Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Chinese Hackers Stole U.S. Military Secrets
Newest First  |  Oldest First  |  Threaded View
chale
50%
50%
chale,
User Rank: Apprentice
6/9/2013 | 6:25:22 AM
re: Chinese Hackers Stole U.S. Military Secrets
We the United States of America should stop toying with
these people (China). We know for a fact that its state sponsored hacking
period. We should immediately stop all trade with China. The United States government
is guilty as sin for letting any company manufacture in China. We should
manufacture all our goods ourselves and employ our own population. Yes things
are going to cost more but when one takes into consideration the total cost of
research and development that we American companies spend only to have it
stolen by them. We have the gull to send them blueprints to some of our most
important technology so they can build it for us at a cheaper cost. I know that
some will say that the technology stolen was from defense contractors not an IPhone
for example. We our defense contractors subcontract tons of that work out to
smaller companies and IGm sure some of those companies are Chinese companies masquerading
as U.S companies. I just read just recently that the IPhone is going to be used
by the DOD. The DoD will place an order for 650K iOS (AAPL) devices - 210K
iPhones, 120K iPads, 100K iPad Minis, and 200K iPod touches - following the end
of the sequester, Electronista reports. The iOS gear will reportedly be used to
replace BlackBerrys (BBRY) - the DoD currently has 470K in operation - and
would come ahead of the planned implementation of a "platform
agnostic" device policy in Feb. 2014. Electronista previously reported the
DoD had largely ended BB10 testing due to budget cuts. Heck when we send them
the blueprints to build these devices for Apple an American company. Does
anyone for one moment not believe that some of those devices wonGt have a back door
for espionage purposes? We need to quit toying with the Chinese their
intentions are to rule the world period. I for one think we should as I said previously
stop all manufacturing with China. Heck I believe we should disconnect them
from the Internet period. We have congressional hearings taking place to
determine if we the U.S should allow a Chinese company to purchase a U.S
company. The Chinese purchasers always say that if the transaction is approved
the new U.S division will be completely independent of the mother company in
China. Does anyone in their right mind really believe this? I for one sure donGt.
Still our own congressional committees give the authorization for some of these
transactions to take place. Everything in China is controlled by the Chinese government
and their goal is world domination. If we continue on this road we will be
speaking Chinese in the United States in one hundred years or less. We continue
to do this just so that some people and corporations who are already filthy wealthy
can continue to profit. Look at Apple for example they have no loyalty to no
one. They pay no taxes to any country period. We just had those hearing
recently and they have those bogus Subsidiaries in Ireland and just from the testimony
they and I say they as in Tim Cook the CEO of Apple Corporation gave. These subsidiaries
were setup just to avoid paying taxes in any country period. He concludes that
Apple pays taxes to the U.S Government via matching employee taxes and matching
Social Security taxes. Excuse me but that's b/s and its other companies with a
mindset like that which contributes to the deficit we find ourselves in. Take
Halliburton for (example) the company that profited from the wars in Iraq and Afghanistan
to the tune of billions of dollars. When it came time to pay taxes what did
they do they moved the corporate headquarters to the country of Dubai. They
have no loyalty to the United States yet the majority of their operations and employees
are based here in the United States. They want to be eligible to receive U.S
Government contracts and they want to be paid in U.S cold hard cash but they
donGt want to pay any taxes here. I for one think that should make them ineligible
to receive government contracts period. Yes I call a spade a spade but we have
to stop blowing sunshine where it doesnGt belong. This ship the United States
needs to right itself or we will sink. Charlie Meza Dallas, Texas
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
5/31/2013 | 4:47:31 AM
re: Chinese Hackers Stole U.S. Military Secrets
Who's going to pay for the security audits and the pen-testing? Even better, who's going to do them? Do we set up a Federal agency to do that or do we allow defense contractors to audit and pen-test each other? That could become a big mess very quickly. And how does one enforce the idea of fines against these contractors, or even governmental agencies? How does one put a monetary value on a data breach? Good question, no?

Something else to think about, and this brings me back to my early days in engineering school - design is iterative. So, let's say that the Chinese stole a full set of blueprints for the F-35 back in 2007. First flight was in 2006, but the system has yet to go operational (that's planned for 2015-2018, depending on branch) and is still in the design, upgrade and testing phase. How good are those sets of blueprints at this point?

What might make this report more interesting is to see what's been stolen and when - remember, security hasn't always enjoyed the limelight that it enjoys today.

Andrew Hornback
InformationWeek Contributor
Major_Pita
50%
50%
Major_Pita,
User Rank: Apprentice
5/28/2013 | 6:56:07 PM
re: Chinese Hackers Stole U.S. Military Secrets
The contractors involved are obviously not doing enough to safeguard information. That is a national security issue and perhaps if contractors can't take cyber security seriously enough to safeguard the information, there ought to be enough fines and penalties in place to motivate them towards a more pragmatic approach. Further, there should be a requirement that any bidder for sensitive contracts absolutely must pass security audits and pen-testing before even they even are allowed to participate in the process.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8015
PUBLISHED: 2020-04-02
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
CVE-2020-1927
PUBLISHED: 2020-04-02
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2020-8144
PUBLISHED: 2020-04-01
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware u...
CVE-2020-8145
PUBLISHED: 2020-04-01
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup� and “wizard� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP ...
CVE-2020-8146
PUBLISHED: 2020-04-01
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the win...