How much information on you did the China sponsored hack get?

skp51443 · June 14, 2015

How special, at least my data that was leaked is 20 some years out of date. Too bad about all the answers to common secret password recovery questions were in the leak, mom's maiden name, place of birth, my first address are all now public. Darned good thing they didn't leak my first pet's name so I can still use flea infested old Skippy for that security question's answer.

http://www.theregister.co.uk/2015/06/13/standard_form_86_data_breach/

According to an Associated Press report on Friday, hackers linked to China may have compromised databases containing information related to Standard Form 86, a questionnaire the US government gives to anyone who applies for a job that requires security clearance.

Not that the government relies on the answers you give. If you're applying for a top security job, expect the government to run a thorough background check on you. Assume it's going to find out everything. But the principle of Standard Form 86 is: You go first. Tell us everything.

And by "everything," we really mean everything. Where were you born? Where did you go to school? Where have you worked? And that's just the beginning. By the time you're done with all 127 pages of the form [PDF], there's really very little that you haven't revealed about yourself.

If all of this information is now in the hands of a foreign government, virtually every person working in intelligence or national security for the US government could be subject to blackmail, coercion, or worse.

Not military or a government employee... Not worried? Well good luck with that because there may well have been more leaks of government data that aren't being talked about or maybe even known about by our side.

Jim & Alice · June 14, 2015

Not military or a government employee... Not worried? Well good luck with that because there may well have been more leaks of government data that aren't being talked about or maybe even known about by our side.

Stan, been 40+ years for me since regular military... 25 years since National Guard... but hundreds of ID-Signons since then - so much, that I long ago purchased an ID-Password manager. I figure I am now well known in China. And Russia. And who knows where else. And a Son in the military...

The salient thing is, What is going on in Government that these breaches of security happen? Something is broken here.

Jim

StarDreamers.us · June 15, 2015

Question? How much more will Americans take? Or is the answer that most folks just do not care any more. You are so right about something being broken. Is it US/?

Safe Travels!

Five Wood · June 15, 2015

We seem quite certain that it's the Chinese who keep hacking our government systems and major defense contractor systems. In this day in age I would think it would be possible to embed a virus in those systems so that if they are downloaded without authorization this virus would activate and wreak havoc in the offending systems. I'm not talking about just crashing their systems, I'm talking about destroying them. It would light up to the world exactly who is doing this.

Iran's nuclear systems were hit by just such a virus and it was designed to limit itself to just their nuclear systems and it worked. Maybe we should speak with Israel on this subject.

Jim

Pieere · June 15, 2015

If they stole any of my information and think they will become financially enriched, then they better be prepared to join the ranks of the poor church mouse! :huh: :blink: :wacko:

Jim & Alice · June 15, 2015

We seem quite certain that it's the Chinese who keep hacking our government systems and major defense contractor systems.

I tend to think that way because that is what I read from more sources more knowledgeable than I. Interesting tho, I went to the Networld+Interop conference in Las Vegas last month. It is a major international show for IT Networking products... and the Chinese presence for start-up and innovative networking products was quite large. It is quite possible that the U.S. is being eclipsed in computer technology by the Chinese.

Jim

skp51443 · June 15, 2015

When thinking about China don't forget all the US government has done to them, from computer spying to trying to gut their commercial network industry. We are not an injured, innocent bystander in this new form of warfare but we sure seem to be incompetent in organizing our defense.

What is right or wrong in this arena is debatable but starting something that you aren't prepared to deal with the consequences of is just plain dumb.

Trying to attack the folks that are attacking us sounds good but in reality it is probably futile, they are likely using well setup systems that are impossible to do much to. Even if we did manage to break into their computer the attackers have little to nothing on their systems of value and can reformat/reinstall in a few minutes if they do fall to an attack.

Attacking other Chinese targets may gain us something but unlike us, they tend to not run to the press and publicize every breach or victory so knowing the true situation is difficult.

RV_ · June 15, 2015

We have a cyber command, they have a cyber command. Scare voters, voters want more surveillance. There or here makes no difference to those who did trade essential liberties for some feeling of security at the ballot box.

Jim & Alice · June 15, 2015

When thinking about China don't forget all the US government has done to them, from computer spying to trying to gut their commercial network industry. ...

Trying to attack the folks that are attacking us sounds good but in reality it is probably futile, ...

Attacking other Chinese targets may gain us something but unlike us, they tend to not run to the press and publicize every breach or victory so knowing the true situation is difficult.

I think it is incumbent upon any institution, including governments, to be responsible and accountable, for their own defense, including cyber defense. Hence, the legitimate question, what are 'we' doing to defend ourselves? And if Data Security is not important, then why are we spending so much time & money on it?

The Chinese? I recall examining a switch back in the late 90's manufactured by Huwai... and it sure looked almost identical to that being marketed by Cisco. I was not the only examiner that felt that way. What I heard consistently back then was the Chinese's refusal to honor any patent protection rights from the USA (or anyone else for that matter).

My point on the Chinese is simply that they may well be ahead now in computer technology. Good? Bad? Who knows? The salient question is, are we content as a country to be 2nd class in this area of technology?

Jim

skp51443 · June 16, 2015

Our government and companies certainly seem content to be second class or worse on cyber security. Until it has a big impact on keeping your job (government) or the company bottom line nobody really cares.

It is one thing to complain about the Chinese violating patents and something else entirely to ban the purchase of their equipment because it has spyware built into it. To make it worse our government told every other government about the spyware the Chinese were building in and urged them to boycott the Chinese too. We put a real crimp in their business at first but they responded by opening up their gear and proving there were no nasties buried inside. Then to make the situation even worse we got caught putting nasties in our gear that was being sold to our allies. So we accuse the Chinese, they prove we were telling a tall tale and then we get caught red handed doing what we accused them of doing. Guess who is selling gear like hotcakes and who is having issues getting folks to trust they can buy from us without getting spied upon.

Thank goodness no paper pusher or politician got in any trouble over all that... Yelling, smoke and mirrors galore, but no remedial action to clean out the idiots.

Jim & Alice · June 16, 2015

Stan, to be sure, I have no problem with Chinese equipment, and have purchased such in the past. My major concern here is that American performance Standards & Expectations appear to be collapsing. I do not accept that we should tolerate foreign hacking into our Government or Private systems. The response should be much more energetic - not so much at the Chinese, but to get our government act together. This is from Realclearpolitics, former CIA Director Hayden:

CIA Director Hayden

He simply says, "Shame on us". He is correct. I would like to know who was accountable... and what accountability was held. Seems like Goverment has lost the ability to fire people of poor performance. And the tendency to want to say... "this is something the government will handle quietly because it is 'secret'... " doesn't address the fact that, post Snowden, we are becoming a seive of confidential/classified information.

Jim

Darkhorse · June 16, 2015

I am still a government employee, I'm sure they got all my stuff. Upper government is in a sad state of affairs over the past years with political correctness and "feel good" decisions of putting people in charge where they shouldnt be has made things a mess. That is all I will say about that.

RV_ · June 17, 2015

Yep, the past 63 years have been a real eye opener as far as the lack of consequences for spies.

https://en.wikipedia.org/wiki/List_of_Chinese_spy_cases_in_the_United_States

I have been retired 18 years now, 27 years in the service and I doubt that anything they have from their "hack" on me would have yielded anything usable despite my clearances.

Jim, this is nothing new. Remember the spying that led to their compromising our most stealthy and newest stealth technologies in 2007?

Excerpt:

"U.S. officials and defense analysts have indicated that China's multiyear cyberespionage operation yielded sensitive technology and aircraft secrets which it was able to use in building its new J-20 stealth fighter jet.

The Chinese cyberspying occurred in 2007, when it compromised military contractors Lockheed Martin, Raytheon, and Northrop Grumman, and included stealing plans for the Pentagon's $300 billion Joint Strike Fighter project — the Defense Department's costliest weapons program ever. Designs for nearly two dozen other major weapons systems were also breached, The Washington Free Beacon reported.

Other weapons systems accessed by Chinese hackers include the Patriot missile system, Terminal High Altitude Area Defense, and the Army's ballistic missile interceptor program Aegis.

The Joint Strike Fighter, also known as the F-35 Lightning II, is the most technically challenging weapons program the Pentagon has ever attempted. The plane relies on 7.5 million lines of computer code, which the Government Accountability Office told The Wall Street Journal is more than triple the amount used in the current top Air Force fighter."

Source: http://www.newsmax.com/Newsfront/China-cyberspying-F-35-stealth-jet/2014/03/13/id/559402/#ixzz3dL8Au2O4

Or the major 1999 breach? http://www.sfgate.com/news/article/Chinese-Spy-Scandal-in-U-S-Nuclear-Lab-2943427.php

2003? "Katrina Leung is shown in this 2000 file photo. Authorities say Leung, a high-profile Republican activist, used a decades-long affair with a retired FBI agent to spy for China. Leung, 49, was charged Thursday, April 10, 2003, with unauthorized copying of U.S. secrets with the intent of providing them to Chinese intelligence services."

http://www.sfgate.com/news/article/Spy-scandal-fallout-in-Livermore-Lab-official-2655747.php

2002? We fined? "HONG KONG, China -- U.S. satellite maker Loral Space & Communications Ltd. has agreed to pay a $14 million fine for passing missile technology to China."

http://edition.cnn.com/2002/BUSINESS/asia/01/09/china.loral/index.html

OK we let folks who breach our secrets get off with a fine . . . .and let them pay it off for seven years?

Do we do it too?

Our side? well we lost a great intelligence asset against the Chinese, when, in 2012, the Chinese found that we had a very highly placed spy in their ranks for years, who compromised their agents spying on us in the US:

"The ministry's own investigations found the aide had been working for the Central Intelligence Agency (CIA) for years, divulging information about China's overseas spy network in the nation's worst espionage scandal for two decades, they added."

http://www.reuters.com/article/2012/06/15/us-china-usa-espionage-idUSBRE85E06G20120615

So we see the pitch and yaw of the clandestine services, try to make political hay of it whenever it happens, when it is simply business as usual. I do not approve of getting spied upon. I do approve of severe punishment for the spies we catch. As well as for the CEOs at the helm of companies that let the Chinese have their secrets via their corruption, which secrets are a national resource when paid for by taxpayer monies. The folks responsible should get never off scott-free with fines made "affordable."

We do hold accountable those we find, but no real consequences save a slap on the wrist. For the big guys with money, and like all white collar crime, it is made to go away.

What we actually did was roll the AF Cyber command into Space command and that subordinate and part of the United States Cyber Command now based in Ft Meade Maryland. As with all military operations I will assume that they are well supervised and overseen with dire consequences for failures career wise.

https://en.wikipedia.org/wiki/United_States_Cyber_Command

Any national DOD breach is serious. We also have Russia heating up from a vet and defense perspective. You know, the guys who supplied our rocket engines to Boeing for our top secret USAF Space launches, but now part of Russian sanctions against the US? Our space program at the whim of Putin? Is Boeing accountable for launching our most secret military space missions with Russian engines? We are just lucky SpaceX had their rocket engines, made in the USA, ready and certified.

In response to who is being held accountable, in cases since the 1950s it appears we rarely hold even the spies themselves accountable. These spy cases have occurred against us across all administrations of all parties, as our spies have against them.

I think Stan raises a good point when he wrote that "Our government and companies certainly seem content to be second class or worse on cyber security. Until it has a big impact on keeping your job (government) or the company bottom line nobody really cares."

I would amend that to say that when it is a wealthy company or CEO, across all political administrations of all parties, we seem content to take no action. I agree with that statement added, since it is what has been done, with few exceptions, for at least the last 63 year history of the Chinese spy cases that we know about.

Egregious breaches have been ignored or wrist slapped because the only companies with the technology the Chinese would want are helmed by very wealthy CEOs.

Like computer operating systems, all defenses can be breached if targeted by a skilled enough cyber agency, ours or theirs. All they have to do is find a mistake or overlooked vulnerability in trillions of lines of code that we/they missed. Every Linux website can be breached as can any MS powered, Apple powered, or Unix powered website, when and if targeted.

