Posted on 11/24/2005 12:30:04 PM PST by billorites
Security experts have revealed tantalising details about a group of Chinese hackers who are suspected of launching intelligence gathering attacks against the US government.
The hackers, who are believed to be based in the Chinese province of Guangdong, are thought to have stolen US military secrets, including aviation specifications and flight-planning software.
The US government has coined the term 'Titan Rain' to describe the hackers.
Alan Paller, director of the SANS Institute, said: "From the Redstone Arsenal, home to the Army Aviation and Missile Command, the attackers grabbed specs for the aviation mission-planning system for Army helicopters, as well as Falconview 3.2, the flight-planning software used by the Army and Air Force."
The team is thought to consist of 20 hackers. Paller claimed the Chinese government was the most likely recipient of the information they intercepted.
He told an event at the Department of Trade and Industry on Tuesday: "Of course it's the government. Governments will pay anything for control of other governments' computers. All governments will pay anything. It's so much better than tapping a phone."
Titan Rain first came to public attention this summer, when the Washington Post reported that websites in China were being used to target computer networks in the Defense Department and other US agencies.
Time later reported that Titan Rain had been counter-hacked by a US security expert called Shawn Carpenter.
The attacks, which are ongoing, were particularly effective on the night of 1 November, 2004, said Paller, who outlined how the hackers first scanned then broke into US government computers.
At 22:23(PST) the Titan Rain hackers exploited vulnerabilities at the US Army Information Systems Engineering Command at Fort Huachuca, Arizona. A few hours later, at 01:19(PST), they exploited the same hole in computers at the Defense Information Systems Agency in Arlington, Virginia.
By 03:25(PST) they had hit the Naval Ocean Systems Center, a Defense Department installation in San Diego, California. Then at 04:46(PST) they struck again - this time at the United States Army Space and Strategic Defense installation in Huntsville, Alabama.
The UK is also under intelligence-gathering cyber attack from the far east, according to the National Infrastructure Security Co-ordination Centre (NISCC). The government body cannot name the countries concerned as this may "ruin diplomatic efforts to halt the attacks", NISCC director Roger Cummings said on Tuesday.
Then again, one 10 Kt nuke 25K feet over Manchuria and...only kidding.
5.56mm
Running Win98se. Can I close port 139, and if so, how?
They aren't.
"Running Win98se. Can I close port 139, and if so, how?"
I really have no idea about that. I am running XP and there are no services attached to 139 on my machine (I checked this by having my program try to open a server socket on it - which it was able to do) Is there a program on your machine that is using 139? What? Anyways, you should go to ShieldsUp (https://www.grc.com/x/ne.dll?bh0bkyd2) and have it scan the ports on your machine. Click on "proceed" and then click on "all service ports." What is the result?
Thanks. I went to ShieldsUp via your earlier post. The result showed port 139 open. I couldn't see any indication on that site of how to close it. Guess I'll have to do further research for an answer.
Yeah, you should definitely check this out. It could be a legitimate service running on that port but it could also very well be a virus. Do some searches on Google using "port 139" and "virus" or "maleware", etc. If you determine that you have a virus/malware then you can go to
http://www.bleepingcomputer.com/forums/How_to_remove_a_Trojan_Virus_Worms_or_other_Malware-tut101.html
for instructions on how to remove it. The autoruns program is nice since you can run it in regular mode (i.e. not safe mode) while connected to the internet and go through the names of all the programs on your system that are set to start up automatically (this is what viruses/maleware usually do) and then search for them on internet to determine if they are potentially bad. Once you are sure a program is bad you can restart in safe mode and remove it via the autoruns program. Be careful not to remove good programs however as this might screw things up (keep a list of what you remove so that if you have problems you will know what the cause is...however, I have no idea how to put things back once they are removed though I assume it must be possible.)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.