Hacker News new | comments | show | ask | jobs | submit login
Hacking U.S. Secrets, China Pushes for Drones (nytimes.com)
26 points by sethbannon on Sept 21, 2013 | hide | past | web | favorite | 19 comments

Question: why were these computers connected to the Internet in the first place? So the drone design engineers could check their Facebooks? Computers doing real work should be airgapped, this is a no-brainer.

My guess is that some social engineering is involved. That's how the Soviets hacked the Manhattan Project in the 1940s: planting spies, and/or bribing scientists involved in the R&D.

Another guess is that, because so many defense contractors and manufacturers are interdependent these days -- almost nobody designs or builds complete systems anymore -- they are tied to each other through communication channels and networks. A really good hacker-spy could piece together bits of information from Source A with information from Sources B, C, D, and discover or infer vulnerabilities from there.

Air-gapping does seem like an obvious choice, however, and I'm legitimately puzzled if it's not being done for the most sensitive design systems.

Just curious, how would airgapping be practical if you need Internet connectivity for your "real work"?

For example, let's say you run a quant trading firm and the algorithms you're concerned about being stolen need connectivity to download live trading info, and then after processing that info they need to communicate buy/sell orders to the outside world.

Are there any methods that could be used that would prevent all communication with a secure system (with an airgap level of certainty) besides the strictly defined data you need to do your "real work"?

Sure, you would just use Radianz, and that is in fact what everyone does. This is a very solved problem! Bloomberg also operates a private network, and there are others too. These systems can operate perfectly well without access to the public Internet.

A couple of jobs ago I worked at a financial services firm with 2 networks and 2 PCs on everyone's desk. Rednet for outside connectivity, and an internal network for real work, and never the twain shall meet.

NO-ONE needs the Internet for real work, let's be honest, just for goofing off. Time we all started to prioritize security over mere convenience.

Yep, maybe trading wasn't the best example, although they are still effectively at the mercy of the security of their data providers network - which admittedly is probably quite good.

Let's say you're a P.I., journalist, researcher, law enforcement, or intel agency, and need to automate news or people searches for some reason. If you were able to very strictly define the data you're expecting to receive, isn't there any way you could automatically pass this data on to a secure system without opening yourself up to exploits?

Hacking Unite nation. Media: China was doing that, too.

Hacking Encrypt Fax, Media: Quiet

we developed drone, attacks in pakistan. Media: Quiet

China developed drone, doing nothing, yet. Media: Hacking U.S. Secrets, China Pushes for Drones

Enforce human rights to third world countries. U.S.: -airline reservations are used to target illegal searches. -cellphone tracking by tower -20 miles interior check points, -100-miles Border Zone as "Consitution-free". As a result, San Francisco, Los Angles, Seattle, Chicago, New York, Washington D.C., Philadelphia, Miami, Houston are Consitution-free.

Now what was the news again?

Why not drop a mention of the NSA/CIA's spying and hacking on other countries and American citizens? Seems that it's only news for the media when China does it. Bunch of hypocrites.

The NYT and other major US media are pretty regularly reporting on the ongoing revelations from the Snowden whistle-blowing. I believe HN has instituted a "no NSA spying" story policy in general due to political arguments rather than discussions of the technical aspects involved. I could be wrong though.

Amazing how fast China has started looking like a Johnny-come-lately, now that Snowden has opened our eyes to how the US/NSA/GCHQ were targeting their citizens, allies, enemies and the Internet itself (by coercing service providers and by weakening underlying cryptography).

I don't think that shoe has dropped yet. As far as domestic surveillance goes, NSA seems to be approaching the level in terms of capabilities of Chinese MSS. In terms of foreign surveillance, although we can safely assume NSA has access to more fiber and hence internet traffic, there seems little reason to think their hacking activities are any more prevalent than any other large intelligence agency. Those capabilities are, after all, rather cheap.

What we haven't learned of, at least yet, is rampant industrial espionage by NSA to steal R&D and a pipeline for dealing with the stolen results. China, at least according to US allegations, has precisely that.

> What we haven't learned of, at least yet, is rampant industrial espionage by NSA to steal R&D and a pipeline for dealing with the stolen results. China, at least according to US allegations, has precisely that.

China would still be late to that game.

France and Israel were famous for doing government-sponsored industrial espionage in the 1980s-1990s. Again, according to US allegations.

>What we haven't learned of, at least yet, is rampant industrial espionage by NSA to steal R&D and a pipeline for dealing with the stolen results.

i wouldn't mind if NSA was doing something really useful like that instead of building total surveilance and instilling fears of it into its own citizenry

Hmmm. I wonder if maritime drone fleets are going to make carrier task forces obsolete, the same way carriers had been rendering battleships obsolete.

I think China's R&D in "Carrier Killer Missiles" is probably more likely to do it:


A CIWS will kick in at about 3 miles and has a 100% kill radius of over 1 mile. This will increase when the system has been upgrade to use lasers (soon).


The CIWS is only used if the SeaSparrow missiles (which have a 40+ mile range) and RAMs do not hit their target.



Those would only be used if the jamming equipment/planes failed.

Don't forget that carriers always have several ships traveling with them with even more anti-missile firepower.

It would literally take a nuclear missile, severe incompetence, or numerous malfunctions on multiple well-tested systems to hit an aircraft carrier with a missile. Plus balls, the US will come after you hard if you mess with one of it's carriers.

But yeah, shooting a missile with multiple nuclear warheads is about the only thing that can be done to take out a carrier, and that's a pretty awesome claim.

Oh, I guess a railgun would work too, those would be the real carrier killers. The US DoD should definitely assign some extra IT security personnel to the contractors working on railguns.

CIWS can't intercept a ballistic missile on a downward trajectory. It might work against a subsonic cruise missile in the Harpoon/Exocet class, but isn't expected to be effective against DF-21.

Just wondering, why do you think the U.S. military seems so paranoid about China's research into this? Everything I know about carrier killer missiles comes from mainstream media coverage in response to various U.S. generals sounding the alarm about China's progress in this technology, and its potential to end the U.S.'s dominance of the Pacific. Is it just budgetary saber-rattling?

Also, what happens if China fires, say, a few dozen of those missiles at once at a carrier group? After all, those missiles are a hell of a lot cheaper than a carrier.

This is just something I picked up and reasoned out, but you will probably want to verify this for yourself.

America fields the world's largest number of carrier task force in the world. The other Western countries have maybe one each. Apparently, it required not only technical skills, but also a certain culture and discipline of the crew manning the carriers. As such, the Soviets were unable field effective carrier task force and ended up building a submarine fleet instead.

With the Soviets gone, that left the US Navy as the undisputed power on the high seas, at least, if you are going by numbers of carrier task force. It's the primary offensive power of the US Navy.

... and if there is technology that renders it obsolete, it would be a major concern.

Note, in my original post, I was not talking just about carriers. I was talking about entire carrier task forces, where escort ships (like the cruisers fielding Aegis) are centered around the single carrier.

I was thinking of an offensive mobile platform rather than defensive, but the CKM is interesting.

I have not looked at this in depth. Apparently, carriers are costly to produce and requires a significant technical skills and discipline among the crew. A drone carrier that can pack the same offensive capability, yet doesn't require the level of skilled and disciplined crew, and is cheaper, is significant. Particularly, combined with the "carrier killer missiles".

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact