It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

The Massive OPM Hack, Blamed on the Chinese, Started More Than Seven Years Ago

page: 1
39
<<   2 >>

log in

join
share:
+13 more 
posted on Jun, 5 2015 @ 05:13 PM
link   
By now, many of you will have become aware of the overwhelming breach of national security that is the hack into the United States Office of Personnel Management (OPM): OPM hack: China blamed for massive breach of US government data. While Beijing continues to stomp their feet in denial, their involvement is a certainty. The detailed records of more than four million US government employees, are now in the hands of an enemy state via an action that must be classified as an act of war.

Much of the mainstream media is either demonstrating their cluelessness over the serious nature of this action, or under instructions to not to speculate on the implications. One need not employ much imagination to discern that the security of the United States is in an extremely vulnerable position.


The Nature of the Data

Consider the nature of the data obtained; secret, if not top-secret, details of key intelligence employees that include background checks, secret personal files, medical history, financial records, tax records, disciplinary actions, and much more. The data represents a treasure-trove of extortionable data that will be used to pressure people to divulge sensitive information to the enemy. Any government employee with access to information the enemy desires, could be rapidly overwhelmed with a myriad of pressure-points to reveal that information. This is the most serious cyber-attack ever levied on the United States, and it may have been preventable.

I've spoken with two network security experts (off the record) who have knowledge of government network architecture through prior contract work with government agencies. They both contend that an attack of this nature could not have been from an external point of origin -- meaning, penetration of the network from outside the network. Instead, they maintain that it must have been through some internal pre-existing breach or bad-actor within the network(s). When I called on them to recall the rather serious news of seven years ago, counterfeit Chinese networking hardware installed in government networks, the response was unanimous. They both said that it wasn't just likely that some of the counterfeit network hardware are still in government networks, but that it is a certainty.


Seven Years Ago

Back then, we here at ATS broke some rather significant news. The thread, FBI Fears Chinese Hackers Have Back Door Into US Government & Military, revealed an internal FBI presentation on the dangers of newly discovered counterfeit Cisco routers, switches, Interface Converters, and WAN cards originating in China, being installed within dozens of secure government networks. Indeed, the final slide in the presentation identified that bad-actors could use the hardware to gain access to secure systems.


The story was quickly picked up by several sources, including Reuters and the New York Times. Additionally, technology experts on Slashdot were able to obtain and analyze one of the counterfeit routers, and discovered hundreds of lines of source code that shouldn't be there.

The FBI responded to the revelations of our efforts here at ATS with a press release on May 9th of 2008, at this URL: www.fbi.gov/pressrel/pressrel08/finch050908.htm. However, the release has since been removed from their site. Luckily, I retained it for just such a circumstance.

The press release outlined the criminal investigation and prosecution of the vendors involved in "Operation Cisco Raider," but makes no mention of any effort to remove the counterfeit routers that have a very strong potential for significant back-doors into secure networks.


What it Means Today

The Chinese are experts at the long game. They are exceedingly patient. They've been in "secure networks" for years. Most importantly, they're at war with the US, and are winning.

Welcome to World War Three.




posted on Jun, 5 2015 @ 05:55 PM
link   
Why would we still be using 7 year old systems or routers? I thought they get phased out just like a two year old or three year old computer would be?



posted on Jun, 5 2015 @ 06:01 PM
link   
a reply to: NiZZiM

Many government agencies are using significantly old hardware. Government procurement schedules typically consider computer systems upgrades every ten years, at the earliest.

Also, networking hardware doesn't become obsolete at the same pace as computer hardware.



posted on Jun, 5 2015 @ 06:11 PM
link   
a reply to: mister.old.school

That's new to me. You'd think with the incredible amount of funds they get they'd have all the best toys. Have they neutralized that router code you were talking about?



posted on Jun, 5 2015 @ 06:24 PM
link   
a reply to: mister.old.school

I will need to do more research on this hack as more information becomes available, but something just isn't adding up here.

As someone in the Network Security field, I agree that a hack of this magnitude from the outside would be nearly impossible. While watching CNN a few hours ago, they were talking about the reason for the hack was that servers weren't updated.

I'm sorry, but that is a terrible excuse. Why would you admit that servers weren't updated? If that indeed was the case, that shouldn't be something you are disclosing to the whole world.


edit on 5-6-2015 by c0gN1t1v3D1ss0nanC3 because: (no reason given)



posted on Jun, 5 2015 @ 06:32 PM
link   
It's government workers and contractors more interested in money then the job they are hired to do. Nothing new really.



posted on Jun, 5 2015 @ 06:34 PM
link   


As someone in the Network Security field, I agree that a hack of this magnitude from the outside would be nearly impossible.


Why is that. Software with known vulnerabilities. Has happened many times.



posted on Jun, 5 2015 @ 06:59 PM
link   


an action that must be classified as an act of war


Espionage is not an act of war, Us would be at war with every single country in the world and their own citizens



posted on Jun, 5 2015 @ 07:00 PM
link   
a reply to: mister.old.school

They also manufacture all of our microprocessors and computer parts. How hard would it be for them to implement a hardware-based back door that we couldn't detect?



posted on Jun, 5 2015 @ 07:13 PM
link   
a reply to: MystikMushroom

As easy as NSA did

www.abovetopsecret.com...



posted on Jun, 5 2015 @ 07:15 PM
link   
a reply to: MystikMushroom



They also manufacture all of our microprocessors and computer parts. How hard would it be for them to implement a hardware-based back door that we couldn't detect?


Actually, you have a very small cadre of foundries that create microprocessors.

Global Foundries, TSMC, Samsung, not to mention the Intel fab plants stateside, for example.

If they could create the logic so it doesn't interfere with the other parts of the cpu, then easily. but the issue is in slapping in extra logic is that it takes up valuable real estate, not to mention other logistical nightmares you'd have to account for (exta heat, does the logic conflict with different parts of the chip, can it be detected, etc.)



posted on Jun, 5 2015 @ 07:19 PM
link   
Wow
The hypocrasy actually hurt my brain then
So US worldwide hacking and surveillance is ok
But China bad, oh those evil little heathen

What was it Obama said after it was revealed that the NSA was collecting EVERYTHING ON EVERYONE

we're not going to apologise for what we do, the fact is were better at it, we're not going to apologise for being better at it

Edit what was said defensetech.org...

But the sheep still bleat
edit on 5-6-2015 by AlphaPred because: How much wood can a wood chuck chuck if a wood chuck could chuck wood?



posted on Jun, 5 2015 @ 08:38 PM
link   
a reply to: mister.old.school
Why the NSA isn't spending its time trying to crack down on sh•t like this, and leave the good citizens of this Country alone, useless bastards.



posted on Jun, 5 2015 @ 09:34 PM
link   
a reply to: AlphaPred

Man that NSA...being able to collect everything on everyone.

Since you think they have that ability on that level you might as well give up any other religious beliefs, and bow down to them as the God's they are.

The amount of anti US rhetoric on ATS these days is amazing. It seems to come from a few of the same people on every thread, or from recently created accounts...so it's pretty easy to tell that they are shills. Even so, it's worrisome to see ignorant people falling for the Russian trolling.



posted on Jun, 5 2015 @ 09:39 PM
link   

originally posted by: mister.old.school
By now, many of you will have become aware of the overwhelming breach of national security that is the hack into the United States Office of Personnel Management (OPM): OPM hack: China blamed for massive breach of US government data. While Beijing continues to stomp their feet in denial, their involvement is a certainty. The detailed records of more than four million US government employees, are now in the hands of an enemy state via an action that must be classified as an act of war.

Much of the mainstream media is either demonstrating their cluelessness over the serious nature of this action, or under instructions to not to speculate on the implications. One need not employ much imagination to discern that the security of the United States is in an extremely vulnerable position.


The Nature of the Data

Consider the nature of the data obtained; secret, if not top-secret, details of key intelligence employees that include background checks, secret personal files, medical history, financial records, tax records, disciplinary actions, and much more. The data represents a treasure-trove of extortionable data that will be used to pressure people to divulge sensitive information to the enemy. Any government employee with access to information the enemy desires, could be rapidly overwhelmed with a myriad of pressure-points to reveal that information. This is the most serious cyber-attack ever levied on the United States, and it may have been preventable.

I've spoken with two network security experts (off the record) who have knowledge of government network architecture through prior contract work with government agencies. They both contend that an attack of this nature could not have been from an external point of origin -- meaning, penetration of the network from outside the network. Instead, they maintain that it must have been through some internal pre-existing breach or bad-actor within the network(s). When I called on them to recall the rather serious news of seven years ago, counterfeit Chinese networking hardware installed in government networks, the response was unanimous. They both said that it wasn't just likely that some of the counterfeit network hardware are still in government networks, but that it is a certainty.


Seven Years Ago

Back then, we here at ATS broke some rather significant news. The thread, FBI Fears Chinese Hackers Have Back Door Into US Government & Military, revealed an internal FBI presentation on the dangers of newly discovered counterfeit Cisco routers, switches, Interface Converters, and WAN cards originating in China, being installed within dozens of secure government networks. Indeed, the final slide in the presentation identified that bad-actors could use the hardware to gain access to secure systems.


The story was quickly picked up by several sources, including Reuters and the New York Times. Additionally, technology experts on Slashdot were able to obtain and analyze one of the counterfeit routers, and discovered hundreds of lines of source code that shouldn't be there.

The FBI responded to the revelations of our efforts here at ATS with a press release on May 9th of 2008, at this URL: www.fbi.gov/pressrel/pressrel08/finch050908.htm. However, the release has since been removed from their site. Luckily, I retained it for just such a circumstance.

The press release outlined the criminal investigation and prosecution of the vendors involved in "Operation Cisco Raider," but makes no mention of any effort to remove the counterfeit routers that have a very strong potential for significant back-doors into secure networks.


What it Means Today

The Chinese are experts at the long game. They are exceedingly patient. They've been in "secure networks" for years. Most importantly, they're at war with the US, and are winning.

Welcome to World War Three.



Meh, the Chinese, culture and economy, has been around much longer then the USA...


It is no surprise, they are better at the long game, considering we are destroying our little bit of culture we have with corrupt law..

As long as Americans, have nothing to band together for different races, creeds, religions, we tend to hurt ourselves in the long run. It appears that is the goal...



posted on Jun, 5 2015 @ 09:58 PM
link   

originally posted by: NiZZiM
Why would we still be using 7 year old systems or routers? I thought they get phased out just like a two year old or three year old computer would be?


If it works, then keep using it. Computers that are 10 years old aren't that slow. Some of our laptops date from 2004 and still runs dual-core at 2.8 GHz. Also, all computers are also using the same networking stack (TCP/IP) that was written 20 years ago. The RFC discussions given you an idea of how old it is.

www.ietf.org...

Then you have the problems of network security. It only takes one person to plug in a wi-fi router, bluetooth dongle, pico-cell/nano-cell phone network router and you might as well just hang ethernet cables out the windows. If you read the discussions on router security, you'll see that many of them have default admin usernames and passwords that are listed online. Usually combinations of admin/root/system/user for both username and password. On top of that , this article claims that the Chinese are selling counterfeit copies with god-knows-what has been done to the firmware. So there could be all sorts of backdoors, usernames, passwords, port knocking, magic packets, magic sockets, masterkeys that allow a router to be remotely controlled. Get past the firewall, and you have access to the entire network and data.



posted on Jun, 5 2015 @ 11:04 PM
link   


Back then, we here at ATS broke some rather significant news. The thread, FBI Fears Chinese Hackers Have Back Door Into US Government & Military, revealed an internal FBI presentation on the dangers of newly discovered counterfeit Cisco routers, switches, Interface Converters, and WAN cards originating in China, being installed within dozens of secure government networks.


This 2013 article cites an NSA catalog from 7 years ago: here is a full array of backdoor chips, being installed even then, on legitimate devices of all sorts, by the NSA.




Specialists at the intelligence organization succeeded years ago in penetrating the company’s digital firewalls.
A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry — including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell and Apple’s iPhone.
These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives — from computing centers to individual computers, from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.


So here is proof that at the time USA claims China was installing backdoors in Chinese and Cisco electronics,
the NSA was doing it -on the very hardware on question!- and much, much beyond.

By now most electronics are still being built with NSA back doors in them.

leaksource.info...




The detailed records of more than four million US government employees, are now in the hands of an enemy state via an action that must be classified as an act of war.


This statement in OP is all the more absurd and ironic in light of this fact.

It perfectly illustrates, though, the USA's MO of initiating and leading the world in dirty deeds, and subsequently blaming precisely the same on nations the Gov. complex wishes to posture as "enemies".
edit on 5-6-2015 by ecapsretuo because: (no reason given)

edit on 5-6-2015 by ecapsretuo because: (no reason given)



posted on Jun, 6 2015 @ 02:54 AM
link   
a reply to: mister.old.school



With a series of major hacks, China builds a database on Americans


China is building massive databases of Americans’ personal information by hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal of espionage: recruiting spies or gaining more information on an adversary, U.S. officials and analysts say.

Groups of hackers working for the Chinese government have compromised the networks of the Office of Personnel Management, which holds data on millions of current and former federal employees, as well as the health insurance giant Anthem, among other targets, the officials and researchers said.

“They’re definitely going after quite a bit of personnel information,” said Rich Barger, chief intelligence officer of ThreatConnect, a Northern Virginia cybersecurity firm. “We suspect they’re using it to understand more about who to target [for espionage], whether electronically or via human ­recruitment.”

[How the Internet became so vulnerable]

The targeting of large-scale data­bases is a relatively new tactic and is used by the Chinese government to further its ­intelligence-gathering, the officials and analysts say. It is government espionage, not commercial espionage, they say.



posted on Jun, 6 2015 @ 04:48 AM
link   
a reply to: stormcell

But it didn't work and had huge security problems that they knew about right? Just wondering why they figured it out but didn't upgrade to non Chinese hardware.



posted on Jun, 6 2015 @ 05:42 AM
link   

originally posted by: ugmold
a reply to: mister.old.school
Why the NSA isn't spending its time trying to crack down on sh•t like this, and leave the good citizens of this Country alone, useless bastards.



Sometimes it does seem that our government is working against "the people" on behalf of some other power.
edit on 6-6-2015 by Logarock because: n



new topics

top topics



 
39
<<   2 >>

log in

join