Posted on 10/06/2006 4:28:44 AM PDT by John Carey
Hackers operating through Chinese Internet servers have launched a debilitating attack on the computer system of a sensitive Commerce Department bureau, forcing it to replace hundreds of workstations and block employees from regular use of the Internet for more than a month, Commerce officials said yesterday.
The attack targeted the computers of the Bureau of Industry and Security, which is responsible for controlling U.S. exports of commodities, software and technology having both commercial and military uses. The bureau has stepped up its activity in regulating trade with China in recent years as the United States increased its exports of such dual-use items to the growing Chinese market.
This marked the second time in recent months that U.S. officials confirmed that a major attack traced to China had succeeded in penetrating government computers.
"Through established security procedures, BIS discovered a targeted effort to gain access to BIS user accounts," said Commerce Department spokesman Richard Mills. "We have no evidence that BIS data has been lost or compromised."
The significance of the attacks was underscored in a series of e-mails sent to BIS employees by acting Undersecretary of Commerce Mark Foulon since July, informing them of "a number of serious threats to the integrity of our systems and data."
(Excerpt) Read more at washingtonpost.com ...
You would only have evidence if they were poor hackers.
Why hasn't the US blocked the IPs that are the source?
I wondered that a long time ago. One network admin at a school said almost all the attacks came from China or North Korea.
Just considering why in the heck, our govt information systems that control govt data are even connected to the Internet? Why aren't they on Internet2 instead? Or better yet, not at all. Keep the data in house and shared outside agency info via flash chips.
Nevermind...too easy.
Maybe the chicoms will get a good stern talking to at the un. /s
Hmmm... sounds like a good opportunity to me... let them find what you want them to find... just don’t make it obvious... and put the real info somewhere else.
Blocking an IP does no good. The attacks do not originate and continue from a single IP. Attacks are IP hopping at the source and constrained only by the IP-range assigned to a particular provider or geographical part of the globe. Also attacks can be issued globally, from thousands of IPs simultaneously, by viruses planted in computers, scheduled to go off on a particular date and time.
Here, most of our virus/spam/break-in attempts come from Asia, Russia, Africa. Unfortunately we do business with those countries (about 50% of our business is export). If I had my people block the entire IP ranges of the originating providers, or country, or area, I would be blocking business traffic from our customers, salesmen, and servicemen.
There is on occasion the ability to block a notorious IP-range, but that solution is usually afforded only to those Internet users that have limited geographical scope to their traffic.
I came in early this morning to get one of our mail servers 'up'. It appears that we received a very heavy flurry of worm attacks from Russian IPs last night.
One time we had some kid break into one of our servers and store several gigs of mp3 files. That was a long time ago and security wasn't what it is today.
However, all of that crap costs us a lot of money, both in time to prevent, time to repair, and preventative software/hardware purchases.
If we get overly aggressive with our blocking, I'll have Sales and/or Contracts depts screaming. Many people, even those that should know better, believe that an email is as reliable as a registered/signature-required document delivery.... NOT! Then they are paranoid about returning a delivery confirmation for an email!
It's not always as easy as it seems on the surface.
That's how I feel about it anyway...
Yes, I agree.
There is a reason the majority of the problems come from certain regions/providers...
Blacklist the entire range or whatever you need, then whitelist the IP's you do need. It's a pain, but security is security; layers upon layers.
Thanks,
We do that and variations of that strategy, as well as subscribing to black-lists, etc. All of that goes a long way towards ameliorating problems.
Even if the countermeasures were 100% effective, still $$$$ in unproductive money going down the toilet… on both the creating end and receiving end.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.