Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
China Australia Security The Military

China, Russia Try To Hack Australia's Upcoming Submarine Plans 83

An anonymous reader writes: Chinese and Russian spies have attempted to hack into the top secret details of Australia's future submarines (paywalled), with both Beijing and Moscow believed to have mounted repeated cyber attacks in recent months. One of the companies working on a bid for Australia's new submarine project said it records between 30 and 40 cyberattacks per night.
This discussion has been archived. No new comments can be posted.

China, Russia Try To Hack Australia's Upcoming Submarine Plans

Comments Filter:
  • Cool paywall, bro (Score:1, Informative)

    by Anonymous Coward

    Nice ad for a subscription, and another link being a brief blurb. Journalism at its best.

  • Shocking! (Score:4, Insightful)

    by DaHat ( 247651 ) on Monday November 09, 2015 @06:16PM (#50897291) Homepage

    Foreign intelligence agencies trying to learn the specifics of a new military system? I am shocked, shocked! [youtube.com]

    The only news here is that there are signs of it, and seemingly attributable ones as well.

    • The only news here is that there are signs of it

      That isn't news either. My home router gets more than 30-40 "cyber-attacks" per night.

      and seemingly attributable ones as well.

      The "attribution" is just speculation. They have no actual evidence.
      They are just softening up the public for a money-grab to conduct "cyber-warfare".

    • by Anonymous Coward

      Let's just scrap the CIA.
      America just isn't interested in "trying to learn the specifics of a new military system", unlike the nosy Chinese/Russians.

    • by Anonymous Coward

      my company website gets 10-100 "cyber-attacks" per hour, for last 3 years. More precisely, those are blind shots at admin login pages typical for popular CMSs.

      After filling .http_access with reject for some 80 blocks covering mostly Russia, Ukraine, Belarus, Kazakhstan and China at least I'm not sending any bytes back.

  • Internet (Score:5, Insightful)

    by amiga3D ( 567632 ) on Monday November 09, 2015 @06:17PM (#50897301)

    Why do they have this kind of stuff where it can be reached from the internet? I don't see why that's necessary. If it's convenient for the designers then it's too damn convenient for your enemies.

    • by TWX ( 665546 )

      Why do they have this kind of stuff where it can be reached from the internet? I don't see why that's necessary. If it's convenient for the designers then it's too damn convenient for your enemies.

      From the headline:

      Chinese and Russian spies have attempted to hack into the top secret details of Australia's future submarines (paywalled)

      Sounds to me like they didn't want to pay for them either...

      *grin* In all seriousness, it is not practical to air-gap computer networks anymore. Operating systems need too much connectivity for updates, and commercial software wants to do authenticity checks to make sure that the corporations using it have actually paid for it. On top of that with the world basically standardized on TCP/IP it's not practical to even use alternate protocols to complicate access.

      That's before you eve

      • Re: (Score:2, Informative)

        by Anonymous Coward

        In all seriousness, it is not practical to air-gap computer networks anymore. Operating systems need too much connectivity for updates, and commercial software wants to do authenticity checks to make sure that the corporations using it have actually paid for it. On top of that with the world basically standardized on TCP/IP it's not practical to even use alternate protocols to complicate access.

        Actually what updates exactly do you need for a computer that's not on the network at large? Most security updates would be superfluous, and the vast majority of 'fix' updates fix stuff doesn't fix system or program breaking issues for most users, barring those introduced by another update. As for commercial software wanting to phone home, that's easily resolved by NOT choosing such software in the first place.

        It's perfectly practical to air-gap networks if you go in with the mind set of it from the get go.

        • by Ocker3 ( 1232550 )
          Only if you never want to move data into or out of the network, ever, except by manual user input.
      • by Lennie ( 16154 )

        Then why don't they use Linux ?

        Linux works just fine.

        It doesn't need to talk to the outside world.

        All it needs for updates is mirror it can contact. The mirror could be internal, getting it's packages from the Internet, logged, etc.

      • by Anonymous Coward
        Sounds like the solution then is to put this classified data on the newspaper's paywalled site. Then the Russians and Chinese hackers can't get it at without paying... Oh, wait...
      • by amiga3D ( 567632 )

        When you're talking billions of dollars I think it might be possible to bypass the internet. I know I have two computers that never see the internet. Updates are done on one manually and the other never. It's entirely possible still to pass data over a telephone network with a modem. I just think when extreme secrecy is required then extreme actions need to be taken.

      • by Anonymous Coward

        "it is not practical to air-gap computer networks anymore" Anything dealing with classified military information certainly should be air-gapped. It's not hard to do and only creates some minor inconvenience when you need to share that data to a 3rd party. Hand delivered encrypted USB drives is one example. The inconvenience is nothing compared to having a enemy or competitor get their hands on the data. And an air-gapped network will also cut down on the number of hours the employees waste surfing the web.
        "

      • DoD work is supposed to be air gaped when classified. Sure, there is a difference between military contractors and Government. Guess which ones give up information? Not the guys building the military gear, because they are held accountable for their actions.

    • Who says it can actually be reached from the internet?

    • The actual blueprints are, in fact, safely air-gapped; the chicoms and the russkies are in fact eagerly downloading the plans for a huge nautically-themed device that simultaneously barbecues shrimp while dispensing XXXX [wikipedia.org]...
    • by AHuxley ( 892839 )
      +1 for the "convenient for the designers"
      US contractors need links back to their multinationals and mil, global sourcing of US parts and US/UK trained experts.
      Australia could do all the work at a secure site, base, port but that is been blocked by the USA. The problem is the US would then not share its more secure export grade electronics.
      So Australia has to keep its networks wide open to keep US contractors happy and ensure jobs and profits are shared with the US military–industrial complex.
      Th
  • by guruevi ( 827432 ) <[evi] [at] [smokingcube.be]> on Monday November 09, 2015 @06:19PM (#50897317) Homepage

    If China/Russia are actively hacking the joint, I must be running something really interesting because I get about 2000/night from Russia and China on my web servers. This is just some scaremongering from a company that has no IT or an IT without a clue.

    • If China/Russia are actively hacking the joint, I must be running something really interesting because I get about 2000/night from Russia and China on my web servers. This is just some scaremongering from a company that has no IT or an IT without a clue.

      Or someone with a political ax to grind who's making it all up...

    • That's why I wish they defined what a "cyberattack" is. The fact that there were only 40 of them makes me think that they may have limited the definition to "attacks" that are actually meaningful, but it's all pointless speculation without the details.
      • by guruevi ( 827432 )

        What is a meaningful attack though? An attack that goes through is meaningful and if they let pass 40 attacks/night, they're doing a really bad job. Security is pretty much black and white, you either get compromised or you don't.

        • What is a meaningful attack though?

          That's what I wish they would define. An example of a "meaningful" attack might be a flurry of portscans from a single IP address hitting all of their known public IP addresses in sequence in a short timeframe (indicating they were the specific target of the scan). Otherwise they just sound like a software firewall trying to justify its own existence.

    • by nnull ( 1148259 )
      I was just going to mention this. I will get over 1000 a night from just opening port 22 from my HOME server.
  • Back in my sat technology days, that would be an average night. It went on like that for years.
    Its only news if they break in.

  • I see absolutely nothing wrong with this. This is exactly what intelligence agencies should be doing - investigating rival countries' military capabilities and assessing threats to the nation.

    Meanwhile, what intelligence agencies most definitely shouldn't be doing is mass surveillance of their own people. Intelligence agencies don't exist to suppress descenting opinions. They don't exist to erode freedom. They don't exist to keep the populous inline. The reason they exist to assess external threats to t

  • by hawguy ( 1600213 ) on Monday November 09, 2015 @06:30PM (#50897385)

    When you steal plans for a multi-billion dollar project, how do you know when you've got the real plans, and when you've got decoy plans that were carefully developed to be plausible, yet incorrect?

