back to article Uncle Sam fingers two Chinese men for hacking tech, aerospace, defense biz on behalf of Beijing

Two men, linked to the Chinese government, stand accused of hacking cloud giants, aerospace and defense companies, chip designers, US government agencies – including the Navy – and other organizations globally. The duo's goal, according to American prosecutors: stealing blueprints and other secrets from dozens of corporations …

  1. Anonymous Coward
    Anonymous Coward

    Another anti-globalisation stunt from the anti-semites in the US govt

    Don't these guys understand that China stealing American IP is a win-win? This is not a zero-sum game, you guys! Like OMG!

    1. Pascal Monett Silver badge

      Re: Another anti-globalisation stunt from the anti-semites in the US govt

      Donald ? Is that you ?

    2. Anonymous Coward
      Anonymous Coward

      Re: Another anti-globalisation stunt from the anti-semites in the US govt

      what the fuck did I just read?

      1. John Brown (no body) Silver badge

        Re: Another anti-globalisation stunt from the anti-semites in the US govt

        "what the fuck did I just read?"

        A comment froma Chinese "handler" who learned (American) English from Facebook?

    3. GnuTzu
      Thumb Down

      Re: Another anti-globalisation stunt from the anti-semites in the US govt

      "...stealing American IP is a win-win?"

      It's clear from other comments on this that people are having trouble wrapping their heads around this, but I'm going to take a stab at making sense of this non-sense--for what it's worth.

      I'm all for voluntary open source and a market that supports or even encourages it; yeah, that would really be nice. But I just can rationalize stealing tech as some kind of justifiable civil disobedience to force tech to go open source--especially when China isn't sharing that tech any more than American companies.

      Anybody else have any thoughts on what the hell that guy was thinking? Or, was the anon. coward just being facetious and failing to make that obvious?

      1. Anonymous Coward
        Anonymous Coward

        Re: Another anti-globalisation stunt from the anti-semites in the US govt

        Way over all of your heads, wow. I gave each of you a thumbs up as partial consolation for the hard times you must have navigating the adult world.

        " What a big nothingburger! China is the US's partner, what's a little non-consensual IP sharing? Now Russia, THERE's a strategic threat."

        That help at all, you maroons?

        1. Anonymous Coward
          Anonymous Coward

          Re: Another anti-globalisation stunt from the anti-semites in the US govt

          Or, next week:

          Russia is the US's partner, what's a little non-consensual IP sharing? Now Iran, THERE's a strategic threat

          Week after that:

          Iran is the US's partner, what's a little non-consensual IP sharing? Now Eurpoe, THERE's a strategic threat

  2. Pascal Monett Silver badge

    "MSPs are firms that other companies trust to store, process, and protect commercial data"

    Apparently, they're not doing their job very well. They might want to start using some intrusion detection software, I hear that that is a thing these days.

    Either that or they need to pay their personnel better and train them more often.

    1. TReko
      FAIL

      MSPs are cheap for a reason

      Well, if you outsource your IT needs to the lowest bidder, which is often overseas, you get what you pay for.

      1. Anonymous Coward
        Anonymous Coward

        Re: MSPs are cheap for a reason

        If you believe you get what you pay for with outsourcing, IBM and HPE will happily sell you the same crap that Tata give you with their standard premium.

        The majority of outsourcers will deliver you only what you stipulate in the contract AND can verify independently....

      2. ThePendragon

        Re: MSPs are cheap for a reason

        Exactly, since Americans are ignorant, fat and lazy and think science and technology is for 'nerds' and since their international PISA scores are lackluster they can't compete internationally in the modern age hence they outsource it ! The future happens but it largely does not happen within the US at least not at first, anymore !

    2. Aodhhan

      Re: "MSPs are firms that other companies trust to store, process, and protect commercial data"

      They likely were using perimeter and local defenses; however, if you were a bit more experienced in security, you'd know THERE ARE WAYS AROUND THESE DEFENSES.

