back to article Chinese Army: US hacks us so much, I'm amazed you can read this

Two Chinese military websites - including the Defence Ministry - are routinely subjected to thousands of hacking attacks every month, the majority of which can be traced based to the US, Chinese authorities alleged this week. Two-thirds of the 144,000 attacks a month against Chinese military sites last year came from the US, …

COMMENTS

This topic is closed for new posts.
  1. Tom 38 Silver badge

    Crikey

    hacked on average from overseas 144,000 times a month

    Not just 144,000 hack attempts, but 144,000 successful hacks! Lummy.

  2. Dr Paul Taylor

    Probably evolutionarily beneficial

    A lot better than the US and China lobbing nukes at each other.

    Presumably there's quite a lot of skill on both sides going in to this game.

    It might spin off some better cybersecurity for the rest of us.

    1. Anonymous Coward
      Anonymous Coward

      Re: Probably evolutionarily beneficial

      Until some idiot hacks into the launch system. That will result in a nice evolutionary dead-end for all involved.

      No thanks, I 'd prefer that neither one of them did it all, evolutionary or not.

      1. Wzrd1

        Re: Probably evolutionarily beneficial

        Pity that you don't understand how launch systems work.

        They're not open to the internet, they're on isolated networks that are inaccessible to other networks. Hence, they can't be hacked unless one is sitting at a terminal on that network.

        1. Anonymous Coward
          Anonymous Coward

          Re: Probably evolutionarily beneficial

          Pity that you don't understand how launch systems work.

          They're not open to the internet, they're on isolated networks that are inaccessible to other networks. Hence, they can't be hacked unless one is sitting at a terminal on that network.

          Out of idle, proximity-of-the-weekend induced curiosity, how do people at said terminal get the message to press the red button (virtual or not)? Somehow, information is gained/accessed/processed/interpreted, and communication must take place. Plenty of weak spots there - that's the idea behind APT.

        2. Vic

          Re: Probably evolutionarily beneficial

          they're on isolated networks that are inaccessible to other networks. Hence, they can't be hacked unless one is sitting at a terminal on that network.

          Didn't someone tell me that about the Iranian centrifuges?

          Vic.

    2. Wzrd1

      Re: Probably evolutionarily beneficial

      I'll suggest that there is a great deal of skill on both sides of this game. I had no involvement with our cyber operations, save in the defense side of our networks.

      From the Information Assurance side of the house, I can say that the PLA personnel were overall extremely clever and a few spoke fluent American English, understood American culture and used multiple means to attack our networks. Efforts ranged from social engineering, plain phishing, spear phishing and even scattering infected USB drives in a headquarters parking lot.

      The latter being the 2008 cyber attack against the US DoD, which was extremely effective. Twice. Interestingly enough, my installation remained uninfected throughout that multi-billion dollar debacle.

      But then, our baseline was the directed DoD baseline configuration, we had no pirated software on the network, our patch management was efficient and up to date and our antivirus definitions were pushed out daily to the test systems and the next day for the main production systems. When the undersecretary of defense ordered USB mass storage shut down, NetCom commands refused to "force the issue with their customers", I went to the installation commander, who "owns" all computers on the base, briefed him on the directive and requested his desire.

      "Shut the F'ing things off."

      I went back to my desk, hit enter and the script was pushed out, shutting down all USB mass storage and an e-mail went out advising all as to what happened and why.

      We did exception to policy on a case by case basis, for those whose mission was impacted, with only three exceptions throughout our entire installation.

  3. Scott Pedigo
    Trollface

    I look forward to the day when all their base are belong to us.

    1. ecofeco Silver badge
      Linux

      9000?!!!

      Unngghh

    2. This post has been deleted by its author

  4. Zaphod.Beeblebrox
    WTF?

    What's with all of the smoking - is it that much more of a thing in China or is that just more of the propagandist nature of the animation?

    1. Tom 38 Silver badge

      No, smoking is big in China. You couldn't smoke in our office, you had to go into the stairwell, where the ashtray was emptied 3 or 4 times an hour - literally there was often a cleaner there waiting for me to ash.

      1. Anonymous Coward
        Anonymous Coward

        smoking is big in China

        Switzerland too, and practically every teenager smokes to "fit in" :(.

        The most ironic statement I had in that context was by someone proclaiming that it was their "freedom" to smoke. They got a bit upset when I remarked that a 3m hose length radius around an oxygen bottle wasn't much in the way of freedom, but that's the idea of grabbing them young: they don't think very far ahead. Getting lung cancer at 35 is too far away for them to worry about..

    2. Psyx
      Go

      "What's with all of the smoking - is it that much more of a thing in China"

      Yes.

      Also: Spitting.

    3. Don Jefe

      Re:

      Some countries aren't populated by people whinging about smoke all day. They are to busy working to complain.

  5. This post has been deleted by a moderator

    1. Grave

      Re: Time for the military to stop using Windows.

      lmao what a tool. once a hacker gets enough skills to meddle in serious hacking (like military targets) without getting nailed its actually easier to hack *nix based systems, they all follow same outdated "security" structures.

      1. This post has been deleted by a moderator

      2. Anonymous Coward
        Anonymous Coward

        Re: Time for the military to stop using Windows.

        lmao what a tool. once a hacker gets enough skills to meddle in serious hacking (like military targets) without getting nailed its actually easier to hack *nix based systems, they all follow same outdated "security" structures.

        I see that a lack of knowledge is clearly no impediment for you to comment, which makes you strangely compatible with Eadon despite making opposite statements. Weird.

        Can you try commenting directly to Eadon's posts? I want to see if the two of you actually cancel each other out :)

    2. Anonymous Coward
      Anonymous Coward

      Re: Time for the military to stop using Windows.

      Amazing! Eadon, you surpass even your own stupidity. They are running Apache and it ain't on Windows.

      1. This post has been deleted by a moderator

        1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Time for the military to stop using Windows.

        But still it is necessary to update Apache ("patch" it haha) and actually follow recommended security practices.... it's not like there is a lack of free info on the Web on how to do it.... plus it will never get any of the myriads of Windows viruses or spyware however badly patched it is, so at least a good start and breathing space to get it fixed.

    3. Otto is a bear.

      Re: Time for the military to stop using Windows.

      Not a chance, the Purchasing Department worked out that it's far cheaper than anything else, and besides no one gets fired for buying Microsoft do they. Just think how much it would cost if they were to let techies decide on which kit is the best, I mean how stupid do you think these guys are.

      Any way who uses Linux anyway and Apple is way overpriced.

      Sorry I can't remember anymore uninformed reasons to trot out.

      1. Anonymous Coward
        Anonymous Coward

        Re: Time for the military to stop using Windows.

        No-one gets a free lunch and hookers from MS if they use Linux, quick, get Stallman on the case! :)

    4. Mayhem

      Re: Time for the military to stop using Windows.

      > apt-get install Nuclear_Launch_Codes

      Access Denied

      >sudo apt-get install Nuclear_Launch_Codes

      Reading package lists... Done

      Building dependency tree

      Reading state information... Done

      The following packages were automatically installed and are no longer required:

      B17 B29 B36 B52 B70 FB111 B1B

      Couldn't find package Nuclear_Launch_Codes

      ...

      google : Nuclear Launch Repository Location

      ...

      vi /etc/apt/sources.li

      <boom>

    5. Wzrd1

      Re: Time for the military to stop using Windows.

      Blather. Every major compromise wasn't due to the OS, it was due to user stupidity. I know of Solaris systems that were compromised by the PLA.

      The last time I checked, Solaris isn't Windows.

  6. Johnny Canuck

    video

    I laughed at how the Americans are portrayed in the video and - oh noes - the secret formula for coke!

    1. Anonymous Coward
      Pint

      Re: video

      America's problem is we don't have NMA TV to tell us the plain truth. Love NMA TV.

    2. Vic

      Re: video

      > oh noes - the secret formula for coke!

      Aw, c'mon - that bit was funny :-)

      Vic.

  7. nexsphil

    US & China - similar much?

    For all the bullshit and the quite unique styles, the US and China have become very similar in recent times. Media orchestration, money > people, absurd delusions of grandeur, massive corruption, and of course, ludicrous amounts of surveillance and propaganda targeting their own citizens. The Chinese have even begun exploring space. They'll be telling us they're a "land of the free" next, as they monitor every communication, run jails as a private industry, and hound journalists that dare speak against the regime. If these two former polar opposites can find so much common ground, perhaps the "one world government" Bush snr was so obsessed with might actually be possible.

    1. Anonymous Coward
      Anonymous Coward

      Re: US & China - similar much?

      I don't know, maybe they'll bypass the whole capitalist/feudalist intentional abuse of the population thing, and go straight to a Star-Trek NG-like advanced society. They look more likely to do that than most other places.... plus they do have the advantage of 1000s of years of culture. Well, we can hope :)

      1. Wzrd1

        Re: US & China - similar much?

        Star Trek NG was a post scarcity society. So, getting there is extremely unlikely, due to sparse and inefficiently distributed resources of today.

  8. Anonymous Coward
    Coffee/keyboard

    now why is this?

    Could it be that if a Chinese person tries to hack into a Chinese military (or other) site they'd be picked up, and be dead before reaching the cemetary/mass grave/compost heap?

    1. Mephistro
      Devil

      Re: now why is this?

      " and be dead before reaching the cemetary/mass grave/compost heap?"

      And those would be the lucky ones! :-D

  9. Katie Saucey
    Windows

    Very disturbing

    Being a decadent lazy westerner I skipped the article and went straight for the video. From what I understand Chinas' weaponized bear technology is decades more advanced than we thought. Although on the upside once they invade I can smoke at work, so where can I email my user/passwords to hurry this along?

  10. David 164
    Holmes

    They are both as bad as each other.

  11. Serge 2
    FAIL

    But Really...

    What is the point in this hacking? No seriously? What is it going to aachieve? Its a bit like Anon deficating on some website. What is the damage? Its a bit like kids doing graffiti and then the other bunch paints over and they get all upset and worked up about it.

    What kind of a millitary organisation has its main system physically connected to the same same network as their web servers? Why is their system online anyway? For what purpose? Generals can do battle plans from home? No really?

    Please let this be not how I imagine it it is... This is just too depressing to think that the millitary are so god damn stupid.

    1. David 164

      Re: But Really...

      ""What is the point in this hacking? ""

      To cause disruption to the enemy, to steal information, to cause internal descent, sabotage.

      ""What is it going to aachieve?""

      Any number of aims and goals I am sure the Chinese and US government has. I am sure the Chinese main aim is to steal US military secrets. US aims it probably learn more about the inner workings of the Chinese government, when it spending it cash surplus, friends and foes. An perhaps any secrets the Chinese military has.

      What is the damage?

      Apparently the US was able to remotely destroy centrifuges using stuxnet in the lab, it unknown what damage they did to Iran nuclear industry, from the outside not very much.

      ""

      What kind of a millitary organisation has its main system physically connected to the same same network as their web servers?""

      None, but you do not need an physical connection to hack a computer system. Just needs someone to connect something up to an outside hard drive, pen drive, or possible even fit a new specially adapted motherboard, RAM that you have manage to infiltrate into their supply chain.

      ""Why is their system online anyway? ""

      They not.

      """None one said it was on-line. """

      No one said that it needs to be on-line to be hacked. An the US and China are not really talking about the kind of attacks that are appearing as graffiti on websites, even hacking sites and stealing passwords (through given that the bigger the password databases NSA and the like can assemble the more like they are able to build intelligence systems able to guess people passwords more accurately by analysing everything they know about the person), they are talking about the kind of attacks that may take 5 years before paying off, they sits and lurks in their computer systems, spreading silently until they find their target. What they are talking about in public is little more than a distraction to what they are both up to.

      An the publicly detected attacks are probably design to divert security industry away from other attack avenues or at the very best design to inform the industry of such attack vectors so they can be fixed, after their usefulness has expired.

      1. Anonymous Coward
        Anonymous Coward

        Re: But Really...

        "To cause disruption to the enemy, to steal information, to cause internal descent, sabotage."

        installing a lift?

        1. Fred Flintstone Gold badge

          Re: But Really...

          "To cause disruption to the enemy, to steal information, to cause internal descent, sabotage."

          installing a lift?

          Yup. It's called the Schindler attack. It works on many levels.

    2. jubtastic1
      Mushroom

      Re: But Really...

      It's basically a re-run of the Cold War, but instead of mutually assured nuclear destruction we have mutually assured economic destruction and instead of the two sides being openly hostile towards each other they're actually business partners and largely dependant on each other.

      That It's also completely insane is par for the course.

      Here's the kicker though, because the consequence of lobbing a nuke were very well understood by all sides to almost certainly result in the end of all life on earth, a whole bunch of systems and safeguards were implemented to ensure that it would be really hard to either accidentally fire one off or for some guy to have a bad day and decide to fuck the planet. Wasn't perfect of course and the fact that we're all still here is completly down to the fact that on the occasions the system failed the guys that were told to press the button didn't.

      This time round there's no safeguards, if one guy hacks into the right system and decides wipe it for the lols instead of pwning it for God and Country, it could escalate shockingly quickly to a couple of billion people surprised by the sudden loss of power, communications and water.

      Sleep well.

    3. Wzrd1

      Re: But Really...

      What is the point?

      Let's see, the PLA got into systems of those negotiating contracts with PRC based companies, learning the negotiation strategies, desired and how much they were willing to spend.

      The PLA got into US companies and stole R&D for new products, not only military products at that.

      The PLA got into US DoD networks, fortunately, they couldn't get to classified networks which also were infected by their worms, as those networks are isolated from NIPRnet. But, they harvested all manner of information from NIPRnet. Troop dispositions, troop movements, supply manifests, etc.

      And yes, Generals do battle plans from "home" in the US. CENTCOM headquarters isn't in the Persian Gulf or Afghanistan, it's in Florida, with contingents in theater, but the commanding general spend the majority of their time CONUS. That said, plans go on the classified networks, however, there are plenty of unclassified communications about those plans that live on NIPRnet.

      Another example, remember the big stink over Oliver North having a fence and security installed at government expense, but that stink when nowhere?

      It was because he had a SIPRnet feed to his home, with an encrypted tunnel to other classified networks.

      That's why the stink blew away faster than usual.

  12. Magani
    Black Helicopters

    Propaganda for internal consumption?

    "...closed monthly meeting of local journalists that excludes member of the foreign press corps."

    Can one imply from this statement that all the 'facts' here (144000 US hacks) are meant for the great Chinese unwashed to worry and fret over? Is this just demonising the West for local consumption?

    1. Anonymous Coward
      Anonymous Coward

      Re: Propaganda for internal consumption?

      "demonising the West for local consumption" not that the West would dream of doing such a thing on a daily basis to China, Russia, Belarus, Argentina, Iceland, Greece ..... or anywhere else that dares to not toe the line. Do any of the press or TV in the West routinely refer to Obama or Cameron or Merkel as a "strongman" or question how they got elected and fund endless pressure groups from offshore to "find out the truth"?

  13. kain preacher

    This is why.

    This why the US does not want to use any Chinese telco kit. It's not xenophobia, it's good ole fashion paranoia. Would you want telco kit from a country you are hacking/attacking ?

  14. Steven Roper
    Go

    The more things change...

    Rattle those sabres a bit louder, lads. We're having trouble hearing it down here at the back.

  15. Rampant Spaniel

    Got to love that video animation! It's like someone crossed Fox news election coverage with the truth. We need more of that over here!

  16. Tank boy
    Black Helicopters

    There's a term for that

    A non-doctrinal term used in the US Army applies: Getting Jiggy With It.

  17. Ted Treen
    Headmaster

    Hardly surprising...

    PRC hacking US - cyberterrorism.

    US hacking PRC - Fighting for democracy & freedom.

    As predictable as a Hollywood sequel.

    Personally, I love democracy & freedom - or at least the thought of it - but it'll never happen: the establishment would never permit it.

    1. Crisp
      Coat

      Re: Security isn't a dirty word

      Darling: So you see, Blackadder, Field Marshal Haig is most anxious to eliminate all these German spies.

      Melchett: Filthy Hun weasels fighting their dirty underhand war!

      Darling: And, fortunately, one of *our* spies--

      Melchett: Splendid fellows, brave heroes, risking life and limb for Blighty!

  18. Anonymous Coward
    Anonymous Coward

    China, meet US

    US, meet China.

    but, you know, WE do it because we're the good guys (which makes it ok, and, in fact, commendable), while they do it, because they're EVIL. Badbadbad. No, seriously.

  19. Anonymous Coward
    Anonymous Coward

    The problem is..

    .. that the guys that are losing the plot at an economic level are the ones who have lots of very nasty bombs..

  20. Donald Becker

    24*6*500 attacks a month!

    Someone must be taking Sunday off to get that nice round number.

    Here's an experiment. Go to an old-fashioned ISP and get a single static IP address. Put a packer sniffer/wireshark/whatever on it. You'll get a constant stream of port probes. Very likely in the range of hundreds per minute.

    Are they attacking you? Yes. Is someone targeting you? No. It's just the constant noise of botnets and like trying to expand.

    Now put up a website. You'll get a smaller number of attackers, trying a broad range of attacks. Again it might feel targeted, but it's all just automated.

    Now if you are a high profile target, there are undoubtedly some targeted attacks as part of that barrage. But 144K per month is way too high of an estimate.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021