, and also a Seiko self winding mechnanical watch with jeweled friction bearings, like http://www.ebay.com/itm/SEIKO-... [ebay.com] , if it weren't so damn expensive compared to a quartz/battery watch. A standalone quartz based watch is still more secure than relying on your cellphone for time, for things such as the alarm going off and not being late from work, as I've caught my cell phone's alarm feature not working when it was crucial, and it was set to go off but it didn't.

Re:Problem traced (1)

Megol (3135005) | about a month ago | (#47437373)

No. You are just paranoid.

Re:Problem traced (-1, Flamebait)

knightghost (861069) | about a month ago | (#47437439)

Not really. Chinese culture is based on stealing rather than inventing. They regard the USA as a no-holds-barred competitor while we mistakenly regard them as a frenemy. Mismatch of dynamics in our interactions.

Re:Problem traced (0)

Anonymous Coward | about a month ago | (#47437581)

Worse - they see the US as non-Chinese. That's a lot like saying "non-human". Why should you pay any attention to the rights of those 'things' that aren't your family, aren't even Chinese?

Re:Problem traced (0)

Anonymous Coward | about a month ago | (#47440395)

Not really. Chinese culture is based on stealing rather than inventing.

WTF I didn't realize the NSA is staffed by a bunch of Chinese-Americans?
Shit these Asiatics have already deeply infected our infrastructures.

Re:Problem traced (0)

sillybilly (668960) | about a month ago | (#47441131)

How about the other way around. I'm not even sure the story is real, and the Chinese aren't just framed by someone infiltrated designing these scanners for them, and they diligently and mindlessly make it, like they make so many other things, and they end up looking like idiots. I got called paranoid above, well, hey, you have no friggin idea how paranoid I can get. In fact Plato's "Allegory of the Cave" says everything you see in reality may be fake. And Rene Descartes came up with one truth that he was certain about, and did not doubt that it might be fake, by just closing his eyes, and thinking hard, and that's "Cogito ergo sum", or "I think therefore I am," which is awesome, but he got stuck there, he couldn't really go much further. Even all of math (that you can supposedly do without opening your eyes or using your senses, just pure closed eyed thought) can be fake, as you can flip any axiom it's based on, and there you go, it's a different math with a different set of rules, but no better or worse than the one based on original axioms. So don't believe everything you read, take everything you read with a grain of salt, and if you wanna fly off on a paranoid tangent, there are various degrees of paranoia and distrust, including total everything in the world is fake and you're just in suspended animation in Alien's spaceship, dreaming everything, and she's just using you to think for her, reading your mind, because the human brain is pretty good at stuff, while she's also growing offsprings in your chest. As external eggs, and in that eggs that don't require an energy packet in them, are much faster and fecund ways to reproduce than the mammalian female taking weeks(bunnies) to months(humans) to pop 1(human) to 20(pigs) offsprings at a time. For instance a good queen bee without a mammalian womb might lay 3000 external eggs individually, into individual hex cells, per day.

Re:Problem traced (0)

Anonymous Coward | about a month ago | (#47438531)

What phone do you have, so I know never to buy it?

The only times my phone has ever failed to fire its wake-up alarm are when I forgot to plug it in and it died. Which is no more its fault or different than if I failed to wind a mechanical watch. (Meanwhile, my $40 Timex Indiglo has a full year on its battery and several more to go...)

Not really (1)

Anonymous Coward | about a month and a half ago | (#47437001)

This was most likely done way before Windows XP was EOL, so blaming it on that isn't right. The big problem is that embedded software usually is closed source, hardly ever edited and almost never gets updated unless there are obvious bugs that limit functionality of the device.

Re:Not really (0)

Anonymous Coward | about a month ago | (#47437427)

So why not use linux on such things? With everything being custom proprietary stuff, there is no need for "ms office compatibility" or such. So put in a free operating system, increasing the margins as there is now no payment to microsoft. (Or no expensive manouvres to cover up blatant piracy) nd the device boot up faster too . . .

embedded systems get less OS updates so any (1)

Joe_Dragon (2206452) | about a month ago | (#47437775)

embedded systems get less OS updates / fail behind on patching so any os can be at risk.

Also does that Linux system hook into exchange / AD? Your DB? Ect?

Re:Not really (1)

DarkVader (121278) | about a month ago | (#47437791)

Well, Linux versions do go EOL as well, and if it's being embedded in the device it isn't really going to matter what OS it's being embedded in.

That said, embedding Windoze is pretty dumb for no other reason than it's an absolutely craptacular excuse for an operating system.

Re:Problem traced (1)

Anonymous Coward | about a month and a half ago | (#47437011)

Assuming the holy mantra physical access = security gone; Even if they had the latest and greatest Windows 8.2 SP4 for Embedded or living on the edge with Arch Linux they would still have been compromised.

The attacker can take as long as he likes to figure out a way to compromise the OS, if on a time crunch simply send out a a batch of good devices while you figure out how to shaft the next batch

Re:Problem traced (0)

Anonymous Coward | about a month and a half ago | (#47437095)

This is why I visit Slashdot... for the insight!

Re:Problem traced (0)

Anonymous Coward | about a month ago | (#47437327)

The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices.

The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices.

Fixed that for you. Where is the outrage when the Chinese exploit their industries for hacking? Guess that's not a way to get that quick +5 insightful these days.

Re:Problem traced (0)

Anonymous Coward | about a month ago | (#47438045)

Actually:

The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices.

It doesn't matter what OS is in use if the manufacturer is the one installing the malware.

The lesson here isn't that XP is insecure - it's that you shouldn't buy Chinese goods.

China-based threat actors (1, Funny)

Anonymous Coward | about a month and a half ago | (#47436815)

China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world [...] The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices.

Okay... first, is a "China-based threat actor" anything like a Chinese hacker? Or are we talking about thespians who specialize in instilling apprehension and dread, while standing on top of dinnerware? Because these are two different things.

Also... Windows XP?!? There's the problem right there. Why in the name of Bob does someone have Windows EMBEDDED in a scanner? You need a GUI to make something go "BEEP"?!? Seriously? Next you'll say that your vacuum cleaner has Windows XP embedded. Hey, look, here's a Windows XP embedded PENCIL! This new eraser I just bought... Windows 8! Yeah!

Re:China-based threat actors (5, Informative)

toejam13 (958243) | about a month and a half ago | (#47436899)

They are probably using Windows XP Embedded (XPe), which is a customizable version of the OS. Customers can strip the OS down to only the components they need, significantly reducing the footprint of the OS.

XPe benefits from being able to use standard XP hardware drivers. Sometimes a driver simply isn't available for Linux, QNX, VxWorks or other embedded OSes. That's one reason that OS/2 based ATMs are disappearing - not because of security, but because drivers for newer card readers don't exist.

Lastly, you'd be surprised at what a modern scanner looks like. It doesn't just read barcodes and go beep. My workplace uses scanners for inventory tracking, and they come with a full GUI where we can associate new parts with a chassis, report drives being shredded, and just about anything you can think of inventory related.

Re:China-based threat actors (1)

Virtucon (127420) | about a month ago | (#47437379)

But still vulnerable to a ton and a half of vulnerabilities. Sure you can cut your exposure down (like no IE) but that still doesn't mean that the OS can't be attacked in other ways. You also hit the nail on the head, obsolescence and driver support. A lot of companies want to get away from XP but that means upgrading other systems and in some cases processes because there aren't one for one analogs available. That's the bigger problem, when a company gets hemmed in by the tech they may have selected decades ago. I had to work with one customer a year ago to get rid of a couple of SCO boxes that had been running since the late 80s running inventory control. It wasn't just the OS that was the issue, it was also the inventory software that they'd been using for decades. Changing that wasn't as simple as an OS upgrade.

Re:China-based threat actors (2)

dna_(c)(tm)(r) (618003) | about a month ago | (#47437559)

Sometimes a driver simply isn't available for Linux, QNX, VxWorks or other embedded OSes.

That is actually the best argument to avoid such hardware. Rely on hardware that is open standards based, then you can reduce dependency on proprietary drivers

The reason they have to stay with XPe is because there probably aren't any drivers for Vista/Win7/Win8/Win8.1 So much for the benefit of reusing XP drivers

Re:China-based threat actors (1)

fahrbot-bot (874524) | about a month ago | (#47438535)

Sometimes a driver simply isn't available for Linux, QNX, VxWorks or other embedded OSes.

