Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Chinese Hackers Stole U.S. Military Secrets
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
6/9/2013 | 6:25:22 AM
re: Chinese Hackers Stole U.S. Military Secrets
We the United States of America should stop toying with
these people (China). We know for a fact that its state sponsored hacking
period. We should immediately stop all trade with China. The United States government
is guilty as sin for letting any company manufacture in China. We should
manufacture all our goods ourselves and employ our own population. Yes things
are going to cost more but when one takes into consideration the total cost of
research and development that we American companies spend only to have it
stolen by them. We have the gull to send them blueprints to some of our most
important technology so they can build it for us at a cheaper cost. I know that
some will say that the technology stolen was from defense contractors not an IPhone
for example. We our defense contractors subcontract tons of that work out to
smaller companies and IGm sure some of those companies are Chinese companies masquerading
as U.S companies. I just read just recently that the IPhone is going to be used
by the DOD. The DoD will place an order for 650K iOS (AAPL) devices - 210K
iPhones, 120K iPads, 100K iPad Minis, and 200K iPod touches - following the end
of the sequester, Electronista reports. The iOS gear will reportedly be used to
replace BlackBerrys (BBRY) - the DoD currently has 470K in operation - and
would come ahead of the planned implementation of a "platform
agnostic" device policy in Feb. 2014. Electronista previously reported the
DoD had largely ended BB10 testing due to budget cuts. Heck when we send them
the blueprints to build these devices for Apple an American company. Does
anyone for one moment not believe that some of those devices wonGt have a back door
for espionage purposes? We need to quit toying with the Chinese their
intentions are to rule the world period. I for one think we should as I said previously
stop all manufacturing with China. Heck I believe we should disconnect them
from the Internet period. We have congressional hearings taking place to
determine if we the U.S should allow a Chinese company to purchase a U.S
company. The Chinese purchasers always say that if the transaction is approved
the new U.S division will be completely independent of the mother company in
China. Does anyone in their right mind really believe this? I for one sure donGt.
Still our own congressional committees give the authorization for some of these
transactions to take place. Everything in China is controlled by the Chinese government
and their goal is world domination. If we continue on this road we will be
speaking Chinese in the United States in one hundred years or less. We continue
to do this just so that some people and corporations who are already filthy wealthy
can continue to profit. Look at Apple for example they have no loyalty to no
one. They pay no taxes to any country period. We just had those hearing
recently and they have those bogus Subsidiaries in Ireland and just from the testimony
they and I say they as in Tim Cook the CEO of Apple Corporation gave. These subsidiaries
were setup just to avoid paying taxes in any country period. He concludes that
Apple pays taxes to the U.S Government via matching employee taxes and matching
Social Security taxes. Excuse me but that's b/s and its other companies with a
mindset like that which contributes to the deficit we find ourselves in. Take
Halliburton for (example) the company that profited from the wars in Iraq and Afghanistan
to the tune of billions of dollars. When it came time to pay taxes what did
they do they moved the corporate headquarters to the country of Dubai. They
have no loyalty to the United States yet the majority of their operations and employees
are based here in the United States. They want to be eligible to receive U.S
Government contracts and they want to be paid in U.S cold hard cash but they
donGt want to pay any taxes here. I for one think that should make them ineligible
to receive government contracts period. Yes I call a spade a spade but we have
to stop blowing sunshine where it doesnGt belong. This ship the United States
needs to right itself or we will sink. Charlie Meza Dallas, Texas
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
5/31/2013 | 4:47:31 AM
re: Chinese Hackers Stole U.S. Military Secrets
Who's going to pay for the security audits and the pen-testing? Even better, who's going to do them? Do we set up a Federal agency to do that or do we allow defense contractors to audit and pen-test each other? That could become a big mess very quickly. And how does one enforce the idea of fines against these contractors, or even governmental agencies? How does one put a monetary value on a data breach? Good question, no?

Something else to think about, and this brings me back to my early days in engineering school - design is iterative. So, let's say that the Chinese stole a full set of blueprints for the F-35 back in 2007. First flight was in 2006, but the system has yet to go operational (that's planned for 2015-2018, depending on branch) and is still in the design, upgrade and testing phase. How good are those sets of blueprints at this point?

What might make this report more interesting is to see what's been stolen and when - remember, security hasn't always enjoyed the limelight that it enjoys today.

Andrew Hornback
InformationWeek Contributor
User Rank: Apprentice
5/28/2013 | 6:56:07 PM
re: Chinese Hackers Stole U.S. Military Secrets
The contractors involved are obviously not doing enough to safeguard information. That is a national security issue and perhaps if contractors can't take cyber security seriously enough to safeguard the information, there ought to be enough fines and penalties in place to motivate them towards a more pragmatic approach. Further, there should be a requirement that any bidder for sensitive contracts absolutely must pass security audits and pen-testing before even they even are allowed to participate in the process.

Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-17
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
PUBLISHED: 2020-02-17
Kaseya Virtual System Administrator (VSA) 7.x before, 8.x before, 9.0 before, and 9.1 before does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setA...
PUBLISHED: 2020-02-17
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.
PUBLISHED: 2020-02-17
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privi...
PUBLISHED: 2020-02-17
SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.