Blog Archives

China + Phishing = Oakridge Breach?

China has been rumored to be behind the hacking of US infrastructure for years and now it appears they gained access to a very high profile network at Oakridge National Laboratory.

Previous news reports suggested they compromised computers and stolen information from various DoD installations, NASA networks, and various other organizations around the world.

This latest attacksounds familiar, company X is targeted and gets flooded with phishing emails then one unsuspecting user clicks the link which unlocks the door from the inside. GOTCHA! I am not sure how you say that in Chinese, but it probably sounds a lot like SCHWING!!!

Advertisements

Cyber Warfare

News reports of foreign countries hacking other foreign country’s web sites and networks has been reported as far back as 2000. It seems the frequency of these attacks has been increasing over time and I am inclined to agree with an article in the Brisbane Times suggesting China willing participates or looks the other way when these attacks are happening. I say this because China reportedly has a tremendous Internet filtering infrastructure in place, they make the covert filtering mechanisms active in the US look like the efforts of a feeble script kiddie. They know who you are, where you surf, and what you’re surfing. They don’t allow certain protocols to enter/exit the country and often times traveling users’ VPN and SSH sessions fail to operate from China.

At any rate, the Briabane Times article is here. It also makes reference to the Estonia attack and points out the damage sustained in one of these cyber attacks is more efficiently obtained and is more discreet at the onset than amassing a network of spies or deploying a battalion of tanks. The article goes on to say:

“States are starting to figure out how cyberwarfare can help them achieve their goals, espionage, economic embargo, or coercion — to cause pain to your enemies so they change their behavior,” Moran said.

Cyber warfare is now a common pursuit among most states, said Bruce Schneier, who has written books on the subject. “Everybody does it,” he said.

Moreover, government networks are plagued with “lousy security” arrangements, he said. And as government information networks become more complex, the networks become increasingly vulnerable.

“Complexity is the worst enemy of security,” Schneier said.