    • by AHuxley ( 892839 )
      In the old days you had staff photocopy or walk out with images of the real plans. It was that simple to find staff willing to help other nations. They would and could pass any back ground tests, the files would be the same been used.
      The problem with any files now found is the US ability to redesign fake plans for any project and have other nations waste decades on junk plans.
      eg Operation Merlin https://en.wikipedia.org/wiki/... [wikipedia.org]
      Would any nation trust digital files found in Australia, unencrypted on an
    • We know from the efforts of the many Bothans who died to obtain the plans.
    • You give the government waaaay too much credit.

  • My home NAS records more cyberattacks than that every night, all you need is a computer and and IP adress.
  • by tomhath ( 637240 ) on Monday November 09, 2015 @06:36PM (#50897421)
    China attacks random IP addresses more than that. Try it for yourself: register a domain, put up a web site, and see how many attempts are made every day, probably in the hundreds.
  • The country was founded by convicts and houses the most poisonous animals on the planet. I bet they put some of that stuff into their submarine technology.

  • between 30 and 40 cyberattacks per night

    I wonder, what these numbers mean because I — without doing any classified research whatsoever — get log-entries like these every day:

    ...
    Nov 7 02:42:15 symbion sshd[96507]: Invalid user admin from 186.64.69.136
    Nov 7 02:42:15 symbion sshd[96507]: input_userauth_request: invalid user admin [preauth]
    Nov 7 02:42:21 symbion root-ssh-watch: banned 186.64.69.136 (for pretending to be invalid user `admin')
    Nov 7 02:54:34 symbion sshd[96528]: Invalid user pos from 47.19.134.118
    Nov 7 02:54:34 symbion sshd[96528]: input_userauth_request: invalid user pos [preauth]
    Nov 7 02:54:35 symbion sshd[96530]: Invalid user pi from 47.19.134.118
    Nov 7 02:54:35 symbion sshd[96530]: input_userauth_request: invalid user pi [preauth]
    Nov 7 02:54:35 symbion sshd[96532]: Invalid user manager from 47.19.134.118
    Nov 7 02:54:35 symbion sshd[96532]: input_userauth_request: invalid user manager [preauth]
    Nov 7 02:54:36 symbion sshd[96534]: Invalid user admin from 47.19.134.118
    Nov 7 02:54:36 symbion sshd[96534]: input_userauth_request: invalid user admin [preauth]
    Nov 7 02:54:36 symbion sshd[96537]: Invalid user ubnt from 47.19.134.118
    Nov 7 02:54:36 symbion sshd[96537]: input_userauth_request: invalid user ubnt [preauth]
    Nov 7 02:54:41 symbion root-ssh-watch: banned 47.19.134.118 (for pretending to be invalid user `admin')
    Nov 7 04:17:05 symbion sshd[97127]: Invalid user admin from 187.19.101.110
    Nov 7 04:17:05 symbion sshd[97127]: input_userauth_request: invalid user admin [preauth]
    Nov 7 04:17:05 symbion sshd[97127]: Postponed keyboard-interactive for invalid user admin from 187.19.101.110 port 51224 ssh2 [preauth]
    Nov 7 04:17:05 symbion sshd[97127]: error: PAM: authentication error for illegal user admin from 187-19-101-110.users.certto.com.br
    ...

    Do I get to count each entry as a separate attack? Or one "attack" per remote IP?

    • Jesus how many entries do you allow before you just ban the IP? I allow like 3 and then a 15min ban.

      • by mi ( 197448 )

        Jesus how many entries do you allow before you just ban the IP? I allow like 3 and then a 15min ban.

        I also allow three (depending on the attempted login, actually — trying to get in as "root" will cause an immediate ban, because I would never attempt that myself), and then ban permanently (until the router is rebooted, rather). However, from the time the log-watching script decides to issue a ban and the time the ban is actually in place, there is a delay, because the router is slow and establishing a

  • by jblues ( 1703158 ) on Monday November 09, 2015 @06:50PM (#50897511)

    Meh - everyone has a submarine these days. . .

    Even rebel separatist groups. Here in the Philippines the Moro Islamic Liberation Front (MILF) sadly have trouble with the Google ranking due to competition in the namespace for that acronym. However, that didn't stop plans for the purchase of a Swede-made MSM Type A midget submarine [manilatimes.net], which was to be used to disrupt the development of an oil and gas project in the now hotly disputed South-china Sea.

    The MILFs are one of several separatist groups in the Philippines, which come in Islamic and Communist, and just-plain-thug varieties. The formation of the of the MILF is actually, unsurprisingly, a tragic story. In the 60s with the incumbent government of the Philippines, proceed with plans to invade and reunite neighboring Sabah, which was granted under a lease, but somehow after World War 2 ended up as Malaysian territory.

    Troops from the western region of Mindanao were selected and trained to form an elite squadron. When the troops learned that their mission would involve lethal combat with their neighboring kin-folks they refused to participate, so they were massacred by the Philippines Armed Forces on March 18, 1968 [wikipedia.org]. This led to years of uprising and political unrest, and it was only recently that the Philippines Government formally acknowledged that the incident occurred.

    Reading about this and other affairs helped me to learn about governments, terrorism, political intrigue and rebel groups. We live in a violent world where democracy and other formal government processes seem to be a thin, fragile structure over game-of-thrones style chaos.

  • by Anonymous Coward

    Chinese and Russian spies have attempted to hack into the top secret details of Australia’s future submarines, with both Beijing and Moscow believed to have mounted repeated cyber attacks in recent months.

    The hacking attempts have been aimed at the submarine builders in Germany, France and Japan bidding for the $20 billion contract to build the new fleet. The bidders are holding highly sensitive information about the Royal Australian Navy’s technical requirements for its new-generation submarine

    • IANAL but there must be something immoral or illegal about posting content from behind a paywall.

  • I guess these are the same spies that are trying to hack into my website every night! I guess they're lucky they're only getting Chinese and Russian ones!

    Seriously though, three news articles are linked to in this story and zero of them have any more information that differentiates this even remotely from the standard brute force hacking attempts that I'm sure everyone that reads Slashdot puts up with on a daily basis on their various servers and systems.

    As far as I can tell for anyone in IT here in Austral

    • by AHuxley ( 892839 )
      re "an actual threat from foreign nation states attempting to CYBER-espionage us, and just the typical random background noise of automated exploit scriptkiddie stuff."
      So many nations want the contracts, jobs, cash that *anyone* could be using random internet cover to find out more. Not so much mil secrets just the governments staffs thinking on keeping local jobs vs fully importing a turn key sub.
      A lot of cash of decades is in play. Just knowing what to present and when could be a winning contract. W
  • Could have thrown in the plans for the secret moon base for free....
  • I get 30 to 40 attempts an hour, and that's just the ssh attempts.

  • What kind of idiot keeps his secret 'Submarine Plans' on a computer connected to the Internet.
  • > Chinese and Russian spies have attempted to hack into the top secret details of Australia's future submarines (paywalled)...

    If the secret details are paywalled why those stupid spies didn't simply pay to access them? Budget cuts?

  • :-) This amount of attacks simply means that they don't care. I am working on one website of known Japanese corporation and this is the log from my IDS - how many attacks were detected/prevented a day - on average between 100 - 200... and that is just one commercial company: ....
    105x 2015-11-02
    122x 2015-11-03
    226x 2015-11-04
    108x 2015-11-05
    125x 2015-11-06

"I got everybody to pay up front...then I blew up their planet." "Now why didn't I think of that?" -- Post Bros. Comics

Working...