      Stop thinking every new security hardware/software will protect your IP. I've been pen testing and conducting breach investigations for more than 20 years. While it's nice to have all the latest gadgets, and build a robust and in-depth security infrastructure... these things aren't worth crap if you don't invest heavily in well trained and experienced security personnel.

      Too many corporations hire inexperienced individuals to handle security, and they have no idea how to interpret and/or investigate breaches. It's not funny when I ask for logs and a timeline--and the hired security personnel haven't gathered this info.

      You also need to understand, no network is un-hackable.

  3. Version 1.0 Silver badge
    Facepalm

    MSPs are ?

    ... the standard target for NSA and GCHQ - how terrible, the Chinese are trying to hack into our computers! Of course we would NEVER do anything like that would we?

    Welcome to the world as we know it - everyone is trying to hack you ... and our global tech companies are telling us how wonderful Cloud Storage is ...

  4. Anonymous Coward
    Anonymous Coward

    Deny, deny, deny

    On one hand, it sucks to be spied on. On the other hand, my country does it too.

    You get to keep your plunder, but the open nature of getting caught burns a lot of bridges.

    Not an issue with subverting terrorist groups, but world powers work best with less public back-stabbing.

    Over time, all countries tire of the "it's just rain on your back" excuse".

  5. Destroy All Monsters Silver badge
    Devil

    You raff, you ruse!

    You have multicultural problems compounded by greed and idiocy as the nationalistic high-IQ outgroup p0wns your confused, medium to low-IQ in-group heavily composed of virtue-signaling smurf people.

    Do you choose to (S)tep up the game or (M)oan Some More?

    1. John Brown (no body) Silver badge

      Re: You raff, you ruse!

      Is this AMAnFromMars0.2 on the loose? Were the old versions not wiped as each new version was released?

  6. Mayday
    Stop

    Facing Justice

    "We hope the day will come when the defendants face justice under the rule of law in a federal courtroom"

    Good luck with that mate.

    1. EJ
      Pint

      Re: Facing Justice

      Translated: "We're hoping they make the mistake of leaving the mainland and enter a country that looks the other way while we grab them and bring them to justice."

  7. Simon Brady

    Coordinated attribution?

    Not sure if this represents a Five Eyes-wide decision to publicly point the finger, but New Zealand's NCSC has chosen today to also attribute recent attacks to China (APT10 isn't named in the press release, but it's strongly implied by the link to previous NCSC guidance).

  8. Scoular

    Rather a lot of pot and kettle work going on recently.

    All countries have people trying to find out anything interesting about other countries. It may not be nice and friendly but it sure is what has been happening fora VERY long time.

    The pretence that only those other evil people do such things is absurd.

    The best approach is to require government and business to get serious about security. In my experience management has low to no interest because it costs and that may lower executive bonuses.

    1. Maelstorm Bronze badge
      Coat

      In my experience management has low to no interest because it costs and that may lower executive bonuses.

      Well, there has been talk at the federal level to institute civil and criminal penalties for executives who fail in data protection. You cannot regulate stupid, but you can put them under the jail for it. Now I'll be taking my jacket and I know my way to the door.

    2. ThePendragon

      Because rockstar coders are in the minority and are expensive and geniuses are hard to work with. I hear working with Theo De Raadt is like trying to cuddle up to a prickly cactus at best ! I dunno, maybe in the future AI with scan all source code , via a paradigm like Diomidis Spinellis laid down, and get rid of software problems or maybe the future is more like the programming language cyclone etc.. etc.. ?!

  9. Maelstorm Bronze badge
    Holmes

    One sure fire solution to cyber security is to air-gap the networks. If you have to be physically present in the building to access it, then that makes it so much harder for someone to break into a network. Furthermore, these corporate idiots should be encrypting their data before sending it to the cloud. If you store it in plaintext, then you are just asking for it to be stolen.

  10. Anonymous Coward
    Anonymous Coward

    aggravated identity theft

    What does that even mean? I'm annoyed, give me your name now or else.

    1. John Brown (no body) Silver badge

      Re: aggravated identity theft

      Almost certainly a legal term used to make it sound more scary in front of a jury. A bit like how "conspiracy to steal" sounds more scary than actual stealing.

  11. Anonymous Coward
    Anonymous Coward

    Uncle Sam fingers two Chinese men

    I had an uncle like that, we'd never eat the chocolate desert when we went round for dinner.

    1. Teiwaz
      Coffee/keyboard

      Re: Uncle Sam fingers two Chinese men

      I had an uncle like that, we'd never eat the chocolate desert when we went round for dinner.

      I wouldn't be inclined to attempt chocolate desert either, far too dry and powdery.

      I imagine it'd be like hot chocolate powder raw.

  12. Anonymous Coward
    Anonymous Coward

    Call me paranoid...

    "Big Blue said it had no evidence of corporate secrets being accessed"

    Why does that make me think there's a darkened room full of IBM drones shredding paper and disks somewhere?

  13. King Bob

    Stop using Windows. Problem solved. The greatest security threat to the US government is not some Chinese phone manufacturer. Rather it is Microsoft and any product they make specifically Windows.

    1. Anonymous Coward
      Anonymous Coward

      I appreciate the reflexive nature of your comment of "Windows == bad" but sometimes it isn't just as easy as completely rebuild your infrastructure, change your support model, and find equivalent software to perform the job/develop solutions in-house. In the case of defense contractors, the gov't has a word about how you do things and can command changes to fit whatever threat they find appropriate. Additionally, the greatest threat is usually not the OS but the wetware using the OS.

    2. notathome

      windows like linux miss configured is a real issue, same as using 10yo plus unpatched software, poor security practices don't help.

      issue with govt is they outsource this to loweest bidder and no internal resources to monitor and manage there environment any more. Buck stops with management on this one, all care and no responsibility until it comes and pwones them.

  14. Anonymous Coward
    Anonymous Coward

    Backups

    I used to work for a defence contractor and we used to refer to the Chinese Embassy as our off-site backup!

  15. mhenriday
    Thumb Down

    Illusions of universal jurisdiction

    Nice to see that the US government continues to «indict» persons who are not, and who never have been under their jurisdiction - and publish what purport to be their photographs (how did the «Department of Justice» manage to hack those, one wonders ?). When does dear Mr Rosenstein intend to apprehend these dastardly criminals ? Or perhaps, like most of the antics of that government, this one too is merely for show :

    Just the place for a Snark! I have said it twice:

    That alone should encourage the crew.

    Just the place for a Snark! I have said it thrice :

    What I tell you three times is true.

    Henri

  16. Big Al 23

    Eliminate Chinese imports

    You can bet if countries around the globe stopped all Chinese imports that the state sponsored Chinese hacking would stop in a hurry.

    1. notathome

      Re: Eliminate Chinese imports

      Can we stop US imports to other countries.... USA and and other 4 blind eyes hack as well, they are annoyed atm because Russians and Chinese are doing it better and getting results.

      Anyway, Chinese would not have to hack if Clinton where in the grey house and running US, they could just purchase the IP from the Clinton foundation instead!

  17. bombastic bob Silver badge
    Meh

    QuasarRAT - "malware" ?

    On a side note, the reported "malware" aka 'QuasarRAT' appears to be a legit application.

    However, being an open source project, someone(s) has/have apparently forked it into a privately modified malware tool. I found at least one good web site that has information on how to detect it. Since it's a windows tool written in 'C-pound' it may also be possible to run it via mono on Linux, but I suspect that's not actually happening...

    The legit version is on github, here: github.com/quasar/QuasarRAT

    One web site reports that the malware version is "heavily modified" but uses the same name.

    from www.enigmasoftware.com/quasarrat-removal/

    "The QuasarRAT is a Trojan that is a heavily modified version of the open-source project carrying the same name 'QuasarRAT' by a programmer dubbed 'quasar' who has a page on [Github]"

    I just thought I'd mention it, anyway, since there's apparently a legit version, too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like