back to article PRISM snitch claims NSA hacked Chinese targets since 2009

PRISM snitch Edward Snowden now claims to have data which proves the NSA has been hacking hundreds of civilian targets in China and Hong Kong since 2009. Public officials, businesses and students as well as the Chinese University of Hong Kong were among the targets in the former British colony, Snowden told the South China …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Alert

    Cisco ? This is Huawei calling ..

    .. because if there's going to be trapdoors in the internet backbone then by god, they'll be honest god-fearing capitalist trapdoors. We'll have none of this commie crap thank you.

  2. An0n C0w4rd
    Unhappy

    Express incredulity

    Having worked on a backbone (back when OC48 was considered fat), I call B.S. on this.

    Hacking a backbone router is theoretically possible (if the operator is dumb), but what on earth are you going to do with the traffic? You can't wiretap it off to some system you control without creating huge flows of data that are bloody obvious to even the dumbest operator.

    You could theoretically enable flow reporting (e.g. NetFlow), but that only tells you source IP/port and destination IP/port and traffic volume, not the all so important contents. Also, any competent operator should spot this.

    The FBI got away with Carnivore because it put the boxes on the backbone and captured the traffic locally (and with the co-operation of the ISP in question). Doing so without the co-operation of the ISP strikes me as stretching credulity beyond breaking.

    1. This post has been deleted by its author

    2. Yes Me Silver badge

      Re: Express incredulity

      I think we'd be talking about fibre taps leading off to very specialised passive bit snarfers, not NetFlow and the like. No science fiction there, and as another comment said, traffic sampling would help identify targets for more focussed snarfing where NetFlow might suffice.

      1. An0n C0w4rd

        Re: Express incredulity

        @Yes Me

        Fibre splitters are hardly hacking, and unless you do it in the middle of nowhere they're bloody obvious. Even if you do it in the middle of nowhere you can often spot the loss of light

        1. Anonymous Coward
          Anonymous Coward

          Really...

          See

          http://www.theregister.co.uk/2007/04/25/optical_hacking/

          and also the bit

          The scenario of optical hacking might appear like the fodder from Hollywood hacksploitation flicks rather than a practical threat. However, Infoguard said that in 2003 an illegal eavesdropping device was found attached to Verizon's network. Investigators probing the hack reckoned it was motivated by an attempt to access the quarterly statements of a mutual fund company. The perps were never identified.

          Draw your own conclusions.

    3. Anonymous Coward
      Anonymous Coward

      Re: Express credulity

      Yes, but if the ever-expanding STC/ILETS worldwide MoU 'lawful enforcement' DPI systems have an inbuilt Trideaworks backdoor to the NSA (à la CryptoAG), this could easily explain the Layer 8 access to all our private data?

    4. Anonymous Coward
      Anonymous Coward

      Re: Express incredulity

      Hacking a backbone router is theoretically possible (if the operator is dumb), but what on earth are you going to do with the traffic? You can't wiretap it off to some system you control without creating huge flows of data that are bloody obvious to even the dumbest operator.

      I haven't looked at this of late (because I no longer live in ISP land), but I recall a huge fuss about some creativity with BGP routing that caused most Internet traffic to go through the US although that was not the most efficient route. It may be worth examining the BGP map for other such hotspots - I wouldn't put it past the US to install some "help" elsewhere on the planet.

      This would give you intercept without too much trouble.

      As for data tapping slowing down traffic, that's very much past tense, I have worked with wirespeed data taps (10GB ethernet) which were capable of analysing data real time (they are used in corporate fraud detection exercises). As WAN speeds tend to be lower, this sort of kit is capable of filtering an entry/exit point of a whole nation.

  3. Winkypop Silver badge
    Meh

    Yeah, but no but yeah

    I've always operated under the expectation that everything I do on the net is discoverable, somehow.

    Therefore: no Faceberk, etc.

    1. frank ly

      Re: Yeah, but no but yeah

      But it's important to create a Faceberk profile with regular innocent/mindless activity, or they'll think you're trying to hide something and put you under closer scrutiny.

    2. Anonymous Coward
      Anonymous Coward

      Re: Yeah, but no but yeah

      Unless your in college, what and where you post in forums is just as dangerous, if not more so, than what we post in FB.

      "Ten years ago on13th June 2013 05:07 GMT you posted on dissident website theregister.co.uk using userid Winkypop."

      "Would you like to come clean about what other dissident websites have you been posting to?" you're questioner asks, while patting a 2" thick stack of paper.

      Who knows, the way things are going in 10 years one or the other of either the "left of center*" nytimes.com or "right of center**" Wall Street Journal wsj.com may well be considered dissident websites.

      * left of center by US standards, right of center by EU standards.

      ** right of center by US standards, right wing by EU standards.

      1. Uncle Slacky
        Headmaster

        Re: Yeah, but no but yeah

        Wow - using *both* "your" and "you're" incorrectly in the same message! Impressive!

        1. Anonymous Coward
          Anonymous Coward

          Re: Yeah, but no but yeah

          Wow - using *both* "your" and "you're" incorrectly in the same message! Impressive!

          Pats on stack of paper and opens a dossier.

          "Now, let me see, hmm. On Thursday June 13th, you were being overly pedantic. Correct, but pedantic. ADMIT IT. YOU ARE A GRAMMAR NAZI. WE HAVE YOUR MEASURE. WE HAVE THE EVIDENCE. CONFESS...

          Or, of course, you could collaborate with us, and maybe we won't make you correct college student papers that will drive you insane with their spelling. Bwahahahaa"

          Or something like that. Needs a cat somewhere.

      2. Anonymous Coward
        Anonymous Coward

        Re: Yeah, but no but yeah

        a la Agent Smith: "... What good is a phone call if... you're.... un....able.... to.... speakkkk?"

  4. Velv
    Mushroom

    Oh ffs. The Merkins spy on the Chinese. THe Merkins spy on the Russians, the Iranians, the Israelis, the British, everybody. The Chinese spy on the Merkins, the British, the Iranians, everybody. Everybody spies on everybody.

    And to paraphrase Yes, Prime Minister: we know they spy, and we know they know we spy; we know they know we know they know, and although they all probably certainly know that they all probably spy, they don’t certainly know that, although they probably spy, there is no probability that everyone else certainly doesn't know everyone spies.

  5. Anonymous Coward
    Anonymous Coward

    whats in a name...

    Mr Snowden, if that is his real 'ex-cia' name, might be said to now be at the 'pinnacle' or 'peak' of his career...?

    Odd name for an American though....rearranging letters does lead to wonder at 'Ned Nose Drawn' maybe 'pinocchio' springs to mind?

    1. red hal
      Black Helicopters

      Re: whats in a name...

      D'aw, Nerds Owned.

  6. All names Taken
    Paris Hilton

    "However, Chinese military targets apparently weren’t among those shown in the data and there’s no additional info in the story about exactly what level of access these attacks gave the NSA."

    My guess is that all military, political or diplomacy related chatter went to dedicated departments and not mixed up with general stuff.

  7. Anonymous Coward
    Anonymous Coward

    "If the locals rally around Snowden in big enough numbers as a kind of cause celebre of free speech then it may become even trickier for Washington to displace him."

    Huh? If the American government respected the wishes of their people they would not have done the PRISM program to begin with.

    Snowden will be hammered down hard; if nothing else, as an example to anyone else who is thinking of circumventing OPSEC in the future. How many signatures of support did Bradley Manning get? I admire Snowden's conviction, but a list of names on a petition will not stop the fury of the US Gov after being embarrassed and shamed in front of the world.

  8. Anonymous Coward
    Anonymous Coward

    I hope the snitch is correct

    The Chinese have been hacking U.S. targets for at least that long.

  9. All names Taken
    Paris Hilton

    Apologies to all ...

    ... I know quite a lot of my posts are about the detriment of UK (un)civil servants but are we really seeing the rise of a publicly funded class that operates to the detriment of the public?

    Is there any correlation between financial crashes and public expenditure on public servants?

    (There seems to be a social phenomena on the go and I accept my observations might be faulty.)

  10. Wzrd1

    ROFLMAO!

    Want to know what is so funny?

    The *only* people who didn't know this is the public of the world.

    The PRC knew it far too well. So did the US of what the PRC was doing.

    Don't know, nor care, who started it, but it's like the hottest part of the cold war right now online.

    As part of my network security role, I reviewed the daily intelligence briefs on known threats and actors. Due to those readings, I'd learn of a new attack in the works and, in phishing instances (many were phishing or spear phishing, targeted on DoD personnel), I'd adjust our mail filter to trap them.

    In one instance, I went on vacation and checked my webmail at the base. I saw over 300 attacks and climbing in the logs, so I made an international call to my partner and inquired if he saw it and if it was the attack warned about.

    It was. After significant examination of the quarantine, there were zero false positives.

    A five second regex entry defeated the most effective and successful PRC cyber unit.

    One interestingly enough, who I knew the name, address, phone number, photographic image of the commander and his girlfriend's picture, address, phone number and place of work. As well as said commander's work address.

    No, I'll not reveal the source. I don't want to be sitting in the cell next to Manning. But, it was totally laughable.

    I'll give the PRC due credit, they have folks who speak fluent American. They're incredibly clever. Worse, they have people who think outside of the box, whatever that thing is.

    I'd still be doing that job, but my father started to ignore both his medications and congestive heart failure. So, I returned home from my contract, after I retired from wearing tree looking clothing.

    A much preferable employment. Nobody tried to kill me, save on the highways, I didn't try to kill anyone. In short, a parent's paradise. Peace and quiet.

    Save when a round came tumbling through my car window one morning, but then, that nation recently permitted a gun shop to open. With predictable results.

    No, not an increase in armed robberies, an increase in idiots shooting and thinking that lead dissolves after passing some imaginary boundary or something.

    Well, good night all, or good day to you across the pond. It's insanely late here and I need my four hours of sleep. Have to take my father to his first doctor's appointment after a lengthy hospitalization and rehabilitation.

    And get a referral to have his hand and wrist x-rayed for a possible fracture after I helped him up after he fell after a dialysis session. Probably nothing, but his discomfort is something worthy of concern, as I've witnessed him being hit flat on by a backhoe bucket and thrown two meters (had to translate over ten feet in American here), whereupon he got up, picked up his shovel, looked at the cab with resolve and the operator ran off and wasn't to be found for three days.

    Now, I'm uncertain if the crepitus I felt was due to his osteoarthritis or due to a significant mechanism of injury, my hand grasping his to help him up.

    I suspect it's simple bruising, due to his last bone density scan.

    But, one cannot be certain with geriatric patients.

    Something I learned in my years visiting villages as a US military serviceman, running a small clinic. Wearing a green hat that didn't hide the sun, was heavy when it rained, was worthless as a hat for anything but parades.

    A badge it was, one that proved that we were slightly smarter than a bag of hammers and incapable of quitting.

    1. All names Taken

      semper wotsits?

This topic is closed for new posts.

Other stories you might like