David Sanger of the New York Times has the best sources in the world. He posted a series of articles on the Stuxnet worm that were right out of the White House meetings where the subject was being discussed. His book detailed dramatic meetings where the President chose drone targets for death. In Tuesday's New York Times [China's Army Seen as Tied to hacking Against U.S.] he relates the story of a PLA Unit 61398 which is attacking US industries and government offices. He says, "confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years" and a classified National Intelligence Estimate that some people in Washington have actually read, though probably not as many as have commented on it.
I wonder if hacking has changed since my days running SHADOW, an intrusion detection system in Ballistic Missile Defense. Steve Northcutt, now of SANS, was the technical guy behind SHADOW, but there were a lot of good analysts working with us who taught us how some of these penetrations were taking place. We watched them work, identified the places where they kept the things they took, and showed our leaders where they were going with their development. These guys were not in any hurry, were very careful, and very, very good. One group eventually attacked E-bay and a few others, just to prove it. For the longer version, see my book at http://www.amazon.com/Chinese-Information-War-Communications-ebook/dp/B00BUTEHEA/ref=sr_1_1?s=books&ie=UTF8&qid=1369408735&sr=1-1
One day, we thought we knew where one group was coming from, a government office in a country friendly to us. We had a meeting and came in with several of our closest friends to look at the evidence. We showed them where the attack was coming from and identified the office. One of the tech guys said, "Denny, did you think this guy was from [country name] because that is where you linked back to after all of this tracing your people did? Didn't it occur to you that the people you are talking about are pretty good at what they do? You would never know who they were if they were the ones doing it." It was like a bright light in the room and we all knew what he was saying was true. We knew this guy's name, his government office and his IP address. They would have done better than that.
Don Parker told me once that computer criminals spend as much time at their jobs as you do at yours. They are good at what they do and they don't get caught very often. Prisons are full of the ones who do. The ones you are afraid of are the ones you can't see.
So, I can ask David if he should be thinking that someone who can identify someone down to their Army unit number, building address, and network in a country where hackers have abilities at least equal to the best in the world might be putting him on a little? It kind of makes me wonder if hackers are still as good as they used to be. It makes me wonder where the real bad guys are hiding.
No comments:
Post a Comment