How China’s army hacked America

[silicon_toad2000]

http://arstechnica.com/tech-policy/2014/05/how-chinas-army-hacked-american-companies/

"The co-conspirators used e-mail messages known as 'spearfishing' messages to trick unwitting recipients into giving the co-conspirators access to their computers," according to the indictment, unsealed Monday in Pennsylvania. "Spearfishing messages were typically designed to resemble e-mails from trustworthy senders, like colleagues, and [they] encourage the recipients to open attached files or click on hyperlinks in the messages."

The links contained malware and provided a backdoor to "bypass normal authentication procedures in the future," according to the indictment.

In 2008, according to the indictment, the hackers sent e-mails to 19 senior employees at aluminum-maker Alcoa in Pennsylvania. The account of the sender impersonated a member of the company's board of directors. The message included malware in an attachment "disguised as an agenda for Alcoa's annual board meeting." The attack led to the theft of more than 2,900 e-mail messages and 863 attachments, "including internal messages among Alcoa senior managers" discussing a Chinese acquisition, according to the indictment.

In 2010, a sole employee of United States Steel was targeted with a spear-phishing e-mail. The attack provided "hostnames and descriptions for more than 1,700 servers, including servers that controlled physical access to the company's facilities and mobile device access to the company's networks." And in 2012, a spear-phishing attack allowed the hackers to access "network credentials for virtually every employee" at Allegheny Technologies, which has some 9,500 full-time workers in the aerospace, defense and "specialty materials solutions" sectors.

The indictment also said that the Chinese military gained access to Westinghouse secrets to build nuclear power plants and hijacked e-mails from its chief executive officer in 2010. Between 2010 and 2012, the Chinese military was accused of stealing a total of at least 1.4 gigabytes of data, "the equivalent of roughly 700,000 pages of e-mail messages and attachments, from Westinghouse's computers."

[White Stripes]

...and yet all this time the NSA had no clue since it was too busy spying on its own people....

[GhostShip]

Note to anyone who is surprised at this :

If you have expensive secrets don't connect them to the internet.

I grow bored of delivering the same advice every time I read a story about data theft, it seems that there is a serious lack of brainpower when it comes to deciding how to secure vital materials, I have been saying the same thing across many sites but no one seems to comprehend the obvious gorilla in the room here, if your not connected to anything no on can steal your data from overseas, physical access is always a  potential risk but the fact is the US is losing a massive amount of technical data that has taken multiple billions of dollars to compile and all for the want of enforcing a physical firewall policy, I hope some one wakes up while there is still something worth stealing