Sunday, June 01, 2008

China Hacks US Computers

On Thursday, I've encounter 3, 3!, different accounts of hackers from China disrupting US computers and trade secrets (and one mentioned the UK as a victim as well).

First I heard a lengthy interview with Richard Clark on NPR's Fresh Air. He has written a new book called Your Government Failed You: Breaking the Cycle of National Security Disasters. His first book is amazing and very effectively points out the fallacy that the Republicans are strong on national defense while the Democrats are passive.

During the interview he told a remarkable story about digital picture frames that had been sold at Best Buy that were manufactured in China. Once the consumer hooks the frame up their computer to download photos, the frame is also going onto the computer to glean information about you from your computer. Those are no longer on sale in the US, but he goes on to describe many other vulnerabilities in both the economic sector, the government sector as well as the military sector (the Pentagon). Not surprisingly, he recounts how awfully the Bush administration has dropped the ball on this issue.

Then, the same day, Thursday, the Associate Press reported that
U.S. authorities are investigating whether Chinese officials secretly copied the contents of a government laptop computer during a visit to China by Commerce Secretary Carlos M. Gutierrez and used the information to try to hack into Commerce computers, officials and industry experts told The Associated Press.

Surreptitious copying is believed to have occurred when a laptop was left unattended during Gutierrez's trip to Beijing for trade talks in December, people familiar with the incident told the AP.
It goes on to report on commercial spying - remotely into a businessman's PDA -

A senior U.S. intelligence official, Joel F. Brenner, recounted a separate story of an American financial executive who traveled to Beijing on business and said he had detected attempts to remotely implant monitoring software on his handheld "personal digital assistant" device — software that could have infected the executive's corporate network when he returned home. The executive "counted five beacons popped into his PDA between the time he got off his plane in Beijing and the time he got to his hotel room," Brenner, chief of the office of the National Counterintelligence Executive under the CIA, said during a speech in December.

Brenner recommended throwaway cellular phones for any business people traveling to China.

Amazing. And something Clark reported in his interview is repeated here:
The Pentagon, State Department and Commerce Department all have been victimized by widespread computer intrusions blamed on China since July 2006. Defense Secretary Robert Gates confirmed in September that parts of the Pentagon's unclassified e-mail system — used by Gates and hundreds of others — were disrupted in June 2007 due to a break-in.
Then, then - more. Marc Amdinder, at The Atlantic, highlighted a National Journal article on the same subject:
Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.
To read the full National Journal piece, China Cyber-Militia: Chines hackers pose a clear and present danger to U.S. government and private-sector computer networks and may be responsible for two major U.S. power blackouts. by Shane Harris.

Clark also noted we had no "cyber" militia.

No comments: