Posted on 12/13/2005 6:39:53 AM PST by Diddle E. Squat
A systematic effort by hackers to penetrate US government and industry computer networks stems most likely from the Chinese military, a security institute says.
A systematic effort by hackers to penetrate US government and industry computer networks stems most likely from the Chinese military, the head of a leading security institute has said.
The attacks have been traced to the Chinese province of Guangdong, and the techniques used make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity.
?These attacks come from someone with intense discipline. No other organization could do this if they were not a military organization,? Paller said in a conference call.
In the attacks, Paller said, the perpetrators ?were in and out with no keystroke errors and left no fingerprints, and created a backdoor in less than 30 minutes. How can this be done by anyone other than a military organization?"
Paller said that despite what appears to be a systematic effort to target government agencies and defence contractors, defences have remained weak in many areas.
"We know about major penetrations of defence contractors," he said.
Moreover, he said the US government strategy appears to be to downplay the attacks, which has not helped the situation.
"We have a problem that our computer networks have been terribly and deeply penetrated throughout the US ... and we've been keeping it secret," he said. "The people who benefit from keeping it secret are the attackers."
China Prohibits Internet Attacks, Says FM Spokesman
CRIENGLISH.com
The Chinese government has always prohibited attacks on the Internet, Foreign Ministry spokesman Qin Gang said on Tuesday.
"Any work units and individuals are not permitted to use the internet to be engaged in illegal activities or commit crimes," Qin told a regular press conference Thursday afternoon.
Qin made the remarks when commenting on a recent report by a US research institute which says that the Chinese military is probably behind an organized hacker attack on US government computers.
It is illegal to assault the Internet, Qin said, adding that China currently has promulgated several laws on the protection of the internet security, and the relevant regulations are stipulated in the criminal law.
Qin said Chinese public security organs would make laws to deal with those who uses the Internet to commit crimes, including those who assault the Internet itself.
"What grounds does the U.S. have for this accusation," Qin queried,, asking the US side to present its proven evidence if it has any.
Yes, we would love to give you detailed evidence of what we know and how we know it just so you can improve your methods.
/sarcasm
Good Article on Titan Rain, another Chinese attack with consequences more serious than we'd like to admit back in fall of '03.
http://www.securityteam.us/article.php/20050829200849601/print
"Any work units and individuals are not permitted to use the internet to be engaged in illegal activities or commit crimes,"
What is illegal or a crime is always defined by law - the law in that country.
Where is the Chinese law to this effect? And what laws do the Chinese military operate under?
And of course -- can we trust them to be honest?
In the attacks, Paller said, the perpetrators ?were in and out with no keystroke errors and left no fingerprints, and created a backdoor in less than 30 minutes. How can this be done by anyone other than a military organization?"
Almsot like the arguements for Intelligent Design...
2800 subscribers.
Still, The guy mentions a well descipline person with no keystroke errors, a 30 minute attack to open a backdoor ect. The attack could have been scripted, plus 30 minutes??????? is that guy nuts, 30 minutes would be enough to prove the PLA is involved. Plus those who did it really knew what they wanted, so we can split between the pla and hacking groups who will sell the info for some $$$$$.
Very interesting idea......worth pursuing this angle further. Thanks for the insights.
Surely you meant 2600 subscribers. (lol)
Find out who the attackers are, then have them murdered.
You are correct. 2600.
Paging the InfoSec pinglist...
Let me know if you want to be 1 or 0. (That's ON or OFF, for those who are not binary-compliant)
"In the attacks, Paller said, the perpetrators ?were in and out with no keystroke errors and left no fingerprints, and created a backdoor in less than 30 minutes. How can this be done by anyone other than a military organization?""
"The attacks have been traced to the Chinese province of Guangdong, and the techniques used make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity."
This is idiotic. SANS should know better!
How did he know they were in and out and made no keystroke errors in 30 minutes, and that they were from Guangdong if they left no traces? Obviously they left some kind of trace or Paller wouldn't be able to say any of this crap.
Not to minimize the threat of Chinese military hackers... but keep in mind that the Chinese networks aren't so hot, either. If anything, they're worse.
"Surely you meant 2600 subscribers. (lol)"
These sound more like 2599 subscribers. ;)
It sounds like they either captured an entire attack on a honeypot server or a complete session's worth of packets from an attack on a real server. No keystroke errors could either be a very experienced attacker or an automated/scripted attack. If they observed the attacker probing and testing various vectors to find a hole, they may have been able to determine that the attack was probably done manually, not scripted. "No fingerprints" is a vague phrase, but might mean simply that they left no obvious "signature" of techniques that could easily associate them with a known group or class of hackers. Obviously, they were able to trace the attack back to Guangdong, but how can they be sure the attack originated there, instead of simply being relayed by a server there? TTL values in some of the packets might indicate that, but they can be altered, and it's possible for an attacker to launch a scripted attack from a compromised system that somebody else owns. Maybe they have more information than has been revealed.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.