I saw a news story last week that was kind of surprising to
me but really shouldn't have been. An article posted by the Financial Times
discussed the Chinese military hacking into the Pentagon. http://www.ft.com/cms/s/0/9dba9ba2-5a3b-11dc-9bcd-0000779fd2ac.html
It surprised me because I never really thought of the military groups from
different countries hacking into each other. Call me old school, but I still
pictured spying and espionage between countries to be handled by the equivalent
of James Bond. Thinking about it just a little and applying a tad of logic makes me
realize how foolish that thinking is.
In the article, China was painted as the villain since they hacked into the Pentagon and had previously hacked into
some German government computers. However, the article also mentions that the US is assumed
to regularly scan Chinese networks. Both of these ideas simply emphasize how
much easier it is to hack into a computer system than to directly risk the
lives of your "super spies." It might be sexier to seduce foreign
agents while stealing top secret documents but it's safer to do it online
instead. No need to end up being strapped to a table while a laser preps to slice you in half.
How and where the computer was hacked wasn't mentioned but
comments near the end of the article had me thinking it was an email account
that was hacked. It could just as easily been via a Web site instead. Hopefully
any Web sites being used by the Pentagon are performing some simple input
validation. Most Web application vulnerabilities can be avoided by validating
the data being entered. If asking for a person's name, accept only letters. If
asking for a phone number, accept only numbers. At least block the simple
stuff. It might not make you a super spy but you can still be a hero in your
office. You can always hope for more excitement when ordering that martini
shaken, not stirred.
I honestly can't believe you fell for this FUD that the news is spreading! Offensive network attack has been occurring from Asia for almost a decade and this is just a slow news week obviously because it has been highlighted by multiple "news" organizations? Why would it be surprising in any way, shape or form that a foreign government employs an offensive info ops capability against government systems that are Internet-facing? Also it should be noted that while some information when gathered in large-scale as a whole could be revealing, most of the information stolen will be totally unclassified (not even FOUO under current guidelines)! This is not as big of a deal as the media has made it out to be. Some people want to cry havoc whenever a govt. site is hacked (even defaced...) saying its unbelievable but seriously give me a break. Its the same cost vs. benefit analysis that everyone else has to go through for employing security... This is not life and death information. Its not even necessarily sensitive information. Its just your atypical info gathering campaign we have seen done through non-technical means for years...
Posted by: R. Kerns | September 14, 2007 at 06:35 PM
Haha great article, Maybe im a spy? :oX
Posted by: KathyC | November 06, 2007 at 01:57 PM