backtop


Print 87 comment(s) - last by anandtech02148.. on Apr 3 at 12:10 AM


  (Source: ScreenRant)
NSA director fingers China in recent RSA intrusion and subsequent data thefts, U.S. oblivious its at war

Well, no more hemming and hawing about, it's official -- the Chinese hacked EMC Corp. (EMC) subsidiary RSA and stole the secrets of its proprietary security algorithm according to the chief of the U.S. National Security Agency.

I. A Grave Threat

U.S. Cyber Command leader and NSA director Gen. Keith Alexander made the information public on Tuesday in a briefing to the Senate Armed Services Committee, in which he testified, "I can't go into the specifics here, but we do see [thefts] from defense industrial base companies.  There are some very public [attacks], though. The most recent one was the RSA exploits."

China successfully used the information to hack into Lockheed Martin Corp. (LMT), a top U.S. defense contractor.  It is thought that China's remarkable progress in stealth fighter technology has been fueled by stolen U.S. Department of Defense Secrets.

Indeed a massive amount of intellectual property is being stolen from both the public and private sector by Chinese hackers, according to Gen. Alexander.  The U.S. has done precious little to protect its own economic prosperity, as it has been overwhelmed by the Chinese thieves.  One official in past commentary graphically described a cyberwarfare compaign of an unnamed nation state (suspected to be China) as "raping" the world.

Whether the Chinese government is perpetrating these attacks first hand, sponsoring third parties to conduct them, or merely condoning corporate interests to conduct them is almost as hazy as the sketchy financial ties the Chinese government holds to many of its private sector business (to be fair such allegations have increasingly been raised about the U.S. gov't).

But at the end of the day, the result is the same -- the destruction of the U.S. economy at the hands of the Chinese attackers.

RSA dongle
Spearphishing and an unreleased Flash exploit allowed China to hack the RSA standard and steal secrets from U.S. DOD contractors, according to NSA testimony.
[Image Source: RSA Security]

U.S. companies who speak out against the attacks are threatened by the Chinese.  The Chinese government is more than willing to ban U.S. firms that rock the boat, locking them out of the lucrative emerging market of almost 1 billion internet-active device users.

Complains Gen. Alexander, "We need to make it more difficult for the Chinese to do what they're doing.  Intellectual property isn't well protected, and we can do a better job at protecting it."

The security official shared interesting details of the attack.  He says the RSA hack used a zero-day (unreleased) exploit of Adobe System Inc.'s (ADBE) Flash player (somewhere the spirit of Steve Jobs is smirking) and used "spearphishing" (targeted phishing) to get an RSA employee to click on the offending executable, resulting on backdoors being installed on the company's servers.  Ironically, the Subcommittee hearings were livecast using Flash.

II.  Are the NSA's Cyber Command Efforts Really Helping?

Sen. Carl Levin (D-Mich.) criticized Gen. Alexander's commentary as just lip service.  He pointed out that a DOD pilot program to share malware signatures with defense contractors did not contribute significantly to new awareness, according to a Carnegie Mellon University study.  

Gen. Alexander responded, "Industry has a bunch of signatures, government has those too.  All of us need to work together to provide the best set of signatures."

He then countered that private sector communications efforts have been hindered by red tape.  He compares the situation to a bank robbery in which no one can tell the police.  He points to one incident in which the NSA detected 3 GB of data being stolen, stating, "I think that industry should have the ability to see these attacks and share them with us in real time.  It's like neighborhood watch. Somebody is breaking into a bank, and somebody needs to be in touch with the police to stop it."

surrender flag
Is the U.S. surrendering its future by allowing China to victimize its businesses and defenses with no response?  The hacks may go down in U.S. history as the nation's first unofficial surrender. [Image Source: Allison Nazarian]

On the upside Gen. Alexander says DOD efforts to establish a Cyber Command outpost at every major geographical and functional Combatant Command branch are coming along nicely.  He points to a major recent combat exercise at Nellis Air Force base as a sign of that progress.

