US: Chinese Military is Hacking on "Unprecedented" Scale

[Kleves]

I didn't know sheep could have twins.

[DontSayBanana]

I didn't know sheep could have twins.

He must have lived next door to Dolly.

[Maximus]

I didn't know sheep could have twins.

Two is the most common litter size for sheep.

[Kleves]

Two is the most common litter size for sheep.

[crazy canuck]

I didn't know sheep could have twins.

Two is the most common litter size for sheep.

No wonder Brain is always going on about the twins.

[Kleves]

Shockingly, the Chinese are back to their old tricks:

WASHINGTON — Three months after hackers working for a cyberunit of China's People's Liberation Army went silent amid evidence that they had stolen data from scores of American companies and government agencies, they appear to have resumed their attacks  using different techniques, according to computer industry security experts and American officials.

The Obama administration had bet that "naming and shaming" the groups, first in industry reports and then in the Pentagon's own detailed survey of Chinese military capabilities, might prompt China's new leadership to crack down on the military's highly organized team of hackers — or at least urge them to become more subtle.

But Unit 61398, whose well-guarded 12-story white headquarters on the edges of Shanghai became the symbol of Chinese cyberpower, is back in business, according to American officials and security companies.

It is not clear precisely who has been affected by the latest attacks. Mandiant, a private security company that helps companies and government agencies defend themselves from hackers, said the attacks had resumed but would not identify the targets, citing agreements with its clients. But it did say the victims were many of the same ones the unit had attacked before.

The hackers were behind scores of thefts of intellectual property and government documents over the past five years, according to a report by Mandiant in February that was confirmed by American officials. They have stolen product blueprints, manufacturing plans, clinical trial results, pricing documents, negotiation strategies and other proprietary information from more than 100 of Mandiant's clients, predominantly in the United States.

According to security experts, the cyberunit was responsible for a 2009 attack on the Coca-Cola Company that coincided with its failed attempt to acquire the China Huiyuan Juice Group. In 2011, it attacked RSA, a maker of data security products used by American government agencies and defense contractors, and used the information it collected from that attack to break into the computer systems of Lockheed Martin, the aerospace contractor.

More recently, security experts said, the group took aim at companies with access to the nation's power grid. Last September, it broke into the Canadian arm of Telvent, now Schneider Electric, which keeps detailed blueprints on more than half the oil and gas pipelines in North America.

Representatives of Coca-Cola and Schneider Electric did not return requests for comment on Sunday. A Lockheed Martin spokesman said the company declined to comment.

In interviews, Obama administration officials said they were not surprised by the resumption of the hacking activity. One senior official said Friday that "this is something we are going to have to come back at time and again with the Chinese leadership," who, he said, "have to be convinced there is a real cost to this kind of activity."

Mandiant said that the Chinese hackers had stopped their attacks after they were exposed in February and removed their spying tools from the organizations they had infiltrated. But over the past two months, they have gradually begun attacking the same victims from new servers and have reinserted many of the tools that enable them to seek out data without detection. They are now operating at 60 percent to 70 percent of the level they were working at before, according to a study by Mandiant requested by The New York Times.

The Times hired Mandiant to investigate an attack that originated in China on its news operations last fall. Mandiant is not currently working for The New York Times Company.

Mandiant's findings match those of Crowdstrike, another security company that has also been tracking the group. Adam Meyers, director of intelligence at Crowdstrike, said that apart from a few minor changes in tactics, it was "business as usual" for the Chinese hackers.

The subject of Chinese attacks is expected to be a central issue in an upcoming visit to China by President Obama's national security adviser, Thomas Donilon, who has said that dealing with China's actions in cyberspace is now moving to the center of the complex security and economic relationship between the two countries.

But hopes for progress on the issue are limited. When the Pentagon released its report this month officially identifying the Chinese military as the source of years of attacks, the Chinese Foreign Ministry denied the accusation, and People's Daily, which reflects the views of the Communist Party, called the United States "the real 'hacking empire,' " saying it "has continued to strengthen its network tools for political subversion against other countries." Other Chinese organizations and scholars cited American and Israeli cyberattacks on Iran's nuclear facilities as evidence of American hypocrisy.

At the White House, Caitlin Hayden, the spokeswoman for the National Security Council, said Sunday that "what we have been seeking from China is for it to investigate our concerns and to start a dialogue with us on cyberissues." She noted that China "agreed last month to start a new working group," and that the administration hoped to win "longer-term changes in China's behavior, including by working together to establish norms against the theft of trade secrets and confidential business information."

In a report to be issued Wednesday, a private task force led by Mr. Obama's former director of national intelligence, Dennis C. Blair, and his former ambassador to China, Jon M. Huntsman Jr., lays out a series of proposed executive actions and Congressional legislation intended to raise the stakes for China.

"Jawboning alone won't work," Mr. Blair said Saturday. "Something has to change China's calculus."

The exposure of Unit 61398's actions, which have long been well known to American intelligence agencies, did not accomplish that task.

One day after Mandiant and the United States government revealed the P.L.A. unit as the culprit behind hundreds of attacks on agencies and companies, the unit began a haphazard cleanup operation, Mandiant said.

Attack tools were unplugged from victims' systems. Command and control servers went silent. And of the 3,000 technical indicators Mandiant identified in its initial report, only a sliver kept operating. Some of the unit's most visible operatives, hackers with names like "DOTA," "SuperHard" and "UglyGorilla," disappeared, as cybersleuths scoured the Internet for clues to their real identities.

In the case of UglyGorilla, Web sleuths found digital evidence that linked him to a Chinese national named Wang Dong [ ], who kept a blog about his experience as a P.L.A. hacker from 2006 to 2009, in which he lamented his low pay, long hours and instant ramen meals.

But in the weeks that followed, the group picked up where it had left off. From its Shanghai headquarters, the unit's hackers set up new beachheads from compromised computers all over the world, many of them small Internet service providers and mom-and-pop shops whose owners do not realize that by failing to rigorously apply software patches for known threats, they are enabling state-sponsored espionage.

"They dialed it back for a little while, though other groups that also wear uniforms didn't even bother to do that," Kevin Mandia, the chief executive of Mandiant, said in an interview on Friday. "I think you have to view this as the new normal."

The hackers now use the same malicious software they used to break into the same organizations in the past, only with minor modifications to the code.

While American officials and corporate executives say they are trying to persuade President Xi Jinping's government that a pattern of theft by the P.L.A. will damage China's growth prospects — and the willingness of companies to invest in China — their longer-term concern is that China may be trying to establish a new set of rules for Internet commerce, with more censorship and fewer penalties for the theft of intellectual property.

Eric Schmidt, the chairman of Google, said Friday that while there was evidence that inside China many citizens are using the Web to pressure the government to clean up industrial hazards or to complain about corruption, "so far there is no positive data on China's dealings with the rest of the world" on cyberissues.

Google largely pulled out of China after repeated attacks on its systems in 2009 and 2010, and now has its Chinese operations in Hong Kong. But it remains, Mr. Schmidt said, a constant target for Chinese cyberattackers.

[CountDeMoney]

Everybody have fun tonight, everybody Wang Dong tonight.

[mongers]

How to hack a nation's infrastructure

By Mark Ward
Technology correspondent, BBC News

I'm watching a live video feed of people visiting a cafe in London.

It's a small, busy place and is doing a good trade in tea, coffee and cakes. That woman has dropped some money. A child is running around. Later, another customer thinks they have got the wrong change.

Nothing too gripping, you might think, except that the feed should be private, seen only by the cafe's managers. Somebody forgot to click a box so now anyone who knows where to look can watch.

That CCTV feed is just one of many inadvertently put online. Finding them has got much easier thanks to search engines such as Shodan that scour the web for them. It catalogues hundreds every day.

"Shodan makes it easier to perform attacks that were historically difficult due to the rarity of the systems involved," Alastair O'Neill from the Insecurety computer security research collective told the BBC. "Shodan lowers the cost of enumerating a network and looking for specific targets."

It is not just CCTV that has been inadvertently exposed to public scrutiny. Search engines are revealing public interfaces to huge numbers of domestic, business and industrial systems.

Mr O'Neill and other researchers have found public control interfaces for heating systems, geo-thermal energy plants, building control systems and manufacturing plants.
Remote work

The most worrying examples are web-facing controls for "critical infrastructure" - water treatment systems, power plants and traffic control systems.

Many industrial systems are networked because they are in remote locations

"There's a tremendous amount of stuff out there right now," said Kyle Wilhoit, a threat researcher from Trend Micro who specialises in seeking out those exposed systems and helping them improve their defences.

Mr Wilhoit said such control systems, which often go by the name of Scada (supervisory control and data acquisition), get put online for many different reasons. Often, he said, the elements of such critical systems were in far-flung places and it was much cheaper to keep an eye on them via the internet than to send an engineer out.

