Concerted Chinese Government Attacks or Just Another Day?

Monday, October 01, 2012

Marc Quibell


Front page news headlines on some news site today: "Chinese Hackers Breach White House!"  For a split second there I was almost concerned; and then after reading I thought to myself...blah another false alarm. What did I expect? 

Let's talk a little bit about sensationalism. Not just on the major news websites, but on the ITSEC blogs, and everywhere/anywhere in-between. Let's take a look at the blog that was sourced for the story:

As a side note, originally, I thought the site was, and so that's why I visited. Then disappointment set in as I saw no bacon anywhere. Grrr! :S

First, I have to ask, how is this news? Where is the news in this blog? Where are the facts? Where is the evidence that any real damage was done?  I'll tell you where all the facts are: There aren't any! Don't even bother reading the article....

Here's what happened: "In this instance the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place,” the official said."

Followed by, "The official described the type of attack as “not infrequent” and said there were unspecified “mitigation measures in place." There it is, what should be the end of the "story"!

But no, someone is obviously bored and needs something to write about and, more likely, needs attention. So then the blog continues with speculations and rambles on about what CAN happen in these situations. Such as (paraphrasing), "Classified networks can be compromised with infected flash drives" and  "this is most likely the work of the Chinese government" and "it is not clear how such a high-security network could be attacked".

Wait, I thought this was an unclassified network? Cmon! Stay on topic! Didn't you also just mention how classified networks can be compromised via flash drives? You're so confusing! Stop trying to make this into a classified network intrusion when it's not.

Here's what happened. A not-so-well-informed government employee (typically the case) opened an email and clicked on a link. A classic victim of an age-old scam. This is not surprising since there are probably thousands of people doing this on a daily basis at any given moment on the government unclassified network. After all, it is completely wired to the Internet. They can check their personal emails all day long on the unclassified network. Someone over there has obviously taken the position that the risk is worth the access. reason the government is a target, the reason the unclassified network is a target, is's there - sitting there with a big target on it's back, with less-than-vigilant people using it. 

This is why we have data security people behind-the-scenes, cleaning up the messes, making sure those classified networks are fully patched, fire-walled, updated anti-virus-protected, data-loss prevention installed, USB slots disabled....You will notice that the real official who seemed to be close to where the action took place stated "mitigating measures are in place". I imagine if an exploit was attempted, it was thwarted. It's called idiot-proofing.

I especially liked the part in the blog where it states, "White House spokesmen had no immediate comment on the cyber attack, or on whether President Obama was notified of the incident." 

Well, no. President Obama was not informed, was a common email phishing ATTEMPT, and, lol, why on earth would we want the White House to get involved with anything even remotely related to such common occurrences?

I wish I could find some more factual stuff to read...instead of this posturing, nonsense...


Possibly Related Articles:
Information Security
Data Loss China Cyberwar Attacks Exfiltration Cyber Espionage
Post Rating I Like this!
Michael Johnson But... it was the Chinese!

Although I do wonder how the journalist/spokesman arrived at that conclusion so quickly.
Marc Quibell lol yes indeed!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked