Sign in with
Sign up | Sign in

U.S. Brands China as Largest Cyberspace Threat

By - Source: Bloomberg | B 24 comments

Hackers from China increasingly targeting U.S military computers and defense contractors.

According to a leaked draft of a Congressional report, China poses the largest threat in cyberspace, with hackers continuously targeting U.S military computers and defense contractors.

The report obtained by Bloomberg, which was produced by the U.S.- China Economic and Security Review Commission, found that China's advances in its hacking activities over the past year pose a considerable threat to information systems and users.

Attempts by Chinese hackers apparently includes blinding or disrupting U.S. intelligence and communications satellites, weapons targeting systems, as well as navigation computers, so says an anonymous U.S. intelligence official.

Although the attacks are essentially through basic techniques, the volume of the activity is what poses a threat to the United States. Intrusions are predominately designed to collect information as opposed to attacking systems.

Scheduled for a release on November 14, the report urges Congress to develop methods of punishing and penalizing firms who have been found to have engaged in industrial espionage.

 

Contact Us for News Tips, Corrections and Feedback

Discuss
Display all 24 comments.
This thread is closed for comments
  • 3 Hide
    freggo , November 7, 2012 9:14 AM
    The problem is not so much the Chinese Hackers then the fact that the systems being hacked are insecure by design.

    If you leave the bank vault open over night, do not complain the next morning that the citizens are dishonest :-)

    Let's face it, the Internet is some 40 years old and was never designed for the volume and usage types we put on it. This thing simply needs a MAJOR overhaul.
  • 2 Hide
    greghome , November 7, 2012 9:24 AM
    Thing is, with China rising in power, It will become a threat to the US in just about all matters...except for Nuclear Arms of course......Russia still has far more nukes than China, France and Britain combined :) 
  • -2 Hide
    nhat11 , November 7, 2012 10:14 AM
    freggoThe problem is not so much the Chinese Hackers then the fact that the systems being hacked are insecure by design.If you leave the bank vault open over night, do not complain the next morning that the citizens are dishonest :-)Let's face it, the Internet is some 40 years old and was never designed for the volume and usage types we put on it. This thing simply needs a MAJOR overhaul.


    lol ok, a bank vault is a bad analogy.

    Yea its easy to say what you just say that but every programmer's logic is different so there's always going to be a few loopholes somewhere.

    Also getting to an entrance of a bank vault takes a while to get if you're half way around the world.
  • 2 Hide
    nhat11 , November 7, 2012 10:16 AM
    freggoThe problem is not so much the Chinese Hackers then the fact that the systems being hacked are insecure by design.If you leave the bank vault open over night, do not complain the next morning that the citizens are dishonest :-)Let's face it, the Internet is some 40 years old and was never designed for the volume and usage types we put on it. This thing simply needs a MAJOR overhaul.Also if a bank vault is open, I can


    Also the issues are chinese hackers. If a bank vault is open, it won't be the chinese taking the money.
  • 5 Hide
    static1120 , November 7, 2012 10:49 AM
    If you leave the bank vault open over night, do not complain the next morning that the citizens are dishonest :-)

    I believe he refers to leaving servers or workstations with default user name and passwords
  • 1 Hide
    Anonymous , November 7, 2012 10:56 AM
    good thing they don't hold millions of our Treasury bonds! what's that? they do? hmm....carry on
  • 2 Hide
    scook9 , November 7, 2012 11:34 AM
    freggoThe problem is not so much the Chinese Hackers then the fact that the systems being hacked are insecure by design.If you leave the bank vault open over night, do not complain the next morning that the citizens are dishonest :-)Let's face it, the Internet is some 40 years old and was never designed for the volume and usage types we put on it. This thing simply needs a MAJOR overhaul.

    You obviously do not work in Cyber Security. I do, so I will educate you some.

    Anyone who works in Cyber Security (and does not have their head in the sand) acknowledges that NO system is impossible to break into. This is a fact, and has been proven time and time again. If it is attached to a network, it can be broken into.

    If you have a system that is really that important, air gap it. That way you only have to worry about insider threats....which are still a concern.

    The goal of cyber security tools today (real tools, not just the firewalls thrown up to stop idiots) is to minimize the time that threat actors have inside your environment once they have broken in. The less time they have inside you network, the less damage they can do and the less data they can steal. I recommend you google the term kill-chain in regards to IT security and read some on the topic.

    The TL;DR is this, anything can be hacked, it is how efficiently you respond that matters.
  • 4 Hide
    house70 , November 7, 2012 11:46 AM
    I guess hacking is bad when others try to hack you... Not so bad when you're the one doing the hacking (cough*Stuxnet*cough).
  • 1 Hide
    Anonymous , November 7, 2012 12:00 PM
    LOL, the "internet" needs to be overhauled? What's your next analysis, that it's all a series of tubes? The "internet" has nothing to do with it, since the "internet" is nothing more than a conduit for transmission. The problem is the systems attached "at the end" of the internet, meaning your computer, my computer, the compuers in area 51, whatever. I wouldnt be surprised to find top secret government computers running XP SP2 with Acrobat 6.0, Internet Explorer 6.0, Norton antivirus 2.0, and half a dozen random tray icons and toolbars installed. Hell I work for IT in a multi-billion dollar BANK and see this shit every day. Just ridiculously outdated systems with employees happily clicking buttons on anything they want, with someones entire personal account on the other screen, totally unmasked and unencrypted. Heck, we dont usually get notified of viruses on these systems till 1-2 weeks after infection, by the time it filters it's way to our department.

    I'm sure all the chinese have to do is some basic ip/port scanning, and then try to connect to default services like remote desktop/VNC and presto, they're in lol.
  • -1 Hide
    thecolorblue , November 7, 2012 12:00 PM
    usa is doing exactly the same thing. the us is a terrorist nation by its own internal definition... under obama's watch... not to exclude the repubs either.

    sad and lame and americans arecompletely clueless to this... the corporate media propaganda machine works well.
  • 1 Hide
    digiex , November 7, 2012 12:28 PM
    Hacking is cheaper than R&D.
  • 2 Hide
    Anonymous , November 7, 2012 12:44 PM
    The bear is crying wolf...
  • 1 Hide
    velosteraptor , November 7, 2012 1:48 PM
    step 1. America borrows billions from china.
    step 2. Chinese hackers steal it back
    step 3. America borrows more money
    step 4. 'merica
  • 0 Hide
    COLGeek , November 7, 2012 4:52 PM
    While China may be the largest, they aren't the only ones. This is a widespread issue that extends well beyond US government systems.
  • 0 Hide
    TeraMedia , November 7, 2012 5:13 PM
    Revised subtitle:
    Quote:
    China increasingly targeting U.S military computers and defense contractors


    None of you are touching on the subject of economic warfare, which China has been engaged in for a few decades now.
    Concept 1: The Chinese Government IS Chinese industry. It IS Chinese business. They are one and the same.
    Concept 2: Engaging in economic warfare is a perfectly acceptable and legitimate way to gain a practical advantage over your economic competitors.

    Based on those concepts, the thought that the Chinese government would have ANY interest - other than an extremely strong self-serving interest - in prosecuting a Chinese company for stealing IP from a western company is laughable. Why would they? They go through the motions, and put on a show of trying to protect foreign business interests, but they more likely would prefer those interests be acquired by Chinese companies.
    Active participation in IP theft, systems intrusion, etc. are simply other facets of this e-war.

    The scary question for me is, "what will bring about the end of this war?"
  • 1 Hide
    TeraMedia , November 7, 2012 5:22 PM
    For those of you talking about a bank vault, here's a different analogy:

    Imagine the movie "Aliens" if you will. Now imagine that each alien is a government-sponsored Chinese hacker trying to get into your system, and the room with the surviving humans in it is your system, with each human representing a piece of valuable data, or the integrity of a server, or something else you don't want hacked.

    In the end, the fact that you might have "closed the door to the bank vault" really isn't going to matter very much. And the fact that your government issues a stern statement condemning the acts of the aliens isn't going to matter that much either.
  • -1 Hide
    TeraMedia , November 7, 2012 5:34 PM
    FWIW, I having nothing against the people of China; I only have issue with some specific acts of its government.
  • 0 Hide
    robochump , November 7, 2012 6:15 PM
    velosteraptorstep 1. America borrows billions from china.step 2. Chinese hackers steal it backstep 3. America borrows more moneystep 4. 'merica


    Why do you think China is #2 economy in the World? Because China Gov't buys US debt so its a scratch my back and I will scratch your back deal. I just wish US companies would send more manufacturing jobs to Mexico and Canada but damn those Asian countries can do it very well for so little!
  • 0 Hide
    booyaah , November 7, 2012 7:33 PM
    I agree with the premise from above...the Chinese are simply going after the low hanging fruit, the insecurely designed systems, but I really doubt they can get into well protected systems. At my company we have all our confidential IP data servers sitting behind a separate internal firewall, you can't even see them by even if you are already inside the network.

    All the ports are disabled, with the exception of very few that are white listed specifically to allow a few core applications to pass through. One is for general client connectivity using some authentication client software. In order to authenticate you must enter a user password and a randomized 30 second changing password which is coming off a RSA keyfob the user carries with them. The connections are logged and rules will alert admins of suspicious login attempts.

    I'm pretty sure the firewall is run on high end Cisco hardware...definitely not Huwaei, so no back doors exist into the firewall. The admins are on their game and keep the firmware/OS/Applications patched up. The IP can't be from outside the US, but we all know that can be easily gotten around using a proxy or hijacking someone's machine. So besides social engineering or internal threats, there's pretty much no way a Chinese B-rate hacker is getting into these servers.

    Even if they did get through the 2nd firewall, then they have to figure out to get root access to the OS or some of the applications which I would argue is not trivial either since they are encrypted and we use authorized CA and not self-signed certs when presenting the application logins.

    I guess if you gave the best hackers in the world a few years of constantly going at it, they might eventually get lucky and find a way though the multiple layers security, but networks like PSN basically did 'leave the vault door open' for hackers.
  • 0 Hide
    TeraMedia , November 7, 2012 8:55 PM
    @booyaah:
    Quote:
    So besides social engineering or internal threats

    If the data is sufficiently valuable, and those are the only workable attack vectors, then those are the vectors that the attacker will successfully use at some point in time. I would argue in your system's case that the easiest vector might be the disgruntled and underpaid employee.

    Suppose: An agent already started cultivating the relationship while the guy was in college (just look at what the KGB did...). While out at a bar, the guy divulges his unhappiness, or perhaps a financial problem. Or perhaps the agent even surreptitiously causes the financial problem, and then provides a helpful ear. The agent convinces the guy that he should do something - for any number of reasons - and the guy does. Even if the guy gets caught, the agent is still able to siphon the data back to home base.

    Data security is an illusion. There are things you can do so that you know you were breached, and how, and by whom, but if the system is inherently designed to make the data accessible to someone, then that data can be exposed by at least that one person.
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter