U.S. Brands China as Largest Cyberspace Threat

Status
Not open for further replies.

freggo

Distinguished
Nov 22, 2008
778
0
18,930
The problem is not so much the Chinese Hackers then the fact that the systems being hacked are insecure by design.

If you leave the bank vault open over night, do not complain the next morning that the citizens are dishonest :)

Let's face it, the Internet is some 40 years old and was never designed for the volume and usage types we put on it. This thing simply needs a MAJOR overhaul.
 

greghome

Distinguished
Dec 30, 2009
24
0
18,570
Thing is, with China rising in power, It will become a threat to the US in just about all matters...except for Nuclear Arms of course......Russia still has far more nukes than China, France and Britain combined :)
 

nhat11

Distinguished
Aug 15, 2009
34
0
18,580
[citation][nom]freggo[/nom]The problem is not so much the Chinese Hackers then the fact that the systems being hacked are insecure by design.If you leave the bank vault open over night, do not complain the next morning that the citizens are dishonest :)Let's face it, the Internet is some 40 years old and was never designed for the volume and usage types we put on it. This thing simply needs a MAJOR overhaul.[/citation]

lol ok, a bank vault is a bad analogy.

Yea its easy to say what you just say that but every programmer's logic is different so there's always going to be a few loopholes somewhere.

Also getting to an entrance of a bank vault takes a while to get if you're half way around the world.
 

nhat11

Distinguished
Aug 15, 2009
34
0
18,580
[citation][nom]freggo[/nom]The problem is not so much the Chinese Hackers then the fact that the systems being hacked are insecure by design.If you leave the bank vault open over night, do not complain the next morning that the citizens are dishonest :)Let's face it, the Internet is some 40 years old and was never designed for the volume and usage types we put on it. This thing simply needs a MAJOR overhaul.Also if a bank vault is open, I can [/citation]

Also the issues are chinese hackers. If a bank vault is open, it won't be the chinese taking the money.
 

static1120

Honorable
Mar 27, 2012
8
0
10,510
If you leave the bank vault open over night, do not complain the next morning that the citizens are dishonest :)

I believe he refers to leaving servers or workstations with default user name and passwords
 
G

Guest

Guest
good thing they don't hold millions of our Treasury bonds! what's that? they do? hmm....carry on
 

scook9

Distinguished
Oct 16, 2008
245
0
18,830
[citation][nom]freggo[/nom]The problem is not so much the Chinese Hackers then the fact that the systems being hacked are insecure by design.If you leave the bank vault open over night, do not complain the next morning that the citizens are dishonest :)Let's face it, the Internet is some 40 years old and was never designed for the volume and usage types we put on it. This thing simply needs a MAJOR overhaul.[/citation]
You obviously do not work in Cyber Security. I do, so I will educate you some.

Anyone who works in Cyber Security (and does not have their head in the sand) acknowledges that NO system is impossible to break into. This is a fact, and has been proven time and time again. If it is attached to a network, it can be broken into.

If you have a system that is really that important, air gap it. That way you only have to worry about insider threats....which are still a concern.

The goal of cyber security tools today (real tools, not just the firewalls thrown up to stop idiots) is to minimize the time that threat actors have inside your environment once they have broken in. The less time they have inside you network, the less damage they can do and the less data they can steal. I recommend you google the term kill-chain in regards to IT security and read some on the topic.

The TL;DR is this, anything can be hacked, it is how efficiently you respond that matters.
 
G

Guest

Guest
LOL, the "internet" needs to be overhauled? What's your next analysis, that it's all a series of tubes? The "internet" has nothing to do with it, since the "internet" is nothing more than a conduit for transmission. The problem is the systems attached "at the end" of the internet, meaning your computer, my computer, the compuers in area 51, whatever. I wouldnt be surprised to find top secret government computers running XP SP2 with Acrobat 6.0, Internet Explorer 6.0, Norton antivirus 2.0, and half a dozen random tray icons and toolbars installed. Hell I work for IT in a multi-billion dollar BANK and see this shit every day. Just ridiculously outdated systems with employees happily clicking buttons on anything they want, with someones entire personal account on the other screen, totally unmasked and unencrypted. Heck, we dont usually get notified of viruses on these systems till 1-2 weeks after infection, by the time it filters it's way to our department.

I'm sure all the chinese have to do is some basic ip/port scanning, and then try to connect to default services like remote desktop/VNC and presto, they're in lol.
 

thecolorblue

Honorable
Jun 5, 2012
167
0
10,630
usa is doing exactly the same thing. the us is a terrorist nation by its own internal definition... under obama's watch... not to exclude the repubs either.

sad and lame and americans arecompletely clueless to this... the corporate media propaganda machine works well.
 

velosteraptor

Honorable
Jul 20, 2012
14
0
10,560
step 1. America borrows billions from china.
step 2. Chinese hackers steal it back
step 3. America borrows more money
step 4. 'merica
 

TeraMedia

Distinguished
Jan 26, 2006
185
0
18,630
Revised subtitle:
China increasingly targeting U.S military computers and defense contractors

None of you are touching on the subject of economic warfare, which China has been engaged in for a few decades now.
Concept 1: The Chinese Government IS Chinese industry. It IS Chinese business. They are one and the same.
Concept 2: Engaging in economic warfare is a perfectly acceptable and legitimate way to gain a practical advantage over your economic competitors.

Based on those concepts, the thought that the Chinese government would have ANY interest - other than an extremely strong self-serving interest - in prosecuting a Chinese company for stealing IP from a western company is laughable. Why would they? They go through the motions, and put on a show of trying to protect foreign business interests, but they more likely would prefer those interests be acquired by Chinese companies.
Active participation in IP theft, systems intrusion, etc. are simply other facets of this e-war.

The scary question for me is, "what will bring about the end of this war?"
 

TeraMedia

Distinguished
Jan 26, 2006
185
0
18,630
For those of you talking about a bank vault, here's a different analogy:

Imagine the movie "Aliens" if you will. Now imagine that each alien is a government-sponsored Chinese hacker trying to get into your system, and the room with the surviving humans in it is your system, with each human representing a piece of valuable data, or the integrity of a server, or something else you don't want hacked.

In the end, the fact that you might have "closed the door to the bank vault" really isn't going to matter very much. And the fact that your government issues a stern statement condemning the acts of the aliens isn't going to matter that much either.
 

robochump

Distinguished
Sep 16, 2010
350
0
18,930
[citation][nom]velosteraptor[/nom]step 1. America borrows billions from china.step 2. Chinese hackers steal it backstep 3. America borrows more moneystep 4. 'merica[/citation]

Why do you think China is #2 economy in the World? Because China Gov't buys US debt so its a scratch my back and I will scratch your back deal. I just wish US companies would send more manufacturing jobs to Mexico and Canada but damn those Asian countries can do it very well for so little!
 

booyaah

Distinguished
Mar 17, 2006
18
0
18,560
I agree with the premise from above...the Chinese are simply going after the low hanging fruit, the insecurely designed systems, but I really doubt they can get into well protected systems. At my company we have all our confidential IP data servers sitting behind a separate internal firewall, you can't even see them by even if you are already inside the network.

All the ports are disabled, with the exception of very few that are white listed specifically to allow a few core applications to pass through. One is for general client connectivity using some authentication client software. In order to authenticate you must enter a user password and a randomized 30 second changing password which is coming off a RSA keyfob the user carries with them. The connections are logged and rules will alert admins of suspicious login attempts.

I'm pretty sure the firewall is run on high end Cisco hardware...definitely not Huwaei, so no back doors exist into the firewall. The admins are on their game and keep the firmware/OS/Applications patched up. The IP can't be from outside the US, but we all know that can be easily gotten around using a proxy or hijacking someone's machine. So besides social engineering or internal threats, there's pretty much no way a Chinese B-rate hacker is getting into these servers.

Even if they did get through the 2nd firewall, then they have to figure out to get root access to the OS or some of the applications which I would argue is not trivial either since they are encrypted and we use authorized CA and not self-signed certs when presenting the application logins.

I guess if you gave the best hackers in the world a few years of constantly going at it, they might eventually get lucky and find a way though the multiple layers security, but networks like PSN basically did 'leave the vault door open' for hackers.
 
Status
Not open for further replies.