Tensions between the U.S. and China are running high after the U.S. filed a World Trade Organization complaint against China for cutting off its supply of rare earth metals.  China argued the complaint was unfair and that it's all about playing by the rules.

Source: U.S. Senate



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: We prosecute our hackers
By ebakke on 3/28/2012 10:10:39 PM , Rating: 1
If by "office building" you mean prison, and by "pay them" you mean reduce their sentences for each successful breach... then by all means, I agree.


RE: We prosecute our hackers
By tayb on 3/28/2012 10:48:50 PM , Rating: 4
We have two options

1. Spend $40,000 - $50,000 tax payer dollars per year to keep them in prison plus whatever legal fees were spent to put them in prison and keep them in prison. Let them free at the end of their sentence and repeat again.

2. Spend all that money on their annually salary and utilize their skills in cyber defense of the United States or cyber warfare against any "enemies."

You guys that are pro prison crack me up. It's an enormous drain on our economy.


RE: We prosecute our hackers
By Reclaimer77 on 3/29/12, Rating: 0
RE: We prosecute our hackers
By tayb on 3/29/2012 12:28:08 AM , Rating: 4
Oh look, Reclaimer is here to go off the deep end. Thanks Reclaimer.


RE: We prosecute our hackers
By Reclaimer77 on 3/29/12, Rating: -1
RE: We prosecute our hackers
By Paj on 3/29/2012 7:12:42 AM , Rating: 5
Pretty sure he didn't say anything about releasing murderers. Unless I missed something?

Plenty of people working in cryptography and antivirus started out as hackers and phreakers. The vast majority of them grow out of it by the time they meet girls, start a family and need a job to support them. They quickly realise they have a unique skill set that pays handsomely.

The goal would not be to get the hackers to attack China, but to use their skills to find holes in the defenses, and use their expertise to shore them up.


RE: We prosecute our hackers
By Reclaimer77 on 3/29/12, Rating: -1
RE: We prosecute our hackers
By TSS on 3/29/2012 9:00:39 AM , Rating: 2
Well lets see, does the government build safes and safe technology, in order to improve the national security of monitary deposits? no.

"currency manipulation consultants" already exist and work in droves at the fed and treasury. Using the criminals would be a step up here.

You don't need the hackers to attack china. They don't have anything worth stealing anyway. What you need hackers for, is to continually attack domestic networks without causing damage, or as little as possible. You want them to hack the same stuff as the chinese hack, before the chinese hack it, so that you can secure it against them.

And secretly remove from prison? lol, are you so stuck in thinking in totalitarian terms? Just offer them a choice when they get caught. Either go to jail or sign a job contract of the same lenght. One has possibly electronic house arrest and monitoring software, the other ass rape. And incase you didn't know, the majority of hackers isn't exactly physically fit.

And build a super, super secure webpage and server. Put a single file on there containing contact information where to apply for the security job for the government. Then put out an open call to hackers to hack it, then wait for the applications to fill in. They won't cause damage and you've got somebody with already a base level skill, which can then be heightened through training.

But no, you're right. Lets send everybody to prison, it has worked so well in the past. Every person walking out of there is a shining beacon of reformed model citizen, so it'll be a far better option then anything... "productive".


RE: We prosecute our hackers
By Reclaimer77 on 3/29/12, Rating: -1
RE: We prosecute our hackers
By Paj on 3/30/2012 7:35:14 AM , Rating: 2
It's a pretty slippery slope. Theres a big difference between hacking and murder, and the two shouldn't be given equal weight as premises in an argument.

I would be surprised if someone working for the NSA right now didn't get discovered by doing something illegal.

I do get your drift though, and I'll grant that it could set a precedent.


RE: We prosecute our hackers
By SlyNine on 3/29/12, Rating: 0
RE: We prosecute our hackers
By retrospooty on 3/29/2012 8:32:22 AM , Rating: 2
"Oh look, Reclaimer is here to go off the deep end"

You compare this to Reclaimer going off the deep end? Well, I have seen Reclaimer going off the deep end.... He's done it in threads of mine... And this is not Reclaimer going off the deep end. ;)


RE: We prosecute our hackers
By Reclaimer77 on 3/29/2012 9:05:10 AM , Rating: 2
There you go again, throwing me under the bus. Oh the pain... :P


RE: We prosecute our hackers
By retrospooty on 3/29/2012 10:58:58 AM , Rating: 2
LOL... Sorry, maybe that just came out wrong.

Your argument here is sound and not off the deep end at all. The hippie/communist nightmares in your head must have been calm last night ;)


RE: We prosecute our hackers
By EricMartello on 3/29/2012 4:41:36 PM , Rating: 2
quote:
So if I murder someone in cold blood, can I get sent to the military instead of sitting in jail?


How are you making the jump from "hacking" to "murder"? Only one of those two is considered "wrong" on both a moral and social level by most people. Hacking is illegal but if wittle trayvon was hacked by a 1/2 white guy rather than shot & killed, I wonder if we'd have all the racist blacks protesting like we do now.

quote:
If I start a bar fight unprovoked and beat 3 guys up half to death, instead of jail time can I be sent to the MMA?


Another problem with this hypothetical question and your first one is that neither provide a service to the USA that only a small portion of the population can do. Just about anyone can be taught to shoot someone and perform basic military service...and many people can be trained as MMA fighters as long as they're in good physical condition, but the talent and skills required to crack complex code is not something you can "train" someone to do and it's not an ability that many people have.

quote:
You're talking about treating cyber crimes like a doorway to a great career opportunity, instead of a serious and punishable crime. Even paying them like $50k a year?


Not really - it's more like they'd be doing "community service" under close watch - a service which benefits the USA and makes the $40K per year taxpayer cost of feeding and housing them more palatable. Having them sit and rot in their cells is proving to be little more than a Pyrrhic victory for the USA as a nation.

Considering that most hackers do not single out individuals, the "crimes" they are accused of really don't have the social impact on people that something like assault or murder does. At worst you are inconvenienced by having to cancel some credit cards and open up new bank accounts - yeah man, that's harsh.

quote:
I don't think I'm "pro jail". I think if you commit a crime that warrants jail time, you should be punished for that crime and serve that sentence. Isn't that the whole point?


No, it's not the whole point. A modern society should always give people a chance to right their wrongs rather than taking a moronic "throw em all into jail and lose the key" approach which benefits neither the country nor the prisoner.

At a fundamental level, hackers typically do what they do just to see if they can do it. If that is their intent and they act without malice, then sentencing them to "national community service" as state-sponsored hackers is perfectly sound.

quote:
You've obviously never been a victim of ID theft or had your credit card number stolen by hackers and misused. If you had I'm pretty sure the idea of your tax dollars going to paying their salary, when they should be in jail after costing you years of pain and aggravation, disgusting.


Pain? No. Aggravation is the extent of it...and being a nuisance is hardly a justification to keep someone locked up. Credit cards will not hold you liable for fraudulent activity and neither will most banks.


RE: We prosecute our hackers
By mindless1 on 3/29/2012 9:24:30 AM , Rating: 2
Sorry but that won't work. Commit the crime, do the time, the deterrence and punishment has to be applied to those who break the laws or those laws become meaningless.

It would be cheaper to leave rapists and bank robbers out of prison too, shall we leave them free or let the bank robber out so he can rob a Chinese bank? NO!


RE: We prosecute our hackers
By Dr of crap on 3/29/2012 9:51:02 AM , Rating: 2
And that thinking is the reason prisons are over crowded. Prison time IS NOT a deterrent any longer. They comment the crime, spend the SHORT time in jail, and get out to comment their crimes again.

