Vast Spy System Loots Computers in 103 Countries

[Richard]

With friends like these...

Richard's $.02

Vast Spy System Loots Computers in 103 Countries
John Malkoff, NYT, 28 Mar 2009

A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.

In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.

http://www.nytimes.com/2009/03/29/te...er=rss&emc=rss

[blue02hd]

I wonder if Al Gore saw this one coming? Maybe the Chinese paid him to invent the Internet for this single reason? He got rich, we got porn?

Hmm,,,

[nmap]

I'm not quite sure how to say this, since I don't want to violate site policy.

Without getting too detailed, the problem is that the great majority of people are not very focused on the security of their personal or organizational computers and networks. They don't even know that they don't know. But discussing it gives potential aid to the bad guys.

It's true that China should not do such things (if they are, in fact, doing them), but it doesn't seem good to make it easy for them - which, in many cases, we do.

That said, I'll hush.

[dennisw]

From N.Y.T. article :

Quote:

For example, they said, after an e-mail invitation was sent by the Dalai Lama’s office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities

.

I find it interesting the pervasive hesitancy to say the Chinese government is involved when both examples of the spying cited involve the Chinease government's use of the information. If the government is not involved, how did they get the information? Our media is incredible.

[ZonieDiver]

Quote:

Originally Posted by Richard

With friends like these...

Richard's $.02

Vast Spy System Loots Computers in 103 Countries
John Malkoff, NYT, 28 Mar 2009

A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.

In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.

http://www.nytimes.com/2009/03/29/te...er=rss&emc=rss

I think it is pretty safe to say that if it is happening in China, the Chinese government IS involved!

[Richard]

FWIW - cyber-espionage has been an on-going issue for a very long time now. Wargames was in 1983 and we had issues in NATO in the mid-70s...especially from the various Euro-pacifist groups like the Dutch. Industrial cyber-espionage is a HUGE problem. It can only get worse.

Richard's $.02

[JJ_BPK]

Quote:

Originally Posted by Richard

FWIW - cyber-espionage has been an on-going issue for a very long time now. Wargames was in 1983 and we had issues in NATO in the mid-70s...especially from the various Euro-pacifist groups like the Dutch. Industrial cyber-espionage is a HUGE problem. It can only get worse.

Richard's $.02

I have been out of my lane for 13 years(systems designer) but I'll add a couple points.

1)Richard is very correct, It's not new,, but is changing.

I started looking at security holes in the 80t's. They were all physical at that time. You had to put your hand on the computer to corrupt or steal data. Security was simple,, don't let anyone in that didn't have reason to access.

In the 90t's, as net-works came on line, things could be snatched off un-protected net-works, but that was still physical hands on. You had to cut wire to add your "box" to capture and store the data you stole. Security was physical access and we started adding encryption software to scramble data.

After spending to mush time on the 2000 apocalypse phantom date problem, we jumped into multi-tasking software that we could "send" to another remote computer. This opened Pandora's Box. Now you could spy from afar, but there was still physical tracking of data via the net-works. Although you can and should encrypt data,, when data is being sent there are "tags" put at each end that id who's it from & for, were it's going, how big is it. This is were the current generation of "spy's" have a problem. You can't send/receive without these tags.. and the tags are the key to tracing to the source.

Now we have "firewalls", specific software/hardware that prevents unauthorized access.. BUT to make it work,, someone has the the Keys to the Box..

My point, although the article doesn't specify the "how",, I believe someone is planting the seed(s) physicaly.. and there are bunches of ways to do that.

Open your computer up and look at any of the various chips mounted in the case. Only someone with very special test equipment can verify that any one chip is doing what it design for,, and not something else.

If your curious as to how small computer can get, google "embedded computers" or "pc/104 standards". You can buy off the shelve PC's that are 3.5inch by 3.5 inch by .6 inch.. Want one smaller,, ask..

The newest generation of James Bond has a PHD in computer design and has a grudge about not being picked for the T-ball team, back in grade school and has a autographed collection of Bill Gates posters..

My $00.0002

[greenberetTFS]

Has anyone seen the 60 minutes broadcast last night? It discussed the new virus that is embedded into most of our computers waiting to be activated on possibly April 1st. If it does, it could bring down our entire internet network................

GB TFS

[Richard]

Quote:

Originally Posted by greenberetTFS

Has anyone seen the 60 minutes broadcast last night? It discussed the new virus that is embedded into most of our computers waiting to be activated on possibly April 1st. If it does, it could bring down our entire internet network................

GB TFS

Conficker C Worm aka April 1st Virus and April 1 Virus: Info and Removal Tool

However, if push comes to shove and you are infected with Conficker C, don’t worry too much. On April 1st, antivirus softwares will most likely have the cure already and all you’ll need to do is run a virus check on your computer on April 1st to make sure this virus gets eliminated from your system. Stay safe from malicious programs like these. Schedule a virus check daily if you’re a heavy computer user.

http://www.kokeytechnology.com/inter...-removal-tool/

FWIW - I use Norton on-line security auto-protect.

Richard's $.02

[Sigaba]

Quote:

Originally Posted by JJ_BPK

The newest generation of James Bond has a PHD in computer design and has a grudge about not being picked for the T-ball team, back in grade school and has a autographed collection of Bill Gates posters..

JJ_BPK--

Sir, IMHO, your post touches on a component of this dynamic that merits more attention: the culture of hacking. In addition to end users sharing tips to compromise the security of hardware and software, hackers propagate the argument that they not only have the right to hack but a moral obligation to do so. If someone points out that they're stealing, that person is quickly shouted down in a barrage of proto-class consciousness arguments that are, in my view, laughable. (In many instances, these are the same folks who think that The Matrix trilogy is a cinematic masterpiece. )

On the other side of the equation, one can find software engineers, support technicians, IT staff, and quality assurance testers who are frequently ambivalent to the task of securing platforms and programs.

During a stint at a R&D lab, I witnessed on numerous occasions marathon conference calls that were the result of massive email strings that resulted from a lapse in security. After the smoke cleared, friends and colleagues would bemoan how the conference call had sidetracked their project schedules. Rarely would they take umbrage with the source of the issue as they rolled up their sleeves (metaphorically) to fix a bug, banged out a new build, or grit their teeth to get a server reformatted in time for the FedEx pick up. "Hey, we got any more Mountain Dew?"

ETA: My solution is ZoneAlarm Extreme. (I think the "extreme" refers to the app's drain on hardware resources and the likelihood that it is going to crash Firefox 3 right in the middle of doing research for a BB post. Oh yeah, I'm bitter.)

[nmap]

China can bring Britain to a halt

Excerpt:

Intelligence chiefs have warned that China may have gained the capability to shut down Britain by crippling its telecom and utilities.


They have told ministers of their fears that equipment installed by Huawei, the Chinese telecom giant, in BT’s (the main British telecom company) new communications network could be used to halt critical services such as power, food and water supplies. The warnings coincide with growing cyberwarfare attacks on UK by foreign intelligence services, particularly from Russia and China.

A confidential document circulating in Whitehall says that while BT has taken steps to reduce the risk of attacks by hackers or organised crime, “we believe that the mitigating measures are not effective against deliberate attack by China”. It is understood that Alex Allan, chairman of the Joint Intelligence Committee, briefed members of the ministerial committee on national security about the threat from China at a top-secret Whitehall meeting in January.




LINK