Three major campaigns from 3 different Chinese groups are keeping US defenders busy.
See full article...
See full article...
Multiple Chinese APTs establish major beachheads inside US infrastructure
- Thread starter JournalBot
- Start date
Which means they're almost assuredly true.
Reports like this make me wonder if the US was actually on to something when they banned Huawei equipment from US telecom systems.
Upvote
229
(239
/
-10)
Maybe the NSA should spend a little less effort buying personal data on Americans, and a little more countering hacking attempts by rival powers.
Upvote
180
(210
/
-30)
Maybe print this out to reflect on in the future by candlelight when your power is out and your water is contaminated
Upvote
227
(236
/
-9)
The US has leaned way too hard into offshoring the manufacturing of so many things it relies on for national security. Heck, not even national security... COVID showed us that relying on even basic things like medical supplies, cloth masks, and PPE only for them to be taking the slow boat from China is not really a good thing. We had issues getting those most basic of things during a peacetime pandemic; imagine if there actually was a war that started with China. Our country is still playing catchup on domestic manufacturing, and likely will be for another 5-10 years, if not longer. A military conflict with them would absolutely, 100% bring our economy to a crashing halt as everything from consumer goods, cars, business technology, and raw materials suddenly get cutoff.
This isn't a matter of "because Cheye-NA" (like the mandarin menace loves the pronounce it), it's more a matter of self-sufficiency and strengthening ourselves against a global economy that is all-too-easily thrown off balance for any number of reasons.
Upvote
188
(196
/
-8)
Yeah, its propaganda for how good China's hacking capabilities are.
I work in the industry. Clients will ask what happens if China or Russia tries to hack them. I tell them they'll get hacked.
I don't envy the security teams trying to protect this type of infrastructure. I'd never sleep.
Upvote
175
(177
/
-2)
Trying and failing apparently. But I imagine it's in large part because the people that are actually good at it are few and far between. Plus, they never invest enough money into security.
Upvote
62
(63
/
-1)
You need to get data in and out of the air gapped machine somehow.
Upvote
84
(88
/
-4)
Let's be honest here. Off shoring is mostly here to stay in pretty much all cheaper/older/non automated production lines. The corporations aren't gonna do jack shit unless they're given billion dollar hand outs from the government that can makes it profitable.
Upvote
67
(70
/
-3)
Upvote
70
(71
/
-1)
Ignus Fast
Ars Centurion
Not via a machine-to-machine direct connection/network, though. An air-gapped machine is supposed to be physical access ONLY, with any data movement being done manually.
Upvote
27
(39
/
-12)
How hard is it to understand a usb/hard drive that connects (plugged into) to a airgapped device?
Even air gapped devices needs updates and maintenance from software that doesn't exist on it's internal storage.
Upvote
69
(82
/
-13)
Statistical
Ars Legatus Legionis
When are we going to start treating China like the openly hostile adversary it is?
Upvote
96
(113
/
-17)
100% If you're specifically targeted by a well-resourced adversary, you'll be compromised. If state-sponsored action is part of your threat model, then you have to design your procedures for resiliency in the face of compromise, limiting horizontal spread, compartmentalization of sensitive information, etc. Unfortunately, commercial systems really aren't designed to work that way, and even if you can set them up that way technically, company processes almost certainly not going to support the inherent inefficiency and inconvenience.
Depressingly enough, I happened to run across an email message in my archive last week that was part of a discussion of the limits of traffic analysis and signature-based systems and the need to move to user behavior profiling and anomaly detection to get ahead of evolving threats. The date on that email: 1999.
Upvote
116
(116
/
0)
I'm not an economics major or anything, so my viewpoint is rather limited, but as a layperson, why can't it be that companies who choose to offshore manufacturing and whatnot because it saves them money be financially penalized the same amount they are saving? If the labor, parts, materials, equipment, and whatnot to make a widget exists here in the US, but instead the company chooses to manufacture that same widget overseas because the cost of labor is pennies on the dollar, then that company should pay the difference. Otherwise, we're permanently locked into our nearly half-century long trade deficit with a weakening dollar and major disadvantage for wartime & peacetime logistics of basic consumer goods.
Again, I'm just a flat-brow layman. There's a lot I don't know about the underbelly of the beast, and even more that I don't know that I don't know. It just seems like our current way of doing things is just going further down a path where we continue to be on the defensive when it comes our own economic stability.
Upvote
32
(51
/
-19)
Was listening to a podcast, where they were discussing the Microsoft hack, apparently they are two tier of accounts for customers, premium one which keeps logs and normal one which doesn't keep logs,
the hack was discovered because of the premium account which kept logs, meaning if all accounts had kept logs maybe the hack could have been discovered earlier but the logs where behind a paywall, apparently Microsoft now they are going to change this policy.
the hack was discovered because of the premium account which kept logs, meaning if all accounts had kept logs maybe the hack could have been discovered earlier but the logs where behind a paywall, apparently Microsoft now they are going to change this policy.
Upvote
6
(14
/
-8)
Oh, come on. It won't be HIS power that goes out... will it? ;-)
Upvote
41
(44
/
-3)
Of course the US was on to something. If the US managed to spy on others using unwilling or at least unwitting companies. Just imagine how China could spy on the US using more than willing accomplices. The measure was probably proactive, not because there was evidence that Huawei was going to spy on them but because the likelyhood was just too high for comfort. Didn't hurt that they could shoot a competitor in both feet either.
Upvote
46
(49
/
-3)
They've been moving away from Russia as of late. I believe they moved data centers to Switzerland a few years ago, and have transparency centers where their code is available for inspection by local governments. They've traditionally identified hacking groups from China so its not a change in behavior.
Upvote
90
(90
/
0)
Statistical
Ars Legatus Legionis
Kaspersky has never been friendly towards Chinese authorities the issue was being cozy with another totalitarian government a bit further north west of Beijing.
Upvote
78
(80
/
-2)
They won't be penalized, because they are going to spend a lot of money on lobbying and compaign contribution to make sure that their offshoring efforts stay profitable.
That's how the system works
Upvote
59
(60
/
-1)
USB/Portable Drives are generally not considered a "machine" in instances like this.
Upvote
4
(9
/
-5)
Assuming what you're claiming is true, you're also claiming there's nothing to worry about. That's a stupid take.
Upvote
66
(70
/
-4)
Upvote
8
(10
/
-2)
Why don't we do more protectionist tariffs? Because everyone not in the 1% would lose their shit. The savings in many cases isn't 10-20% or anything like that. The savings, especially for items with high manual labor requirements, is on the order of 80-90% coat reduction by off shoring.
You may have heard of this one topic getting a fair bit of news coverage the last 2 years or so; inflation. The 5-15% inflation we've seen (varies by sector and specific product) over those years has been devastating for many lower income folks. Now consider that instead of those moderate numbers, we had cost increases of 200-300%. (Tools, cookware, clothing, locks, electronics, phones, luggage, furniture). And this assumes we even make comparable items here, which is bot the case quite often (like phones)
Now, to be fair, there are some US made products that aren't that much more expensive, more on the order of 25%-50%. (Lawnmowers, air-conditioners), but even there, the sticker shock
The good news would be that it wouldn't be as huge for food and energy.
I was never a huge fan of H Ross Perot, but he was dead right about "that giant sucking sound", as US manufacturing was hamstrung during the 90s (Bush Sr and Clinton take the blame here) with things like giving China "most favored nation" trade status.
I don't have any answers, just grumbles and complaints, which I realize doesn't really help. Sorry about that.
Upvote
98
(101
/
-3)
China’s using the word propaganda as if it means false, but all it really means is ‘information released to support a particular point of view.’ A related word is propagate, as in spread. By definition, propaganda is biased. For it to work, the core idea should be in some way true, regardless of biases.
Upvote
29
(32
/
-3)
Wheels Of Confusion
Ars Legatus Legionis
Well, no. Setting aside that I think Chinese actors totally did this either at the behest or with the implicit approval of their government, propaganda doesn't even have to have a grain of truth to it to work.
Upvote
32
(32
/
0)
You forgot to mention the spyware installed on millions of phones in America: TikTok
Astonishingly, even though TikTok has already been used to spy on journalists (https://www.theguardian.com/technol...tedance-workers-fired-data-access-journalists) a lot of Americans insist on trading national security for the love of short videos.
Astonishingly, even though TikTok has already been used to spy on journalists (https://www.theguardian.com/technol...tedance-workers-fired-data-access-journalists) a lot of Americans insist on trading national security for the love of short videos.
Upvote
16
(30
/
-14)
There are companies that are fronts for Iran operating in the US. What do they expect to happen.
www.reuters.com
Cloud company assisted 17 different government hacking groups -US researchers
An obscure cloud service company has been providing state-sponsored hackers with internet services to spy on and extort their victims, a cybersecurity firm said in a report to be published on Tuesday.
Upvote
26
(26
/
0)
Ars covered techniques using sounds and light to exfiltrate data across air gaps.
Upvote
5
(9
/
-4)
Wheels Of Confusion
Ars Legatus Legionis
Not really a "connection" to the airgapped machine, though. You can't compromise the machine by merely reading its contents, you have to then do something to the machine from your end.
Upvote
18
(18
/
0)
no... just. no.
you dont plug a USB thumb stick into the e.g. systems that control nuclear codes to 'update and maintain software'. you provision, harden, replicate and then they STAY air-gapped. for decades if needs be.
^ they were still using 8 inch floppies in 2016.
Upvote
35
(39
/
-4)
You forgot to mention the spyware installed on millions of phones in America: TikTok
Astonishingly, even though TikTok has already been used to spy on journalists (https://www.theguardian.com/technol...tedance-workers-fired-data-access-journalists) a lot of Americans insist on trading national security for the love of short videos.
I mean, my kids are avid TikTok users (and one of 'em makes a lot of tiktoks, she's got ~15k followers.)
Are you suggesting that they should GAF about "national security"? Why? Why would they care?
Don't explain it to me: explain it to them. How are you going to tell a Marvel-obsessed 15 year old boy that him watching Marvel memes has any effect on national security?
(I'm not saying I disagree with you, necessarily -- TikTok's reach could be problematic, specifically as a way to manipulate public sentiment surrounding Taiwan. I also can see why you wouldn't want it on government phones; I can even see why you might prohibit DoD employees (whether armed forces or support staff) from using it.)
But try explaining any of that to a 15 year old. Like, actually give some talking points about it.
Upvote
40
(48
/
-8)