Iranians, Russians, and Chinese Hackers Are After You, Says Lawmaker

Velcroman1 writes "The House Intelligence Committee is warning that 'time is running out' before the next major cyberattack: The Russians, Iranians, Chinese, and others are likely already on your computer. 'You have criminal organizations trying to get into your personal computer and steal your personal stuff. And by the way, the Chinese are probably on your computer, the Russians are probably on your personal computer, the Iranians are already there,' House Intelligence Committee chairman Mike Rogers (R.-MI) said. 'They're trying to steal things that they think are valuable or use your computer to help them steal from someone else,' he said. 'That's a real problem.'"

Not me!

[Endo13]

I'm wearing my trusty tin-foil hat!

Re:Not me!

[ColdWetDog]

He said 'trusty' not 'rusty'.

That's the problem with aluminum, all the noise it makes as it rattles around inside your head.

Re:

[Hillgiant]

Idiot.
http://en.wikipedia.org/wiki/Aluminum_Oxide [wikipedia.org]

So we need to snoop on your PC too

[Anonymous Coward]

just to make sure they aren't and for your own protection.....

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[cusco]

Always figured that if I was ever granted a security clearance it meant someone wasn't doing their job right. Then TSA gave me a TWIC (Transportation Workers Identification Credential) card, and confirmed that suspicion.

Wow.....

[Anonymous Coward]

The linked article says it all. Nothing but more fearmongering from Fox News, and promotion of CISPA. Someone needs to have their editor's permissions revoked. oh wait....

Re:

[Zemran]

The idea that any Russian hacker would want to steal the ID of some poor US guy is a little dreamy...

Fox's parent company NewsCorp

[Presto Vivace]

is very knowledgeable about hacking. they should fly the Jolly Roger over their HQ [afr.com]

Re:

[cbiltcliffe]

Forget the article. My question is, how do the Russians and Chinese as well as the Iranians all manage to fit on my computer? I mean, heck, there's hardly enough room for me to stand on the thing myself!

Re:

[spitzak]

According to the quote, only the Iranians are on your computer. The Russians and Chinese are still trying to get in.

I think it is probably best to just wait, the Russians and Chinese will kick the Iranians out, and then fight each other, since there is no way two or three of them will fit in a little computer. You only have to deal with the final winner.

Re:

[runeghost]

So which one of them does General Failure belong to. And why is he reading my disk?

Re:

[Anonymous Coward]

The fox news article says : "Experts say Rogers may be stretching the truth: most people’s computers likely aren’t infected by agents of foreign governments.
“The Iranians, the Chinese, and the Russians are probably already on my computer? Sheesh ... I guess it must be getting pretty crowded in there,” joked Graham Cluley, a consultant with U.K. Web security company Sophos."
But don't let me stop your obligatory bashing of fox news. I'm guessing you don't consider your day complete u

Re:

[LordLimecat]

I find it particularly amusing that people would moan about Fox's factual problems in a post on SLASHDOT of all places. Yea, slashdot really does set that bar high.

Re:

[Dragonslicer]

The fox news article says : "Experts say Rogers may be stretching the truth: most people’s computers likely aren’t infected by agents of foreign governments.

Where in the article does it say that, though? If they put it far enough down, a significant portion of the readers won't ever see it.

Totally using this in the future...

[ZeroPly]

Hell, I'm using this... I'm printing this story out and laminating it. If I'm lucky I'll be able to buy a print copy that has this.

<< fast forward to where the US is a fully fascist state, maybe 2015 or so >>

FBI/other fascist type: Zeroply, explain the 8TB of encrypted data on your home computer?
Me: To prevent people hacking in and getting my data.
FBI: The only reason you would need a 4096 bit RSA key, and AES/Twofish/Serpent cascade is to hide things from the government.
Me: It's to keep the Chi

Re:

[ZiakII]

fast forward to where the US is a fully fascist state, maybe 2015 or so

Fully fascist state and you expect an old newspaper article to protect you. Good luck with all of that....

Re:

[ZeroPly]

No, no, no... you misunderstand...

I'm not looking to get out of trouble. I just want something to laugh about while they're doing the waterboarding...

2 Computers per Person?

[BoRegardless]

One is for non-critical communications. Other is offline permanently.

Re:

[CannonballHead]

Minesweeper.

Re:

[Synerg1y]

To demonstrate human stupidity and a non-understanding of basic computer security.

Re:

[hackula]

Writing a Mystery novel... Duh!

Re:

[Tx]

How many layers does your tinfoil hat have exactly, if you don't mind my asking?

Re:

[DogDude]

Each one has four, but he changes them at least once a day, because everybody knows that tinfoil that's too full of Omega waves is useless.

Re:

[desdinova 216]

I use carrier pigeons you insensitve clod!

Re:

[hackula]

People with that level of security don't do communication. Psshh. Friendship is today's biggest attack vector.

Oh noes...

[SmSlDoo]

The real problem is normal users that do not really know what is happening on their computers and really do not care.
It always brings me back to images of windows users with 20 different toolbars loaded in to IE.

Re:

[semi-extrinsic]

I've also received ssh brute force attempts from Comcast users that I have checked the IP of, and probably several other US ISPs.

Re:

[SmSlDoo]

My all time favorite catch was when we noticed one of the IPs in an attack was from Microsoft's corporate office.
Needless to say they were probably running IE.

Uhm yeah

[lesincompetent]

Lame attempt at distraction there uncle Sam!

"criminal organizations"

[Anonymous Coward]

You have criminal organizations trying to get into your personal computer and steal your personal stuff.

You mean like the RIAA/MPAA and the Federal government?

big brother anti virus incoming

[Anonymous Coward]

Effective immediately: government mandated state controlled anti-virus. Fuck off lawmakers, my PC is clean I don't need your help.

Let the Fear Mongering Begin

[Laebshade]

What's wrong, Republican Rogers? Has the physical terrorism boogeyman waned to so little that you must now bring out a new candidate?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[bill_mcgonigle]

the same asshole who thought iraq was trying to kill us

The two are unrelated. We've known that Russian Mafia has been running commercial botnets for, what, a decade? He's hopelessly behind the entire security industry, but he's not proposing a wild, unproven theory.

It's a mistake to choose politicians based upon who you agree with 100% of the time and who you disagree with 0% of the time. Support them when they're right, rain down righteous indignation when they're not. It's policy, not tribal warfare.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[CBravo]

If someone is 50% wrong all the time I call him incompetent and fire his ass.

Re:

[LordLimecat]

Its PARTISAN warfare, get it right.

Obviously only republicans dream up bogeymen to infringe on personal rights, right?

Re:

[Zontar_Thing_From_Ve]

banging his wardrum. this is the same asshole who thought iraq was trying to kill us all. how'd that turn out for ya mike? http://www.nbcnews.com/id/17707705/39591107 [nbcnews.com]

Well, I guess it worked out OK for him because he's been re-elected every election since then. This illustrates exactly what is wrong with the House of Representatives - at the House district level, voting is often about party affiliation only and nobody asks "Is this person deserving of my vote?" Voters just vote based on party affiliation. This does illustrate exactly why I abandoned the Republican Party a few years ago. I couldn't take the willful embrace of idiocy any more. Stupid people used to be

Re:

[cusco]

I think the willful embrace of idiocy was a major plank of the Reagan Revolution.

ISP Egress Filtering...

[sillivalley]

How much of the crap we put up with would go away if ISPs instituted egress filtering?

Oh, that's not a panacea; it's not going to cure all the interweb's problems overnight, but it would sure as hell eliminate a lot of the low-level crap that goes on.

(grumble grumble grumble)

Re:

[jbmartin6]

Comcast egress filters SMTP and CIFS, at least where I live. What sort of low level crap are you thinking of?

Re:

[Qzukk]

It would fix nearly all DNS-based DOSes if they filtered source addresses of outbound packets to eliminate spoofed UDP packets. If it's leaving their network, the packet should say it came from their network.

Re:

[LordLimecat]

Spoofed TCP packets are every bit as big as a problem. What do you suppose happens when you send a spoofed TCP Syn packet to google? Might make it pretty difficult to trace where that packet originated, no?

My concerns

[xs650]

As a USian, I'm more concerned about US corporations and US government agencies being after me, they are the ones that can do and are most likely to do me some harm. And, I'm not even concerned enough about them to wear a tinfoil hat.

Re:My concerns

[jc42]

As a USian, I'm more concerned about US corporations and US government agencies being after me, they are the ones that can do and are most likely to do me some harm.

This is probably the most important thing to get across. The US population has been far more damaged by the likes of HUAC and the various secretive "intelligence" agencies than by any foreign bogeymen.

This isn't just a US problem, either. I've read a few comments from historians on the topic, saying that the data shows that during the last century, far more people (in the world as a whole) died due to their own government's actions than from any foreign soldiers or other attackers.

The data isn't nearly as good for previous centuries, but what data there is supports the claim for the rest of our history. The biggest danger everywhere comes from our own rulers, who rarely have our interests at heart.

In the on-topic case of network security, it's fairly clear that the primary interest of the US and all other governments is in controlling the communication of their own citizens.

Wait a minute

[lbmouse]

How did they get through the tubes?

ZOMG!!!!!!

[slashmydots]

Unplug that sucker and throw it out the windows, now! Oh wait, it's a Linux box lol.

For the record, MyWebSearch and Yontoo and Freeze and Babylon are after "you" too and since "you" are an idiot, "you" probably have them on your computer as well. They could have added that to the message too.

Always need boogeymen

[Hoi Polloi]

It could be worse. What if they started flying remote controlled drones around the world killing people with impunity?

Re:

[Anomalyst]

Indeed, the lethality of impunity is what is wrong with this world.

Run the Microsoft Malicious Software Removal Tool

[Animats]

Microsoft offers the Malicious Software Removal Tool (IA32 version) [microsoft.com] , (AMD64 version) [microsoft.com] which they update monthly. It's not perfect, but it's worth running on Windows machines.

If Congress wants to apply pressure to somebody, it might be worthwhile to investigate how well that's working, and what it's missing.

Did I miss something?

[SirGarlon]

In order for there to be a next major cyberattack, there must have been a last major cyberattack. When was that?

Seriously, what constitutes a "cyberattack"? Does it have to be nation-state sponsored, or does a lone script kiddie count? What is the threshold to make it "major"? Does it have to kill more people than 9/11, or is installing an unwanted browser toolbar enough?

Depending on what your definitions are, a "major cyberattack" might be unlikely to ever happen, or it could be happening *right now*! :-

Re:

[cusco]

That's one of the (many) issues that I have with the "ZOMG Chinese hackers" headlines. China represents 1/4 of the world's population, and has a rapidly growing computer-literate class, and a rapidly growing criminal class. The assumption that every attack from China is authorized/conducted by the Chinese government is absurd, but as we've all seen many times in the past military and political management is consistently a decade or two behind the times so I expect we'll continue to see more of these annou

Re:

[Anomalyst]

I want to seee the list of majors that have been cyberattacked.

One solution for a lot of the ID theft parts ...

[Skapare]

... is to require businesses to do a better job of distinguishing between mere identity, and actual authenticated authorization. For example, your SSN is just some numbers that can refer to you. Having an SSN is absolutely not authorization. If someone uses you SSN and a business chooses to charge your or open accounts to allow such charges, then they have failed to obtain authorization. In such a case, it should be required by new sensible law that if you state for the record that you did not authorize the transactions or whatever, then that business may not take any action whatsoever unless and until they can prove that you actually did authorize it. The "not take any action" means they cannot collect on debts, cannot place debts with a debt collector, cannot put it on your credit report (must take it off if already did). It has to be like it never happened.

The big problem with ID theft is that these businesses are not checking authorization. They need to start checking authorization or simply eat the loss.

Re:

[semi-extrinsic]

Starting around ten years ago, we stopped using SSNs for such purposes here in Norway. Not in small part because a certain phone operator leaked a few hundred thousand of them through a poorly-written webpage.

Should I be upset?

[Xcott Craver]

If they don't email me a phone number attached as a word document, then they're more welcome than the usual idiots I have to see on my computer.

Just more Xenophobic alarmism

[PhamNguyen]

Just more xenophobic alarmism. I'm surprised they didn't mention Israel's spying on the US, since crazy xenophobes also tend to be antisemitic too.

Re:

[Cosgrach]

That's because Israel is our most trusted friend.

Re:

[runeghost]

Not if they're Republican's being quoted on Faux.

Ah, here it is!

[ThatsNotPudding]

The beginning of justifications to monitor all communications and online activities of all Americans at all times.

It's For Your Safety, Loyal Citizen. After all: if you have nothing to hide...

Re:

[ColdWetDog]

Where the hell have you been this past decade?

'beginning'?

...and the Czechs...

[David_Hart]

... are definitely in my computer. I am using Avast! Anti-Virus software.

Just as long as they aren't constantly reading and writing to my SSD drives... If I catch them doing that I will be pissed....

Re:

[account_deleted]

Comment removed based on user account deletion

Good Lord!!!

[sethradio]

Only Losedows systems get broken into. Why not pass a legislation making Losedows illegal? It's not like it's going to be any more unconstitutional then CISPA is already...

if I believed a tenth of what Congress said

[peter303]

I'd be an ignorant, prejudiced fool.

Bad timing

[moeinvt]

It's mid-April and this politician in the federal government is trying to explain how it's the evil Russians, Chinese and Iranians that are trying to steal from us?

Dual Core

[V!NCENT]

"Connect it to the internet and someone's going to own it!" --Dual Core

Re:lol

[cusco]

Amazing. A lawmaker from Michigan learned to read a newspaper headline.

Oh, wait, that's a lawmaker from Michigan. He's just spouting what the lobbyists from Symantec and McAfee are whispering in his year. False alarm.

Re:

[desdinova 216]

Amazing. A lawmaker learned to read a newspaper headline. Oh, wait, that's a lawmaker. He's just spouting what the lobbyists from Symantec and McAfee are whispering in his year. False alarm.

FTFA

Re:

[runeghost]

Whispering in his ear? Please, that's so 19th Century. In the modern world, lobbyists have wireless access directly to their Congresscritters' brains via the Capitol Area Network. (Amount of bandwidth available to individual lobbyists is directly proportional to size and legality of past, present and future bribes.)

Re:

[Vlad_the_Inhaler]

My case is worse - the FSF have software on my computer. The horror of it all.

Re:lol

[yurtinus]

Oh 1999, how I miss you. Back then I was working at the local CompUSA and had a lady come in looking for security software:

her: "I have a hacker in my computer"
me: "Oh, you mean a virus?"
her: "No, it's my neighbor. He's gotten in there and I need a program to get him out"
me: (head explode)

I do wish I had recorded the entire conversation, but I couldn't convince her that if the her modem wasn't connected to the internet, nobody could do anything with her computer from the outside. She'd gone as far as turning off and unplugging the computer. He was coming through the power lines, through the TV, he was already *in there* hacking away even with the power turned off... I eventually gave up and sent her off with some firewall software. These are the kinds of people we need to get some rational thought into, Gods help us.

Re:

[Synerg1y]

I thought that good salesmanship was to sell that lady the most comprehensive product you can without balking at the price.

The logic is the store gets paid and the lady gets peace of mind.

Sounds shitty right? Thus I won't be doing retail sales ever again.

Re:

[yurtinus]

It is shitty, and I never was a very good salesman.

Glad I'm out of that business as well.

Re:

[trazom28]

Oh, it's still happening. I was just told today that an iPad that couldn't connect to a WAP, that uses cablemodem must have also broken the phone line (not over cable, separate phone company). Was totally convinced. Nevermind we got a hellacious ice storm last night, with power lines down all over... nah.. that couldn't be it!

Re:

[yurtinus]

Dude, iPads are known to cause ice storms.

sheesh, some people don't know nothin'.

Re:

[GodfatherofSoul]

Is it possible that some exploit had itself burrowed into her system so that whenever she turned it back on, she could see evidence it was working again? Keep in mind that the uninitiated don't have the vocabulary to express what's actually happening (boot scripts, hacked MBRs, etc). I can see how a non-techie could make those kinds of silly assumptions ("my laptop stays 'alive' so why can't my desktop?").

Re:

[cheater512]

So...the neighbour changed her background image to scare her?

Occam's Razor.

Re:

[Xphile101361]

1999 - 1967 = 32 years

Re:

[blueturffan]

1999 - 1967 = 32 years

Unless the AC was referring to the album by The Police, which was released in 1981.

Re:

[IWantMoreSpamPlease]

A very close friend of mine's sister suffers from that. Came on in her mid to late 20s, she threw away her entire life as she spiraled down the path of insanity. It really is heartbreaking to watch

Re:

[gmuslera]

They think we won't notice the elephant (and the donkey) in the room.

Re:

[FatdogHaiku]

"Waiter, there a fusion center in my soup!"

Did you order the Spicy Dumpling Borscht with Arde?

Re:lol

[electron sponge]

1999 called

Did you warn them about 9/11?

Re:

[Waffle Iron]

1999 called

Did you warn them about 9/11?

NO! If you alter the past in that way, we could all poof out of existence.

Re:

[sconeu]

1999 called

Did you warn them about 9/11?

ObXKCD: http://xkcd.com/875 [xkcd.com]

Re:

[Anonymous Coward]

How to you transfer files to those computers. USB drives? That's how hackers breach company networks.

Corporations penetrating my computer for data mining? No. Corporations tracking me every way they can without directly hacking? Yes.

What do you do with your never connected computers? The best I can come up with is watching movies or playing old games. Or do you have both side by side with your bank account open in the online computer and your other finical documents open of the offline computer? Tho

Re:

[Synerg1y]

Let me put it as simply as possible for everybody here:

Your data as an individual isn't worth a buck. Security professionals on the other hand cost much much more. Enjoy your tin-foil hat though, I'm sure it'll save you when shit actually hits the fan on the internet.

Re:

[cusco]

As an employee of a security company my data can include plans of customers' security systems, passwords, building layouts, etc. I assure you, I'm not alone on SlashDot when I say that there is an awful lot of data on my computers that would be very valuable to interested parties.

Re:

[Synerg1y]

At this point, corporate war games only exist in hollywood movies as far as the general public knows anyways.

Also, I really really hope you're not referring to your personal computer that houses this data.

Re:

[cusco]

Mine? No, but we have a lot of subcontractors scattered around the world that may be using personal computers for work, or vice versa.

Re:

[k6mfw]

Your data as an individual isn't worth a buck.

uhmm, actually it is for me, i.e. many images of Connie Francis and Gina Lollobrigida plus various concert, TV, and movie clips (many of these no longer exist, or if they do, good luck finding them). Plus many tech documents. Maybe not worth in terms of $USD but if data lost, it will be considerable time to replace it (much is not replacable). Yes, I gotta stay consistent with backups. fyi, I don't have any computer games.

Re:

[hackula]

But Captain Adama, we haven't seen the Cylons in over 40 years!!!

Re:

[Zemran]

an oxymoron...

Re:

[the eric conspiracy]

Close relation to the House Committee on Science, Space, and Technology.

Bunch of macaroons.

Re:

[hackula]

Surprisingly, however, the House Committee on Macaroons is quite capable.

Re:

[Anomalyst]

Sounds like a cookie-cutter response to me.

Re:

[Synerg1y]

No, fear-mongering of this intensity probably targets passing things like SOPA and CISPA, so that homeland security can protect us from our squinty eyed, dark colored, vodka loving enemies from somewhere abroad thus ensuring jobs for them and plenty of racy private photos & videos for their dicks.

Something like making computers come with an AV solution out of the box is almost incomprehensible to these people because they can't tell apart a computer from a washing machine.

Re:

[Cenan]

There are lots of eyes on the keys with which my RedHat distros are signed, especially since they were social-engineered once. When [$bogeyman] can compromise those, I'll worry.

Per your own reply, you should start worrying right now. You actually should have been worrying for a while. As you point out, even the securest of secrets can be compromised, all it takes is dedication; Well that and knowing that there is a secret to know.