E-mail updates
Follow on Twitter
Subscribe to RSSKevin Mandia, the founder and chief executive of Mandiant, discusses cyber-attacks on US companies and organizations.
A report tying the Chinese military to computer attacks against American interests has sent a chill through cyber-security experts, who worry that the very lifelines of the United States — its energy pipelines, its water supply, its banks — are increasingly at risk.
The experts say that a successful hacker attack taking out just a part of the nation’s electrical grid, or crippling financial institutions for several days, could sow panic or even lead to loss of life.
“I call it cyberterrorism that makes 9/11 pale in comparison,” Rep. Mike Rogers, a Michigan Republican and chair of the House Intelligence Committee, told NBC News on Tuesday.
An American computer security company, Mandiant, reported with near certainty that members of a sophisticated Chinese hacking group work out of the headquarters of a unit of the Chinese army outside Shanghai.
The report was first detailed in The New York Times, which said that the hacking group’s focus was increasingly on companies that work with American infrastructure, including the power grid, gas lines and waterworks.
The Chinese embassy in Washington told The Times that its government does not engage in computer hacking.
As reported, the Chinese attacks constitute a sort of asymmetrical cyberwarfare, analysts said, because they bring the force of the Chinese government and military against private companies.
“To us that’s crossing a line into a class of victim that’s not prepared to withstand that type of attack,” Grady Summers, a Mandiant vice president, said on the MSNBC program “Andrea Mitchell Reports.”
The report comes as government officials and outside security experts alike are sounding ever-louder alarms about the vulnerability of the systems that make everyday life in the United States possible.
A new report confirmed by U.S. intelligence officials has pinpointed a building in Shanghai where those working for the Chinese military launched cyberattacks against 141 US companies spanning 20 industries. NBC's Andrea Mitchell reports.
Outgoing Defense Secretary Leon Panetta warned in October that the United States was facing a threat that amounted to “cyber Pearl Harbor” and raised the specter of intentionally derailed trains, contaminated water and widespread blackouts.
“This is a pre-9/11 moment,” Panetta told business executives in New York. “The attackers are plotting.”
RELATED: Report: Chinese army tied to widespread U.S. hacking
The Times report described an attack on Telvent, a company that keeps blueprints on more than half the oil and gas pipelines in North and South America and has access to their systems.
A Canadian arm of the company told customers last fall that hackers had broken in, but it immediately cut off the access so that the hackers could not take control of the pipelines themselves, The Times reported.
Dale Peterson, founder and CEO of Digital Bond, a security company that specializes in infrastructure, told NBC News that these attacks, known as vendor remote access, are particularly worrisome.
“If you are a bad guy and you want to attack a lot of different control systems, you want to be able to take out a lot,” he said. “The dirty little secret in these control systems is once you get through the perimeter, they have no security at all. They don’t even have a four-digit pin like your ATM card.”
Carlos Barria / Reuters
Locals walks in front of 'Unit 61398', a secretive Chinese military unit, in the outskirts of Shanghai. The unit is believed to be behind a series of hacking attacks, a U.S. computer security company said.
The 34-minute blackout at the Super Bowl earlier this month highlighted weak spots in the nation’s power system. A National Research Council report declassified by the government last fall warned that a coordinated strike on the grid could devastate the country.
That report considered blackouts lasting weeks or even months across large parts of the country, and suggested they could lead to public fear, social turmoil and a body blow to the economy.
Vital systems do not have to be taken down for very long or across a particularly widespread area, the experts noted, to cause social disorder and to spread fear and anxiety among the population.
Last fall, after Hurricane Sandy battered the Northeast, it took barely two days for reports of gasoline shortages to cause hours-long lines at the pumps and violent fights among drivers.
Peterson described being in Phoenix, Ariz., during a three-day gas pipeline disruption “when people were waiting in line six hours and not going to work. You can imagine someone does these things maliciously, with a little more smarts, something that takes three months to replace.”
Similarly, hacking attacks last fall against major American banks — believed by some security experts and government officials to be the work of Iran — amounted to mostly limited frustration for customers, but foreshadowed much bigger trouble if future attacks are more sophisticated.
What worries Dmitri Alperovitch, co-founder of the computer security company CrowdStrike, is a coordinated attack against banks that modifies, rather than destroys, financial data, making it impossible to reconcile transactions.
“You could wreak absolute havoc on the world’s financial system for years,” he said. “It would be impossible to roll that back.”
While the report Tuesday focused on China, the experts also highlighted Iran as a concern. That is because China, as a “rational actor” state, knows that a major cyberattack against the United States could be construed as an act of war and would damage critical economic cooperation between the U.S. and China.
“With the Iranians in the game,” Rogers said, “what’s worrisome is they don’t care. They have no economic lost opportunity.”
Security experts have for years expressed concern, if not outrage, that the nation’s critical infrastructure remains so vulnerable so long after Sept. 11, 2001.
But the escalating threats from hackers in China and Iran, in addition to Russia and North Korea, appear to be lending new urgency to efforts to make sure companies and government agencies are better prepared.
President Barack Obama announced in his State of the Union message last week that he had signed an executive order directing federal agencies to share certain unclassified reports of cyber threats with American companies.
The next day, Rogers and Rep. Dutch Ruppersberger, a Maryland Democrat, reintroduced legislation designed in part to help companies share information. The bill passed the House last year but stalled in the Senate.
State Department spokeswoman Victoria Nuland said Tuesday that the United States has “substantial and growing” concerns about threats to the U.S. economy and national security posed by cyberattacks.
“I think as recent public reports make clear, we’re obviously going to have to keep working on this,” she said. “It’s a serious concern.”
Peterson said that oil, gas and electric companies had led the way in developing security perimeters, with water companies “kind of in the middle” and transportation and mining companies lagging.
But even the protections enacted by companies so far leave too many holes, he said.
“They’re all in the same situation,” Peterson said. “If you get through the perimeter, you can do whatever you want.”
A U.S. security firm has exposed the role of the Chinese military in an overwhelming number of cyber-attacks on U.S. infrastructure, government agencies, and corporations, resulting in the theft of information from military contractors and energy companies. Mandiant Vice President Grady Summers and Chris Johnson of the Center for Strategic and International Studies discusses.
This story was originally published on Tue Feb 19, 2013 2:47 PM EST
Leave a Comment:
Oh No!!!!!!!! PANIC!!!!!!!!!!!!!!!!No INTERNET SECURITY!!!!!!!!!!
We will all have to work with our hands and feet again NOOOOOOOO!!!!!!!!! STONE AGES!!!!!
O'Wait 1960's
60's were a stone age. Stoned.
Stoned age? But seriously, internet security implementation is tedius but anyone, like Republican Rep. Mike Rogers, that uses a ridiculously poorly conceived description like "makes 9/11 pale in comparison" in regard to this is either trying to scare you to distract you from an otherwise unacceptable agenda or is quite possibly the dumbest person involved in the conversation. I want to believe he's not a complete idiot but who knows at this point with the state of our electorati.
This is not 9/11 or anything near as bad as something like that. There is work to be done to shore up deficiencies, and it won't be cheap, but it is far, far from being thousands of American's plunging to their doom in smoke, fire and twisted metal.
It is long past time for the US government to take action with regard to the hacking and theft of intellectual property being carried out by the Chinese. There is no doubt that much of this activity is state sponsored because of the targets and types of information they are frequently going after. The problem is that I do not see Obama as having the backbone to actually do anything about the problem. About as far as he might go is a little rhetoric or maybe a strongly worded letter to the Chinese president. As for taking any real action like authorizing counter attacks, I do not think he has the guts to do it. These intrusions into our critical infrastructure systems and government systems constitute an act of war. However, Obama will never say that, even though his own administration has supported the definition of these actions as an act of
war.
Read the article. They are hacking things like our water supply and power grid, not Facebook accounts. It won't be the 60's, it will be riots sickness and starvation.
Says the moron writing on an online comment thread.
We have had plenty of warning of this coming. The only people to blame is us for not defending ourselves better earlier. China has been hacking into critical systems for YEARS, and yet the US, as far as I can tell, has launched neither a counter offensive or defended itself well enough. So buckle up!
"9/11 will pale in comparison"
"cyber Pearl Harbor"
"absolute havoc"
Lions and tigers and bears...Oh my!!
I have no doubt that this is a serious and legitimate security concern, but this sort of language really takes away from that point. It is fear mongering, and it points to an ulterior motive by those who resort to it.
@ Derek-381097,
Thank you. It's sad but true. The truth is this has been going on for multiple decades and we are just now freaking out about it? I don't understand it.
Dingle, If the idea of waking up one day to no power, money, running water, waste treatment isn't threatening us I don't know what is. You know what causes plagues, right? Bad sewage and inadequate waste treatment. No fear mongering necessary, that crap is scary all by its self.
So...within the past couple months...the government:
1. Starts the slippery slope of gun control, using extremist public sentiment and exploiting a national tragedy in Conneticut meanwhile
2. In the same month...Authorizes drones to kill Americans abroad without due process or trial, as long our government deems them 'the enemy' or 'terrorist' ..yet another slippery slope
3. Now the government is trying to deem hypothetical cyberattacks comparable to a 9/11 scenario...
9/11 being the beginning of the Patriot Act (the abolishment of large portions of the bill of rights, with later rights suspended even further based upon it, which passed through extremist sentiment by exploiting a national tragedy... again).
Next will come the limiting/open extension of surveillance of certain internet activities by citizens, another slippery slope.
Welcome to Orwell's 1984...and everyone is just idly watching it happen.
The Chinese military? And we do how much business with China? We borrow how much money from China? After all the tainted Chinese dry wall, pet food, etc. and now this, never have I felt so compelled to read every label and NOT BUY Made in China. They are the enemy.
jmcrowle
So in other words, you commit a cyber crime, you are then labeled a terrorist, you have no means to defend yourself against the pending assassination. Watch out Anonymous!!
Stop building multi billion dollar aircraft carriers and put the money into security at home.
Don't buy products made in China. If you do, you are funding the destruction of America, and you are certainly not a patriot. By definition, if you do, you are a traitor.
get your IRA, 401k Statements, bank statements on paper (print em yourself), When the Chinese crash the financial system you'll have to prove your account the old fashioned way. IF they corrupt the account files - not just crash the servers - it'll be worse. The bank could say your $10,000 savings are now $100. IF you can't prove otherwise - you're messed up. The gubmint will side with the banks - too big to fail and all that.
AndrewWoody
Point conceded, but I still hold that the language was over-the-top and an attempt to garner support of some ridiculous level of federal spending or further loss of personal liberty...or both.
The threat is no doubt serious, but let's be reasonable.
Sneimann unless you live in the country, have a well, wood stoves, gardens and animals, and are organised to survive a long power outage, you would quickly realise how crippling it would be to lose our different "systems", electricity, phone, gas, etc. In general people are not ready for something like that.
You also have to wonder why China would try to hack us like this.
This country spends billions each year (53 billion this year) for our intelligence community activities. Is there anyone who thinks that we have not hacked China's electronic infrastructure first?
What troubles me is that people in the computer industry have known this for many years. I mean more than a decade. So why the sudden acknowledgment now? Were they ignoring the problem?
I think our government tends to looks at things by how it affects them, and not us. Meteor searching was completely ignored for years, until one hit Jupiter, then suddenly someone says "Oh Wait". Chinese hacking has been going on for years, and all anyone had to do was sniff traffic on almost any network's external interface. Yet now they are acknowledging there is a problem, because banks were hacked.
As a IT security specialist i can say that a lot of these attacks can be mitigated just by blocking foreign ip address class A sub nets from being able to access these systems. it wont eradicate the attacks but it will help reduce them. There are many steps these organizations can take to reduce risks by a lot unfortunately IT security is usually the last thing on peoples list of things to spend money on.
I feel sorry for anyone who has to depend on public utilities. The article referred to Sandy and the gas shortages. This is what I believe will pale in comparison to any conventional warfare. I live in an area that is frequented by Ice storms. We lose power regularly due to Ice, or high winds and wet weather. I have supplies on hand to get us through thse times whenever those conditions arrise. Simple preparation goes a long way into keeping my family safe and our property secure.
With peoples around the world that do not like us targeting our infrastructure, that is scary. After all, Why send in troops when we can sit back and watch them kill each other? Kill each other over gas or food in a fight for survival.
Plan ahead for yourselves people. When things go bad the only one you will truly be able to count on is yourself.
@ Irish, we probably hack everyone.
The difference is it's probably mostly just information gathering, and we generally don't make efforts to actually shut their systems down without good reason. Kinda like reading another person's diary and trying to return it before they notice you read it, rather than trying to rip the diary in half.
Something new for the republicans to fearmonger about. Who the hell would be surprised anyway? We've given China everything else for just a few dollars more. Hell, may as well go all the way. Course, wall street will want, yet, a few dollars more.
@ roosterboy
Don't buy products made in China. If you do, you are funding the destruction of America, and you are certainly not a patriot. By definition, if you do, you are a traitor.
How about don't make products in China. Our US comapanies offshoring are the real traitors.
Blocking foreign IP addresses would just be a minor hurdle for a sophisticated cyber warrior to overcome. They could always use a VPN to access a system in the United States, and then use this U.S. system to support their attack.
(cough cough Apple cough)
We need to put in some firewall rules on the connections that the US has to the rest of the world. Block off China. Maybe give them email and www access, but nothing else.
Of course they would just hack some computer in some other country and then launch the attack from there. What to do....
Roosterboy, I guess you don't have so much as a sheet of paper that was made in China. right. Even if you hadn't bought a thing in the last 20 years, I doubt that you could make that claim.
How many computers were running the countries systems multiple decades ago? Few to none.
Scalzo, Command & Control modules have been around for a very long time. They are really just computerised consoles for running large machinery. But the Chinese don't need to access a utility directly. Getting to the Corporate offices of our major companies would be very harmful.
dalef
It is possible but they would have to access a vpn system that is used for commercial purpose or used a hack network with a vpn system to connect too but why do you think they know where the attacks are coming from? They know because of the ip address associated with the attack in this case they come from china. besides trying to do a vpn pivot attack is usually harder because most vpn restrict certain ports or do split tunneling. It also makes it harder to get a reverse shell on a vpn tunnel if you have a private ip address and are being PATed getting out. Anonymous proxy would probably work better but you can always implement hardware to mitigate those type of connections.
This may be naive, but can't we just block ALL internet communication from entering into vital structures and don't our banks already have the ability to prevent structural crippling attacks?
Shouldn't our water, electric, and other vital utilities already be "unplugged" from the web, making it impossible for anyone to do damage remotely?
My problem is with the culture of "screw you, I take care of my own"! I've been guilty of just that. Several systems were hacked and used as zombies. I protected my own servers and left the zombie machines as they were. I should have, at least, alerted the other SysAdmin's of their compromise. No... I took perverse pleasure watching them try and recover their systems AFTER the damage was done.
dirp, those are the billion dollar questions. And those questions typically bring on debates, such as how far to go to censor traffic without affecting rights.
The truth is, if you look into the computer rooms of many large companies and infrastructures, you find antiquated hardware and/or software. As hakstarr says above, Security is usually low on the list for budgets. They think just getting an IT guy is good enough. The recent cyber security executive order aims to do just what you suggested, but its brought flack from members of congress because they claim it infringes on a private companies' rights. China doesn't have that problem. We do because everything is a conspiracy. For some, locking down the water company gives the Gov access to personal info... not sure how why, but that's their thinking. And that's where we stand..
Could speed up Obama's plan to cripple America - Mission Accomplish - ed
@GodOFfate,
I didn't gather from the article that efforts were made to shut our systems down, but I think that is a logical assumption. And we may logically assume that we would explore the same.
The ignorance on this thread of the potential consequences of hacking by the Chinese is astonishing. But, apparently our supreme leader isn't worrying about it, so why should we....right?
"Skynet will take over the World"
John Conner
lol
dirp "This may be naive, but can't we just block ALL internet communication from entering into vital structures and don't our banks already have the ability to prevent structural crippling attacks?...Shouldn't our water, electric, and other vital utilities already be "unplugged" from the web, making it impossible for anyone to do damage remotely?"
Theoretically, but then we would have to go back to passing paper messages back and forth, and we would need a LOT of messengers.
The Courier business would be booming. Hmmm maybe that's an idea for a new franchise.
I wonder if I could bribe one of the Chinese hackers to transfer a few $Million into my bank account?
Imagine the chaos if they started transferring money into other accounts - Banking is REALLY at risk because hundreds of $Billions are transferred electronically every week.
The irony in this thread is astonishing. You Are aware of the Obama Cyber Executive Order, yes???? An article I'm sure you clicked on and made equally ignorant statements, claiming Obama it taking away your freedom.
TFNJ "Theoretically, but then we would have to go back to passing paper messages back and forth, and we would need a LOT of messengers...................The Courier business would be booming. Hmmm maybe that's an idea for a new franchise."
Just think how much we could lower the unemployment rate - Obama's next 'jobs plan'?
And of course they would need a lot of bicycles in the Cities - another investment idea.
The possibilities are endless.
lol
I say we create a new government agency tasked with monitoring internet activity to prevent a "cyber Pearl Harbor" and "absolute havoc." Sure we'll have to give up a little more privacy and yet a little more liberty, but hey, it's a small price to pay for a false sense of security.
The owner of the Outlook Courier Services, a Supervisor, and 3 runners. Boom, 5 new jobs thanks to Chinese hacking.
Wait, we might also need someone on the phone to take messages:
To U.S. Government -Stop
Subject: We need more bailout cash to pay for Couriers - Stop
Yours, BoA - Stop, End.
Excuse me, computers have been around for multiple decades. Personal computers in the homes and businesses have as well. The Y2K freak out was 13 years ago. C'mon folks, gotta think.
DingleB, Your papers please.. Your papers are not in order..
Hackstarr - I agree. It is really a simple matter of looking up the ip address range for China and block it. The only problem there is that there are you tube videos and websites showing people how to hide there ip address to get around that fix.
Today's financial industry is just like a hookworm infection that needs to be eliminated (clean slate style) anyway.
Tim-Tim-Timmay!!!
I think roosterboy has a point, eventho I wouldn't call people who buy products made in China "traitors". I think most of us have bought products made in China at some point. But we should individually be more aware of this (instead of waiting for the companies to take the lead) and if most of us decide not to buy products made in China eventually companies will get the hint. On the other hand tho we have to be willing to accept a rise in prices, because I doubt companies would be willing to absorb the cost of manufacturing their products in the US.
Oh I don't buy the whole 'imminent attack' that's about to destroy life as we know it. Godzilla's not going to attack and level us all. We've known about this for a long time and we've been doing our own cyber-spying on other nations. We have far better technology and can counter anything they throw at us.
And this is the country that our political and business leaders are clamoring over - pathetic. Anything in the name of the almighty dollar.
Oh Well Then, of course it never happened..................!!!!! Trust us!! ; )
An easy way to gain access to systems is through hardware. The US implemented a viirus into the Iraqi air defence network in 1991 via a printer which contained the malware.
Since most computer hardware is manufactured in China you don't have to be an expert to put 2 and 2 together. The circuits contain the malware and e-mail attachments are not necessary to gain access.
Look at the Stuxnet worm which made its way into the Iranian nuclear program. It originated in a Siemens piece of equipment and is rumored to still be airborn mutating into different configurations. And where do you think that came from? Israel most definitely but possibly with US involvement.
Also we don't hear much about US cyber activities. I suspect the US is doing the very same thing to China and Russia. Cyber "war" is upon us. This article is intended for a US audience who believes only China is doing this.
I believe the US could find a couple of 12 year old kids that could hack them back. Better yet tell China that our records kept on our computers report that our debt to them has been paid. Thanks for the hacking.
@ Roy Wilson
You forgot to mention with all the new bicycles in the city the global warming nut bags would be happy.
@ Roy Wilson
You forgot to mention with all the new bicycles in the city the global warming nut bags would be happy.
Nothing to worry about, it's just the expected result from the last 30 years of HIA that Americans have been hugging to their chest, kissing and fornicating with. All comes with the "It's cool and smart to be dumb" innocence that's always being lost on NBC broadcasts every time some disaster like 911 comes up.
Next sitcoms to show, "Valley of the Naifs", "Proud to be Eloi", and "Eaten by a Morlock".
"What worries Dmitri Alperovitch, co-founder of the computer security company CrowdStrike, is a coordinated attack against banks that modifies, rather than destroys, financial data, making it impossible to reconcile transactions."
And this is why I regularly print out copies of my financials, at least monthly. Ever been unable to reconcile a checking account? Frustrated when your balance doesn't match that of the bank? Had a credit card declined when it shouldn't or a check bounce when you know there is more than enough to cover withdrawals? Multiply that frustration and confusion by millions of bank customers and millions of bank and retirement accounts, "missing" or delayed Social Security checks and you have an idea of one kind of chaos that might happen. An entire region's electricity gone, the transformer mysteriously blown - a transformer for which there is not a ready replacement and can take months to manufacture (tricky to do if the power is out, btw) and longer to install. One compromised air traffic computer system calls a halt to everything until the cause is found and secure transmissions are assured - how long would that take? We need standalone power stations, small but more of them, NOT interconnected by computer or any other way, and with the ability to be run manually if necessary. Food supplies (transportation) could be disrupted if rails were attacked. Oil and gas refineries shut down remotely - the possibilities are almost endless. And not to be taken lightly. The folks on this list saying, in effect, lah-di-dah, yawn, no big deal, will be the first to yowl and demand something be done now.
Wow NBC.. exaggerate a bit there?
In any event, I think this is pretty simple. The US should be authorized to respond with an equal or greater hack every time we get hacked. Since I'm pretty sure we have better cyberwarfare capabilities than the Chinese do, I'm pretty sure this'll get old pretty for them pretty darn fast. They'll block access to the NYT for a few hours, and we should retaliate by putting the names of the mistresses of every politburo member on every computer screen in the Chinese government, etc, etc, etc. They'll cry uncle pretty fast.
By the way, did anybody else catch that somebody (presumably US cyberwarfare units) managed to take down Putin's Russia Today websites for a couple of days after the Guam overlight incident (the websites were blatently lying, claiming that we made up the incident).. so, clearly,we know how to do some damage when we have to.
I don't believe that any "Hack" would come close to 9/11 in terms of it's significance. That isn't to say that it wouldn't be in incredibly damaging attack, but it was the loss of human life that made 9/11 such a significant disaster. Most "Hacks" don't kill people.
Of course if Harry Truman hadn't fired Doug MacArthur world history might look a little different today.
MacArthur was right......Truman helped to set China on the path they have attained at this point.
This is the risk of putting too much reliance information and faith on technology. It is technology and nothing is safe in the wonderful world of Cyberspace.
NOTHING IS SAFE OR PROHIBITED IN CYBERSPACE!!! Our rreliance on technology is going to be our downfall! Afterall all it really -----is a machine, board or technical device/machine and the rest is left up to who ever wants it!
Yes, 9/11 would pale as far as death toll. How long would cities consisting of hundreds of thousands or millions of people remain in an orderly state without electricity and or water? It would in all likelihood be an entire region and not just one city. Especially devastating during a heat wave. Look how many elderly and infants died in Europe just a few short years ago? And they didn't even lose power. We would have thousands dying every day if it lasted more than a few days and stretched into weeks and months. No power = no fuel and long term food storage. Where are the thousands upon thousands of people to go; into the countryside? There is no possible way the military could supply food, power, and water in such a case. Plus the populations in unaffected regions would be hoarding like crazy thinking they could be next; and rightfully so. So few realize how tenuous our modern existence is, and especially when we have run our populations up way above what the natural world could support without advanced factory farming techniques. Move to a remote area and learn to live off the land and make sure you take a few weapons with you (and learn how to hide very well), if you want a fair chance in the advent of such an attack.
perhaps it is a ploy to put us on the defensive with China as they are friends with N. Korea and if you have not heard they are ruffling their feathers. Maybe a dual conspiracy to let N.Korea drop the bomb on us??
Hello folks, when will we ever learn or at least get it!
PROBLEM: Government through their corporate owned presstitutes propagandize that the Internet is unsafe as hackers, China, Iran, Anonymous, etc.. are threatening the "American Dream".
REACTION: Oh please Uncle Sam save us! You can take away more of our civil liberties, anything, I'm just so terrified, save us!
SOLUTION: Enact laws and Executive Orders to control the Internet (CISPA, ACTA, PIPA, SOPA). Allow the Utah Spy Center to investigate all voice and data communications in the US.
Obama signed an Executive Cyber Security order the day of the State of the Union speech.
It is absolutely shameful and pathetic the cowardice displayed by the American sheeple. You have allowed the government to take away your 4th Amendment right through the National Defense Authorization Act (NDAA) and the Second Amendment is now under siege. They are now instilling the fear over the "internet hackers" so that the First Amendment can be taken away as well.
It is a joke what the Americans will tolerate. The president just announced via the 'Fast and Furious" Department of Justice "Memo" that Obama can assassinate US citizens and where's the outrage? There is none!
What is it going to take to get the sheeple to wake up? Not that it won't be hilarious when the presstitutes propagandize that there is a suppository bomber. The sheeple after getting radiated and molested will be bending over at the airports and all public places.
America used to be Land of the Free and Home of the Brave now we are Land of the Detained and Home of the Cowards! My how far we have fallen! What the Hell are we anymore?
Instead of raising alarm about what China is supposedly doing, maybe we should be questioning whether this is a response to something our own government is doing. Because if they weren't, I would be surprised.
Larry-2260635
I like your idea - Hack into Chinese computers and cancel our $1 Trillion debt to them.
And we're going to allow Obamacare to safely keep all our medical and mental healthcare records in it's mandatory Electronic Record keeping national registry systems, oh goody. I read an article from the Twitter HIPAA account page where they already have over 25,000 electronic violations.
so, who's to blame for this? Obviously the companies who hold these data (banking, utility, etc) BUT let's take a close look a the government and where their priorities are. over 24% of the federal budget goes to military spending- which is as much as the following 12 countries spend combined. Instead of wasting money on carriers and armory which no one will ever need they need to re-focus on cyber infrastructure- because it's clearly a national security threat and as we become dependent on it we become more vulnerable.
John re#1.67, That was exactly China's response to getting busted,although they did deny any involvement. You have to read between the lines. Some say it's all fair since we did the same thing to England in the Industrial Revolution. But being realistic, F^^k the Chinese Govt, they're economy could not exist without other than the fact they are "Pimps" of their people. And corporate America are the eager "Johns" of the services. Which one is worse? Only the Chinese,as pimps, are willing to exploit anything to insure revenue. My main concern here is why was "JS in SD's" post collapsed? Was it because JS was speaking out against "the Messiah Obama",telling the truth,or was he hacked as well? Truth be told ex-mayor Richard M Daley is spending a lot of time in China,along with his son,Pat.
I would go out and round up eveery hacker , even the 2 bit ones, and give them all amnesty and set them loose and shut the azz wipes down...all of their shyte
fenderbluesjr
I really wonder your idea of "fair". If either government did it, it is wrong. And @!$%#ting on China I find kind of amusing really. WE outsource our jobs and technology to them so they can produce products for our masses at a reduced rate. And then we are so surprised when they use said technology?
What I find sad is that the US really does not produce hardly anything any more. We are merely salesmen for the world. At what time has the middleman not been eliminated in this scenario? You may blame China, and I will hold my opinion on that for a few decades, but we have done it to ourselves, and are so surprised when they take advantage?
I am not defending them by the way. NOr would I defend our government for doing the same. It is simply a different perspective.
This has gotten to the point where the U.S. cannot draw down the military, weapon systems or cyber security systems. The main reason the Chinese are able to attack our systems in cyberspace is because we either sold them the high tech computers (Bill Clinton reelection with Chinese donors contributing to his reelection) that we all heard about later. And they stole the rest through corporate theft, purchasing companies that build the technologies and spying. Chinese Communist do not invent technology they steal it; always have and always will. The problem with the arrogant Chinese Communist is that no one has had the balls to bitch slap them a few times. How much do you want to bet they would crap their drawers if we announced a 30 percent increase in defense spending and improve a nuclear capabilities, due to hostile acts by foreign governments who are not friendly to the U.S. Yeah, that would make them choke on their Szechuan Chicken alright!
John, You make a valid point and I didn't gloss over it. We have created this monster and it is coming back to reap it's harvest. I'm pointing out that China's contention is you guys have been doing all it along so what's the problem? Well China is our second problem. The U.S. dealing with them in the first place is the main problem!
How stupid to be in this posistion gotta love technology or i mean when its gone.
I concur completely but Obama won't do anything--he is a chicken with the head still on but a brainless one. Basically China has declared SILENT war on us. Never admitting, always testing and stealing.
If Obama tries to pick his nose, the friggin Pubs won't let him
China is NOT our friend we need to stop buying their JUNK!!
It is junk!! It breaks when you get it home!!
Bring the manufacturing jobs back here. I remember when almost everything said made in the USA and it stood for quality!! People still like to buy thing that will last!!
BUY USA
Doug...The media would do it for him....
Yeh Doug, and he needs to stop rubbing those boogers on the Oval Office desk.
Anti-Obama trolls at it again. This has been going on FOR YEARS before he was even elected and nothing to do with Obama. This is nothing new. The only thing Obama has to do with it is that he could do something about it and so far hasn't. But that makes him no different than all the presidents who came before him, and all the other politicians as well. They ALL have been far too lax about it for decades. Try getting your facts straight before you mindlessly blame others. Talk about sheeple...
But as always, the radical nut jobs on the right (note that not all right wingers are radical nut jobs and not all not jobs are on the right) blame the other party for everything. Obama this. Obama that. My word, you guys are absolutely obsessed with the man! I'm no Democrat, and I'm not exactly happy with him, either. But come on! He can't possibly have done even one tenth of everything he is blamed for. It's just absurd. I'm just plain tired of hearing how everything is one man's fault when half the time it has nothing to even do with the Presidency, let alone Obama. I believe they call that crying wolf. The more people cry wolf, the more it makes everyone else in your party look bad. Don't you see it's exactly what the Democrats want you to do? You are playing right into their hands! This is how credibility is lost.
That's if you buy that these sophisticated hackers not only allowed their hacking to be traced to a location they work from, that they share a building with the Chinese Army.
I don't buy that sophisticated hackers aren't sophisticated enough to mask their actual location. I don't buy the Chinese Army would shack up in the same building as hackers trying to infiltrate America's infrastructure.
If I had to guess, the actual hackers knew we would buy this story and made it look like they were working from that building. Or the government is stating this so they can push their "Cyber War" non-sense.
There is an easy solution, get the GD infrastructure of the internet. It was once a DoD communications network not available to the public. Can they not duplicate it, but lock it down and make it impossible to access outside the US. I find it hard to believe that the DoD doesn't already have something like this, they can't be communicating critical information using the same internet I use to look at boobies or that the Chinese hackers have access to.
Interesting thought, ScottW714.
I don't know if the Chinese army had anything to do with it, but I do believe China's government sponsors them in some way. Or at the very least, creates an encouraging atmosphere for them. Hacking from China has been going on for years. I am not one of those people who is afraid of China or believe they are out to get us. But they do like to mess with us from time to time, and they do have quite the culture of hacking into American things.
You seriously think this just started?
I guess you missed the part about Obama passing the cyber security executive order, which Repubs refuse to support.
Does no one believe that our own people and government does the exact same thing? Whether it be individuals or groups within the USA Intelligence community, we do it...just as well or likely even better than those hacking us. Remember the mysterious stuxnet virus that caused problems in Iran that had "fingerprints" from either the USA and/or Israel? Why shouldn't they be expected to retaliate.
The problem is, how can it end? During the cold was we had SALT talks and treaties wit the former Soviet Union? Is it possible to have similar treaties with China? Iran? N. Korea? I doubt it.
Maybe one solution for critical utilities is to disconnect the regulation of their operations from the Internet and use computers that are stand-alone, dedicated just to their operations.
You know? This is good information to "know" but, when they go in to detail about what "could" be and what "might" be, could give our enemies further ideas about what they can do! The media in this country sometimes need to keep their mouths shut about certain things.
1. This has been going on for years. We have long had insecurities in our networks, countries like China have long been taking advantage of them, and we as a country have long been far too lax about it. This is nothing new. I'm surprised more people didn't know about this. Not to ridicule you or anyone else for not knowing it, mind you. But I personally thought it was common knowledge years ago. Guess I was wrong.
2. The media will NEVER shut up about anything. Sad but true.
Perhaps the key would be to segregate our infrastructure computer networks from the world wide web. We could keep the operations within a very limited grid that is not accessible to the outside. This would keep us operational without interference. Of course, other systems could be internet connected for the mundane tasks of everyday living, but actual operations would be within a very secluded and separated network.
I don't know if that would "fix" the problems; bugs are probably already in place, but it might keep those codes from being activated by their masters. What could be simpler than just unplugging from the linked outer network of the internet. A limited-user intranet could be very easily adapted.
Difficulty would be minimal, and in the long run, the time and expense would be worth it. This would be a better expenditure of national security funds than some of the other stuff I've seen out there, and it would be a benefit to all.
Of course, I'm open to suggestions, and this is the first one off the cuff, but what say the rest of you? We can sit and moan and groan all day, but that just gives China et al another 24 hours to do spying and damage. We must move forward. We must be proactive in protecting ourselves.
An air gap is a good start, zapper, but it only takes one guy with a USB drive to get through it. The Iranian centrifuges were completely off-grid, but Stuxnet still got in through a thumb drive.
There really is no reason for utilites to be having a public facing address on the internet. As for a physical attack on systems involving 1 guy with a USB drive, well, any good security would include physical access control and security on those systems being enhanced to block the "trusted device" security problem found on ALL systems.
A trusted device is any device that is connected to a computer that is automatically recognized and cleared for use with no intervention. Devices like keyboards, mice, and other peripherals are automatically accepted by a system as trusted. There is a physical access attack vector that lets, say, a preconfigured USB key to act as a keyboard once seen as a keyboard the drive will execute a script to deliver a payload.
These attacks are super easy to defend against with the proper protections for physical access to a computer and enhanced security to see to it that a device is what it says it is when it is plugged in.
As much as it seems like it, computer security is not rocket science and it is not imposable. Most of these people in government would surprise me if they could tell me the difference between a bit and a byte, so when they go screaming about computer security, I can not get that worked up about what they say.
QE137 - better to get worked up about it. There are enough cyber experts in government who are very worried and your attitude is part of the reason. There are plenty of people in government and in the private sector (e.g. banks) who don't know "the difference between a bit and a byte" and are the ones in charge of their company's or department's security. We need a cadre of expert hackers to advise and implement the securing of vulnerable assets.
Best thing to do if a company..don't put your secure data on a network that's connected to the internet.
But do put fake data online..make those Chinese army guys go NUTS!
President Clinton was weak on China and so is President Obama. President Bush (the second one) was to much of a war monger. We need a Strong leader who will not take us into WW3 or Sell out Americans to China.
Lori,
"The media in this country sometimes need to keep their mouths shut about certain things."
I agree with you there. The media always has to walk a tightrope in that respect to satisfy the public's need to know while protecting national security. Whatever is known by the public is also known by the enemy. But I might just add that the media themselves have been victims of hackers. If I remember correctly, the New York Times was recently hacked as well; probably by China.
Floretta,
"We need a cadre of expert hackers to advise and implement the securing of vulnerable assets."
Yes, that's a good idea, and from what I have seen on the PBS News Hour, government computer security experts have, in fact, been working with young computer whizzes and hackers on this problem. They had a segment about that on a computer and technology show in Las Vegas that was attended by computer nerds from all over the nation, and government security experts were there getting their ideas about how to improve our computer security.
And what is Obozo the Clown doing about it ---NOTHING --he is out playing golf with a sexl pervert and destroying the 2nd. Amendment to the Constitution of the United States by disarming the nation
Bloomberg published a detailed article few months ago which estimated that the commercial losses that American companies incur is of the order of 300 to 400 Billion dollars every year. With this report and all the hacking of Google, NY times, etc. in the recent time, I say the only thing left to do is for the long range bomber planes from Guam to flatten those Chinese PLA buildings in Shanghai from where these hacking are taking place. I say what the F are we waiting for?
That's right, our biggest trading partner is also trying to ruin us.
FlorettaQE137 - better to get worked up about it. There are enough cyber experts in government who are very worried and your attitude is part of the reason. There are plenty of people in government and in the private sector (e.g. banks) who don't know "the difference between a bit and a byte" and are the ones in charge of their company's or department's security. We need a cadre of expert hackers to advise and implement the securing of vulnerable
------------------------------------------------------------------------------------
The government has been hiring hackers for years, so your idea is already in use. My attitude comes from my job, part of my job is securing computer systems against all forms of attack. Having government officials screaming about utility vulnerabilities that should not even be available for online attack is as absurd as driving your car on 4 cream filled doughnuts.
These systems being compromised in many cases do not need to be on a public network, they would be best served being on a private net and the physical access to critical infrastructure systems be tightly controlled.
The problem with what they are complaining about is also a lot like publishing your personal information online and then screaming about how your identity is at increased risk of being stolen and something needs to be done about it. There is NO excuse for utilities to be open to a public network attack. If these systems are important, then they must be secured as such.
If you can come up with a good reason why a water treatment plant should have a public facing address on a public network, then I am all ears. Private networks ISOLATED from the public net need to be used for control and information exchange and access to those systems need to be monitored and restricted.
...which is why dufuses like yourself don't get to lead anyone except their unlucky families.
Hello folks, when will we ever learn or at least get it!
PROBLEM: Government through their corporate owned presstitutes propagandize that the Internet is unsafe as hackers, China, Iran, Anonymous, etc.. are threatening the "American Dream".
REACTION: Oh please Uncle Sam save us! You can take away more of our civil liberties, anything, I'm just so terrified, save us!
SOLUTION: Enact laws and Executive Orders to control the Internet (CISPA, ACTA, PIPA, SOPA). Allow the Utah Spy Center to investigate all voice and data communications in the US.
Obama signed an Executive Cyber Security order the day of the State of the Union speech.
It is absolutely shameful and pathetic the cowardice displayed by the American sheeple. You have allowed the government to take away your 4th Amendment right through the National Defense Authorization Act (NDAA) and the Second Amendment is now under siege. They are now instilling the fear over the "internet hackers" so that the First Amendment can be taken away as well.
It is a joke what the Americans will tolerate. The president just announced via the 'Fast and Furious" Department of Justice "Memo" that Obama can assassinate US citizens and where's the outrage? There is none!
What is it going to take to get the sheeple to wake up? Not that it won't be hilarious when the presstitutes propagandize that there is a suppository bomber. The sheeple after getting radiated and molested will be bending over at the airports and all public places.
America used to be Land of the Free and Home of the Brave now we are Land of the Detained and Home of the Cowards! My how far we have fallen! What the Hell are we anymore?
If the situation is truly as bad as we claim, I believe we should request access to the building from the Chinese, who claim nothing is going on. If they refuse, we should take out the building after fair warning, only long enough for them to vacate the premises.
Unlike the situation with Iraq, we must be sure our evidence is iron clad.
I hope people on these forums watched Hubris, last night. It was interesting to watch Bush, Cheney and Wolfowitz lieing through their teeth and knowing the entire country could actually view the spectacle, with the background information in their heads. Those 3 should be charged with war crimes and crimes against humanity. The proof is overwhelming. A firing squad would be so appropriate for those right neocons. The country could save a bundle in pension and security costs.
Firesail from Die Hard. Nuff said.
A "hacking attack by the Chinese military" (emphasis on military), is an act of war, and should be communicated as such to the Chinese leadership (who by the way may not even know it is occurring!
Our response, quid pro quo, two can play that game, if this occurs again they must know that there will be a "price to pay" for it! Our question to their leadership is this, "Are you in control of your military....or not?".
I think you're right we do have concern, but I believes the we're not doing it enough now. Just look how hackers was get into Iranian's Nuclear plant, we can see this matter is very serious. It maybe a matter of nation defense.
Chinese military has been attacking us for years and they already been able to steal so much of our inventions and design. Event Chinese Military are steal most our top secrets military airplane and weapons design. Chinese is getting agressive like Nazis now. They have been taking lands and seas from neighbor countries. Chinese military has been kills civilian unarm with heavy weapons.
I think also need to implement single line access now and only activate in case we has war with enemy nations. That's way we can easily block enemy state to acccess our common route. I know it is not easy to eliminate all attacks; but a lot attach can be stop in very early states.
Nuke the tiny pecker squatters..
must be a lot of IT guys out of work...needed a "recovery" and what better than a "lets not jump from one manufacturing emergency to another" to get things rolling for the guys needing work....
what next,
Dear Obama, female administrative work is in dire need also, how about an emergency to get me back to work? medical billing and coding specifically...all you would have to do is pass a law that says all medical transactions have to be checked by human eyes before being sent to the insurance company for process......cmon. you could just say our health care systems are being targeted and humans need to make sure they are not just a computer making random claims, we could verify the little boxes by hand...please...being broke sucks for us too
Hmm Im suspicious of this. ... Not that the chinese dont participate in this kind of activity (all countries do) but how convenient a "crisis" appears when there is the talk of more government control of the Internet. Did Deputy Chief of Staff Alyssa Mastromonaco call up NBC the mouth piece of the white house and say we need a story written to scare the public and sell our wares. Im not sure I'm buying it. I for one am not for more control unless freedoms are guaranteed. Very Saul Alinsky I may say.
Jim#3.21...a similar problem surfaced last year. The BBC is also reporting about the same hacking. You might recall the WH was hacked last October as well Google Gmail accounts of senior government officials. I'd normally dismiss them in part until more was known. However, given the number of incidents especially the up tick recently I"d be more than just suspicious I'd be real worried. Below is the link from BBC for your covenience regarding last years hacking.
I might also add that a recent article noted two Russian fighter jets on the night of POTUS SOTU speech were intercepted by U.S. fighter planes. The article stated that the Russian fighter jets were detected over Guam and escorted back to Russian territory. The irony was that this isn't the first time that recently there has been a string of such encounters in the same area. I considered that they could have been offering support for a Russian sub until I heard about multiple encounters. My past has taught me to be very suspect of any such incidents. These encounters may be nothing but my bet is that they are in fact part of something that is going on.
http://www.bbc.co.uk/news/world-us-canada-19794745
Eric-NY -- Obama is more suspicious of China than previous presidents. I'm writing this in a hurry and don't have time to check, but last year he vetoed a land sale in the Northwest, where the Chinese wanted to buy land near a U.S. military base or energy facility? Sorry about the lack of details but I remember that Obama's veto was a surprise and shows he's keeping track. Unfortunately, our debt to China (mostly from previous administrations) puts us at a disadvantage as to what we can do.
If we can identify where the hacking is coming from, we should bomb the crap out of it, no ifs ands or buts. The best cybersecurity is to annihilate the hacker, sets a good example.
Mary,
You may not be too far off. The idea about it being associated with a Russian sub is plausible. It wouldn't be the first time one of their vessels got into some trouble. They may have one gone missing or possibly having sent out a distress message.
Years ago the used to do probes like this to gauge response and observe what standard procedure was. I don't think Russia is so much into that kind of thing anymore because I don't believe they see us as threat to attack them like they used to and I seriously doubt they would even consider staging an attack of their own. However, subs are still a very big part of their defensive arsenal. Stuff happens and when it happens far away, one of the first and quickest ways to investigate would be by air. I suspect the timing with the SOTU was likely just coincidental. I think it is unlikely that Russia is spending a lot of money on aggressive exercises these day and is more focused on maintaining a strong defensive posture. But I think you are right in that something is/was going on, but I don't think it is so much tied to any threats.
I suppose it is possible too that we could have something going on therethat they want to get a look at. I don't believe Russia has anywhere near the satellite capabilities that we do and it would probably make more sense to send standard aircraft with surveillance capability as opposed to some special surveillance aircraft that would likely be detected and then arouse suspicions. I would guess they wanted it to look like some routine training mission, but it probably wasn't.
I have to say that I agree with QE137 @ Post #3.4 to an extent. As an industrial programmer, here's the problem with what you are saying...
Yes, while your machines may not have a publicly facing IP address, the computer you are programming it with will. Let's take a moment to examine something like Rockwell Automation. I love CompactLogix, ControlLogix, and RS 500 systems. For me, there aren't many better controllers on the market. Unfortunately, to use most RS 5000 systems you have to have the latest version of the software. Here's where a large security risk comes into play...you have to download the upgrades. While it is from a trusted and secure site, while you are accessing thier computer, who's accessing yours? That is how Stuxnet got into the Iranian machines. The good thing about RS systems is that they are not open to being influenced by a computer. Unless your fundemental control comes from a constantly calulating database which is updating the program through integers (which is something I rarely ever program because of the potential for failure).
There are other problems, such as if a service tech from a machine manufacturer has to remotely access your machine to troubleshoot failures. Perhaps your system has to report specific information to a government agency (banks to the fed, process waste and polutant information to the EPA, ect.)? These are the points where we become vulnerable.
You see, the fundamental problem with the "information age" is that we became so short sighted in our automation's ability to send our information out (in real time) that we forgot to think about who might be looking in that window...
and throwing something through it.
RalphH,
"If the situation is truly as bad as we claim, I believe we should request access to the building from the Chinese, who claim nothing is going on. If they refuse, we should take out the building after fair warning, only long enough for them to vacate the premises."
They may be doing just that, but we have not heard anything about it yet. Obama's press secretary Carny said they are pressuring the Chinese government about that at the highest levels. That may include requesting access to that building for all we know. The PBS News Hour had an interesting segment on this last night. You can watch the video of it at this link if you want to:
http://www.pbs.org/newshour/bb/world/jan-june13/china2_02-19.html
Why do we still maintain China's most privileged nation trade status??? Why do we keep feeding this monster? Because our politicians sit in the pocket of international capital holders who benefit from this trade. What a bunch of TRAITORS we have in Washington DC...
Maybe now that it can be masked as part of the "War on Terrorism" the GOP will stop blocking US Infrastructure upgrade and repair projects?
JD,
I have to agree with you about liking Rockwell. Great stuff. The fact is that the situation you describe assumes you use your laptop specifically for that single purpose. In reality you are rare in that regard. Even so, you rightly suggest a path even if updating is the only reason you connect to the Internet.
But then you have the problem with big systems that network multiple processors, drives, instrumentation, HMIs and link it all to a higher level process computer. Often that computer may be feeding processing parameters to the PLC. HMI's often act to perform a variety of control functions. Sometimes the HMI might be a client version running on a desktop PC with connections to the Internet. Usually, but not always, process and business networks are at least in theory separate. But there are places where they come in common. Some idiot may bring in something "innocent" on a thumb drive and bingo, it is resident on his desktop which may then open the door to business and process level networks. I have even seen cases where remote access is available so a technician can remotely troubleshoot problems and even potentially make change remotely. This is a bad idea, but it is out there.
Most hackers won't have a clue as to go about creating enough damage commanded by the PLC, but something carefully crafted like Stuxnet, can quickly find its way into the system. Crazy stuff can happen with just "normal" processing variables. Tell a pipeline pump it's running heavy crude when it's gasoline. Change control setpoints for things like pressures or temperatures. Change scaling factors in HMI's or disguise what the operator is looking at making him react the wrong way. It is this type of thing that Stuxnet exploited.
Oh China, how silly they can be trying to deny what the entire world already knows, and has known for years. Obviously, they like to sponsor hackers to aim at the United States. You know, I'm pretty sure if we ever felt a need to start a cyber war with them, we would win. Now I'll be the first to say I find it amusing that this many people seriously think China is out to get us. But as far as their hacking goes, they have been doing this for years. They may not be out to get us, but they are trying to get every advantage they can against us, as they see us as the biggest rival.
Still, I highly doubt China is "out to get us" like so many here believe. China is simply going through their version of an industrial revolution, but faster because much of the technology already exists. They have come to realize that their long enacted policy of isolation no longer works. China is evolving from Communism to more of a Capitalistic based country under Authoritarian type rule, and even that is changing by the day. I don't know what China will eventually turn into, but much of what they do that we criticize them for has already been done by European countries and/or the United States during their/our respective industrial revolutions. The single biggest difference, besides the part of the world they are in, is the Communist based government that has been driving all this for China. But again, China is becoming something else.
Sure, we don't always get along. Yes, we often clash over things. And yes, they do send hackers our way because while they aren't out to get us, they do see us as an economic rival and certainly like to mess with us. But they would have nothing to gain from threatening us on that level. While they may do shady things, and may economically be trying to manipulate the economy to their favor, who else isn't? Besides, the truth of the matter is that it is in China's best interest to keep us around. We are still an extremely important country for the world economy. And more importantly, we owe them money. A lot of money. China is making a killing off of us, and you can thank our esteemed leaders in Washington for that. So really, why would they want to destroy us?
Just wanted to say, loved your post. Every single point. Instead of the regular droll of "oh noes! china this, china that, blah blah blah" it's nice to see an intelligent post.
Thank you.
Good post. As China has moved towards capitalism, it's motivations and actions will be determined by how their current government integrates it's modern economy. No doubt about it that capitalism will dictate that China want's to be the number 1 economic power in the world. How it's authoritarian government uses it's modern economic structure and technologies to do so is the question. After all, even within our own country, we have a large share of authoritarian politicians allied with corporate entities that are always eager to jump into war in order to maintain our top standing in the world, for security and profit.
I'd like to believe that China, in the grander scheme of things, is rather benign. It makes no sense for them to start a war with us. The article, despite it's heavy fearmongering, even admits this.
I agree - they have more to worry about at home than to do Spy VS Spy with the USA. I'm more concerned about the three guys in eastern Europe, hacking away in their mother's basement than I am with China.
They could just demand the money we owe them. They have us by the short hair.
We need some of our 14 year old kids to hack in and shut down some of China's systems.
China needs us. China is about building their own economy, but they are not there yet. They need our consumers until their own consumer base gets big enough to sustain itself.
As far as demanding their money. Why? What would they do with it? They are far better off holding our debt. They would not want to do anything that shuts them off to our market. Our debt with them assures them access. We only owe about 8% of our debt to China, barely a trillion dollars. We owe about the same amount to Japan. Trade with China is about half a trillion annually with 80% of that going from there to here.
And what they get from us is things they can't get elsewhere for as good a price. It would be insane to turn off that faucet for getting about two years worth of debt back. They have no problem funding anything they want to do in China. They want our cash flow far more than the debt we owe them. Believe it or not, China's biggest import from us is machinery they need for their infrastructure, followed closely by electronics and of all things oil seed. Most everything else they buy is things they need to build their country that they don't yet make themselves. And #8 on the list of imports from us is wood pulp so they can make the boxes to ship their goods back to us.
I have doubts that China is hacking us with intentions of crashing everything. There is little in that for them. I do suspect though that they are hacking for other reasons. One is to learn about how our stuff works. Some of that is about stealing technology. China spends an enormous amount of money on their infrastructure. Far more than we do. But they have loads of problems getting all to work seamlessly together. I am sure there is a desire to learn more about how we make things work.
That said, there is no doubt that from a military perspective, it would be advantageous to know how to do a lot of damage without a major investment in military attack weapons. I am sure China's military would like that capability, if they ever needed it. Iran on the other hand already likely has payback on their minds. They are not happy about what sanctions led by us have done to them and we pretty much admitted that Stuxnet was our doing. I have little doubt that they would love the opportunity to strike back. Maybe not today, but if we ever turned up the heat with a military attack, I have little doubt that they would try anything to get even. And then of course there is cyber terrorism which the right people would do today if they had the capability.
People who blow this off as being insignificant, don't grasp the seriousness. We are not just talking about shutting down computer networks and causing inconvenience. A very large part of our industrial infrastructure is vulnerable. The problem is that the ability to cause significant destruction exists. It just takes someone smart enough to understand how to do it. You need to have some intimate knowledge of the hardware you are attacking.
But I can say that I personally saw some serious damage done accidentally via Internet connected access to a control system of some industrial equipment. A large fire and millions of dollars of damage was done with a couple keystrokes. It took a "post-mortem" investigation to even figure out what happened. It was something totally unanticipated that "exploited" a standard function in the controllers. It was the kind of thing ordinarily used only in testing which would never be used in operation, but the capability still existed. Once we realized what occurred, it was totally explainable. And this happened by accident.
The point is that someone with the right knowledge and intent can create a lot of havoc. When you talk about things like the power grid and other critical infrastructure, the damage that can be done could take months to fix. One thing that can help is being isolated from the Internet and using a closed dedicated network. But that isn't used very often because the cost of putting in that network can be ridiculously cost prohibitive. Even then, you aren't completely safe because someone determined enough can potentially get malicious code in through other means. That is essentially what Stuxnet did. Completely isolating a system from the outside world isn't very practical in a lot of cases. That may be fine for things like Iran's enrichment facility, but for infrastructure that needs coordination, it isn't really so easy.
We did this many years ago when many components were fundamentally stand alone and human operators were the coordination interface. That just isn't that practical anymore where real time coordination is needed. However, a lot of external interfaces don't require that real time coordination. There are some ways to make this considerably more secure. One way is only validating very specific requests and blocking anything not on the accepted list. Another is only having an "open window" only at specific predetermined times which can be controlled by a constantly changing code. Any attempts to communicate outside that window is then assumed to be an attack and the communication gets shut down. As long as massive amounts of data aren't frequently needed to be exchanged and the number of valid communication links is limited, this can work pretty well.
The problem is that most of these systems have very little in the way of protection. They assume that only valid traffic is taking place. If you build a few layers of protection schemes, generally someone attempting an attack will get stopped within the layers and once detected, countermeasures can be changed. The trouble often is that many facilities don't have adequate IT support to monitor what is going on. They contract someone to "install a lock" and the share the "key" with far too many people. Even the best security isn't foolproof and it is best to continually update it.
That said, we could be far better than we are with relatively small effort. Far too many systems could already have been compromised with no knowledge that it has happened. Someone with serious malicious intent may very well figure out how to get in without doing any damage and the wait until the time is right to act.
File this article under the heading of: "Well no Sh!t Sherlock!"
first he!! ya
American business and governmental computers need to be on their own secure 'Ameriweb' or the like, completely isolated from outside computers. Any company violating security by accessing free internet should be fined. Enough of giving your enemies (and if you think China not your enemy, you are a fool) free access to all of your jobs, technology and innovation.
"THIS" :Is what happens when you lie down with the ENEMY.Yet not a solitary comment from the RWNJ'S about this? Not even going to "BLAME" this on Obama also when your Republican GODS, along with their Democratic minority Passed legislation giving Billionaires a green light to export American JOBS into this COMMUNIST enemy nation.I have been talking about this for years on these boards and locally but those on net message boards are so BUSY attacking Obama, you cannot SEE who the REAL enemy IS.
Now you know why I still like checks and cash. Yes, I use my debit card but no direct deposits or automatic withdrawals. I keep paper copies of all electronic transfers and payments.
If some power/hacker glitch happens, I have a paper copy to back up my data and I know when and where my funds come in and go out.
I guess by responding I am now susceptible.
YEP!
That going to help when the power goes out and the water stops running? Two days without power and people panic.
Done the same for years, at least the financial record keeping. As for power, some areas and people are more vulnerable than others. Tougher in winter than spring through fall, though we've been a week in deep winter without heat before; lots of well water (and natural springs) where I live and we draw from local lakes. Even when the electricity goes our gas stove burners work and we keep plenty of propane (and canned goods) on hand plus bottled water. And with our hybrid car we can go almost 700 miles on one tank if need be.
So lets cut defense spending. Right Democrats ?
Yes, right. We need to move the money in the defense dept to cyber attacks and away from more tanks. The next battles will be through the cyber world, not in a large scale invasion. Right now the defense budget is mainly old-fashion weapons that are a waste, except to the companies manufacturing them.
The key isn't more spending. We happen to be in major debt right now (China's pockets are being filled) and need to cut down on spending. I keep hearing about how Republicans want to cut down on debt and want to cut spending. And I absolutely agree with that. But the defense budget is off limits? Why? I thought we were in a debt crisis? What we need is smarter spending in defense and everywhere actually. Not more of it. I'm not a Democrat, but you would be surprised how much monetary waste there is in the military. It's no different than the rest of our government in that regard. It needs to be streamlined.
"So lets cut defense spending. Right Democrats ?" So lets be a paranoid fear monger right republicans? Like watching 24 on Fox and having a box that is capable of causing all nuclear reactors in the U.S. to meltdown.
Here are some simple observations. Firewalls have the ability to block entire netblocks. I could block all traffic from or to China with a few simple commands on a firewall. Last resort? How about just pulling the plug on telecom cables from China. Often the most primitive methods work the best. If anyone thinks our entire electric grid/water systems are on the internet and can be shutdown from remote they are crazy. If that can actually happen then someone failed internet security 101.
What is all the fear mongering about? Lets pour more U.S. taxpayer dollars into X project so that some guy can get rich and donate more to particular politician.
From India: "All sub-stations of state-owned transmission company Power Grid will be UNMANNED AND REMOTELY MANAGED [emphasis added] by next year, chairman R.N. Nayak said Tuesday.
In place of personnel, Nayak said, "there will be cameras watching the functioning of devices and equipment and the stations will be totally managed remotely by the National Transmission Asset Management Centre at Manesar."
Addressing an international conference here on high voltage surge arresters technology, Nayak said having eight persons per substation was a waste of human resources...."
Its high time we wean ourselves off of China and start bringing jobs home. They are not our friend. They have their own issues its time to foster discontent in their population and create unrest. Unfortunately their people dont have guns. They cant control all those people and they know it.
Come on, this is no secret...As Mandiant says above CCP China has been in our networks for 10 yrs. Our pathetic elected do squat about it. How the mighty have fallen
There is no question that this threat from China is real and needs to be addressed, through both defensive and active measures. But we have to remember that it was the U.S. that unleashed the STUX virus on Iran. If we choose to engage in offensive cyberwar then retaliation should come as no surprise. We have already set the bar on this - are we ready for it?
It all started with a group of draft-dodging ping-pong players and has morphed into this. All I can say is American companies got what they deserved and so did the US Government.
Lets see china finds ways to dismantal our war machine, Obama takes our guns away, Obama sends jets to Muslim brother hood, Obama over heard making deal with Russia, wait till I'm reelected? sounds like we will be turn in to sheep, by our pres and his surounding dumb asses, Remmeber the Movie REd DAWN, It could happen if the right person aligns every thing up right, easy take over.
jets to the muslim brotherhood? you mean more F-16s to the same country who has had US F-16s since the early 1980s? and you do realize, foreign military sales like that require congressional approval, right?
you don't really think that Obama is the first president to sell arms to the mid-east?
"Remember Red Dawn" OMFG you are laughable to think that is even possible. Neither Russia or China have the capability to ship that many troops here to invade the country. It would require a mobilization unparalleled in any century. Keep in mind there are still nuclear weapons gliding under the ocean... that aren't capable of being attacked from the interwebs. Enough nuclear weapons to destroy 2,688 cities effectively ending life as we know it on this planet.
Are we being sowed the seeds of fear by our own government? We created the internet, and we can shut it down any time we want. Don't be fooled, not to mention we have been hacking the Chinese since the beginning.
Brilliant. The answer is we can disable all those systems ourselves. Must be a top level govt. worker.
All you who think this is funny won't be laughing when they crash our power supplies and shut down our banks. They are a real terrorist threat and need to be treated as such including embargos and sanctions.
"Won't be laughing" Yeah I will be laughing... because it will probably be fixed in only a few days. The only places that won't be fixed obviously failed at backups 101.
First step:
1. All internet access to China cut.
2. Restore systems from backup.
3. Reboot
Power/Water back on.
Terrorism? Oh, please .... *rolling my eyes*
Embargos? Sanctions? Against China?? ROFLMAO
Google "DF-21D Missile" and then come back to tell us all about how well that would work out for us. The fishes would love an embargo, though, since they could always use another artificial reef at the bottom of the sea...
"WHEN" is the USA ever going to learn?
Other countries, like China, send their people to the US to get a good education and when they graduate they go back to their home country and use that education to do something like this!!!
And most working class kids here can't even get a decent education without going into a lifetimes worth of debt.
@!$%#ing sad...
sure they can. they can pay attention in high school and get good grades and scholarships. they can not be criminals and drug heads and join the military (80% of high school grads can't get in....), the GI bill is a great option, paid for my bachelors while in and my masters when i got out. or they can get jobs and work through school, like my brother, instead of using their loans to party with and get useful degrees like liberal arts, history, political science, and business administration...whats $@&*$&*@ sad is that we import foreign students and graduates to do high tech and enginering jobs because our own kids can't and won't...
Bull@!$%#!
Must be a boomer...(rolls eyes like know-it-all prick)
ah, the resort to name calling when someone calls you out for being full of nothing more than hot air, but no one should be surprised based on your original rant...
OK, so why doesn't our congress grow a pair, remind China that we are still the world's largest economy and tell them point blank: knock off the hacking or we will start imposing a 25% tariff on all imported goods from China. The only thing that amoral country understands is money. Hit them where it hurts and they'll back off.
Oh yeah, starting a trade way is the answer. Way to go. Next...
How about we just start charging the same % tariff on their goods that they already charge on ours?
No ultimatum, just do it!
Caffeine - You're my BFF because for once, someone made mention of Congress doing something!!! Thank you, thank you! So refreshing to hear that perspective for a change and who, I might add, is more accountable in some aspects than the POTUS.
Mydogbruno - Please - gimme a break! It's a FACT that China needs our business. It wouldn't turn into a 'trade war', as you call it. The Chinese would whine, throw a fit, and then capitulate. It's a matter of 'saving face' with them. The worst that would happen is they would file a complaint with the WTC - and the WTC is only slightly more effective than the UN. Just slap a 25% tariff - or better yet: a 44% tariff (4 is the number of death to them - they freak out on it), and the Chinese would comply in about a week. The point is that we can NOT let this go without responding. And the only thing China seems to care about is money.
Caffeine Queen, might take more than a week, but they would definitely get the message, and if we do get into a trade war with China and quit selling Chinese goods - we could put to work the few million still looking for jobs - with manufacturing startups in the good ol US of A.
Lori: I am NOT a Man that attacks females, and will NOT start NOW."BUT" As a US Army VET 11B20 Combat Arms.I must inform you,that ALL of our enemies and MANY so called "friends" have what is called "INTELLIGENCE" networks.They do not NEED the media to inform them of what they ALREADY KNOW and then some.There is such a thing as Military Intelligence and Central Intelligence.BOTH work hand in hand.What you obviously believe, is what abolishing the draft has done to America.In essence" When we had the draft EVERYONE served which meant a very good connection and knowledge of military.Government, and intelligence: BOTH Civilian and Military.Its obvious that the Chinese are not ignorant.
I still remember when they found the Israeli spies here in the US. Not all civilians are naive.
The US doesn't seem to have many friends nowadays and the ones we do have are reluctant at best.
I say we send them an invoice for the amount of the debt we owe them. Call it even and tell them to @!$%# themselves. If they have a problem with that, bomb the crap out of them.
Run with this one Ben Affleck!
I can understand Iran or Iraq or North Korea or some other goober-brained country trying to do damage to our country via such activities, but I'm trying to think of a motive for the Chinese doing this. Don't they stand to lose a heck of a lot more if our banks get screwed up and our import/export abilities are in jeopardy than if they help us move forward in a mutually-beneficial trade scenario? Just asking, what's the motivation?
Expansion. China is way over crowded.
I understand why China does this. They are the next big superpower. While our government bickers and gets nothing done, and while things fall apart here, they have a single minded purpose in a country that is only growing more powerful. It is in their best interest to stay quiet now, but they are just building up their military and infrastructure till the day they don't have to be quiet anymore. I truly believe the day they are confident they are more powerful than the USA will be the day everything changes.
Expansion? Really? With all the gun owners here in the U.S.? Red rover, red rover, send China right over...lock and load America!
Where have you been? The Chinese have been on a huge buying spree here in the US for the last couple of years. They are putting the Japanese to shame with the amount of buildings and land that they have purchased.
They don't need to invade our country, they just need us to collapse so that they can have complete control of Asia.
People in Japan should be the ones really scared @!$%#less.
Without the world police around, china will start raising hell and absorbing its neighbors.
We are bound by treaty to defend Japan and South Korea but, there is no way we could afford that right now. Just look at what a couple of decades of fighting piss-ant countries in the middle east has done to the debt! China?!? Ha! That's a @!$%#ing joke! The western world is @!$%#ed.
@Boondoglez:
The Chinese government could easily muster twice as many soldiers as there are people in the United States. Do you really believe that a bunch of untrained civilians armed with small arms could take on, say, 600 million Chinese soldiers? LOL
When U.S. corporations knowingly or not, gift wrapped our technology by outsourcing manufacturing processes to the Chinese, in exchange for cheap labor and no burdensome regulations, what did you expect?
Exactly!
I always feel better knowing that Clinton gave them navigation advances they use on they re missiles.
Not to mention Bush approving the sale of the only company that made the navigation system control to the Chinese. But don't let a little fact like that get in the way.
No one could ever stop these thieves from stealing information. The only way to stop it is to start a courier services again. People are nuts to think their secure if their computers are on a internet. As long as companies continue to use the internet for their companies business they will lose. This country can only survive so much before we're the ones living in the stone age and the chinese are the number 1 country in the world.
Wake up corporate America keep your files off line. When you need a file walk over to your main frame computers and download it to another computer. Keeping all your information open to attacks and web ready is stupid. Don't keep your files open for attack. You'll lose everytime.
LOL... you said...mainframe.
Ralph, CIA is the best thief in the world, no other country comes even close, not China or Russia and not even James Bond from UK.
Bingo! The reason why we are not in an absolute uproar is because we have been doing the same to them for years. Its kind of like when we are all scared of other countries nuclear weapons when we are the only country to actually use them against our fellow man......