backtop


Print 87 comment(s) - last by anandtech02148.. on Apr 3 at 12:10 AM


  (Source: ScreenRant)
NSA director fingers China in recent RSA intrusion and subsequent data thefts, U.S. oblivious its at war

Well, no more hemming and hawing about, it's official -- the Chinese hacked EMC Corp. (EMC) subsidiary RSA and stole the secrets of its proprietary security algorithm according to the chief of the U.S. National Security Agency.

I. A Grave Threat

U.S. Cyber Command leader and NSA director Gen. Keith Alexander made the information public on Tuesday in a briefing to the Senate Armed Services Committee, in which he testified, "I can't go into the specifics here, but we do see [thefts] from defense industrial base companies.  There are some very public [attacks], though. The most recent one was the RSA exploits."

China successfully used the information to hack into Lockheed Martin Corp. (LMT), a top U.S. defense contractor.  It is thought that China's remarkable progress in stealth fighter technology has been fueled by stolen U.S. Department of Defense Secrets.

Indeed a massive amount of intellectual property is being stolen from both the public and private sector by Chinese hackers, according to Gen. Alexander.  The U.S. has done precious little to protect its own economic prosperity, as it has been overwhelmed by the Chinese thieves.  One official in past commentary graphically described a cyberwarfare compaign of an unnamed nation state (suspected to be China) as "raping" the world.

Whether the Chinese government is perpetrating these attacks first hand, sponsoring third parties to conduct them, or merely condoning corporate interests to conduct them is almost as hazy as the sketchy financial ties the Chinese government holds to many of its private sector business (to be fair such allegations have increasingly been raised about the U.S. gov't).

But at the end of the day, the result is the same -- the destruction of the U.S. economy at the hands of the Chinese attackers.

RSA dongle
Spearphishing and an unreleased Flash exploit allowed China to hack the RSA standard and steal secrets from U.S. DOD contractors, according to NSA testimony.
[Image Source: RSA Security]

U.S. companies who speak out against the attacks are threatened by the Chinese.  The Chinese government is more than willing to ban U.S. firms that rock the boat, locking them out of the lucrative emerging market of almost 1 billion internet-active device users.

Complains Gen. Alexander, "We need to make it more difficult for the Chinese to do what they're doing.  Intellectual property isn't well protected, and we can do a better job at protecting it."

The security official shared interesting details of the attack.  He says the RSA hack used a zero-day (unreleased) exploit of Adobe System Inc.'s (ADBE) Flash player (somewhere the spirit of Steve Jobs is smirking) and used "spearphishing" (targeted phishing) to get an RSA employee to click on the offending executable, resulting on backdoors being installed on the company's servers.  Ironically, the Subcommittee hearings were livecast using Flash.

II.  Are the NSA's Cyber Command Efforts Really Helping?

Sen. Carl Levin (D-Mich.) criticized Gen. Alexander's commentary as just lip service.  He pointed out that a DOD pilot program to share malware signatures with defense contractors did not contribute significantly to new awareness, according to a Carnegie Mellon University study.  

Gen. Alexander responded, "Industry has a bunch of signatures, government has those too.  All of us need to work together to provide the best set of signatures."

He then countered that private sector communications efforts have been hindered by red tape.  He compares the situation to a bank robbery in which no one can tell the police.  He points to one incident in which the NSA detected 3 GB of data being stolen, stating, "I think that industry should have the ability to see these attacks and share them with us in real time.  It's like neighborhood watch. Somebody is breaking into a bank, and somebody needs to be in touch with the police to stop it."

surrender flag
Is the U.S. surrendering its future by allowing China to victimize its businesses and defenses with no response?  The hacks may go down in U.S. history as the nation's first unofficial surrender. [Image Source: Allison Nazarian]

On the upside Gen. Alexander says DOD efforts to establish a Cyber Command outpost at every major geographical and functional Combatant Command branch are coming along nicely.  He points to a major recent combat exercise at Nellis Air Force base as a sign of that progress.

Tensions between the U.S. and China are running high after the U.S. filed a World Trade Organization complaint against China for cutting off its supply of rare earth metals.  China argued the complaint was unfair and that it's all about playing by the rules.

Source: U.S. Senate



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: This is frustrating
By TETRONG on 3/28/2012 10:31:58 PM , Rating: 4
I warned about this years ago on this very forum.
The scary thing is that you still don't seem to realize the back doors have been left open on purpose!

Think about it, most Americans are in debt and they have quadruple the number of Consumers over there!

You have to start seeing the bigger Corporate picture

On February 13, 2007 a New Mexico State Court found Sandia(Lockheed Martin) Corporation liable for $4.7 million in damages for the firing of a former network security analyst, Shawn Carpenter. Mr. Carpenter had reported to his supervisors that hundreds of military installations and defense contractors' networks were compromised and sensitive information was being stolen – including hundreds of sensitive Lockheed documents on the Mars Reconnaissance Orbiter project. When his supervisors told him to drop the investigation and do nothing with the information, he went to intelligence officials in the United States Army and later the Federal Bureau of Investigation to address the national security breaches. When Sandia managers discovered his actions months later, they revoked his security clearance and fired him.

http://en.wikipedia.org/wiki/Sandia_National_Labor...

They want this to happen


RE: This is frustrating
By bodar on 3/28/2012 11:06:30 PM , Rating: 2
Interesting theory... but why?


RE: This is frustrating
By stardude692001 on 3/29/2012 12:55:52 AM , Rating: 2
Payoffs probably. I would find it easy to believe most people would accept money to do this, hell if you offered the job of "spy for china" with a million dollar salary I think at least 1 in 50 would jump at the chance.

No one really believes a war with china is going to happen so they see no harm in directly or indirectly selling our secrets.


RE: This is frustrating
By bug77 on 3/29/2012 4:38:13 AM , Rating: 2
Same reason some thought they must sell the A-bomb to USSR?


RE: This is frustrating
By TSS on 3/29/2012 8:38:42 AM , Rating: 1
My turn! i posted that years ago on this very forum.

The war on terror is comming to an end. You can no longer afford large standing armies across the world. Don't get me wrong, it'll still be much larger then any other nation but the wars in iraq and afgahnistan are ending. In general people are getting tired of the middle east.

This does not suit your governments needs. Your government needs a foreign enemy to focus on in order to keep people afraid and occupied. This will allow them to stay in power even though they're corrupt to the bone and everybody knows this.

But it can't be just any enemy. It has to be akin to a ghost. Something you can conjure up at any time, say it was the enemy, and rally the troops behind you. The enemy itself doesn't really need to exist. Just think about it - Osama bin laden might never have existed as we knew him. Yes, the person existed, but the leader of al-qaida? The most dangerous man in the world? the brains behind all those attacks? I'm not sure. There isn't a whole lot of evidence that can be traced back to credible sources for that.

Now imagine Anonymous as the new Bin Laden. Anybody could be the enemy. They could strike from anywhere, at any time.

Cyberterrorism is the ultimate replacement for the war on terror. Instead of hunting combatants dressed as civilians, you'll litteraly be hunting ghosts. You're hunting a IP, rather then a person.

And the average citizen (of the world) doesn't understand computers at all. A "cyber" terrorist is even more foreign to them then a real terrorist. Never mind explaining to them how some guy on a computer in china caused a blackout in iowa.

Cyber terrorism folks. Called it years back. What i don't know is what they will call this new war. "the war on cyber terrorism", while appropriate since terrorism is already engrained in the modern mind, sounds a bit windy.


RE: This is frustrating
By Starcub on 3/29/2012 1:27:03 PM , Rating: 2
The US actually helped Saddam Hussein come to power by giving him weapons of mass destruction which he used against targets in both Iran and his own country. The US seems to have a history of establishing its future enemies and then turning on them at their convenience. It easy to see why they would want to do this to a national power, but a lone guy on a computer? I think there is something different going on with cyber-terrorists.


RE: This is frustrating
By AntiM on 3/29/2012 9:00:28 AM , Rating: 3
Sounds familiar:

The Phoenix memo is a letter sent to FBI headquarters on July 10, 2001 by FBI special agent Kenneth Williams recommending the assembling of a worldwide listing of civil aviation schools. Williams, then stationed in Phoenix, Arizona, was at the time investigating students at some of these schools for possible terrorist links.

According to Williams, the purpose of the memo was to advise the Bureau and New York of the possibility of a coordinated effort by Osama Bin Laden to send students to the United States to attend civil aviation universities and colleges. Phoenix has observed an inordinate number of individuals of investigative interest who are attending or who have attended civil aviation universities and colleges in the State of Arizona.
The recommendations outlined by Williams were ignored or put aside due to other concerns. David Frasca was the head of the FBI's fundamentalist terrorist unit at the time and was considered to be responsible for not making these recommendations known to other relevant investigative units. Frasca was promoted by the Bush administration after the 9/11 attacks


"So, I think the same thing of the music industry. They can't say that they're losing money, you know what I'm saying. They just probably don't have the same surplus that they had." -- Wu-Tang Clan founder RZA














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki