Teperdexrian

The Interesting, The Strange, The News.

Posts Tagged ‘NSA

China hacks Gmail accounts of senior U.S. officials one day after Obama’s cyber warning

leave a comment »

  • Google said U.S. government officials targeted
  • Security breach larger than previous Gmail attacks
  • Pentagon warn U.S. may retaliate with military force
  • Hackers also target military contractor that supplies unmanned aerial vehicles
  • Beijing denies being behind attack

Fears China is plotting a devastating ‘cyber war’ against the West were heightened yesterday when it emerged Chinese hackers have stolen hundreds of passwords belonging to senior U.S. government officials.

The security breach was revealed by Google which said victims had been carefully targeted in a scam traced to the city of Jinan in the Communist state’ s Shangdong province.

Experts suspect Chinese hackers are capable of reducing the U.S. or its allies including Britain to stone-age conditions at the press of a button – by crippling the computers running everything from banks and supermarkets to power stations and water plants.

 

Hacked: Google admitted that hundreds of Gmail accounts had been targeted by hackers in China, including those of senior U.S. officials

Hacked: Google admitted that hundreds of Gmail accounts had been targeted by hackers in China, including those of senior U.S. officials.

In a chilling echo of the Cold War, a ‘cyber arms race’ is rapidly developing between East and West, with the U.S. even threatening to retaliate with military weapons to any ‘act of war’ attack on its computers from a foreign power.

Earlier this week the US said it would react militarily to future cyber incursions from other countries.

One U.S. military official quoted in the Wall Street Journal as saying: ‘If you shut down our power grid, maybe we will put a missile down one of your smokestacks.’

British defence minister Nick Harvey underlined the growing sense of panic by declaring that ‘action in cyberspace will form part of the future battlefield’.

Row: Google said the phishing scam had originated in China

Row: Google said the phishing scam had originated in China.

Sir Michael Rake, chairman of BT Group and a figurehead for cyber security issues in industry, warned world powers were being drawn into a hi-tech arms race in which countries could wage war without firing a single shot.

Sir Michael said: ‘I don’t think personally it’s an exaggeration to say you can bring a state to its knees without any military action whatsoever.’

Although there is no direct evidence that the Chinese hackers in the latest case are in the pay of the Chinese government, their attacks were so sophisticated and highly-targeted that few experts doubt they were state-sponsored.

Apart from anything else, unlike other internet scams, there was no obvious financial gain behind them, suggesting a sinister rather than a financial motive.

Senior U.S. and South Korean government officials who fell victim to the scam were tricked into giving away their Google and Yahoo email login details.

Threat: The Pentagon said it is ready to retaliate against cyber attacks

Threat: The Pentagon said it is ready to retaliate against cyber attacks.

Defence: The Pentagon will reclassify cyber attacks as an aggressive act if it causes the equivalent loss of life or damage to infrastructure as a conventional military attack

Defence: The Pentagon will reclassify cyber attacks as an aggressive act if it causes the equivalent loss of life or damage to infrastructure as a conventional military attack.

They had received ‘Trojan horse’ emails that purported to be from someone they knew, but were in fact carefully-crafted fakes.

One example email had the title: ‘Fw: Draft US-China Joint Statement’, and contained the text: ‘This is the latest version of State’s joint statement.’

Enticed into opening the email, the unsuspecting user was directed to a convincing but bogus Google or Yahoo email page where they were invited to type in their login and password. When they did so, their supposedly-secret details immediately fell into the hands of the Chinese hackers.

Armed with the passwords, the hackers could access the user’s real email account and spy on genuine emails being sent between government officials.

Although the scam – which went on for months before being uncovered – targeted personal email accounts, rather than government accounts, officials could have forwarded their work emails to their personal Gmail accounts.

Sensitive: The Lockheed Joint Strike Fighter, just one of many weapons manufactured by the company and used by both the U.S. and the UK armed forces

Sensitive: The Lockheed Joint Strike Fighter, just one of many weapons manufactured by the company and used by both the U.S. and the UK armed forces.

A Google spokesman said yesterday: ‘Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. We have notified victims and secured their accounts.’

The White House said it was investigating. Secretary of State Hillary Clinton said the allegations were ‘very serious’ and would be investigated by the FBI.

Online threat: Hackers have breached Lockheed security (file photo)Beijing has repeatedly denied hacking into foreign countries’ systems.

Britian has found itself under attack also.

Last month, Chancellor George Osborne revealed that foreign intelligence agencies were trying to break into the Treasury computer system to steal information or spread viruses at the rate of more than one attack a day.

MI5 and the FBI have warned British and American companies of the mushrooming threat from Chinese government-backed hackers trying to pilfer commercial secrets.

Whitehall has announced an extra £500million to be spent on bolstering cyber security, amid concerns that Britain’s computer networks linking banking, power and water systems are too vulnerable to digital sabotage.

But America is not always the victim in cyber attacks. The U.S. and Israel were blamed for the development of the Stuxnet virus, a computer worm that targets industrial software and was credited with sabotage attacks on Iran’s nuclear programme.

Delegates at an international cyber security conference held in London this week warned the crisis was so severe that nations should agree an international ‘non-proliferation’ treaty similar to the one drawn up to slow the spread of nuclear weapons.

 

Via DailyMail

U.S. arms makers said to be bleeding secrets to cyber foes

leave a comment »

Top Pentagon contractors have been bleeding secrets for years as a result of penetrations of their computer networks, current and former national security officials say.

The Defense Department, which runs its own worldwide eavesdropping, spying and code-cracking systems, says more than 100 foreign intelligence organizations have been trying to break into U.S. networks.

Some of the perpetrators “already have the capacity to disrupt” U.S. information infrastructure, Deputy Defense Secretary William Lynn, who is leading remedial efforts, wrote last fall in the journal Foreign Affairs.

Joel Brenner, the National Counterintelligence executive from 2006 to 2009, said most if not all of the big defense contractors’ networks had been pierced.

“This has been happening since the late ’90s,” he told Reuters Tuesday. He identified the main threats as coming from Russia, China and Iran.

“They’re after our weapons systems and R&D,” or research and development, said Brenner, now with the law firm of Cooley LLP in Washington.

Lockheed Martin Corp, the Pentagon’s No. 1 supplier by sales, said on Saturday that it had thwarted “a significant and tenacious” attack on its information systems network that it detected May 21. Ten days later, the company says its still working to restore full employee access to the network while maintaining the highest level of security.

Lockheed, which is also the government’s top information technology provider, said it had become “a frequent target of adversaries from around the world.” A spokeswoman said it said it used the term “adversaries” only in a general sense.

Lockheed builds F-16, F-22 and F-35 fighter jets as well as Aegis naval combat system, THAAD missile defense and other big-ticket weapons systems sold to U.S. allies. It has not disclosed which of its business units was targeted.

Cyber intruders were reported in 2009 to have broken into computers holding data on Lockheed’s projected $380 billion-plus F-35 fighter program, the Pentagon’s costliest arms purchase.

Other big Pentagon contractors include Boeing Co, Northrop Grumman Corp, General Dynamics Corp, BAE Systems Plc and Raytheon Co. Each of these declined to comment on whether it believed its networks had been penetrated.

James Miller, the principal deputy undersecretary of defense for policy, said last May that the United States was losing terabytes of data in cyber attacks, enough to fill “multiple Libraries of Congress.” The world’s largest library, its archive totaled about 235 terabytes of data as of April, the Library of Congress says on its web site.

“The scale of compromise, including the loss of sensitive and unclassified data, is staggering,” Miller told a Washington forum.

U.S. Senator Sheldon Whitehouse, who led a Senate Intelligence Committee cyber task force last year, said in March that cybercrime has put the United States “on the losing end of what could be the largest illicit transfer of wealth in world history.”

Retired Air Force General Michael Hayden, a former director of central intelligence and ex-head of the Pentagon’s National Security Agency, said no network was safe if it had Internet access.

“You can isolate a network, a classified network,” he told Reuters in an interview last year. “Maybe you can get a certain level of confidence that you are not penetrated. But if you are out there connected to the world wide web you are vulnerable all the time.”

Anup Ghosh, a former senior scientist at the Pentagon’s Defense Advanced Research Projects Agency, or DARPA, said there had been a string of intrusions into networks of U.S. defense contractors, security companies and U.S. government labs, including the U.S. Energy Department’s Oak Ridge National Laboratory, since the start of this year.

The advantage is with the intruders, said Ghosh, who worked on securing military networks for DARPA from 2002 to 2006 and now heads Invincea, a software security company.

“We’ve failed to innovate in the area of information security,” he said in an email Tuesday. “We’re fighting today’s battles with the equivalent of cold-war era defenses.”


Via NewsDaily