Another anti-globalisation stunt from the anti-semites in the US govt
Don't these guys understand that China stealing American IP is a win-win? This is not a zero-sum game, you guys! Like OMG!
Two men, linked to the Chinese government, stand accused of hacking cloud giants, aerospace and defense companies, chip designers, US government agencies – including the Navy – and other organizations globally. The duo's goal, according to American prosecutors: stealing blueprints and other secrets from dozens of corporations …
"...stealing American IP is a win-win?"
It's clear from other comments on this that people are having trouble wrapping their heads around this, but I'm going to take a stab at making sense of this non-sense--for what it's worth.
I'm all for voluntary open source and a market that supports or even encourages it; yeah, that would really be nice. But I just can rationalize stealing tech as some kind of justifiable civil disobedience to force tech to go open source--especially when China isn't sharing that tech any more than American companies.
Anybody else have any thoughts on what the hell that guy was thinking? Or, was the anon. coward just being facetious and failing to make that obvious?
Way over all of your heads, wow. I gave each of you a thumbs up as partial consolation for the hard times you must have navigating the adult world.
" What a big nothingburger! China is the US's partner, what's a little non-consensual IP sharing? Now Russia, THERE's a strategic threat."
That help at all, you maroons?
Or, next week:
Russia is the US's partner, what's a little non-consensual IP sharing? Now Iran, THERE's a strategic threat
Week after that:
Iran is the US's partner, what's a little non-consensual IP sharing? Now Eurpoe, THERE's a strategic threat
Apparently, they're not doing their job very well. They might want to start using some intrusion detection software, I hear that that is a thing these days.
Either that or they need to pay their personnel better and train them more often.
If you believe you get what you pay for with outsourcing, IBM and HPE will happily sell you the same crap that Tata give you with their standard premium.
The majority of outsourcers will deliver you only what you stipulate in the contract AND can verify independently....
Exactly, since Americans are ignorant, fat and lazy and think science and technology is for 'nerds' and since their international PISA scores are lackluster they can't compete internationally in the modern age hence they outsource it ! The future happens but it largely does not happen within the US at least not at first, anymore !
They likely were using perimeter and local defenses; however, if you were a bit more experienced in security, you'd know THERE ARE WAYS AROUND THESE DEFENSES.
Stop thinking every new security hardware/software will protect your IP. I've been pen testing and conducting breach investigations for more than 20 years. While it's nice to have all the latest gadgets, and build a robust and in-depth security infrastructure... these things aren't worth crap if you don't invest heavily in well trained and experienced security personnel.
Too many corporations hire inexperienced individuals to handle security, and they have no idea how to interpret and/or investigate breaches. It's not funny when I ask for logs and a timeline--and the hired security personnel haven't gathered this info.
You also need to understand, no network is un-hackable.
... the standard target for NSA and GCHQ - how terrible, the Chinese are trying to hack into our computers! Of course we would NEVER do anything like that would we?
Welcome to the world as we know it - everyone is trying to hack you ... and our global tech companies are telling us how wonderful Cloud Storage is ...
On one hand, it sucks to be spied on. On the other hand, my country does it too.
You get to keep your plunder, but the open nature of getting caught burns a lot of bridges.
Not an issue with subverting terrorist groups, but world powers work best with less public back-stabbing.
Over time, all countries tire of the "it's just rain on your back" excuse".
Not sure if this represents a Five Eyes-wide decision to publicly point the finger, but New Zealand's NCSC has chosen today to also attribute recent attacks to China (APT10 isn't named in the press release, but it's strongly implied by the link to previous NCSC guidance).
Rather a lot of pot and kettle work going on recently.
All countries have people trying to find out anything interesting about other countries. It may not be nice and friendly but it sure is what has been happening fora VERY long time.
The pretence that only those other evil people do such things is absurd.
The best approach is to require government and business to get serious about security. In my experience management has low to no interest because it costs and that may lower executive bonuses.
In my experience management has low to no interest because it costs and that may lower executive bonuses.
Well, there has been talk at the federal level to institute civil and criminal penalties for executives who fail in data protection. You cannot regulate stupid, but you can put them under the jail for it. Now I'll be taking my jacket and I know my way to the door.
Because rockstar coders are in the minority and are expensive and geniuses are hard to work with. I hear working with Theo De Raadt is like trying to cuddle up to a prickly cactus at best ! I dunno, maybe in the future AI with scan all source code , via a paradigm like Diomidis Spinellis laid down, and get rid of software problems or maybe the future is more like the programming language cyclone etc.. etc.. ?!
One sure fire solution to cyber security is to air-gap the networks. If you have to be physically present in the building to access it, then that makes it so much harder for someone to break into a network. Furthermore, these corporate idiots should be encrypting their data before sending it to the cloud. If you store it in plaintext, then you are just asking for it to be stolen.
I appreciate the reflexive nature of your comment of "Windows == bad" but sometimes it isn't just as easy as completely rebuild your infrastructure, change your support model, and find equivalent software to perform the job/develop solutions in-house. In the case of defense contractors, the gov't has a word about how you do things and can command changes to fit whatever threat they find appropriate. Additionally, the greatest threat is usually not the OS but the wetware using the OS.
windows like linux miss configured is a real issue, same as using 10yo plus unpatched software, poor security practices don't help.
issue with govt is they outsource this to loweest bidder and no internal resources to monitor and manage there environment any more. Buck stops with management on this one, all care and no responsibility until it comes and pwones them.
Nice to see that the US government continues to «indict» persons who are not, and who never have been under their jurisdiction - and publish what purport to be their photographs (how did the «Department of Justice» manage to hack those, one wonders ?). When does dear Mr Rosenstein intend to apprehend these dastardly criminals ? Or perhaps, like most of the antics of that government, this one too is merely for show :
Just the place for a Snark! I have said it twice:That alone should encourage the crew.
Just the place for a Snark! I have said it thrice :
What I tell you three times is true.
Henri
Can we stop US imports to other countries.... USA and and other 4 blind eyes hack as well, they are annoyed atm because Russians and Chinese are doing it better and getting results.
Anyway, Chinese would not have to hack if Clinton where in the grey house and running US, they could just purchase the IP from the Clinton foundation instead!
On a side note, the reported "malware" aka 'QuasarRAT' appears to be a legit application.
However, being an open source project, someone(s) has/have apparently forked it into a privately modified malware tool. I found at least one good web site that has information on how to detect it. Since it's a windows tool written in 'C-pound' it may also be possible to run it via mono on Linux, but I suspect that's not actually happening...
The legit version is on github, here: github.com/quasar/QuasarRAT
One web site reports that the malware version is "heavily modified" but uses the same name.
from www.enigmasoftware.com/quasarrat-removal/
"The QuasarRAT is a Trojan that is a heavily modified version of the open-source project carrying the same name 'QuasarRAT' by a programmer dubbed 'quasar' who has a page on [Github]"
I just thought I'd mention it, anyway, since there's apparently a legit version, too.