That is actually the best argument to avoid such hardware. Rely on hardware that is open standards based, then you can reduce dependency on proprietary drivers

The reason they have to stay with XPe is because there probably aren't any drivers for Vista/Win7/Win8/Win8.1 So much for the benefit of reusing XP drivers

On the other hand, I'm sure whatever is needed could be ported to NetBSD - which can probably also run on these things, as it runs on just about everything else, including toasters [slashdot.org] . Just sayin' that there's more to wide-spread hardware portability than just XPe.

Re:China-based threat actors (2)

Viol8 (599362) | about a month and a half ago | (#47437145)

"Or are we talking about thespians who specialize in instilling apprehension and dread, while standing on top of dinnerware?"

Well if they call everyone "Daaahhling!" and have endless anecdotes about how they were at the RSC with Daaahhling Larry doing a particularly evil modern day interpretation of Richard III involving hackers then that may well be the case.

Re:China-based threat actors (0)

Anonymous Coward | about a month ago | (#47438175)

Well if they call everyone "Daaahhling!" and have endless anecdotes about how they were at the RSC with Daaahhling Larry doing a particularly evil modern day interpretation of Richard III involving hackers then that may well be the case.

You've met President Jinping?

Re:China-based threat actors (1)

Virtucon (127420) | about a month ago | (#47437359)

Okay... first, is a "China-based threat actor" anything like a Chinese hacker?

Newspeak. [wikipedia.org]

Re:China-based threat actors (0)

Anonymous Coward | about a month ago | (#47437603)

Okay... first, is a "China-based threat actor" anything like a Chinese hacker?

Newspeak. [wikipedia.org]

Not at all. This is the Chinese Government, and everyone knows it. However, they don't have absolute proof. So, instead, the release only states those facts that are proven: That this attack is coming from person and/or organization in China.

Re: Windows 8 eraser (1)

peacefool (1920042) | about a month ago | (#47444287)

A bad choice, obviously: it's not compatible with a WinXP pencil!

OK (0)

Anonymous Coward | about a month and a half ago | (#47436825)

So we already knew that they were doing it. Now we also know how are they doing it.
More importantly now we know where we must point our missiles to, to knock them out.
In all, good work.

Re:OK (1)

DarkVader (121278) | about a month ago | (#47437865)

No, not "good work". And we're not going to fire any missiles at China.

The article essentially told us absolutely nothing useful.

I don't give a crap where the command and control for the malware is.

I need to know who the manufacturer is, what brands that manufacturer produces, and what specific products we're talking about.

And that's exactly what the rest of you need to know as well, because at least some of us need to know what scanners we need to find and toss in a bin. And we need to know what to look for on the backend systems that have apparently been affected so we can clean them and lock them down.

Lanxiang Vocational School (no idea if that's the right one, or, after looking at the map, if there are any scanner manufacturers in the area) [google.com] is not someplace I've ever heard of before, and I don't see any obvious factories on that map.

Horrible FUD article.

Re:OK (1)

Kiralan (765796) | about a month ago | (#47438269)

I agree with you on the 'nothing useful' point. The linked pdf in the post was nothing more than 'Look at this serious threat' on the first page, and how wonderful the virus detection company's product was on the rest.

Backtrack the financials... (4, Interesting)

Etherwalk (681268) | about a month and a half ago | (#47436827)

Check for uncanny puts and calls on the market before earnings reports come out that can be traced to related parties...

Re:Backtrack the financials... (0)

Anonymous Coward | about a month and a half ago | (#47436911)

Puts and calls - that is about the only thing I can think of that would make this kind of data at all useful.

Re:Backtrack the financials... (1)

satuon (1822492) | about a month and a half ago | (#47436941)

I'd say "So they know those financials. So what?" It's not like they got the nuclear arsenal codes.

Re:Backtrack the financials... (1)

Anonymous Coward | about a month and a half ago | (#47437255)

Sure they do, it's 0000000

Everyone knows this.

Re:Backtrack the financials... (0)

Anonymous Coward | about a month ago | (#47437345)

wait, I thought it was 8 zeros, am I wrong?

