Chinese Theft o' the Day: U.S. Weapons Lab Hack
The New York Times' John Markoff reported a scoop in today's paper: The "cyber attack reported last week by one of the federal government’s nuclear weapons laboratories may have ORIGINATED IN CHINA, according to a confidential memorandum distributed Wednesday to public and private security officials by the Department of Homeland Security." The memo "included a list of Web and Internet addresses that were linked to locations in China." A group of hackers sent seven phishing e-mails to 1,100 lab employees. 11 staff opened the attachments, "which enabled the hackers to infiltrate the system and remove data."
11:47 AM * PERMALINK * 9 comments
Comments:
the chinese are getting clever. they're actually doing an attack called "spear phishing".. which is, they search around the corporation/agency's website they want to hack.. find people, do a background investigation into what that person likes to do and who they contact.. and then send fake e-mails to that person's contact saying something like, here is our meeting plans for such and such group.. it contains a PDF and a signature that tries to mimic what a user might sign.
scary.. the only true way to fight such an attack is for users to start checking the IP address of the sender and looking it up in arin.net.. find out if it's coming from a legitimate location.
a simpler solution would be to block all e-mail from China, but that would hurt honest people trying to stay in touch with family and friends, and legitimate businesses trying to work. there has got to be another solution!
here's one proposition:
bayesian learning/filtering of IP address locations from recipient addresses. for example, if an e-mail that is sent from your friend Bob is consistently from an IP address located in Virginia... and all of a sudden, you receive an e-mail from him with an IP address from California or Germany... then that should get flagged as suspicious.
Did you take that picture yourself? Did you pay someone royalties for it?
Or -shudder- did you misappropriate ('steal') it?
I mean, you often write about people (whole populations, if your headlines are to be believed) stealing, so where do YOU stand on the issue of theft and copyright?
A good solution would to have all the gov employees digitally sign their emails, and only allow them to access signed emails that match the email address.
Those 11 that opened the email should be lined up and shot
We should realize that cyber attacks are ATTACKS - an act of war. Treat them accordingly. We should block all electronic communication from such countries. So what if a few folks "miss their mommies" or companies lose a few bucks. That is better than being DEAD!
Cutting off the pipes to China is kind of like nuking Beijing - a ton of civilian casualties. Plus the resilient nature of the internet means that we'd need to install our own firewall (just like China's) to block source IP addresses instead of cutting off physical pipes.
A more interesting vigilante solution is to have someone write up some software to target Chinese government/military IP addresses and let anyone who wants to participate in a DoS attack. We can even target the Great Firewall itself and see if we can bring it down.
"A more interesting vigilante solution is to have someone write up some software to target Chinese government/military IP addresses and let anyone who wants to participate in a DoS attack. We can even target the Great Firewall itself and see if we can bring it down."
I'm all for it. And while we're at it, lets go after Chinese industry and military secrets and then pass them on to competitors in the US.
I am sick to death of all this theft. I'm equally sick of people putting up with it. It's time the Chinese got a taste of their own medicine.
Post a Comment
<< Home