WE NEED to take out those that do the worst of crimes, and NOT leave them on death row for 10 plus years, we need to quit with idea that prisoners CAN'T do hard work and HELP out - like the chain gangs used to do cleaning up roads, prisoners DON'T need cable TV and fish on Fridays. Prisoners in Maricompa County is a good example of how they should be treated. THAT would be a deterrent!

And you've not heard of crimals HELPING out the cops after being caught? Many stories of them helping / getting a job helping cops after they do their time!


RE: We prosecute our hackers
By mindless1 on 3/29/2012 4:07:58 PM , Rating: 2
Prisons are overcrowded because people don't fear being there enough, because we've made them into resorts better than the standard of living the convicts had outside.

This is similar to what you wrote, except no, prisons are overcrowded because of the factor that more people commit crimes and more are caught. Getting the word out that certain crimes won't even be punished with more than a better job than a person already had, would merely create another incentive to being a criminal.


RE: We prosecute our hackers
By EricMartello on 3/29/2012 4:55:36 PM , Rating: 2
quote:
Prisons are overcrowded because people don't fear being there enough, because we've made them into resorts better than the standard of living the convicts had outside.


Most people that know prison would probably fear it - not necessarily because they would be locked up but because of the other inmates they'd be sharing the space with.

Considering the limited options that a lot of people have, the average drug dealer or street thug is willing to risk jail time to survive within their environment.

The purpose of prisons was and should be to isolate "dangerous" people from the rest of society. Out of relative convenience they have become the defacto sentence for "crimes" ranging from having a bit too much weed on your person to violently raping and killing a houseful of children.

Many people who are being incarcerated should not even be there because they are not a threat to other people. They are overcrowded because our justice system lacks a range of punishments. They can either fine you or send you to jail - there isn't much in between.

quote:
This is similar to what you wrote, except no, prisons are overcrowded because of the factor that more people commit crimes and more are caught. Getting the word out that certain crimes won't even be punished with more than a better job than a person already had, would merely create another incentive to being a criminal.


Community service has always been a sentence that courts can pass on as a "punishment". With hackers it would be a lot like that - they would be performing a service to the country without the option to refuse. Who is the idiot who suggested they'd be getting paid a salary and have freedom to do what they want while serving out their sentence?


RE: We prosecute our hackers
By JediJeb on 3/29/2012 10:02:06 PM , Rating: 2
quote:
Community service has always been a sentence that courts can pass on as a "punishment". With hackers it would be a lot like that - they would be performing a service to the country without the option to refuse. Who is the idiot who suggested they'd be getting paid a salary and have freedom to do what they want while serving out their sentence?


Best way to do that is to sentence them to a term of military service and after basic training put them into the Cyber Command unit making minimum pay with not option for promotion until they have served the equivalent of their jail sentence. If they step out of line there, they are subject to a military justice system which would not be so easy on them.


RE: We prosecute our hackers
By mindless1 on 3/31/2012 11:49:35 AM , Rating: 2
Many white collar criminals and teens might, but your average person in prison was around the same types of people all the time - which is why their lifestyle led them to prison. Certainly there are exceptions, but can we conceded that the % of repeat offenders is higher than the % of the population that goes to prison in the first place? If so, it seems to dispute your idea that people who know prison fear it more.

Prison should certainly isolate dangerous people, but how do you classify that? Is not a drunk driver a danger? Do (hard, addictive) drug dealers not contribute to the death and decay of lives and society in general?

Is it ok to throw a small stone at 1000 people while if you threw 1000 small stones at the same person, you might kill them? I argue that if we allow this, everyone will feel they can do so and ultimately, society decays and death still results while everyone is more miserable until death.

Prison is mean to preserve peace in society, not just prevent violence and murder, thus we have laws dealing with other crimes. If you don't like that, by all means vote for someone to make change but as things stand, prison time is associated with certain crimes and it is up to each citizen whether to do the crime and spend the time.


"The Space Elevator will be built about 50 years after everyone stops laughing" -- Sir Arthur C. Clarke














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki