Jump to content

Report Lists Weapons Compromised By Chinese Hackers

Antonov

By Antonov,
in General Discussion

 Share Followers 0

Recommended Posts

Antonov

Antonov

Posted
Posted

"Staggering... breathtaking" losses of confidential information to China, reported to have saved the PLA "25 years of research and development" and resulted in "billions of dollars of combat advantage for China":

http://www.washingtonpost.com/world/national-security/confidential-report-lists-us-weapons-system-designs-compromised-by-chinese-cyberspies/2013/05/27/a42c3e1c-c2dd-11e2-8c3b-0b5e9247e8ca_print.html

Well... ouch.

Link to post
Share on other sites
vince14

vince14

Posted
Posted

"Staggering... breathtaking" losses of confidential information to China, reported to have saved the PLA "25 years of research and development" and resulted in "billions of dollars of combat advantage for China":

http://www.washingtonpost.com/world/national-security/confidential-report-lists-us-weapons-system-designs-compromised-by-chinese-cyberspies/2013/05/27/a42c3e1c-c2dd-11e2-8c3b-0b5e9247e8ca_print.html

Well... ouch.

Not surprised. China is far ahead of the West when it comes to cyber espionage. They apparently also recently stole the floorplans and cable layouts for Australia's brand-new intelligence headquarters in Canberra (the ASIS, the Australian equivalent of MI6 or the CIA).

Vince

Link to post
Share on other sites
Litvyak

Litvyak

Posted
Posted

But nobody will stop to think, 'hey, maybe some things we should keep doing the old way...'

Can't hack a filing cabinet unless you're in the room...

Link to post
Share on other sites
Grant in West Oz

Grant in West Oz

Posted
Posted

NSA scoops in more than 2 petabytes of electronic data per hour. Some of it our chat here, phone calls and emails. All of which when discovered is blamed on China. What a coup for cyber-security professionals the world over. All your weapons contractors/ constructors are doing it to each other, so, who's copying who?

G

Link to post
Share on other sites
bashace

bashace

Posted
Posted

Precisely why the U.S. is 20 years behind being able to stop China from doing what it's ramping up to do. For one, all their military strategies revolve initially around defeating all of the U.S. Global Reach capabilities (Tankers, ISR, Aircraft Carriers, satellites), not defending against a military assualt from one of their neighbors.

Link to post
Share on other sites
The_Animal

The_Animal

Posted
Posted

Oh, they can still use computers; Make them all stand alone computers with no internet connection. Each information package will have to be transported to the different facilities by military courier.

Link to post
Share on other sites
TaiidanTomcat

TaiidanTomcat

Posted
Posted (edited)
Well... ouch.

They stole plans for systems you don't think will even matter in a war against China, as you have said repeatedly that war between the US and china will be nuclear not conventional, and even specifically stated that certain systems listed there are not even needed as it is.

But nobody will stop to think, 'hey, maybe some things we should keep doing the old way...'

Can't hack a filing cabinet unless you're in the room...

No but they can still be compromised. a magical machine that could make copies of the documents, and then return them to the filing cabinet without anyone knowing they were compromised. or tiny cameras that could take pictures of the documents etc.

Precisely why the U.S. is 20 years behind being able to stop China from doing what it's ramping up to do. For one, all their military strategies revolve initially around defeating all of the U.S. Global Reach capabilities (Tankers, ISR, Aircraft Carriers, satellites), not defending against a military assualt from one of their neighbors.

little do they know all the US's strategies are also ramping up to defeat China and not US neighbors either. So odd that they hacked all these weapons we aren't developing over the last 20 years, as they lag behind.

Each information package will have to be transported to the different facilities by military courier.

Even all US-built systems are manufactured in multiple states, international joint systems would be even worse. I would love to see the cost of the international military document escort every time LM in Fort Worth, Texas had to send documents to Elbeit in Israel, and Magellan in Ontario, Canada. beyond the cost the time it would take... not to mention all the military couriers have to have high security clearances, and the more documents produced the more can be compromised, and the more people to compromise them. The expenses and delays would make it nearly impossible.

Espionage is espionage, a country's ability to procure information is pretty much dependent on the lengths they will go to, and the people they can use to get it. China is going to great lengths with cyber espionage. And so it goes. It's not German farmers finding discarded NATO munitons and selling them to USSR agents, but its the same game.

Edited by TaiidanTomcat
Link to post
Share on other sites
Antonov

Antonov

Posted
  • Author
Posted

They stole plans for systems you don't think will even matter in a war against China, as you have said repeatedly that war between the US and china will be nuclear not conventional, and even specifically stated that certain systems listed there are not even needed as it is.

I don't think there will be a war with China at all, precisely because it would be nuclear and not conventional; everybody knows it, so nobody will be dumb enough to start it. We got through fifty years of the Cold War that way. We'll most likely get through whatever tensions there are with China before either we or they suffer a major Russia-in-the-1990s style collapse.

Besides which, useful or not, losing that information is not a good thing. If your kid loses his Nintendo DS by leaving it on the school bus, it's still a dumb thing to do, no matter whether he really needs it or not. This case bespeaks a certain incompetence and lack of seriousness in people who one would hope knew better, and that is worrisome all by itself.

Why, for example, are the computers used to design or store data about secret, high-tech, astronomically expensive weapon systems connected to the internet at all? So that the engineers can check their eBay auctions? Disconnect them, or connect them only to an intranet that's not on the wider internet. At least give every engineer two computers - one with internet access and one without, with strict instructions about what can and can't be on each one. If important information needs to get passed around, Sneakernet it. That worked fine when this country was sending men to the Moon; it can work fine now.

Link to post
Share on other sites
11bee

11bee

Posted
Posted

Why, for example, are the computers used to design or store data about secret, high-tech, astronomically expensive weapon systems connected to the internet at all? So that the engineers can check their eBay auctions? Disconnect them, or connect them only to an intranet that's not on the wider internet. At least give every engineer two computers - one with internet access and one without, with strict instructions about what can and can't be on each one. If important information needs to get passed around, Sneakernet it. That worked fine when this country was sending men to the Moon; it can work fine now.

Too late - we are all internet cripples and the net is so deeply intertwined in all aspects of our society (financial, business, manufacturing, social, defense) that I think it would be pretty much impossible to come up with a hackproof IT network. Technically it would probably work but with human nature what it is, all it takes is one person intentionally or unintentionally using a corrupted USB device to lay open an entire "secure" network. Every day, China becomes more dependent on the internet and all the devices that interact with it, so I don't think that Western society is unique in it's vulnerability to this type of intrusion.

I'm hoping that we are doing the same thing to our global "competitors" but the difference is we haven't been detected (or if we have, the other guys have chosen to not publicize the issues). If we are not doing this, then we truly deserve everything we get.

Link to post
Share on other sites
TaiidanTomcat

TaiidanTomcat

Posted
Posted (edited)
don't think there will be a war with China at all, precisely because it would be nuclear and not conventional; everybody knows it,

Someone tell the US military what "everybody knows" because they are into this whole "pacific pivot" thing.

Besides which, useful or not, losing that information is not a good thing. If your kid loses his Nintendo DS by leaving it on the school bus, it's still a dumb thing to do, no matter whether he really needs it or not.

You mean someone stole his DS right?

This case bespeaks a certain incompetence and lack of seriousness in people who one would hope knew better, and that is worrisome all by itself.

You seem to have a lot of knowledge about the circumstances and what happened, do tell.

Why, for example, are the computers used to design or store data about secret, high-tech, astronomically expensive weapon systems connected to the internet at all? So that the engineers can check their eBay auctions? Disconnect them, or connect them only to an intranet that's not on the wider internet. At least give every engineer two computers - one with internet access and one without, with strict instructions about what can and can't be on each one.

If important information needs to get passed around, Sneakernet it.

Sure, are you willing to pay for it and put up with the associated delays? The US Military alone shares millions of classified pages a day all over the globe. Not even talking about with certain allies, and not even talking about civilian companies working for the government. ARC couldn't work in such a system, let alone the US military, US government, US intelllegence agencies, civilian authorities, and civilian companies, and then ditto for foreign governments. Don't forget that one of the problems identified after September 11th was a lack of information sharing from rigid/secretive government agencies.

I don't think people realize just how much classified/secret information needs to be shared on a daily basis in the US alone.

That worked fine when this country was sending men to the Moon; it can work fine now.

