
China Cyberspies Outwit U.S. Stealing Military Secrets - bcn
http://www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html
======
UnoriginalGuy
I grow weary of reading these "hacking," "cyberspy," etc articles. They always
read like a plot of a bad action movie (Hackers, Swordfish, etc) rather than
what people who actually work in the sector (IT, Security, even programming)
have to deal with day to day.

Just once, I'd love to read an article that talks in specifics, like how they
got in (e.g. via exploit XYZ), how they spread (e.g. via hole in network
policy XYZ), and what was done about it.

Also, if this super-top-secret information is so vital to the US's national
security then why was it in the hands of a private company? I might be
misunderstanding something here, but it seems less like information vital to
national security and more like information vital to that company's future
success (i.e. industrial espionage).

I cannot help but wonder if someone at this company (e.g. former CIA director)
made a few phone calls and turned an industrial espionage incident into a
national security incident in order to cover their arses.

~~~
JonnieCache
They're here to ease the passing of specific US legislation in aid of the
military industrial complex. See
<https://news.ycombinator.com/item?id=5642408>

I really wish people would stop posting them.

~~~
rdtsc
That aspect often escape people. If this was too serious they probably
wouldn't be writing articles about it, as that just tells others (say enemies)
more information. This is looking like buttering up for a contract or new
legislation.

------
a_p
The only thing as breathtaking as the amount of information the Chinese
military has stolen is how dysfunctional their military is. Here [1] is an
excellent article about corruption in the Chinese military. The Chinese
government is a bizarre mix of authoritarianism, greed, patronage and
nationalism, and it has no clear structure. The military is no different. It
doesn't matter how much technology they have; as long as the military has no
internal cohesion and accountability, they will never overtake the United
States.

Here's a quote from the article, citing a 'princeling':

" "China no longer has a paramount leader who can hammer down authority at
crucial junctures. "Gangs" of patronage and bribery are congealing together,
he said, adding that "Corruption is the glue that keeps the whole system
together, after the age of idealism." "

And another:

" A third princeling, whose father once ran China's security apparatus, blames
Jiang for sabotaging the last leadership transition in 2002 by refusing to
relinquish control of the military. He said Jiang promoted dozens of generals
who are, as he put it, either "henchmen" or "morons." The result is that
nobody is really in control, he said. "

[1]
[http://www.foreignpolicy.com/articles/2012/04/16/rotting_fro...](http://www.foreignpolicy.com/articles/2012/04/16/rotting_from_within?page=full)

Note: You don't have to sign up for foreignpolicy.com to read the article.
Just disable JS or stop the page from loading before the popup shows up.

~~~
Asterick6
Such articles like the OP's seem to cater to alarmism and hyperbole as these
kind of events occur all the time. The difference here is that the US gov is
being quite unprofessional by resorting to publicizing these events. Also,
it's quite trivial/foolish to care whether or not any country will overtake
the US (or another country). The way I see it - decreasing the US' influence
may actually be beneficial. Rather than a unipolar/bipolar world, there can be
a multipolar world. Maybe it'll reduce the crap that the US gov does/causes
domestically and internationally, as it seems the fed believes it can ignore
accountability because of supposed exceptionalism.

~~~
ericd
There has existed a multipolar world in the past, in Europe. That world was
very frequently in a state of overt war, so it's not clear that that's a
better state of affairs than an unchallenged dominant nation.

------
mechashiva
I worked, long ago, at the group in QinetiQ that got hacked. A couple of
observations:

1\. The Talon project (the robot pictured) is not, in fact, super secret. I
worked with the Talon platform, and while my projects were "confidential", it
wasn't some super secret thing. Would the government rather not have the
Chinese have that IP? Of course. Is it at a security disaster? Hardly. That's
not to say that they didn't have other, much more secretive, projects that
were also compromised; it's just that the stuff being reported in this article
isn't, like, nuclear launch codes.

2\. IT security there (and, as I understand it, at similar government
contractors) really was laughable. Total cowboy land. Assuming it hasn't
revolutionized its security and culture, this attack didn't need to be some
amazing exploit; it may have been a phishing attack or something similarly
straightforward. So while the article lacks details, I'm not sure there's
anything interesting to find here about the merits of the attack.

FWIW.

~~~
rdtsc
As someone already pointed out above this smells like a PR piece for a new
'cyber-security' enhancement project (read: hand-out) and/or legislation.

------
alan_cx
I find it surprising that it would seem that the only country on the face of
this planet hacking foreign countries and business are Chinese. I'm so pleased
that no one in the US, UK, Israel, Russia, South Africa, Pakistan, India,
Japan, Canada, etc would clearly never dream of such things. On top of that, I
cant even begin to imagine why countries other than the US would seek
intelligence to help them in defence.

Good job that no one is using computer or the internet to launch attacks on
research and production facilities in foreign countries.....stuxnet.......oh.

This might be new to some, but it it turns out countries spy and thieve off
each other. But all we seem to see is lots of articles about the evil red
commie Chinese, who we all happily do business with, including allowing to own
our debt, hack the US. Strange that.

~~~
Vivtek
For the record, the Chinese don't actually own that large a portion of the US
national debt, which is almost entirely held by American organizations.
Propping up our currency, now, that's a looming problem - but one that will
hurt China a lot more than it'll hurt us when it hits the fan.

~~~
zimbatm
Sources please ?

~~~
adventured
The Fed is the #1 individual holder of US debt (for sovereigns or banks).
Social Security holds $2.7 trillion. China has about $1.1 trillion, just in
front of Japan.

China's holdings are actually not a big deal. If pressed to do so, the Fed
could print a trillion dollars tomorrow and buy it all back (with some obvious
consequences, but non-the-less).

"The breakout of foreign-held debt shows that China was the largest holder, at
$1.161 trillion (as of October 2012, most recent data). Japan came in second,
at $1.134 trillion."

[http://useconomy.about.com/od/monetarypolicy/f/Who-Owns-
US-N...](http://useconomy.about.com/od/monetarypolicy/f/Who-Owns-US-National-
Debt.htm)

There's a massive number of sources, but here you go:

[http://finance.townhall.com/columnists/politicalcalculations...](http://finance.townhall.com/columnists/politicalcalculations/2013/01/21/who-
really-owns-the-us-national-debt-n1493555/page/full/)

------
batgaijin
Capitalism only works when there are security precautions to make sure that
business between corporations and individuals is safe. This is true on the
physical level, and sadly, will have to be true at the digital level as well.
If companies are infamous for being unable to do long-term accounting, why the
fuck are we expecting them to suddenly hold themselves accountable to other
long-term risk?

I think it's stupid to cast this as the super whiz kid Chinese hackers and the
poor SOB admins looking at the logs. There usually isn't even a proper budget
_for_ admins to be looking at logs.

------
jamieb
Its not what they stole that worries me. Its what they modified and left
behind.

~~~
jussij
So now we no why the F-35 Joint Strike Fighter is so far over budget.

The Chinese tweaked the plans so when they tried building the thing nothing
would fit.

~~~
Irishsteve
Ah the metric system could have caused that.

~~~
pyre
The metric system is a group of measures that was poorly thought out and
people using said system cannot built fighter jet parts that fit together?

------
lutze
'“When it comes to cyber security QinetiQ couldn’t grab their ass with both
hands, so it cracks me up that they won,” Bob Slapnik, vice president at
HBGary'

I love the smell of irony in the morning.

~~~
willvarfar
The HBGray fiasco really clearly delineated that there were two HBGray
companies.

Yes, one was a moron. And the other was a moron for employing that moron :)

------
Vivtek
This just makes my brain hurt. "Cyber pillage" of the nation's "most closely
guarded secrets" - so secret they were exposed on the Internet without,
apparently, keeping up the security updates?

I think maybe the fault lies not with the Chinese superhackers, but with your
definition of "closely guarded."

------
venomsnake
Well ... if you don't want something hacked don't expose it to the internet.
Is there a reason why corporations does not have inner network that is
electrically disconnected from the internet where the sensitive data is stored
and manipulated?

Buying a second pc for every person is pocket change.

~~~
yuliyp
People want to work remotely. They want email on their
iPhones/Androids/Blackberries. They want to e-mail people at other companies.
Every once in a while you need a nontrivial amount of information to cross
that airgap. Then you have Stuxnet-style attacks to worry about, too.

~~~
Vivtek
Maybe if they want to work remotely, they're just going to have to suck it up
and admit that you can't do that with sensitive information. There have in
fact been times when military secrets were considered more valuable than
people's lifestyle or convenience.

I'm thinking that if these secrets are _not_ more valuable than the lifestyle
and convenience of military consultants, then they're not actually all that
live-or-die, are they? Instead, they're used as fodder for alarmism.

------
squozzer
It's foolish to either ignore this stuff or to panic. Learn your lessons and
continue developing technology. We'll starve in the streets before the
government stops trying to develop another billion-dollar superweapon. Even if
the Chinese didn't have good hackers, they could do as the Russians used to do
and turn Americans into spies with offers of money and sex. That said, China
has a major social flaw that has persisted throughout its' history -- success
can be just as fatal as failure. Any wagers as to how long Comment Crew will
continue to operate before they turn on their government or are snuffed out
pre-emptively?

------
bluedino
Aren't there any active packet-inspection devices out there (Palo Alto?) that
can detect this kind of stuff?

    
    
      * Joe's working from home, but logged in? Disconnect!
      * Joe's transfered 80GB today when he normally does 2GB? Disconnect!
      * Joe's connecting from a VPN server in Croatia? Disconnect!

------
gluegeorge
I wonder what the 1) US government has done against Chinese government
industrial complex, 2) how much false information is spread this way.

------
wpnx
It seems like we read articles like these almost every week. Can the US do
anything but besides lodge complaints?

~~~
ChuckMcM
Of course they can, what makes you think they aren't?

But a more interesting question is to look at what information is presented
and what is missing. How much is new, how much is old. Then on policy stories
like this one I sometimes pop over to the senate web site and look at what's
coming up on the senate calendar [1] and oh look, on May 7th they are having a
hearing to talk about

    
    
       Hearings to examine the Department of the Air Force in    
       review of the Defense Authorization Request for fiscal 
       year 2014 and the Future Years Defense Program.
    

Hmm, who is in charge of Cyber Command? Why it's the Air Force! Who would have
guessed.

(yes I can be _that_ cynical)

[1]
[http://www.senate.gov/pagelayout/committees/b_three_sections...](http://www.senate.gov/pagelayout/committees/b_three_sections_with_teasers/committee_hearings.htm)

~~~
enraged_camel
It's not cynical at all. You just demonstrated an example of a phenomenon that
was well-documented in the 80s by people like Noam Chomsky. His book
Manufacturing Consent talks in great detail about how mass media is used to
manipulate public opinion.

~~~
tptacek
The logic here seems to be that because the mass media can be used to
manipulate public opinion, it is used exclusively to manipulate public
opinion.

~~~
enraged_camel
Please point out where I said - or even implied - the "exclusively" part.

------
Kekeli
Interesting

