
China's HUMINT operations against defense contractors in full swing - burgessct
https://news.clearancejobs.com/2017/06/23/chinas-humint-operations-against-us-defense-contractors-uncovered/
======
mark_l_watson
I am all in favor of more training for avoiding social engineering attacks,
stronger encryption and security for all devices and networks, and generally
making digital systems as robust as possible - and then keep investing
resources in these hardening activities.

The really sad thing is that so many people, including my congressional
representative who I contacted on this subject, just don't get it: securing
our systems is on par with fighting terrorism and conventional defense
capabilities, and should receive the same resource allocations.

It goes without saying, but I will say it anyway: encryption backdoors will
severely weaken efforts for economic growth and for defense.

~~~
Buge
How is this relevant to the article? The article never talks about social
engineering, computer security, encryption backdoors, or terrorism.

------
angry_octet
The obvious consequence of the hack of the Office of Personnel Management. All
the details of all clearance holders, including the background investigation
into their personal lives, finances, psych evaluations, etc.

Overall a bigger disaster than the Snowden leaks, but it was too embarassing
to explain. No one got punished for letting it happen.

~~~
3pt14159
I hate how this shit is even in computers at all, much less networked ones.
Can we not just revert to using paper and folders and filing cabinets for
stuff like this until hacking computers isn't so trivial?

~~~
kasey_junk
Are you suggesting that one of the largest HR depts. in the world revert to
paper & filing cabinets? Can you imagine the massive cost of that? The
efficiency loss? It would be staggering.

Governmental record keeping of this sort is literally one of the first uses
for computers.

~~~
thejteam
This shouldn't have been stored on an unclassified, publicly accessible
computer. This is a prime example of how the aggregation of unclassified
information can be used to derive classified information.

Example... oh, there's lots of people with TS clearances in this little town
in the midwest. Maybe there's something to that. Let's check it out.

~~~
walshemj
Apparently during ww2 the editors of a SF mag worked out something nuclear
related was going on at los Alamos by looking at the cluster of subscriptions

------
chiph
The classic motives for spying go by the acronym MICE - Money, Ideology,
Compromise, and Ego.

[https://en.wikipedia.org/wiki/Motives_for_spying](https://en.wikipedia.org/wiki/Motives_for_spying)

Money - honestly, the spy agencies never really paid all that well. John
Walker got a couple thousand a month from the KGB. If you're spying for cash,
frankly you'd be better off getting a second job.

Ideology - This is probably where younger people who didn't grow up in the
Cold War era are vulnerable. "But they're our friends now, right?" Nation-
states have interests, not friends.

Compromise - Make sure you're not in a position to get blackmailed. If you do
get blackmailed, work with the security people.

Ego - Maybe a period of introspection could help?

~~~
civilitty
Money is mostly used to compromise civilians who are in debt as that pressure
makes them more vulnerable, especially if it's debt to organized crime. A
common tactic is to give desperate people a medium chunk of cash to do
something minor that the handler can still spin as treason afterwards, which
then hooks the informant and allows the handler to pay him relatively small
amounts until they are burned. Money doesn't work as well because the people
in a position to command large bribes usually have emotional connections that
money can't overcome (but M+ICE sometimes can).

I don't know many details about the CIA's black budget but I'd imagine it can
be used to quickly gather hundreds of thousands or millions of dollars for
especially promising informants.

~~~
bitexploder
Your credit is checked when you get a clearance. The higher level clearances
have stricter requirements. It doesn't prevent people from being bribable, but
it seems like a sound defense measure.

~~~
remline
If you don't allow bad credit then the new bribable, grey market, and or theft
point is a minor credit mark.

People with ethics problems usually understand the gamified parts of society
better than the rest of us and leave their fall out everywhere that we haven't
gamified yet.

~~~
bitexploder
That seems easier to fight. Go to a superior and alert them. Versus someone
with poor credit who might need quick cash. Seems easier to manage.

~~~
remline
Stan Smith realizes his credit card payment for his new gadget was sent out a
day late and calls his credit card company in a panic. He can't afford to have
his clearance suspended. The foreign support agent tells him he isn't allowed
to fix that, but as a favor he does anyway.

Stan is surprised when the lawyer assigned to his foreign suspect by the
embassy makes a reference to these new gadgets (perhaps coincidentally?)

What does Stan do? The problem is who can alert Stan's supervisor and how
likely it becomes that every agent can be blackmailed as you move toward a
zero tolerance policy.

~~~
bitexploder
One late payment won't hurt. IDK. Pay your bills on time and immediately tell
a superior. This just doesn't seem practical. You ar almost never penalized
for things like this if you report them. One late payment won't really touch
your credit anyhow. Just seems much harder to exploit as th instructions for
things like this are very clear and any TS or better holder routinely reports
anything like this.

------
arthur_trudeau
Defense contractors are more prominent, but I would be astonished if they were
not heavily targeting generic US tech firms as well, especially those involved
with key infrastructure components and services.

This becomes a lot easier when a fifth or more of their employees are Chinese
nationals.

~~~
gruez
> fifth or more of their employees are Chinese nationals.

Chinese _nationals_ , or _ethnic_ Chinese?

------
Overtonwindow
Yep. We're getting more and more briefings, and training in avoiding social
engineering, and opening ourselves up to making terrible mistakes with
classified information.

~~~
jgome
Of course you are, the whole security industry is based on spreading fear,
uncertainty, and doubt... And that makes it very profitable.

~~~
ghaff
So are you suggesting that there's nothing to worry about and that everyone
should carry on as if the threat environment hasn't changed?

~~~
jgome
I suggest that you don't buy the hype and the bullshit. All this China/Russia
stuff... It's nothing new, and it's not like the US doesn't do the same, and
worse.

And yet here we are, talking about the russians "hacking elections" and the
chinese stealing "economic secrets", the first topic, pushed by infosec
companies that also have political-economic interests, is being presented
without any proof whatsoever, and the second topic clearly showing the level
of paranoia in which US people live (IIRC, some espionage cases involving
chinese citizens were proven in court to be false).

Perhaps US people and their govt should care more about their own people being
extremely greedy and true psychopaths before judging foreign govts and
nations...

------
vorg
From where I dwell (China), this link comes back with

    
    
      Error 403 Access to this resource is denied
      Access to this resource is denied
      Guru Meditation:
      XID: 24445124
      Varnish cache server
    

Is this only available from certain places, e.g. the U.S.? If so, given the
international nature of Hacker News and the .com domain, perhaps this should
be labeled _China 's HUMINT operations against defense contractors in full
swing (USA only)_.

------
crb002
Clearance Jobs is a subsidiary of DICE in Urbandale. Chad Thompson their
devops guru is good people.

~~~
alasdair_
From the domain name, I assumed it was a joke, like "SALE! Crappy jobs no one
else wants - now on clearance!

~~~
walshemj
That's indeed :-)