Yes its just like that. In other news, phones, switchboards, and typewriters, and, and slide rules, and 8 track tapes, and computers that took up warehouses, worked just fine too.

If someone breaks into your house, you don't move into a cave-- you improve the security and take precautions to your home:

http://www.technewsworld.com/story/77980.html

This whole "back to the old ways!" idea will never happen. It wasn't fool proof back then either, without the internet the USSR somehow spied.

I await your hand delivered response to my door.

Edited by TaiidanTomcat
Link to post
Share on other sites
Rodney

Rodney

Posted
Posted

Why, for example, are the computers used to design or store data about secret, high-tech, astronomically expensive weapon systems connected to the internet at all? So that the engineers can check their eBay auctions? Disconnect them, or connect them only to an intranet that's not on the wider internet. At least give every engineer two computers - one with internet access and one without, with strict instructions about what can and can't be on each one. If important information needs to get passed around, Sneakernet it. That worked fine when this country was sending men to the Moon; it can work fine now.

Just to put things into context:

SIPRnet

NIPRnet

And yes, strict instructions do exist...

Link to post
Share on other sites
FM-Whip

FM-Whip

Posted
Posted

Too late - we are all internet cripples and the net is so deeply intertwined in all aspects of our society (financial, business, manufacturing, social, defense) that I think it would be pretty much impossible to come up with a hackproof IT network. Technically it would probably work but with human nature what it is, all it takes is one person intentionally or unintentionally using a corrupted USB device to lay open an entire "secure" network. Every day, China becomes more dependent on the internet and all the devices that interact with it, so I don't think that Western society is unique in it's vulnerability to this type of intrusion.

I'm hoping that we are doing the same thing to our global "competitors" but the difference is we haven't been detected (or if we have, the other guys have chosen to not publicize the issues). If we are not doing this, then we truly deserve everything we get.

1. I work in IT and this kind of stuff makes for interesting reading. While no network is entirely 100% secure, there are many things that can be done to minimize intrusions. One of them is "air-gapping", i.e. disconnecting from other systems and from the outside Internet, but then that leads to other problems if you need to share classified info. Your talk of a corrupted USB device can simply be taken care of by removing USB ports from systems, i.e. "sneaker-net" wouldn't work in that case. Hard drives can be made removable, and can be encrypted. Systems can be shielded from electronic emanations (TEMPEST). There are all sorts of software and hardware solutions to security issues. Of course all this kind of stuff costs money, lots of it.

2. The number one issue in computer security is the human factor. If the article is correct, there's widespread issues with DOD and contractor systems security. There's more there than what we are hearing.

3. Post-9/11, information sharing was ramped up inter and intra-agency, and also with foreign partners. This led to vulnerabilities.

4. Even if you lock it all down electronically, intelligence penetration by humans is still ongoing. And we are falling all over ourselves to hire foreigners to work in our IT businesses....

John Hairell (tpn18@yahoo.com)

Link to post
Share on other sites
vince14

vince14

Posted
Posted

The problem with IT security is that, for too long now, it's been viewed as an IT problem. The 'business' thinks it's too difficult to deal with, doesn't want to deal with it, and throws it over the fence to the IT department to worry about, and IT departments only think in terms of networks and firewalls.

Good IT Security starts with user education, not Anti-virus and DDoS protection. The weak link is, and always has been, the human factor. Until people start thinking of security as a Human and not a Technical problem there will always be a gap. In fact, it shouldn't even be called IT Security, it should be called Information Security.

I've worked in a wide variety of government departments, looking at the security of everything from your bog-standard community library to Top Secret systems for the intelligence services. I've also spent time working in security for many large and small private businesses and, believe me, despite the leaks the public sector is light-years ahead of the private sector when it comes to Information Security.

Vince

Link to post
Share on other sites
Exhausted

Exhausted

Posted
Posted

NSA scoops in more than 2 petabytes of electronic data per hour. Some of it our chat here, phone calls and emails. All of which when discovered is blamed on China. What a coup for cyber-security professionals the world over. All your weapons contractors/ constructors are doing it to each other, so, who's copying who?

G

The truth has been spoken. The commercialization of the internet funds the development of the biggest intelligence gathering tools yet. I look blamefully at the NSA for this.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 0
Go to topic listing
×
×
  • Create New...