China, Russia Try To Hack Australia's Upcoming Submarine Plans 83
An anonymous reader writes: Chinese and Russian spies have attempted to hack into the top secret details of Australia's future submarines (paywalled), with both Beijing and Moscow believed to have mounted repeated cyber attacks in recent months. One of the companies working on a bid for Australia's new submarine project said it records between 30 and 40 cyberattacks per night.
Cool paywall, bro (Score:1, Informative)
Nice ad for a subscription, and another link being a brief blurb. Journalism at its best.
Re:Cool paywall, bro (Score:5, Insightful)
Anything that references an article behind a paywall should automatically get rejected.
Re:Cool paywall, bro (Score:5, Insightful)
It's a Rupert paper.
Any time I'm paywalled by News Corporation, he's doing *me* a favour by disallowing the reading of his trashy article.
Re: (Score:2)
Re: (Score:1)
Don't fool me, bro. I read this before.
You don't bother to check the date, don't you? The day Murdoch announced to buy National Geographic was 2015/09/10, the day Murdoch FIRED the magazine's staff was 2015/11/04.
You either did not mention the difference of two stories, Murdoch bought the magazine and in other one, he laid off the staff.
Damn you, before name calling other, check your stupid measure.
Re: (Score:1)
What's the big deal for China or Russia or anyone?
The subs haven't been designed yet. No tenders let. No specifications finalised.
More likely its the tenderers trying to get an inside edge on each other. They are from France, Germany and Japan.
When in doubt, Follow The Money.
Shocking! (Score:4, Insightful)
Foreign intelligence agencies trying to learn the specifics of a new military system? I am shocked, shocked! [youtube.com]
The only news here is that there are signs of it, and seemingly attributable ones as well.
Re: (Score:3)
The only news here is that there are signs of it
That isn't news either. My home router gets more than 30-40 "cyber-attacks" per night.
and seemingly attributable ones as well.
The "attribution" is just speculation. They have no actual evidence.
They are just softening up the public for a money-grab to conduct "cyber-warfare".
Re: (Score:1)
Let's just scrap the CIA.
America just isn't interested in "trying to learn the specifics of a new military system", unlike the nosy Chinese/Russians.
Re: (Score:1)
my company website gets 10-100 "cyber-attacks" per hour, for last 3 years. More precisely, those are blind shots at admin login pages typical for popular CMSs.
After filling .http_access with reject for some 80 blocks covering mostly Russia, Ukraine, Belarus, Kazakhstan and China at least I'm not sending any bytes back.
Internet (Score:5, Insightful)
Why do they have this kind of stuff where it can be reached from the internet? I don't see why that's necessary. If it's convenient for the designers then it's too damn convenient for your enemies.
Re: (Score:2)
Why do they have this kind of stuff where it can be reached from the internet? I don't see why that's necessary. If it's convenient for the designers then it's too damn convenient for your enemies.
From the headline:
Chinese and Russian spies have attempted to hack into the top secret details of Australia's future submarines (paywalled)
Sounds to me like they didn't want to pay for them either...
*grin* In all seriousness, it is not practical to air-gap computer networks anymore. Operating systems need too much connectivity for updates, and commercial software wants to do authenticity checks to make sure that the corporations using it have actually paid for it. On top of that with the world basically standardized on TCP/IP it's not practical to even use alternate protocols to complicate access.
That's before you eve
Re: (Score:2, Informative)
In all seriousness, it is not practical to air-gap computer networks anymore. Operating systems need too much connectivity for updates, and commercial software wants to do authenticity checks to make sure that the corporations using it have actually paid for it. On top of that with the world basically standardized on TCP/IP it's not practical to even use alternate protocols to complicate access.
Actually what updates exactly do you need for a computer that's not on the network at large? Most security updates would be superfluous, and the vast majority of 'fix' updates fix stuff doesn't fix system or program breaking issues for most users, barring those introduced by another update. As for commercial software wanting to phone home, that's easily resolved by NOT choosing such software in the first place.
It's perfectly practical to air-gap networks if you go in with the mind set of it from the get go.
Re: (Score:2)
Re: (Score:2)
Then why don't they use Linux ?
Linux works just fine.
It doesn't need to talk to the outside world.
All it needs for updates is mirror it can contact. The mirror could be internal, getting it's packages from the Internet, logged, etc.
Re: (Score:1)
Re: (Score:3)
When you're talking billions of dollars I think it might be possible to bypass the internet. I know I have two computers that never see the internet. Updates are done on one manually and the other never. It's entirely possible still to pass data over a telephone network with a modem. I just think when extreme secrecy is required then extreme actions need to be taken.
Re: (Score:1)
"it is not practical to air-gap computer networks anymore" Anything dealing with classified military information certainly should be air-gapped. It's not hard to do and only creates some minor inconvenience when you need to share that data to a 3rd party. Hand delivered encrypted USB drives is one example. The inconvenience is nothing compared to having a enemy or competitor get their hands on the data. And an air-gapped network will also cut down on the number of hours the employees waste surfing the web.
"
Huh? (Score:3)
DoD work is supposed to be air gaped when classified. Sure, there is a difference between military contractors and Government. Guess which ones give up information? Not the guys building the military gear, because they are held accountable for their actions.
Re: (Score:2)
Who says it can actually be reached from the internet?
Re: (Score:2)
Re: (Score:3)
US contractors need links back to their multinationals and mil, global sourcing of US parts and US/UK trained experts.
Australia could do all the work at a secure site, base, port but that is been blocked by the USA. The problem is the US would then not share its more secure export grade electronics.
So Australia has to keep its networks wide open to keep US contractors happy and ensure jobs and profits are shared with the US military–industrial complex.
Th
Really? 30-40/night (Score:4, Insightful)
If China/Russia are actively hacking the joint, I must be running something really interesting because I get about 2000/night from Russia and China on my web servers. This is just some scaremongering from a company that has no IT or an IT without a clue.
Re: (Score:3)
If China/Russia are actively hacking the joint, I must be running something really interesting because I get about 2000/night from Russia and China on my web servers. This is just some scaremongering from a company that has no IT or an IT without a clue.
Or someone with a political ax to grind who's making it all up...
Re: (Score:3)
Re: (Score:2)
What is a meaningful attack though? An attack that goes through is meaningful and if they let pass 40 attacks/night, they're doing a really bad job. Security is pretty much black and white, you either get compromised or you don't.
Re: (Score:2)
What is a meaningful attack though?
That's what I wish they would define. An example of a "meaningful" attack might be a flurry of portscans from a single IP address hitting all of their known public IP addresses in sequence in a short timeframe (indicating they were the specific target of the scan). Otherwise they just sound like a software firewall trying to justify its own existence.
Re: (Score:1)
Nothing to see. (Score:2)
Back in my sat technology days, that would be an average night. It went on like that for years.
Its only news if they break in.
What Intelligence Agencies Should Be Doing (Score:2, Insightful)
I see absolutely nothing wrong with this. This is exactly what intelligence agencies should be doing - investigating rival countries' military capabilities and assessing threats to the nation.
Meanwhile, what intelligence agencies most definitely shouldn't be doing is mass surveillance of their own people. Intelligence agencies don't exist to suppress descenting opinions. They don't exist to erode freedom. They don't exist to keep the populous inline. The reason they exist to assess external threats to t
Re: (Score:2)
Go live in China or Russia if you think it's so great there... Moron...
Re: What Intelligence Agencies Should Be Doing (Score:1)
He does.
Re: (Score:3)
How do you know when you have the right plans? (Score:3)
When you steal plans for a multi-billion dollar project, how do you know when you've got the real plans, and when you've got decoy plans that were carefully developed to be plausible, yet incorrect?
Re: (Score:2)
The problem with any files now found is the US ability to redesign fake plans for any project and have other nations waste decades on junk plans.
eg Operation Merlin https://en.wikipedia.org/wiki/... [wikipedia.org]
Would any nation trust digital files found in Australia, unencrypted on an
Re: (Score:2)
Re: (Score:2)
You give the government waaaay too much credit.
Amazing news. (Score:2)
only 30 to 40? (Score:3)
Just try it (Score:1)
The country was founded by convicts and houses the most poisonous animals on the planet. I bet they put some of that stuff into their submarine technology.
I wonder, how they count -- and what... (Score:3)
I wonder, what these numbers mean because I — without doing any classified research whatsoever — get log-entries like these every day:
Do I get to count each entry as a separate attack? Or one "attack" per remote IP?
Re: (Score:2)
Jesus how many entries do you allow before you just ban the IP? I allow like 3 and then a 15min ban.
Re: (Score:2)
I also allow three (depending on the attempted login, actually — trying to get in as "root" will cause an immediate ban, because I would never attempt that myself), and then ban permanently (until the router is rebooted, rather). However, from the time the log-watching script decides to issue a ban and the time the ban is actually in place, there is a delay, because the router is slow and establishing a
Everyone's got one (Score:3)
Meh - everyone has a submarine these days. . .
Even rebel separatist groups. Here in the Philippines the Moro Islamic Liberation Front (MILF) sadly have trouble with the Google ranking due to competition in the namespace for that acronym. However, that didn't stop plans for the purchase of a Swede-made MSM Type A midget submarine [manilatimes.net], which was to be used to disrupt the development of an oil and gas project in the now hotly disputed South-china Sea.
The MILFs are one of several separatist groups in the Philippines, which come in Islamic and Communist, and just-plain-thug varieties. The formation of the of the MILF is actually, unsurprisingly, a tragic story. In the 60s with the incumbent government of the Philippines, proceed with plans to invade and reunite neighboring Sabah, which was granted under a lease, but somehow after World War 2 ended up as Malaysian territory.
Troops from the western region of Mindanao were selected and trained to form an elite squadron. When the troops learned that their mission would involve lethal combat with their neighboring kin-folks they refused to participate, so they were massacred by the Philippines Armed Forces on March 18, 1968 [wikipedia.org]. This led to years of uprising and political unrest, and it was only recently that the Philippines Government formally acknowledged that the incident occurred.
Reading about this and other affairs helped me to learn about governments, terrorism, political intrigue and rebel groups. We live in a violent world where democracy and other formal government processes seem to be a thin, fragile structure over game-of-thrones style chaos.
Re: (Score:2)
And during the years of Spanish influence nearly all of the tribes adopted adopted Catholicism, except for the Igorotte highlanders and the Aeta who held to their ancient animism, while the Moro proceeded with their adopted Islam. . . of courses over the years there have been Hindu influences - eg the Tagalog tribe had ties ties with the Kingdom of Medang in Java, and northern Philippines, with its proximity to China. . . . these are generalizations of course, individuals, obviously made many and varied per
Actual text from paywalled article (Score:1)
Chinese and Russian spies have attempted to hack into the top secret details of Australia’s future submarines, with both Beijing and Moscow believed to have mounted repeated cyber attacks in recent months.
The hacking attempts have been aimed at the submarine builders in Germany, France and Japan bidding for the $20 billion contract to build the new fleet. The bidders are holding highly sensitive information about the Royal Australian Navy’s technical requirements for its new-generation submarine
Re: (Score:1)
IANAL but there must be something immoral or illegal about posting content from behind a paywall.
Damn those spies! (Score:2)
I guess these are the same spies that are trying to hack into my website every night! I guess they're lucky they're only getting Chinese and Russian ones!
Seriously though, three news articles are linked to in this story and zero of them have any more information that differentiates this even remotely from the standard brute force hacking attempts that I'm sure everyone that reads Slashdot puts up with on a daily basis on their various servers and systems.
As far as I can tell for anyone in IT here in Austral
Re: (Score:2)
So many nations want the contracts, jobs, cash that *anyone* could be using random internet cover to find out more. Not so much mil secrets just the governments staffs thinking on keeping local jobs vs fully importing a turn key sub.
A lot of cash of decades is in play. Just knowing what to present and when could be a winning contract. W
A great trolling opportunity wasted.. (Score:1)
30 to 40 a night? (Score:2)
I get 30 to 40 attempts an hour, and that's just the ssh attempts.
Secret 'Submarine Plans' and the Internet .. (Score:2)
Paywalled? WTF? (Score:2)
> Chinese and Russian spies have attempted to hack into the top secret details of Australia's future submarines (paywalled)...
If the secret details are paywalled why those stupid spies didn't simply pay to access them? Budget cuts?
30 and 40 cyberattacks per night? LOL (Score:2)
:-) This amount of attacks simply means that they don't care. I am working on one website of known Japanese corporation and this is the log from my IDS - how many attacks were detected/prevented a day - on average between 100 - 200... and that is just one commercial company: ....
105x 2015-11-02
122x 2015-11-03
226x 2015-11-04
108x 2015-11-05
125x 2015-11-06