Chinese military spies, holed up in ho-hum Shanghai tower blocks surrounded by restaurants and massage parlours, have siphoned hundreds of terabytes of data from computers at scores of US corporations. We're assured that, rather than being a work of fiction, this is the conclusion of a new study by Mandiant that claims a unit of …
Sounds like a Tom Clancy Novel
Oh wait... it already is.
Seems "Threat Vector" may have been fairly well researched then...
Computer insecurity ...
If the US security services hadn't enthused the 'computer' makers to dilute security on the desktop, then you wouldn't be facing the current security debacle ...
"We're assured that, rather than being a work of fiction, this is the conclusion of a new study by Mandiant", most probably a front for the US security apparatus ...
Re: Computer insecurity ...
>If the US security services hadn't enthused the 'computer' makers to dilute security on the desktop, then you wouldn't be facing the current security debacle ...
When I as school in the nineties, we were shown videos about Phil Zimmerman and his PGP... all the arguments were in terms of private individuals and the US Government not liking encryption. I guess that at the time, far less data was kept online, the Cold War was over, music was good, and obviously nobody was worrying about the threat of foreign states stealing sensitive data.
Re: Computer insecurity ...
far less data was kept online
Of course, but....
You really need to read Clifford Stoll's "Stalking the Wily Hacker", available online, with hacks emanating from East Germany. Those were good times. Uni networks were open to all and sundry and led directly to peripheral databases of military contractors, or to mainframes of research groups with interesting subjects. Kevin Mitnick was making a name etc. And that was even before Gulf War I. It was clear what was coming. Cyberpunk was exploring the subject, for what it's worth. Anyone remember Thierry Breton's "Softwar" thriller about a logic bomb in a Cray sold to the URSS btw?
I still remember "Computers Under Attack: intruders, worms, and viruses", 1990.
A review notes:
"Although prescriptive in how to deal with particular instances of computer insecurity, such as viruses and worms, the book does not make specific recommendations or predictions for the future. The view implied to the reader here is that most types of illicit activities are fairly well understood by the computing community. These are given treatment in some detail in the book. What new twists might be added to the cracker's bag of tricks, or what entirely new types of mischief might yet be invented, are left to the reader's imagination."
After Gulf War I, US security consisted in endless discussion whether it would be appropriate to shove Clipper Chips up everyone's arse so one could eavesdrop at leisure. Appaling. Nowadays we have secret unconstitutional investigations, torture, extrajudicial killings and quite possibly disappearances, but alt least the crypto is hard. But I digress...
It was not so much that US security services hadn't enthused the 'computer' makers to dilute security as that really nobody gave a f*ck, as consumer-level operating systems were hitting the market and network cards were plugged in enthusiastically. People where happy when connection worked at all! Open dialins where everywhere! X.25 was dying. VPNs? Nope. Firewalls were unknown.
Note that the classic "Firewalls and Internet Security: Repelling the Wily Hacker." by Chesvick and Bellovin came out only in 1994.
China, 1.3 billion people, an economy of around 11 trillion USD, an army of 2-3 million personnel, and...oh, they have hackers working for them; all their hackers operate from one crummy building in the suburbs of Shanghai; they are so powerful and unstoppable, they can do whatever they want and they're a massive threat to the whole of the USA. All that coming from just one little building in the sticks. Imagine what would happen if the Chinese decided to think big and rented out 2, 3 or even 100 buildings like that, or even bigger buildings. They could take over the world.
"Mandiant claimed APT1 is just one of 20 computer spying crews in operation in China, and is among dozens it is tracking worldwide."
Lets face it each different branch of the Chinese military probably has it's own more or less competent crew of hackers, probably all working at odds with each other.
Bureaucracy and military incompetence are universal.
quote: "Bureaucracy and military incompetence are universal."
They already missed a trick, instead of "PLA unit 61398" I'd have demanded Unit 31337 for a start ;)
I can't find the article now - apparently the US security agencies have been building some ridiculously high number of offices all over the USA over the last few years.
> Unit 31337
That would blow the cover. It's prime!
Something else: the greatest threat faced by the USA nowadays is? Computer hacking. Compare that with the greatest threat faced by places like...Afghanistan, Iraq, Libya, soon maybe Iran...These guys don't know how lucky they are, still living in the era of physical and military threats.
Do you guys still remember two years ago NYT accused a Chinese vocational school, Lanxiang Vocational, being a military hacker central? If you recall that school churned out cooks and hair dressers, and the Chinese netter made a "Lanxiang is more awesome than Harvard" meme in response.
Well guess what, try searching "61398部隊" on Baidu, you‘ll see Unit 61398 is well known for running a montessori school in Pudong, Shanghai's east side where rich locals and expats flock to, for quality pre-school education.
I guess if hair dressers can hack Google, above average pre-schoolers can certainly hack the US government.
There are other issues with the story. The Madiant report makes some very dubious assertions: 1) geolocation using China Telecom IP blocks is completely unreliable; Pudong is a huge area and those IP blocks are known to host great many proxy servers (ref: hidemyass dot com); 2) Injecting meaning of letter "j" and "k" in order to make Chinese pattern is simply fabrication (J and K has meaning in the English world too, so?)
Read more: http://www.businessinsider.com/china-hacking-pla-unit-61398-2013-2#ixzz2LMsmeL5i
Re: @ ChasL
Ha! A spy in our midst. Sent to spread disinformation and propaganda!
I can't imagine how dangerous it wil be when they reverse-engineer the technology from Coca-Cola.
Perhaps that will lead to ICMBs that just kill one person, they fall over when someone pushes the casing to get their coin back ;)
"surrounded by diners, massage parlours and a wine importer.
Bad Feng Shui
Re: "surrounded by diners, massage parlours and a wine importer.
Wow, that sounds like a great night out right there.
How do they get the (alleged) spooks to stay in the office at all?
How much is the RyanAir flight? :)
"How much is the RyanAir flight? :)"
£5.00 plus hidden extras
Not sure I buy it, but...
"Scans" of my servers are overrepresented by ip addresses in .ru and .cn.
So what does one conclude?
1) Server admins in .ru and .cn are significantly more incompetent than the rest of the world?
2) People in .ru and .cn are more apt to be criminals than anywhere else?
3) The governments of .ru and .cn have bones to pick with the .us, and sponsor these attacks in covert post-cold-war shenanegans?
I'm not liking any of my choices.
But in the absence of any other kind of explanation, one tends to gravitate toward one of these or another, with #3 being the very most exciting of all of them.
Re: Not sure I buy it, but...
4) Based on the the total number of ip addresses in the world .ru and .cn are bigger numbers just due to population.
Just because you only saw one scan from .ad doesn't mean that Andorrans are somehow cleaner than the rest of us
Re: Not sure I buy it, but...
Or option 5) CIA up to its old tricks again
They say it like as if the US doesn't do the same thing...most probably on a much larger scale...heck - the US just invades countries, forget the whole hacking business...
What's Cantonese for "Muahahaha!"?
"Either a secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise-scale computer espionage campaign right outside of Unit 61398’s gates, performing tasks similar to Unit 61398’s known mission, or APT1 is Unit 61398."
Maybe it' just exploits of a massage parlor working mom?
em-yoo-aye ha-ha ha ha-ha
무아 하, 하, 하
Traditional to Japanese:
MUAハッハッハ . The actual google translate app gives a hellatioously funny audio representation in Japanese, though... Listening to the Chin/Trad audio from Swahili is funny, too.
Toggling that to Chinese to Chinese Simplified is literal letter pronounciation, but is funny nevertheless.
I had to break up muahahaha to grouped syllables because gt could not parse it on its own.
Sigh... There must be 15,000 Chinese of various nationalities working for google. With all that 12%-15% time google allows key employees to pursue personal endeavors, one'd think that SOMEone in there would clean up the colloquial glitches in gt...
Re: em-yoo-aye ha-ha ha ha-ha
That would really be ムアッハッハッハ , but to do an "evil" laugh in Japanese you probably wouldn't put a "MUA" in front anyway.
I don't know how reliable this report is - Antivirus/security firms love to talk up the threats.
But China would be stupid not to be doing this. The US almost certainly is infiltrating foreign networks (stuxnet almost certainly US/Israeli).
Cyberspace is the one domain of future warfare where China is on a level playing field. They would be stupid not to take advantage of that. IIRC they almost certainly stole plans for the F-35 "Budget Buster", whether they can reverse it is another matter, but they can and almost certainly are leveraging their computer expertise to catch up technologically with the US.
Not hard evidence
I have read the report and I don't see much hard evidence. There are a lot of facts in the report, but how they are linked together or where the facts come from stays a mystery. Not much substance and some dubious assumptions, in my humble opinion.
For example, how do they link the attacks to PLA's Unit 61398?
- They found that all attacks come from 4 /16 IPv4 net blocks (a total of 262k addresses), all owned by China Unicom. China Unicom is the 3rd largest telco in the world, with 273 million (!) customers in 2008.
- Then they link the netblocks to a city, Shanghai (the largest city in China, population of 23 million).
- Next they conclude that because the office of the Unicom engineer listed as contact person for the netblock is in the Pudong area
- The PLA Unit 61398 is also in the Pudong area
- Hence the IP addresses must belong to the PLA and is the source of the attack
Let me translate this into English:
- Suspect IP address belongs to a netblock owned by BT and is used in greater London area
- The BT engineer's office is in the centre of London according to whois
- MI6 is in the centre of London
- Hence the attack came from MI6.
Obligatory Movie Quote
'You know who ya gonna answer to? The Coca Cola company!'
Major Bat Guano, Dr Strangelove
Will we be seeing a soft drinks gap emerge with the commies????
- Leaked screenshots show next Windows kernel to be a perfect 10
- Amazon warming up 'cheapo web video' cannon to SINK Netflix
- Something for the Weekend, Sir? I need a password to BRAKE? What? No! STOP! Aaaargh!
- Episode 13 BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
- Vulture at the Wheel Ford's B-Max: Fiesta-based runaround that goes THUNK