We and our allies intentionally let people die, so we could maintain our advantage in reading the messages encrypted by Enigma machines in WWII, by not letting them know we had their top secrets in our pockets, that our saving every one we knew about would have revealed. We maintain the secrecy of whether we are better than other intelligence agencies in other countries. It would be to our advantage to be underestimated. I believe we are in the lead just because we always have been. Our mistake was looking for cheap labor overseas, and outsourcing our jobs to other countries.

I believe that any outside nation can copy our designs if we sell to them. I believe that any outside nation can sneak spy devices in anything the sell to us, from dolls to games to electronics. And that we will be doing the same.

Nothing new here to me.

remoandiris · June 18, 2015

most folks just do not care any more.

^^ THIS!! ^^

Jim & Alice · June 19, 2015

Nothing new here to me.

Hi Derek. Glad to see you haven't got washed away with all the rain down in Louisiana and E. Texas.

I think we are seeing 'some things new'... not in the "Spy vs. Spy" world, but in the way of attitude and expectations by government. In my 35 years of large systems IT, I early-on had a great boss, hard nosed, demanding, and very much a mentoring personality. His favorite saying was:

"don't confuse efforts with results."

I realize that saying has been around for a while now... but still no less relevant in today's world. In my professional experience (mostly Healthcare), results were mostly all that mattered... and I expected to give, as well as receive, such. It was the 'norm'. I do not see that being 'the norm' in today's government world... and increasingly perhaps the Corporate world. Indeed, a Bloomberg article today by a computer-savy writer, Megan McArdle seems to be saying the same thing...

It's not just another breach it's outrageous

We are the 'older' generation of higher standards... All we have to do is rationalize away today's failures... hand out trophys for 'effort' to all... and declare victory. Sooner or later, it will catch up with us.

Derek, I certainly enjoy your posts. I don't comment as much anymore because I found a way to stay busy even while retired (this month, 18 mo old grandaughter) , but I do read the posts!

Thanks & take care.

Jim

RV_ · June 20, 2015

Jim,

Thanks for chiming in. I was that hard nosed mentor with more than a few protégés in my career. They likely quote me as I liked to say that "I don't want to hear the labor pains, just show me the baby!" And we had T.O.s (Tech Orders) and when they tried a shortcut with weapons it could have serious repercussions. I told them to RTFD (Read the freaking directions!)

Jim the attitudes of people looking at government breaches and hacks as the fault of government, have less knowledge than you. How about the breach of the Linux main kernel repository almost a decade ago? The breaches by Anonymous? The Target/Home Depot/LastPass breaches? While in some cases it is carelessness on the part of a code writer but not usually. Mozilla and Microsoft as well as Apple have all been hacked into. Blaming the victims of expert hacking and cracking of targeted private sector or government sector systems and data centers is like calling the victim of a great phishing campaign that gets them to click on a fake but real looking web page or alert to update Adobe or some such, stupid. Rape victims had it coming, and today I heard how the Pastor of that church massacre in S,C. was at fault for not allowing weapon carry in his church. Those of us who know better should be saying how crass and unfeeling politicizing such grief filled situations really is. My point is that the old spy vs spy is no longer HUMINT ( Human intelligence for those not familiar) but ELINT (electronic Intelligence,) COMINT ( communications intelligence) all of which are part of the subset of Signals Intelligence ( SIGINT.) So while we can stand apart and say that it is different today, it just seems the more things change . . .

I am really getting too busy too. Once a day checking in here is usually late in the evening or early mornings. I enjoy yours too. I think we need to separate the rational/irrational beliefs from the rational/irrational behaviors. Basic REBT.

We are seeing more torrential rain Jim. So the Red River is rising again and depending on how much the tropical storm Bill dropped in the Red River Valley up in Texas and Oklahoma will make us suffer more city flooding in Shreveport Bossier like we are still seeing as the Red has not returned to normal levels and is about to rise again. The city leaders are telling folks not to take down their sandbag levees and persona home barriers yet.

Grandkids make for fun, but it has been a lot of years since our 19, 17, and 16 y/o granddaughters have been 18 months old!! We don't see them as much anymore.