funsec mailing list archives

Previous By Date Next
Previous By Thread Next

The Subtleties of '...Attacks Appeared to Originate in China'

From: "Paul Ferguson" <fergdawg () netzero net>
Date: Thu, 6 Mar 2008 06:56:21 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via UPI.

[snip]

Defense-related think tanks and contractors, as well as the Pentagon and
other U.S. agencies, were the target of repeated computer network
intrusions last year apparently originating in China, the Department of
Defense said this week.

In its annual report to lawmakers on China's military power, the department
said the intrusions "appeared to originate in" China but added, "It is
unclear if these intrusions were conducted by, or with the endorsement of"
the Chinese government or military.

The report gave few details, but one China expert who works in the private
sector told United Press International that in the last 18 months, China
scholars who have close links to the U.S. government have been the repeated
targets of sophisticated hacking attempts, using malicious software
packages called Trojan horses hidden in e-mail attachments.

"Almost every think tank in Washington has dealt with this," said the
expert, who did not want to be named because of the ongoing investigations
into the intrusions. "I personally have received more than two dozen" such
e-mails, which arrive purportedly sent by other China-watchers.

[snip]

More:
http://www.upi.com/International_Security/Emerging_Threats/Analysis/2008/03
/06/analysis_chinese_cyberattacks_on_experts/3601/

Note:

Anyone who has dealt with technical cyber crime issues knows
that it is trivial to commandeer a host and launch an attack,
masquerading the origination of the true attacker.

Not for nothing, but I'm glad to start seeing people start to
acknowledge that China may not actually be behind these attacks.

This is not to say that China is not behind some of these
shenanigans, but all things given, it is is almost impossible
to be sure, even for the hawks in Washington or elsewhere.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHz5WPq1pz9mNUZTMRAoqYAJ47f4bNRySYMKZ1Rl/8K6WCWynIMACdFZv1
WdK3W3A9Mj0aEuyYuER0Xs4=
=2+Nj
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: