Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Chinese Hackers Stole U.S. Military Secrets
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
6/9/2013 | 6:25:22 AM
re: Chinese Hackers Stole U.S. Military Secrets
We the United States of America should stop toying with
these people (China). We know for a fact that its state sponsored hacking
period. We should immediately stop all trade with China. The United States government
is guilty as sin for letting any company manufacture in China. We should
manufacture all our goods ourselves and employ our own population. Yes things
are going to cost more but when one takes into consideration the total cost of
research and development that we American companies spend only to have it
stolen by them. We have the gull to send them blueprints to some of our most
important technology so they can build it for us at a cheaper cost. I know that
some will say that the technology stolen was from defense contractors not an IPhone
for example. We our defense contractors subcontract tons of that work out to
smaller companies and IGm sure some of those companies are Chinese companies masquerading
as U.S companies. I just read just recently that the IPhone is going to be used
by the DOD. The DoD will place an order for 650K iOS (AAPL) devices - 210K
iPhones, 120K iPads, 100K iPad Minis, and 200K iPod touches - following the end
of the sequester, Electronista reports. The iOS gear will reportedly be used to
replace BlackBerrys (BBRY) - the DoD currently has 470K in operation - and
would come ahead of the planned implementation of a "platform
agnostic" device policy in Feb. 2014. Electronista previously reported the
DoD had largely ended BB10 testing due to budget cuts. Heck when we send them
the blueprints to build these devices for Apple an American company. Does
anyone for one moment not believe that some of those devices wonGt have a back door
for espionage purposes? We need to quit toying with the Chinese their
intentions are to rule the world period. I for one think we should as I said previously
stop all manufacturing with China. Heck I believe we should disconnect them
from the Internet period. We have congressional hearings taking place to
determine if we the U.S should allow a Chinese company to purchase a U.S
company. The Chinese purchasers always say that if the transaction is approved
the new U.S division will be completely independent of the mother company in
China. Does anyone in their right mind really believe this? I for one sure donGt.
Still our own congressional committees give the authorization for some of these
transactions to take place. Everything in China is controlled by the Chinese government
and their goal is world domination. If we continue on this road we will be
speaking Chinese in the United States in one hundred years or less. We continue
to do this just so that some people and corporations who are already filthy wealthy
can continue to profit. Look at Apple for example they have no loyalty to no
one. They pay no taxes to any country period. We just had those hearing
recently and they have those bogus Subsidiaries in Ireland and just from the testimony
they and I say they as in Tim Cook the CEO of Apple Corporation gave. These subsidiaries
were setup just to avoid paying taxes in any country period. He concludes that
Apple pays taxes to the U.S Government via matching employee taxes and matching
Social Security taxes. Excuse me but that's b/s and its other companies with a
mindset like that which contributes to the deficit we find ourselves in. Take
Halliburton for (example) the company that profited from the wars in Iraq and Afghanistan
to the tune of billions of dollars. When it came time to pay taxes what did
they do they moved the corporate headquarters to the country of Dubai. They
have no loyalty to the United States yet the majority of their operations and employees
are based here in the United States. They want to be eligible to receive U.S
Government contracts and they want to be paid in U.S cold hard cash but they
donGt want to pay any taxes here. I for one think that should make them ineligible
to receive government contracts period. Yes I call a spade a spade but we have
to stop blowing sunshine where it doesnGt belong. This ship the United States
needs to right itself or we will sink. Charlie Meza Dallas, Texas
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
5/31/2013 | 4:47:31 AM
re: Chinese Hackers Stole U.S. Military Secrets
Who's going to pay for the security audits and the pen-testing? Even better, who's going to do them? Do we set up a Federal agency to do that or do we allow defense contractors to audit and pen-test each other? That could become a big mess very quickly. And how does one enforce the idea of fines against these contractors, or even governmental agencies? How does one put a monetary value on a data breach? Good question, no?

Something else to think about, and this brings me back to my early days in engineering school - design is iterative. So, let's say that the Chinese stole a full set of blueprints for the F-35 back in 2007. First flight was in 2006, but the system has yet to go operational (that's planned for 2015-2018, depending on branch) and is still in the design, upgrade and testing phase. How good are those sets of blueprints at this point?

What might make this report more interesting is to see what's been stolen and when - remember, security hasn't always enjoyed the limelight that it enjoys today.

Andrew Hornback
InformationWeek Contributor
User Rank: Apprentice
5/28/2013 | 6:56:07 PM
re: Chinese Hackers Stole U.S. Military Secrets
The contractors involved are obviously not doing enough to safeguard information. That is a national security issue and perhaps if contractors can't take cyber security seriously enough to safeguard the information, there ought to be enough fines and penalties in place to motivate them towards a more pragmatic approach. Further, there should be a requirement that any bidder for sensitive contracts absolutely must pass security audits and pen-testing before even they even are allowed to participate in the process.

Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-21
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver,...
PUBLISHED: 2020-10-21
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collis...
PUBLISHED: 2020-10-20
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
PUBLISHED: 2020-10-20
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
PUBLISHED: 2020-10-20
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.