Posted on 02/17/2007 10:45:50 PM PST by Windcatcher
Look for Part III in the series, on China, tomorrow morning.
Cheers!
It's actually good for us to have these kind of attacks going on. Teaches us to better defend our networks and keeps the DoD's cowboys well-trained and on their toes.
You would think we would create a private web for some of the vulnerable systems. That way users would have to be part of the system. I'm no expert....it's just a thought.
Well, yeah. As long as they aren't sucessful.
I would suggest sending 50 container ships back to China with their cargo everytime they attempt to hack into our computers.
And that too.
Absolutely. Better now than after the shooting starts.
I'll show this to my "smart guy"
I guess I'm not too worried about that. I can't imagine that the DoD keeps anything too valuable attached to a computer network.
So the Chinese are just wasting their time?
Political sites are also probed and copied in Chinese attacks. Then the Chinese use the political information to complain against our USA at UN meetings. I've monitored such attacks in the past. Chinese techs. also use bots (spiders, crawlers,...) to gather e-mail addresses, then spam them.
Those efforts, IMO, are mostly for the purpose of pushing US political site admins. to block Chinese zones for the purpose of walling our part of the Net from Chinese civilians. I encourage civilian admins. here to keep those IP zones (first octets) open. Our US Defense and other sensitive facility admins., though, should probably block them.
*BUMP*!
Ping. You probably already knew this.
The sensitive ones are already on complete, separate secure networks. No connection to the Internet whatsoever. Still not immune from inside attack but at least the intruder will have to be someone you know and can lay hands on as opposed to a PRC-financed, directed, and supervised cell in China.
What we are dealing with in these hacking attacks are Defense Department networks that have been deliberately provided access to the Internet for all of the convenience it provides. By doing this, the government doesnot have to duplicate all of the communication infrastructure that already exists in the Internet. In addition, there is a lot of open source material on the Internet that the government wants easy access to. In a way, it is sort of like connecting to the public telephone system or using wireless networks. They are open systems anyone, including those with malicious intent, can connect to. Protection against these types of intrusion comes from the security measures you adopt at the threshold of your computer/network-to-Internet connection point and the layers of defense you put up around the more sensitive parts of your system and the data stored on it.
Unfortunately, most of the government is wedded (welded might be a better term) to the Microsoft family of operating systems and the applications based on it. This is a fork in the government computing and network deployment road taken nearly 25 years ago. Like it or not, until the government concludes it really needs something better and someone will build it for them, the compelling massiveness of the government's use of Microsoft's systems is going to dictate its use by a lot of commercial companies and private users (including yours truly). In the mean time, it will continue to provide a lot of opportunity for hacking attacks due to the numerous and severe flaws in its security.
(At this point, I invite the Apple users to remind us, ONE MORE TIME, of the vastly superior security of the Apple family of operating systems. Right after that, they can explain why Apple computers have to continue to cost so much more than PCs. (Outside of pure greed, that is.))
Would sending these hackers a 10 terabyte message filled with gibberish slow their computers and hacking efforts down?
The really frustrating thing about this is that most of these PLA hackers were trained in computer science/engineering programs in American universities under international student exchange programs during the Clinton years. Now, these American-trained ChiCom hackers are in the PLA and are turning their training against us in cyberspace.
I'm struck by the fact that attempting to hack into Chinese servers would land someone in jail here, yet they are apparently free to wage their undeclared war on us without the slightest peep from our government. We still sleepily buy their goods, enriching their war machine which is day by day attempting to catch up to us (and they know how much they have to catch up because of the information they're stealing). And yet we just keep enriching them, while it's as clear as day that these people mean us harm.And we allow them to come over here and attend our colleges, then take the technology and science they've learned back to China. In my opinion, there ought to be an acceptable level of "cyber behavior" that every country that wants to be on the Internet must meet. Failure to have and enforce adequate laws against this sort of activity (or outright sponsoring of it) should result in immediate disconnection of your connections to the rest of the world.
Probably not.
That would be a form of denial of service attack and the countermove is just to stop receiving packets from your Internet address (which is part of each packet). Not to mention, I think it is a federal crime to launch such an attack from US soil.
Probable outcomes:
- Jam your own computer (do you realize how long it would take to SEND a 10 terabyte message? If my math is correct, at say, 1MB/s, it's 10 million seconds or about 115 days!),
- Really, really annoy your ISP, and, lastly,
- Get a visit from the Feds.
From some classes and discussions I have had over the years with Internet security people dealing with these issues, you get the feeling we (the US government and specifically, DoD) are gaining valuable insight into enemy operations by letting these attacks occur, learning how to recognize their onset and defeat/mitigate them, and making US systems more secure against attack from any quarter by making the general on-line population improve their security practices. (Remember, whose fault is it if you or your organization has poor information assurance and data security/recovery practices? Clue: not the attackers.)
Personally, I'd say it is the Chinese who need to worry about what we will do to them if a cyberwar comes. Just how competent are they to defend against continuing attacks on the same scale, magnitude, and sophistication as the attacks we are now having to routinely deal with? Not to mention dealing with all the stuff we are cooking up on our own. They are showing us their approaches, techniques and tactics, I doubt we are showing them much of ours.
But, I could be wrong. Time will tell.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.