It's not just finding these systems that is a danger. Security experts are finding lots of holes in the software they run that, in the hands of a skilled attacker, can be exploited to grant unauthorised access.

"For attackers, the potential pay-off for compromising these systems is very high," said Mr Wilhoit.
...

Rest of item here:
http://www.bbc.co.uk/news/technology-22524274

[CountDeMoney]

Wow, IP-based video from off-the-shelf security products can be intercepted or impeded without proper compliance-enforced encryption standards.  You'd think I used to be paid for dealing with that shit or something.

[Kleves]

Op-Ed from Huntsman (and some admiral) and IP theft:

At a time when the U.S. economy is struggling to provide jobs, the hemorrhage of intellectual property (IP) — our most important international competitive advantage — is a national crisis. Nearly every U.S. business sector — advanced materials, electronics, pharmaceuticals and biotech, chemicals, aerospace, heavy equipment, autos, home products, software and defense systems — has experienced massive theft and illegal reproduction.

The individual stories are infuriating. In one recent instance, a foreign company counterfeited a high-tech product it had been purchasing from a U.S. manufacturer. The customer then became the U.S. company's largest competitor, devastating its sales and causing its share price to plummet 90 percent within six months.

The scale is staggering. The Commission on the Theft of American Intellectual Property, which we co-chaired, estimates that the total revenue loss to U.S. companies is comparable to the total value of U.S. exports to all of Asia. U.S. software manufacturers — a sector in which this country leads the world — lose tens of billions of dollars in revenue annually from counterfeiting just in China, where the problem is most rampant. The U.S. International Trade Commission estimated in 2011 that if IP protection in China improved substantially, U.S. businesses could add 2.1 million jobs.

We agree with Gen. Keith Alexander, the head of U.S. Cyber Command, that the ongoing theft of U.S. intellectual property is "the greatest transfer of wealth in history."

Equally as important as the current situation is the potential for future damage. Our intellectual property is what provides the new ideas that will keep the U.S. economy vital and productive over the long term. If less innovative foreign companies can reap the profits of U.S. research and development and innovation, we will lose our competitive edge and eventually experience a decrease in incentives to innovate altogether.

Our concerns go beyond economic factors. An investigation by the Senate Armed Services Committee last May found "approximately 1,800 cases of suspect counterfeit electronic parts" in U.S. military equipment and weapons systems, with as many as 1 million individual counterfeit parts now embedded in our military aircraft. Even the security-conscious Defense Department has lost the capacity to verify the integrity of its supply chains.

So far, our national response to this crisis has been weak and disjointed. Our commission was advised by some experts who said the U.S. should simply wait until lesser-developed economies mature and then find it important to protect their own intellectual property. Others counsel against antagonizing countries such as China, whose buying power is strong but where IP protection is especially poor.

Many companies simply internalize the threats of IP theft by going on the defensive; in the process, they pay ever-greater sums for improved cybersecurity precautions without any real increases in security. The Obama administration has made some progress in raising this issue with foreign governments, but more needs to be done.

For nearly a year, the nonpartisan, independent commission we co-chaired has sought to document the causes, scale and national impact of international IP theft and to recommend robust policy solutions for the administration and Congress. Our report — which will be published Wednesday at IPCommission.org — includes practical measures, both carrots and sticks, to change the cost-benefit calculus for foreign companies and their governments that illegally acquire U.S. intellectual property. The United States must make the theft of U.S. intellectual property both risky and costly for thieves.

We recommend immediately: denying products that contain stolen intellectual property access to the U.S. market; restricting use of the U.S. financial system to foreign companies that repeatedly steal intellectual property; and adding the correct, legal handling of intellectual property to the criteria for both investment in the United States under Committee for Foreign Investment in the United States (CFIUS) approval and for foreign companies that are listed on U.S. stock exchanges. All of these recommendations will require strengthening the capacity of the U.S. government in these areas.

In addition to these measures, which use the power of the U.S. market, we recommend reinforcing the capacity-building programs underway that strengthen the legal frameworks and practices for IP rights overseas. As these countries develop, their companies will want protection for their ideas. But the United States cannot afford to wait the many years this will take. We must help speed the process, and only when we make IP theft very costly for thieves can U.S. companies begin to realize a fair playing field.

[CountDeMoney]

Never gonna happen.  The private sector just doesn't care.

[The Minsky Moment]

I am always wary of these anecdotal stories.  The Chinese legal system actually does protect patents and trade secrets.  (copyright not so much  ).  Companies have gotten into trouble sometimes because they haven't protected their rights properly in their contracts, or because they didn't take the proper steps in China, or because they just willingly gave up access to their IP and tech to their Chinese partner to get the contract.  To be sure there are cases were companies get ripped off, but view of the world from the op-ed column does not make careful distinctions.

[Kleves]

 

Story: http://usnews.nbcnews.com/_news/2013/05/28/18556787-chinese-hackers-steal-us-weapons-systems-designs-report-says?lite&ocid=msnhp&pos=3

Chinese hackers have gained access to designs of more than two dozen major U.S. weapons systems, a U.S. report said on Monday, as Australian media said Chinese hackers had stolen the blueprints for Australia's new spy headquarters.

Citing a report prepared for the Defense Department by the Defense Science Board, the Washington Post said the compromised U.S. designs included those for combat aircraft and ships, as well as missile defenses vital for Europe, Asia and the Gulf.

Among the weapons listed in the report were the advanced Patriot missile system, the Navy's Aegis ballistic missile defense systems, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the F-35 Joint Strike Fighter.

The report did not specify the extent or time of the cyber-thefts or indicate if they involved computer networks of the U.S. government, contractors or subcontractors.

But the espionage would give China knowledge that could be exploited in a conflict, such as the ability to knock out communications and corrupting data, the Post said. It also could speed China's development of its defense technology.

In a report to Congress this month, the Pentagon said China was using espionage to modernize its military and its hacking was a serious concern. It said the U.S. government had been the target of hacking that appeared to be "attributable directly to the Chinese government and military."

China dismissed the report as groundless.

China also dismissed as without foundation a February report by the U.S. computer security company Mandiant, which said a secretive Chinese military unit was probably behind a series of hacking attacks targeting the United States that had stolen data from 100 companies.

In Australia, a news report said hackers linked to China stole the floor plans of a A$630 million headquarters for the Australia Security Intelligence Organization, the country's domestic spy agency.

The attack through the computers of a construction contractor exposed not only building layouts, but also the location of communication and computer networks, it said.

Chinese Foreign Ministry spokesman Hong Lei, asked about the Australian report, said China disapproved of hacking.

"China pays high attention to the cyber security issue and is firmly opposed to all forms of hacker attacks," Hong said at a daily briefing.

"Since it is very difficult to find out the origin of hacker attacks, it is very difficult to find out who carried out such attacks," Hong said. "I don't know what the evidence is for media to make such kinds of reports."

Repeating China's position that every country was susceptible to cyber attacks, Hong said nations should make joint efforts towards a secure and open Internet.

Australia security analyst Des Ball told the ABC that such information about the yet to be completed spy headquarters made it vulnerable to cyber attacks.

"You can start constructing your own wiring diagrams, where the linkages are through telephone connections, through wi-fi connections, which rooms are likely to be the ones that are used for sensitive conversations, how to surreptitiously put devices into the walls of those rooms," said Ball.

The building is designed to be part of an electronic intelligence gathering network that includes the United States and Britain. Its construction has been plagued by delays and cost over-runs with some builders blaming late design changes on cyber attacks.

The ABC report said the Chinese hacking was part of a wave of cyber attacks against business and military targets in the close U.S. ally.

It said the hackers also stole confidential information from the Department of Foreign Affairs and Trade, which houses the overseas spy agency, the Australian Secret Intelligence Service, and had targeted companies, including steel-manufacturer Bluescope Steel, and military and civilian communications manufacturer Codan Ltd.

The influential Greens party said the hacking was a "security blunder of epic proportions" and called for an inquiry, but the government did not confirm the breach.

Prime Minister Julia Gillard said the reports were "inaccurate", but declined to say how.

Despite being one of Beijing's major trade partners, Australia is seen by China as the southern fulcrum of a U.S. military pivot to the Asia-Pacific. In 2011, it agreed to host thousands of U.S. Marines in near-permanent rotation.

Chinese telecommunications giant Huawei was last year barred from bidding for construction contracts on a new Australian high-speed broadband network amid fears of cyber espionage.

The Reserve Bank of Australia said in March that it had been targeted by cyber attacks, but no data had been lost or systems compromised amid reports the hackers had tried to access intelligence negotiations among a Group of 20 wealthy nations.

[CountDeMoney]

It's not just gold farming anymore.

[DontSayBanana]

It's not just gold farming anymore.

Sure it is.  They'll take the designs (well, maybe not the AEGIS or the F-35) and sell them to the Russians or the Iranians and make a quick buck.