back to article China 'hacked' South Korea to wreck Star Wars missile shield

Well-connected security biz FireEye is claiming Chinese hackers are trying to break into South Korea's military to halt the deployment of an anti-ballistic weapons system in the country. In an interview with the Wall Street Journal, FireEye's director of cyber-espionage analysis John Hultquist said his organization – which is …

  1. Anonymous Coward
    Anonymous Coward

    Network traffic

    The funny thing about network traffic is you can't see it unless you bother. I wonder how many people who read this comment actually capture WAN traffic, let alone LAN, let alone actually analyze it.

    If you do, then you might be qualified to comment on the article. Me? - meh - I'm not up to speed on the politics.

    1. The Man Who Fell To Earth Silver badge
      WTF?

      Come again?

      OK, I'll bite.

      Why would you ever allow something like THAAD be connected to the Internet? Surely the military has the ability to network its systems independently of the Internet.

      1. Rich 11

        Re: Come again?

        Why would you ever allow something like THAAD be connected to the Internet?

        Exactly. Why the hell were these people even able to receive email on this network, or connect an external device to it?

        According to Hultquist, key targets were sent spear phishing emails with weaponized attachments, and at least one person slipped up.

        Madness.

        1. Anonymous Coward
          Anonymous Coward

          Re: Come again?

          Der. No one said THAAD was hacked (missiles pointing at the sky suddenly whirr and go limp) but that wouldn't stop targeting of the personnel and groups within the South Korean military that are associated with the deployment and possible operation and whom use internet connected networks. It's all intel.

      2. Tom Paine
        Boffin

        Re: Come again?

        I suspect you've put two and two together and made five. You don't need to have root on the THAAD launcher or radars to influence how it's deployed. Hacking the PM's personal email and dropping evidence that they're corrupt, say f'r'instance, might well have the same effect, with no need to even touch a .mil network.

        We're all one glorious (w)hole these days...

      3. fajensen
        Coat

        Re: Come again?

        Why would you ever allow something like THAAD be connected to the Internet?

        Because, if you don't, the License Manager cannot properly verify that you have purchased the rights for several value-added functions not available in the base-system configuration, such as: Targeting, Initiate Warhead, Fuel Management, PowerPoint Status Reports, Mission Approval, and Inventory Management.

        There is also a service fee for every missile servicing a target.

        1. Anonymous Coward
          Anonymous Coward

          Re: Come again?

          "Because, if you don't, the License Manager cannot properly verify that you have purchased the rights for several value-added functions not available in the base-system configuration, such as: Targeting, Initiate Warhead, Fuel Management, PowerPoint Status Reports, Mission Approval, and Inventory Management."

          Are you confusing a missile system with an Oracle product?

    2. Agamemnon

      Re: Network traffic

      I do. On the Pacific North-Left (and along the West Coast Fibers).

      President Xi was here a few with some Skirt+Smoke blowing. Some fun:

      1. Thirty days before the visit roving hacks from China's backbone dropped off the charts and returned thirty days after.

      2. China ordered some 200+ airframes from Boeing (jacking the stock price) that made the front page of the WSJ and Seattle TImes, and was quietly downgraded by 1/3 weeks later, bade C-5 as three pargraphs.

      3. Bill Gates declined a meeting on "Cyber Security" (That's just kind of funny.)

      4. We're right back to the usual traffic from the usual IPs, state sponsored...As an American SysAdmin sitting off of fiber from Asia, I simply crack up about Russian "hacking" when I'm looking at sevaral hundreds of orders of magnitude (yes, you read that correctly) of packets from China.

      5. Russia? A good phishing Op against (l)Users, is a phishing op...not Hacking. And hey, if your target is that stupid, more power to ya' (I'm becoming old and mean and cynical). The fact that it's old US political luddites just makes it more entertaining.

      This Industrial shit is getting on my nerves though. It's all fun and bloody games until someone pokes an eye out.

  2. Yet Another Anonymous coward Silver badge

    THAADD

    So the Chinese hack would be a Terminal High Altitude Area Defense Defense, and if the Koreans blocked it would that be a Terminal High Altitude Area Defense Defense Defense?

    1. Anonymous Coward
      Anonymous Coward

      Re: THAADD

      Milo Minderbinder called, he wants royalties on your acronyms.

      1. Ian Michael Gumby

        @Voyna Re: THAADD

        Nice Catch-22 reference.

        1. Anonymous Coward
          Anonymous Coward

          Re: @Voyna THAADD

          What could possibly be more Milo than selling weapons to allied countries which make them more likely to be attacked, thus requiring more weapons and so on?

        2. ARGO

          Re: @Voyna THAADD

          There's got to be a way to get a Snowden (Catch-22 version) reference in here too, but I can't see it.

          1. Anonymous Coward
            Anonymous Coward

            Re: @Voyna THAADD

            "There's got to be a way to get a Snowden (Catch-22 version) reference in here too, but I can't see it."

            Ou sont les Snowdens de la Chine?

  3. Jimbo in Thailand
    Facepalm

    The obvious question is...

    Just why would anyone have a defensive anti-missile system connected to the freakin' tubes so it's vulnerable to attack by hackers in the first place?

    Note: Had a really hard time choosing an appropriate icon since so many negative ones apply perfectly for such a dimwitted clueless implementation by S. Korea's Muppet-in-charge of this countless-lives-saving defensive shield. [rolling my eyes while shrugging my shoulders with palms up in the air while facepalming while scratching my head while rocking by head back and forth while saying WTF while...]

    1. Anonymous Coward
      Anonymous Coward

      Re: The obvious question is...

      Obviously it isn't directly connected, presumably China was able to get something running on an internal network that is connected to it. Most likely by social engineering - tricking someone into bringing compromised hardware like a USB stick or phone inside the secure perimeter, sending them email offering naked pics of Kim Karda^H^H^H^H^H Jun Un, that sort of thing.

    2. Voland's right hand Silver badge

      Re: The obvious question is...

      Who told you they attacked the system itself?

      There is most likely plenty of supporting infrastructure to attack. Just take out the network used to send the order to put it on high alert and you are as good as taking out the system itself.

      Some of the supporting infra is likely to be a significantly softer target.

    3. Anonymous Coward
      Anonymous Coward

      Re: The obvious question is...

      It will be air gapped from the internet, so the challenge would have been to bridge the gap. In this instance you don't need long as this is an availability critical system. There are lots of ways to do this. It could be something as simple as a mouse (probably made in China) that is connected to the command system having a little more functionality built into it whereby it receives a signal (RF or audio, you choose) that then switches to having remote control and keyboard functionality. Having the cursor bouncing over the screen and the keyboard spewing junk at the wrong moment might be sufficient, but if you can also view the screen borrowing some of the techniques leaked by Snowden it's clearly game over.

      1. JCitizen
        FAIL

        Re: The obvious question is...

        @AC - Exactly - I just have to wonder how much of the US defense hardware is made in China in the first place - did any electrical engineers even look at some of that hardware under a microscope to check for microchip "doping". I have a suspicion they did not. So consequently there would be any number of ways to crack our defense systems. About now, I bet they wished they could go back to the old missile silo systems with its 1950 based hardware.

    4. Tom Paine

      Re: The obvious question is...

      Why do so many apparently intelligent and informed IT people jump to conclusions the piece doesn't merit?

      Show me where in the piece it says the weapons systems themselves were hacked (or attacked).

  4. Anonymous Coward
    Anonymous Coward

    action and reactiion

    If the hacking reports are true, this would not be a terrible surprise. China is quite justifiably concerned about having THAAD units, and especially their AN/TPY-2 radar installed so close to its borders. This deployment is clearly unnecessary to protect from any nork threat - the only thing they can reliably hit are their own feet. If they fire back, it will be in some sneaky asymmetric way, with the high-tech missile defence toys about as useful as they would have been to USS Cole.

    For Chinese, however, THAAD is a clear and immediate threat - it has the potential of at least closely surveying, and at worst neutralizing, a good fraction of their strategic deterrent. They will push back in every way they could. Any politician who wasn't expecting it is an idiot.

    1. Voland's right hand Silver badge

      Re: action and reactiion

      Same story as the similar Red Herring deployment in Eastern Europe negotiated by Shrub.

      It has everything to do with pissing off Russia or China and very little to do with the stated goal. After sh*t like that, for some reason, we pretend that we do not understand why our relationships with them are at all-time low.

      1. MondoMan

        Re: Russia

        Yep, it's not like taking over parts of Ukraine or possibly the Baltics or helping out Sarin-man Assad or killing off Russian expats in the West have anything to do with our relationship with the P-man.

        1. Anonymous Coward
          Anonymous Coward

          Re: Russia

          Yep, it's not like taking over parts of Ukraine

          It goes both ways.

          Do you expect the relationship to be any good after we have sponsored, trained and armed the people who have taken hospitals, theaters and primary schools as hostages for decades?

          Do you expect the relationship to be any good after have told them in writing that we will sponsor whoever we like, regardless of that person intention and terrorist status relative to Russia (the letter by C*ntolezza to Putin regarding this has been declassified on the Russian side, dig it and you will find it).

          As far as Baltics are concerned, after they joined NATO they shipped every single piece of surplus armament they had to Dudaev and other terrorists/separatists around the Russian borders.

          My mother has a framed "service reprimand" on her wall for calling a Lithuanian pilot a cunt. The incident happened after he tried to request low level wind sheer for Hankala airbase (next to Grozny) with an official flight plan from Sofia to Rostov-Na-Don carrying "cucumbers". For some reason the "cucumbers" landed from Lithuania the previous day.

          Now, let me ask you a question, how level will be let's say (for sake of arguments) Haiti or the Isle of Man and at how many Sieverts it will tick in a Geiger counter if it shipped weapons for "independence fighters" in let's say Texas (or Wales) and they took a primary school and slaughtered most of the children in it? Now add a theater to it. Now add a hospital. Now add supplying ~ 50 aircraft for a suicide bomber run (what happened on 9/11 was planned there first, just never executed due to lack of pilots). Now add 20+ buses, trolleybuses, etc bombed with the people on them. Now add two passenger aircraft. All of that while getting a shipment per week or more of weapons out of the surplus coffers of at least one Baltic state as well as financial, diplomatic and political cover by US and UK.

          I actually admire Russian restraint on the subject. We would have not been anywhere as patient. If the tables were turned, the Baltics would have been glass glowing in the dark.

    2. Captain DaFt

      Re: action and reactiion

      "Any politician who wasn't expecting it is an idiot."

      Well, that's the US House and Senate covered then.

      (And the POTUS is keeping himself informed by binge watching M*A*S*H on Netflix.) :/

      1. Malignant_Narcissism

        Re: action and reactiion

        You do realize this happened under Obama's watch...

    3. keith_w

      Re: action and reactiion

      THAAD is not a threat to China's strategic nuclear forces. It doesn't have the range to take out ICBMs launched from China, nor is it meant to attack during the launch phase. It is a defense against Intermediate missiles, nuclear or not, in their terminal phase (the "T" in THAAD).

      1. Anonymous Coward
        Anonymous Coward

        Re: action and reactiion

        THAAD is not a threat to China's strategic nuclear forces.

        You may believe so, and you may even be absolutely right.

        However, what is important is that Chinese believe, given their past encounters with the US. A rather good summary is here.

  5. Anonymous Coward
    Anonymous Coward

    Makes sense

    Attacking the United States' anti missile system would be seen as a far more hostile attack, with a high likelihood of a successful counterattack. The knowledge gained would help them attack the US' system someday, should it be necessary, so even if they don't care about hacking South Korea's system it is useful "practice".

  6. jake Silver badge

    What kind of numpty ...

    ... makes things like this available to the Internet at large to begin with? Even via SneakerNet? Have the idiots in charge never heard of security?

    1. Anonymous Coward
      Happy

      Re: What kind of numpty ...

      Well, South Korean phone companies don't have a tremendous record of issuing security updates. Perhaps it's a cultural thing.

  7. Anonymous Coward
    Anonymous Coward

    In an interview with the Wall Street Journal, FireEye's director

    So it is a PR exercise for FireEye then. The government isn't listening to them or something.

    1. Rich 11

      Trump's government isn't listening to anyone they don't already agree with...

  8. Anonymous Coward
    Facepalm

    Attack of the anti-ballistic cyber BS

    Let me see if I correctly understand, the South Korean military have connected their anti-ballistic-missile to the Internet. This isn't the Daily Mail, do you have to repeat the cyber BS on this here technology forum.

  9. Kev99 Silver badge

    You'd think that by now the idiots in charge of communications for militaries would realize using the internet for ANYTHING remotely critical or secret is tantamount to putting the info on CNN. ROK deserves what it gets for such stupidity. Oh, wait. They were trained by the Pentagon. 'Nuff said.

  10. PhilipN Silver badge

    Cardboard Tanks

    Lots of dirty tricks in warfare going back millennia. See above which was a ruse in WWII.

    Makes sense to have a whole artificial missile system to distract Johnny Foreigner's attention (and induce false confidence*) while the real one is properly ring-fenced.

    *'Course the Law of Unintended Consequences will screw you every time, say if your cardboard tanks cause the enemy to ramp up production of its own tanks or anti-tank ordnance.

    1. Anonymous Coward
      Anonymous Coward

      Re: Cardboard Tanks

      "if your cardboard tanks cause the enemy to ramp up production of its own tanks or anti-tank ordnance."

      Fortunately shells tend to go straight through cardboard tanks without exploding.

  11. Anonymous Coward
    Anonymous Coward

    No, the really obvious question is...

    How do they blame the Russians?

  12. JJKing

    Maybe if China actually did something to curtail the nuclear ambitions of the North Koreans then South Korea wouldn't need a THAAD. Instead the communist bastards spend their time hacking all and sundry for both military and commercial information. I like their food, well the western made stuff, and their people seem ok but their leaders are a real problem. I wonder how Tail Gunner Joe would have gotten along with them?

  13. wolfetone Silver badge

    You know that the CIA have software that can make a hack look like it came from a specific country?

    Just a thought.

    A tin foil hat icon would be brilliant El Reg by the way.

    1. Anonymous Coward
      Anonymous Coward

      No thanks

      The problem with a tin foil hat it that it makes you easier to track.

      1. Anonymous Coward
        Anonymous Coward

        Re: No thanks

        "The problem with a tin foil hat it that it makes you easier to track."

        You have to bend it into a stealth shape. That minimises the radar profile.

  14. Tom Paine
    Thumb Up

    "well connected"

    Zing!!

  15. Potemkine Silver badge

    No surprise

    China counterattacks against something which endangers its nuclear deterrence capacity... sounds rather logical.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like