Re:Backtrack the financials... (1)

module0000 (882745) | about a month ago | (#47437521)

You can buy your own devices with enough cash, which you get from massively profitable trades based on (stolen) insider information.

I don't think a nuclear arsenal is what they are after though..more likely they just want to take the money and run.

Re:Backtrack the financials... (0)

saleenS281 (859657) | about a month ago | (#47438159)

The US will never lose a military battle. Russia is attacking our infrastructure, China our economy. If you think this isn't a big deal, you're not getting the big picture.

The Moral? (1)

linearz69 (3473163) | about a month and a half ago | (#47436855)

Don't buy stuff from China. It built with the bones of children AND it contains malware.

Re: The Moral? (1)

cormandy (513901) | about a month and a half ago | (#47436897)

Sadly all of the handheld scanner factories in the US have since shut down.

Re: The Moral? (1)

Mashiki (184564) | about a month and a half ago | (#47436929)

Sounds like to me a prime opportunity to re-open one, and tout "american or canadian made" with "staff from inside the country" along with "rigorous QC."

Re: The Moral? (-1, Troll)

sillybilly (668960) | about a month and a half ago | (#47437017)

We don't know how to make chips in the US. At least not competitively. And all I see is strong brick buildings or bridges that were built to last forever demolished, instead these new fast rusting galvanized steel based contraptions erected everywhere. The US is setting up for a takeover by black and hispanic people, and a massive economic collapse, and the last thing they are gonna build here is another 10 story built like a castle brick building or never rusting stone bridge, let alone a chip foundry. There is still another 20-50 years to go though, and nobody cares about sustaining the good life and maintaining wealth in the US as the Obamas. Because they will inherit it, based on population growth rates, and this is still the best place anywhere in the world for blacks, and hispanics, not anywhere in Africa or Latin America.

Re: The Moral? (1)

Anonymous Coward | about a month and a half ago | (#47437045)

We don't know how to make chips in the US?
I think Intel and IBM would disagree.

Re: The Moral? (1)

Anonymous Coward | about a month and a half ago | (#47437065)

IBM? AMD? Intel? Samsung? Apple? They all make chips, and none of them are making them in China.

China is a major IP problem, and that IP problem is self-imposed by their culture. Korea and Japan also share some of this culture (Samsung vs Apple), but they're not making compromised hardware because that would absolutely kill them when their customers no longer trust their products.

Nobody has any reason to trust Chinese hardware or drivers, often the parts are counterfeit, and so are the drivers. I can name a few things off the top of my head:
X100P cards (MDM3200) are counterfeited and sold for use with Asterisk PBX software
Various Cisco (1700 thru 3560 series) and Nortel hardware that ended up in ISP's and government systems

Plenty of MemorySticks/SDcards/CompactFlash devices are counterfeit, along with many external hard drives.

As for your paranoid ramble. Concrete+rebar will not last, brick doesn't last. Only roman concrete lasts, and you don't want moldy rotten construction hanging around any longer than it has to. Most of the stuff that is still standing (think Golden Gate bridge) is only still standing because of maintenance, eventually these things hit a point where the maintenance exceeds the cost of building a new one.

Like it seems stupid, but the only kind of building that would last forever and be completely indestructable would be one made of carbon nanofabric, diamond or sapphire. Completely rot-proof, strong as hell, but don't go making a 110 story skyscraper from it, just because it's strong, doesn't mean it has the ductile qualities to stand up to earthquakes and wind, it would have to absorb that, and the welding would rapidly be eroded from that.

There was a TV show (I think it was "life after people") I watched that should all humans disappear in a blink of an eye, everything would start falling apart within 48 hours:
a) Power plants would stop operating (coal, oil and gas), causing a chain of outages that take out the power grid and SCRAM'ing the nuclear stations, leaving only geothermal, hydroelectric, wind and solar still operating but not sending the power anywhere. Most wooden structures equipped with natural gas would catch fire.
b) within 2 years, glass buildings would be shattered as the material used to hold them in shrinks and falls out
c) Within 20 years many brickwork buildings, roads and bridges would be destroyed from encroaching plants
d) Within 50 years, concrete+rebar, skeletons of remaining buildings would cause them to collapse

Go look at existing decay images from Chernobyl, Salton Sea, and Code (California) to see how fast certain environments encroach.

Re: The Moral? (1)

romons (2767081) | about a month ago | (#47445509)

Go look at existing decay images from Chernobyl, Salton Sea, and Code (California) to see how fast certain environments encroach.

I've heard of bitrot [wikipedia.org] , but Code, California? Some google employee enclave? And you say it is deteriorating?

Re: The Moral? (1)

Kasar (838340) | about a month and a half ago | (#47437093)

We have SEH and some others growing silicon in the US, though the profits go to the parent company.
US manufacturing seems to interest Asian companies more than any US ones, they exited the US in the 80s/90s and invested heavily overseas. Even Foxconn of suicidal worker fame has been talking about opening US facilities.

Re: The Moral? (1)

Pinky's Brain (1158667) | about a month and a half ago | (#47437107)

Well Intel still makes microprocessors and Microchip still makes microcontrollers in the US.

If you want ARM ST makes micros in Europe which is an ally, oh wait ... scratch the last one.

Re: The Moral? (1)

DarkVader (121278) | about a month ago | (#47437769)

Slashdot is no place for your paranoid racist rant. Take it to Stormfront.

Re: The Moral? (0)

sillybilly (668960) | about a month ago | (#47440863)

No other place on Earth has had a steady congregation of nerds since the 90's, like Slashdot. Those in power who don't like the truth spoken out loud, especially when it goes against their very expensive private media campaign of trying to set a trend and brainwash everyone into something, they will want to demolish slashdot. So the first step in that is divide and conquer, send one off the Stormfront, another one to Soylentnews (what a crappy name that is, almost as bad as a herbivore head with GNU is not Unix.)

Re: The Moral? (1)

Mal-2 (675116) | about a month and a half ago | (#47437089)

Sounds like to me a prime opportunity to re-open one, and tout "american or canadian made" with "staff from inside the country" along with "rigorous QC."

Of course! Because we all know no American agency would place backdoors or malware in a product, right?

Re: The Moral? (0)

Anonymous Coward | about a month and a half ago | (#47437239)

In the US, there is no such agency.

Re: The Moral? (1)

ComputersKai (3499237) | about a month ago | (#47438639)

Only one that sure loves to protect "national security". Of course, there's also some part about a secret court and mass-surveillance, but hey, at least your, well, kind of safe! Right?

Re: The Moral? (0)

Anonymous Coward | about a month ago | (#47439291)

*woosh*

Re: The Moral? (0)

Anonymous Coward | about a month ago | (#47437381)

Nah, you would need a country that values privacy and is willing to tell the big powers to fuck off and die when asked to "cooperate with security".

Re: The Moral? (1)

Sporkinum (655143) | about a month ago | (#47438281)

I don't know if they are all manufacured in China, but a local company, Intermec, makes and sells scanners. They may be Chinese sourced parts though.

Re:The Moral? (0)

Anonymous Coward | about a month and a half ago | (#47437035)

Considering pollution is so high that children would actually contain many of those toxic materials used in electronics, that isn't so far fetched.

Re:The Moral? (0)

Anonymous Coward | about a month ago | (#47438209)

Aside from the moral issues of theft, it's interesting to study how they obtain access.
Some information should always be guarded and not placed on computers because there will always be a way to get the data.
For very important data to remain secure I still use the old way, paper, ink and one very dated old PC not connected to internet and attached printer for word processing.
Pages get sealed in plastic then placed in a fire proof box.
There are places that are beyond hacker reach, just takes some time and effort.

 

Awaiting the Chinese governments response (1)

phayes (202222) | about a month and a half ago | (#47436901)

In 3 months when absolutely nothing has been done to identify or punish the people responsable for this:
Look! NSA Spy on you! Snowden nice guy, spend time in Hong kong running from US Government. This, little problem, everyone forget soon!

Re:Awaiting the Chinese governments response (0)

Anonymous Coward | about a month and a half ago | (#47437191)

Instead the RED Chinese gummint agonizes over the "security" of Windows 8 and iPhones - maybe the security they have a harder time cracking to hijack?

Re:Awaiting the Chinese governments response (0)

Anonymous Coward | about a month ago | (#47438657)

Instead the RED Chinese gummint agonizes over the "security" of iPhones - maybe the security they have a harder time cracking to hijack?

Fixed that for ya.

Made in China (0)

Anonymous Coward | about a month and a half ago | (#47437007)

I doubt it will work.

Hope it doesn't get in the way of US spying (0)

Anonymous Coward | about a month and a half ago | (#47437063)

You know, the processor backdoors and stuff.

Open source. (2)

Karmashock (2415832) | about a month and a half ago | (#47437137)

Really we are just seeing a failure in widely used proprietary software.

Obscure proprietary software is less of a problem because hackers are less likely to attack it.

Interesting... (0)

Anonymous Coward | about a month and a half ago | (#47437139)

It's interesting that these "hacks" always seem to originate in China, not at the NSA.

Look out! (0)

Anonymous Coward | about a month and a half ago | (#47437269)

It's the Red Peril again! Batten down the hatches.

Have you forgotten? (1)

conscarcdr (1429747) | about a month and a half ago | (#47437291)

That China has always been our best friend. It was Frederick of Pinchfield who masterminded Operation Aurora and all the handheld scanner attacks.

EFI BIOS (0)

Anonymous Coward | about a month ago | (#47437321)

We have found similar attacks in commercial off the shelf motherboards out of China with infected EFI BIOS.

Re:EFI BIOS (1)

DarkVader (121278) | about a month ago | (#47437777)

[citation needed]

Seriously, if you've got evidence of this, post it. Name names.

Making vague "infected EFI" comments is utterly unhelpful.

it isn't XP, it's an ethics problem (2)

stokessd (89903) | about a month ago | (#47437357)

If the summary is at all accurate, the manufacture built both the hardware and the software. So blaming the OS is silly. This is a case where any OS could be used, even a custom one, and they would add the spying functionality as they were building it. The real issue is buying hardware systems from unethical folks, no OS hardening in the world will help you when the manufacture controls it.

If China doesn't improve their stand on ethics, they will be relegated to building bath toys and partial systems where their leaks and theft aren't super critical. If they hope to join the rest of the developed world, they need to get their shit together.

Re:it isn't XP, it's an ethics problem (1)

itsenrique (846636) | about a month ago | (#47437501)

The problem is we have no place to be telling china to improve their hacking ethics these days.

Re:it isn't XP, it's an ethics problem (0)

Anonymous Coward | about a month ago | (#47438199)

If China doesn't improve their stand on ethics, they will be relegated to building bath toys and partial systems where their leaks and theft aren't super critical. If they hope to join the rest of the developed world, they need to get their shit together.

Are you serious?

Re:it isn't XP, it's an ethics problem (0)

Anonymous Coward | about a month ago | (#47444051)

You haven't been paying attention. China has become a less attractive place to take business because their shoddy business practices are becoming known in the west and wages have been going up there anyhow. This way of providing supply oriented services is deeply ingrained in their corporate culture and has been going on long before everything sold in the US was made there, even other chinese don't trust each other in business over simple transactions unless there is a long running personal relationship.. the whole supply chain is fucked over there. I believe they will come around just as other countries have on the same issue but it will take some time because it's just how shit is over there.

it's not really an ethics problem (1)

Anonymous Coward | about a month ago | (#47438353)

Ethics are only a problem for people that are well fed and comfortable. Just saying.

Would you steal bread from the wealthy decadent neighbor if your family was starving? Would it be more ethical to let your children starve?

Contrived example, I know. But as wealth inequality gets worse, so too do these issues. If your standard of living is 2 orders of magnitude better, I'm pretty sure the people living in poverty will all heave a great sigh of pity at this injustice to your stock portfolio.

Seriously? Bath toys? Underestimating China might just be the last thing the American Empire ever does.

Re:it's not really an ethics problem (0)

Anonymous Coward | about a month ago | (#47444073)

What you're talking about is a thing but I think you're ignorant of the motivations and situations that make chinese do these things, they're not the actions of the desperate poor and destitute. Your poorest chinese is pretty fucking poor by US standards but he has nothing to do with handheld scanner in the USA. Not nigeria or congo

Re:it isn't XP, it's an ethics problem (1)

catgirlui (3744423) | about a month ago | (#47440887)

i'm Chinese but I don/t think ethic is a big thing And in fact we are not so poor - - we are not like the Korean guys

it isn't XP, it's an ethics problem (0)

Anonymous Coward | about a month ago | (#47441005)

LOL ethics? Typical American arrogance.

Nobody outside America gives a shit what you Americans think, your generations are like the Germans in the Nazi era, so naive, arrogant and delusional, you don't even know which side is up, ever since you idiots were born you've been told lies such as Santa and "American Exceptionalism", while in fact there is no Santa, and your "country" have been under controlled by Europeans families since its foundin (Protip: Israel own you), the house of cards are now falling apart, you guys just don't know it yet, but the rest of the world is well aware of what's happening, and they're rushing to jump off the USD ship.

You idiots talk a lot about values, but everything you idiots claimed you stand for ended up being nothing but a big fat lie, your country was founded on mass murder of the natives, after that you mastered slavery, you then got lucky on WW1 and WW2 because you guys were so far away from the rest of the world, then as soon as the war was over, you guys stole all the best German scientists (all your stealth planes and the Apollo project were lead by those scientists), ditched the Brits and enjoy the head start while the rest of the world was recovering, after that you started toppling governments all over the world, dropping chemical weapons everywhere (look up, Vietnam, agent orange), and now you're spying on everyone, even your "friends".

These are all common knowledge outside America, so keep dreaming dick heads, it doesn't even matter if you guys don't choose to wake up, because the party is already over, the future generations will look at you the same way as we see the Nazis.

Re:it isn't XP, it's an ethics problem (0)

Anonymous Coward | about a month ago | (#47453113)

Not if they can sell it at a low enough price point.

"Customers can strip the OS down ..." (0)

Anonymous Coward | about a month ago | (#47437533)

Apparently not

Windows? (0)

Anonymous Coward | about a month ago | (#47438111)

did not know that scanners can run Windows. I thought they ran some proprietary operating system that is harder to hack into. Maybe the software that I am thinking of existed in the early 1990s Microsoft developed scanning software for Windows XP. thanks for sharing.

Hypocrisy (1)

HughJazz (3715809) | about a month ago | (#47438359)

American government officials: It's wrong for the Chinese government to engage in mass surveillance Chinese government officials It's wrong for the American government to engage in mass surveillance. Principled people with actual ethics: It's wrong for *any* government to engage in mass surveillance.

Chinese hackers (1)

canned (3744263) | about a month ago | (#47438403)

funny how all those "Chinese hackers" who are so dumb that don't even know how to use a simple proxy to hide their IP addresses coincidentally began appearing at about the same time the US government decided China and Russia will be the new enemy. And now that China has stopped buying US treasure bonds I bet we will be hearing about new "Chinese hackers" every single day. coincidentally, NATO wants to do a conventional warfare against hackers, too. Whatta coincidence indeedy

Re:Chinese hackers (0)

Anonymous Coward | about a month ago | (#47438485)

They really are this dumb. They hack straight from their HQ all the time.

Re:Chinese hackers (1)

ComputersKai (3499237) | about a month ago | (#47438679)

They probably want the U.S. to "notice" them or something, but it probably wouldn't be that easy for the U.S. to send a strongly worded cease-and-desist message that actually would make China stop their activities, at least not very soon, especially when the U.S. just lost a considerable portion of its own credibility a while ago. If the U.S. ceased exploiting our own systems, then they may just be able to pound China from a higher standpoint.

All's fair in love and war (0)

Anonymous Coward | about a month ago | (#47440305)

Now that the US corporate world has made China rich, they will now be their bitch.

jargon (1)

PopeRatzo (965947) | about a month ago | (#47440331)

What the hell is a "threat actor"?

Why use jargon when "criminal" is a perfectly good word? And if this is a specific type of criminal, say a terrorist or a thief or the intelligence apparatus of a foreign country, then there are very descriptive and precise words for those as well. If it's corporate espionage, then "crook" works well, too.

Why do people who use technology feel the need to create neologisms for the most mundane things? Just the other day, I saw someone from a news web site refer to an "article" as an "explainer cardstack". I'm not shitting you. I immediately took that news source out of my RSS feed because if they're that dedicated to lexical obfuscation, I don't trust anything they write.

English motherfucker. Do you speak it?

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>