backtop


Print 87 comment(s) - last by anandtech02148.. on Apr 3 at 12:10 AM


  (Source: ScreenRant)
NSA director fingers China in recent RSA intrusion and subsequent data thefts, U.S. oblivious its at war

Well, no more hemming and hawing about, it's official -- the Chinese hacked EMC Corp. (EMC) subsidiary RSA and stole the secrets of its proprietary security algorithm according to the chief of the U.S. National Security Agency.

I. A Grave Threat

U.S. Cyber Command leader and NSA director Gen. Keith Alexander made the information public on Tuesday in a briefing to the Senate Armed Services Committee, in which he testified, "I can't go into the specifics here, but we do see [thefts] from defense industrial base companies.  There are some very public [attacks], though. The most recent one was the RSA exploits."

China successfully used the information to hack into Lockheed Martin Corp. (LMT), a top U.S. defense contractor.  It is thought that China's remarkable progress in stealth fighter technology has been fueled by stolen U.S. Department of Defense Secrets.

Indeed a massive amount of intellectual property is being stolen from both the public and private sector by Chinese hackers, according to Gen. Alexander.  The U.S. has done precious little to protect its own economic prosperity, as it has been overwhelmed by the Chinese thieves.  One official in past commentary graphically described a cyberwarfare compaign of an unnamed nation state (suspected to be China) as "raping" the world.

Whether the Chinese government is perpetrating these attacks first hand, sponsoring third parties to conduct them, or merely condoning corporate interests to conduct them is almost as hazy as the sketchy financial ties the Chinese government holds to many of its private sector business (to be fair such allegations have increasingly been raised about the U.S. gov't).

But at the end of the day, the result is the same -- the destruction of the U.S. economy at the hands of the Chinese attackers.

RSA dongle
Spearphishing and an unreleased Flash exploit allowed China to hack the RSA standard and steal secrets from U.S. DOD contractors, according to NSA testimony.
[Image Source: RSA Security]

U.S. companies who speak out against the attacks are threatened by the Chinese.  The Chinese government is more than willing to ban U.S. firms that rock the boat, locking them out of the lucrative emerging market of almost 1 billion internet-active device users.

Complains Gen. Alexander, "We need to make it more difficult for the Chinese to do what they're doing.  Intellectual property isn't well protected, and we can do a better job at protecting it."

The security official shared interesting details of the attack.  He says the RSA hack used a zero-day (unreleased) exploit of Adobe System Inc.'s (ADBE) Flash player (somewhere the spirit of Steve Jobs is smirking) and used "spearphishing" (targeted phishing) to get an RSA employee to click on the offending executable, resulting on backdoors being installed on the company's servers.  Ironically, the Subcommittee hearings were livecast using Flash.

II.  Are the NSA's Cyber Command Efforts Really Helping?

Sen. Carl Levin (D-Mich.) criticized Gen. Alexander's commentary as just lip service.  He pointed out that a DOD pilot program to share malware signatures with defense contractors did not contribute significantly to new awareness, according to a Carnegie Mellon University study.  

Gen. Alexander responded, "Industry has a bunch of signatures, government has those too.  All of us need to work together to provide the best set of signatures."

He then countered that private sector communications efforts have been hindered by red tape.  He compares the situation to a bank robbery in which no one can tell the police.  He points to one incident in which the NSA detected 3 GB of data being stolen, stating, "I think that industry should have the ability to see these attacks and share them with us in real time.  It's like neighborhood watch. Somebody is breaking into a bank, and somebody needs to be in touch with the police to stop it."

surrender flag
Is the U.S. surrendering its future by allowing China to victimize its businesses and defenses with no response?  The hacks may go down in U.S. history as the nation's first unofficial surrender. [Image Source: Allison Nazarian]

On the upside Gen. Alexander says DOD efforts to establish a Cyber Command outpost at every major geographical and functional Combatant Command branch are coming along nicely.  He points to a major recent combat exercise at Nellis Air Force base as a sign of that progress.

Tensions between the U.S. and China are running high after the U.S. filed a World Trade Organization complaint against China for cutting off its supply of rare earth metals.  China argued the complaint was unfair and that it's all about playing by the rules.

Source: U.S. Senate



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Unplug the damn connection!
By Rob94hawk on 3/28/2012 7:13:06 PM , Rating: 2
Maybe it's time to start unplugging China from the US network. Yeah I'm sure they can reroute but let China start pissing off other countries when they hack their way into their networks to get to ours.

If the situation is that serious as they say then it's time to start "accidentally" cutting cables. But this is just my opinion.




RE: Unplug the damn connection!
By Icon0clast on 3/28/2012 7:38:20 PM , Rating: 5
You seem to be some kind of Internetworking genius please tell us more!


RE: Unplug the damn connection!
By Reclaimer77 on 3/28/2012 7:44:14 PM , Rating: 1
Well it's better than my fantasy solution, which would be to "disrupt" China's Internet access for a few years via an air-burst EMP :)

(yes, that was tongue-in-cheek humor. don't be alarmed and freak out)


RE: Unplug the damn connection!
By mcnabney on 3/28/2012 9:25:34 PM , Rating: 2
Well, you make a good point.

If war with China is inevitable, we should do it now.

I am serious. Mostly because a war like that will be waged within a few hours.


RE: Unplug the damn connection!
By Solandri on 3/29/2012 4:09:13 AM , Rating: 2
I recall a quote from a Chinese businessman. Paraphrasing: "We are already at war with the U.S.; the U.S. just doesn't realize it yet. It's an economic war."


RE: Unplug the damn connection!
By FaaR on 3/29/2012 8:02:49 AM , Rating: 2
You're serious, but stupid.

China has nukes. Many nukes. Unless you want mutual (realistically though, that'd be global) annihilation, direct military confrontation with them should be avoided at all costs.

I'd think any dumbass would realize this, but jingoistic chest-thumping murricans never cease to amaze with their self-centered ignorance.


RE: Unplug the damn connection!
By Schadenfroh on 3/28/2012 9:57:54 PM , Rating: 5
Nigeria (and her many princes) need an air-burst EMP before China.


RE: Unplug the damn connection!
By fic2 on 3/29/2012 12:23:20 PM , Rating: 3
As long as they wait until after I help this guy that contacted me get his money out of the country I am ok with that. Otherwise I won't be able to collect the 20% of several million that he has.


RE: Unplug the damn connection!
By poi2 on 3/29/2012 12:40:57 AM , Rating: 1
better watch out for someone who holds EMP patents.
you might get sued!

patents patents patents sued sued sued

small company get sued from fat ass holding papers
royalties yada,yada,yada goes bankrupt
fat ass getting richer by sitting on a chair


RE: Unplug the damn connection!
By retrospooty on 3/28/2012 8:38:38 PM , Rating: 2
"You seem to be some kind of Internetworking genius please tell us more!"

ROFLMAO +1 =)


RE: Unplug the damn connection!
By Ammohunt on 3/28/2012 10:24:46 PM , Rating: 2
You mean cut the tubes?


RE: Unplug the damn connection!
By evolveNow on 3/28/2012 10:54:31 PM , Rating: 3
Joking aside, rob94hawk has a valid argument, critical systems like power grids, nuclear power plants, and defense department contractor servers should not be accessed externally through the internet at all. Does that solve all the security problems? Obviously not, but sure as hell will reduce the number of incidents and the potential scope of the attacks political or otherwise.

If it means employees have to be physically at their workplace to get anything done then so be it, employees being inconvenienced pales in comparison to the economic cost of a major power grid going down or national security secrets being stolen and/or exploited.


RE: Unplug the damn connection!
By Rob94hawk on 3/28/2012 11:32:51 PM , Rating: 2
EXACTLY! I know there's no way in hell you'd be able to stop all communication between China and the US. But why is the power grid hooked up to the WWW?! It's time to go old school. If there's a problem, make a phone call or keep important personel on staff or local if there's a problem.


RE: Unplug the damn connection!
By sviola on 3/29/2012 1:10:33 PM , Rating: 3
quote:
But why is the power grid hooked up to the WWW?!


Because there is the need to reroute power through different lines and control the amount of power generated by plants form a centralized place to prevent blackouts.


RE: Unplug the damn connection!
By JediJeb on 3/29/2012 10:13:22 PM , Rating: 2
That is true that such things are needed, but why can't the power companies run a secure network along those power lines which is not connected to the public internet at all? Sure it would cost some money, but they already have towers and right of way on which to place those cables. The biggest reason they are using the public internet is because they want to shave costs everywhere possible. If it cost $200 million to setup, that would only be a dollar extra on every persons bill once, do it for 10 months and you have $2 billion for the project. I would pay an extra dollar on my bill for a year to fund a secure network for the power grid. Before the internet they were running the system on leased dedicated phone lines, so it isn't as if this would be such a radical idea.


By Captain Orgazmo on 3/29/2012 8:20:00 AM , Rating: 2
Dang right! Piss on a spark plug too, if we have to.


RE: Unplug the damn connection!
By fic2 on 3/29/2012 12:25:43 PM , Rating: 2
A friend of mine that is a consultant has already started doing this. He has setup blacklists of ip addresses from various countries on his clients networks portals.


"We are going to continue to work with them to make sure they understand the reality of the Internet.  A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki