
NSA Chief: China Behind RSA Attacks - wglb
http://www.informationweek.com/news/government/security/232700341?cid=RSSfeed_IWK_News
======
mindslight
Imagine how much of a non-problem malicious hacking would be if the government
hadn't started persecuting hackers back in the day. Actual secure software
techniques would have been developed out of necessity, and at the very least
people would take the concept of an 'air gap' seriously (like perhaps not
hooking process control equipment up to the Internet!). But once again, their
hubris led them to believe that man made "laws" could declare away an
undesirable emergent behavior, and society went full speed ahead in deploying
highly brittle systems while the threats were reassuringly out of sight.

------
sp332
The news here isn't that China has been hacking US companies. The news is that
the USA has started calling them out on it. I wonder if this signals a shift
in foreign policy?

~~~
epoxyhockey
The US has been calling China out on hacking as early as 2008, but insinuating
that the Chinese gov't was involved in incidents back to the mid-2000's. 2008
Source: [http://www.washingtontimes.com/news/2008/jun/12/hacking-
on-h...](http://www.washingtontimes.com/news/2008/jun/12/hacking-on-hill-
traced-to-china/)

I think the _real_ news is that China isn't publicly denying these incidents
anymore. Though, it seems like nothing has really changed.

------
samstave
I posted the following in another thread the other day, but that thread was
deleted. I think it is relevant here:

\--------

I worked for a company that was acquired by Lockheed. I ran IT and had already
spent a few years 100% rebuilding the infrastructure of the company when I
joined.

As we were assimilated I worked with IS&S and their security teams closely to
ensure our security measures were up to snuff with Lockheed's requirements (we
built the RFID tracking system the military used for shipping pretty much
everything) In our security meetings, we were briefed on activities that were
happening, what we needed to do and why.

China was constantly attacking Lockheed and all other defense contractors.

They were pretty sophisticated in how they did it; targetted spear phishing
was one of their successes:

Chinese spies would attend defense contractor events - meet and seek out
lockheed and other employees. Get their business cards and spoof mail from one
employee to the other, referring to events that occured at the convention to
get people to click on shit that would be a trojan. These trojans were rather
sophisticated in that they would operate very very slowly to trickle pieces of
information out. Sometimes they were very specific pieces of information.

I don't recall exactly how this was found out, but someones machine was being
checked out - and in the process the trojan was found. When the chinese were
alerted to the fact that the trojan had been found, they turned whatever their
bot-net was up to 11 and attempted to just mass send out as much data as they
could.

(All of lockheed only has (I think) 3 connections to the internet)

They cut it off and had to get rid of these trojans.

Another time, a supplier (I think it was in Taiwan, I cant recall exactly) a
supplier was hacked and its machines would install stuff on any USB sticks
used.

Lockheed machines were not allowed to connect to non-lockheed networks, via
Wifi or any other means. So they would use USB sticks to transfer stuff.

The chinese went after the suppliers machines as a vector to get connected
with the lockheed machines. I have mentioned this stuff here on HN before, and
in light of China's 50-100 year vision for where they want to be, we are
basically fucked. The chinese have been securing access to all major natural
resources in Africa, as well as being the manufacturing hub for EVERYTHING -
while the US government is squabbling over petty short term profit efforts and
securing a diminishing resource (oil).

This is not to say the US is some slouch in the cyber security space; Stuxnet
and Doqu are clearly US/Israel cyber attacks that are amazing. But anyone
would be a fool to not be very wary of where the online digital war is headed.

~~~
est
Do you have any single evidence that it's exactly from China, not just by some
Chinese IP address or Chinese texts?

~~~
samstave
Personally, no. This information came to me from head of netsec at lockheed in
our meetings. It was conveyed in phone conversation on the netsec con calls.

I take it at face value, though.

~~~
est
That's odd, because through the media and Internet forums anywhere I can only
see name pointing, not strong evidence.

If you ever have time, trace back all the "China hacking" reports, they all
came from non-tech sources, just authoritive accusing. Blame China is
obviously the most safe and easy assumption, because Chinese people rarely
care or hear foreign voices anyway.

But do you happened to know that Chinese Internet was one of the largest
malware & botnet victims in the world? If you subscribe full-disclosure you
can see lots of mass security issues happening in China everyday.

~~~
maratd
> That's odd

No, it isn't. The Chinese themselves are documenting the attacks. They made a
documentary about it. It was a story here on HN. It's not exactly a secret.

~~~
est
I believe you refer to this thread

<http://news.ycombinator.com/item?id=2916613>

Yes, it's documented, but it's DoS Falun Gong servers, the same stuff like
Anons with LOIC. But stealing IP from company for political or commercial
motives? You need much more than DoS.

------
shayanjm
In a large portion of these attacks, the attackers are using some form of
modified SpyEye/ZeuS botnet source with a pre-loaded 0day (adobe products are
the target of choice since they seem to have a vuln discovery a week).
Honestly, regardless of how you slice this - with a solid Social-Engineering
backend, this is a very difficult problem to deal with/defend against
regardless of the securities in place.

However, I will say this: I really do think it's in a company's best interests
to dabble in the blackhat security markets a bit as a bystander. You can watch
the development of some VERY interesting 0days, botnets, and other such
goodies from an in depth perspective. That way, you can protect your mission-
critical assets from the latest and greatest vulnerability before it trickles
through to vulnerability notifier services.

------
Irishsteve
Any idea how frequent the US hacks Chinese corporates?

~~~
tedunangst
Zero. I've never read allegations to the contrary. Commercial, as opposed to
strategic, hacking is both outside the scope of the US govt and of limited
value. Everybody (as in the people who count) knows that US corps have the
best R&D, so why take the risk to steal something you don't need?

[I should add something about the degree of separation of govt and corps being
a factor.]

~~~
runjake
I'll simply say that you have no clue what you're talking about and leave it
at that. It's pretty preposterous to assume that because it's not in the US
media, it doesn't happen.

If you want a declassified historical account, look back at the US IC programs
to furnish sabotaged/backdoored electronics during the later years of the Cold
War.

~~~
tedunangst
Can you provide a link to non-US media?

I am assuming IC == integrated circuit? Was that program targeting the USSR
govt or private industry, such as may have existed? Was the backdoor designed
to steal state secrets or economic secrets?

------
jessriedel
Am I correct in thinking this is a weird use of the term "intellectual
property"?

~~~
tryke
It's a proper use of "intellectual property", but they're not talking about
movies and books.

~~~
jessriedel
Intellectual property is something whose use is protected by law. (In
particular, the fact that you have to break the law to obtain the information
does not make it intellectual property.) These are just secrets, right?

~~~
trotsky
Most things stolen in industrial espionage are either copyrighted or trade
secrets, both of which fit within a formal definition of intellectual
property.

------
abcd_f
Makes you wonder if/what extras all those iPhones are now packing.

------
carguy1983
Isn't stealing information and eavesdropping on communications _exactly_ what
the NSA does?

~~~
maratd
Exactly. Placing them in a fine position to determine who's doing it to us.

------
gcb
all the quotes are out of context in that article.

i doubt they said anything to that effect.

My bet, if I could see the talk somewhere, is that he referred to the attacker
as something generic (not "china") and then on another point talked about
China's trouble with intellectual property as when they sell counterfeited
cisco gear or use code from one US company manufacturing there on a huwaei
product, etc.

and the journalist just cut, mixed, and published the bomb about china being
the attackers.

of course the article may only have the worst quote choices and that's exactly
what he said.

