New fears over Chinese espionage grip Washington
Source: The Hill
BY MORGAN CHALFANT - 06/24/18 05:37 PM EDT
Fresh concerns over Chinese espionage are gripping Washington as lawmakers fear Beijing is gaining sensitive details on U.S. technologies.
Lawmakers are scrutinizing the Pentagon over its efforts to keep military secrets safe from hackers, after Chinese actors allegedly breached a Navy contractors computer and collected data on submarine technology.
U.S. officials stepped up warnings that China regularly steals American intellectual property and technology, through cyberattacks and other means allegations Beijing denies.
The issue took center stage at a congressional hearing Thursday, as lawmakers on the House Armed Services Committee pressed Trump administration officials on their efforts to protect U.S. military assets from Chinese spies.
Read more: http://thehill.com/policy/cybersecurity/393741-new-fears-over-chinese-espionage-grip-washington
If you google Chinese hack contractors computers.............the first hit is this:
https://www.washingtonpost.com/world/national-security/china-hacked-a-navy-contractor-and-secured-a-trove-of-highly-sensitive-
And after you read this............."The data stolen was of a highly sensitive nature despite being housed on the contractors unclassified network. The officials said the material, when aggregated, could be considered classified, a fact that raises concerns about the Navys ability to oversee contractors tasked with developing cutting-edge weapons.'
I want to know why his computer was on a "unclassified network".......................this is bull shit
mr_lebowski
(33,643 posts)Scarsdale
(9,426 posts)The Chinese had better donate lots of YEN to the gop, RNC. Then this will be glossed over. They should know by now that money is the only thing that motivates this government. All the millionaires in the gop need lots of cash in order to do their jobs.
LuckyLib
(6,822 posts)This is a given. And even before the cyber world, China has appropriated ideas, technology, and the written word. The level of penetration into secure sites is astounding. And evidently the North Koreans are in the same league. Meanwhile, back at the ranch, Trump has the nation spinning in circles as he manages the daily news cycles by creating one announcement and one crisis after another.
dalton99a
(81,708 posts)revived by the Orange Peril himself
psychopomp
(4,668 posts)by stealing US tech secrets? The CCP wants all the data on all of our most mission-critical weapons programs. The CCP navy just deployed "rail guns," though it remains to be seen whether they work. We're not talking about "Chinese," but rather the CCP.
Crutchez_CuiBono
(7,725 posts)Scarsdale
(9,426 posts)do SOMETHING with all that taxpayer money. The military budget increases practically on a yearly basis, in order for the US to have "the best trained military in the world" Buying obsolete planes and weapons can only waste so much. Outside contracts for friends of the gop are a steady source of "donations". Look how well Halliburton and all the subsidiaries did under the Cheney administration. Ol' Dickless did well for himself, too.
Crutchez_CuiBono
(7,725 posts)Stop being an asshole dt.
JustABozoOnThisBus
(23,384 posts)Should the contractors be stopped from using contractors?
Crutchez_CuiBono
(7,725 posts)How many more do we need?
JustABozoOnThisBus
(23,384 posts)and get parts to maintain the current equipment.
All of which the military buys from suppliers, contractors. It's difficult to keep designs secret when so many are involved.
elmac
(4,642 posts)fascist usa is afraid of china now, let me see if I give a shit, nope, I don't
JustABozoOnThisBus
(23,384 posts)China is appropriating the South China Sea, by building military bases on little atolls. Their expansion is affecting fishing, mineral rights in the area.
https://en.wikipedia.org/wiki/Territorial_disputes_in_the_South_China_Sea
IthinkThereforeIAM
(3,078 posts)... on my home computers. It would tell me who is pinging my computer, hoping to get a response (See Gibson Research [link:https://www.grc.com/x/ne.dll?bh0bkyd2| ).
The software would list which ISP's were pinging me; using a trace route program I found that on any given evening, 75% of the pings originated in China.
As I recall, that contractor mentioned above, did NOT have the proper security software running on their system/network, no firewall was operating.
24601
(3,967 posts)think of a power company, they will normally have a Supervisory Control and Data Acquisition (SCADA) network for running the power generating equipment. Then they will have a separate administrative/business network for supporting functions like personnel management, payroll, logistics, etc. While the admin network will connect to the internet, the ops network should be isolated.
The military is mostly on three networks. The primary command and control network goes up to SECRET. There are TOP SECRET networks, usually accredited for compartmented intelligence or Special Access Programs. Their largest network is unclassified and connects to the internet.
Most defense contractors are building stuff. They don't exercise command and control or conduct operations. That a compilation could be classified doesn't mean that an original or derivative classifier has evaluated it and applied classification. That also is an inherently governmental function and contractors can't just classify information. The terms of each contract specify what clearance and accesses are required. Contractors can't just decide to have clearances, classified work spaces or classified networks. It has to be authorized and accredited by a government sponsor.
If a compilation of unclassified information would be classified, it need to be documented in the program's security classification guide. Sometimes there are bonehead cross domain violations - for example someone connecting a classified computer to the internet to download software updates. The far bigger problem is people putting classified information onto an unclassified computer.
KY_EnviroGuy
(14,502 posts)KPN
(15,679 posts)24601
(3,967 posts)adequate safeguards built in. Are there firewalls, does it require strong passwords, if someone is coming in from an unknown IP, is there two-factor authentication? Does the email disable embedded URLs? Are patches and OS updates current, especially anti-virus signatures.
But the second thing is all about people making it a priority and reducing human error. Most of the time, those come from users as opposed to the IT staff.
As an outlier, The Clinton campaign hack included two human errors. The anomaly was that one of those mistakes was from IT. John Podesta received an email saying he needed to change his password. He asked IT if it was legitimate and the tech said it was. JP clicked on the link provided and changed his password. It was really a spearphishing email and the link took him to a fake site where thought he was changing his password. When is input his current password, the hackers had it, immediately logged into his real account and copied everything.
Human Error #1: IT misspoke - a mistake, not a lie, that it was legitimate. #2 was that JP just clicked on the included link rather than either putting it in manually or following the email application.
Other common user mistakes include uploading (or typing) information not authorized on the system (e.g. any classified on an UNCLASSIFIED system, TOP SECRET on a SECRET system, US only info on a coalition system). People plug in a USB devices or load disks without first scanning them. Users open attachments (that have fro unknown senders. It's also a poor practice to send stuff to people that just don't need it. Are users trained to safeguard classified or sensitive unclassified information & does the organization's culture reinforce following the rules?
Not everything is bad news. I'm kind of nerdy and a year ago I was watching C-Span where Commander of the US Cyber Command was speaking to a cybersecurity conference. He said something like the most progress he had seen was that (finally), senior leaders wouldn't spend the first half of meetings arguing that cybersecurity was the IT guys problem. A culture that accepts cybersecurity as somebody else's job invites failure.
That's some of the the bigger stuff but doesn't come close to covering everything.
Achilleaze
(15,543 posts)Brewh
(13 posts)''Spies for Hire: The Secret World of Intelligence Outsourcing''
book came out about 10 years ago, apparently nothing has changed for the better since then.
=
Duppers
(28,134 posts)As much as they can. When they can't steal it, they've been buying it.
Calling for a moratorium is the only good thing the treasonous idiot-in-chief has done.
"Treasury is crafting rules that would block firms with at least 25% Chinese ownership from buying companies involved in industrially significant technology"
https://www.wsj.com/articles/trump-plans-new-curbs-on-chinese-investment-tech-exports-to-china-1529883988