Hacker Steals 10 Petabytes of Data From China's Tianjin Supercomputer Center

An anonymous reader quotes a report from CNN: A hacker has allegedly stolen a massive trove of sensitive data -- including highly classified defense documents and missile schematics -- from a state-run Chinese supercomputer in what could potentially constitute the largest known heist of data from China. The dataset, which allegedly contains more than 10 petabytes of sensitive information, is believed by experts to have been obtained from the National Supercomputing Center (NSCC) in Tianjin -- a centralized hub that provides infrastructure services for more than 6,000 clients across China, including advanced science and defense agencies.

Cyber experts who have spoken to the alleged hacker and reviewed samples of the stolen data they posted online say they appeared to gain entry to the massive computer with comparative ease and were able to siphon out huge amounts of data over the course of multiple months without being detected. An account calling itself FlamingChina posted a sample of the alleged dataset on an anonymous Telegram channel on February 6, claiming it contained "research across various fields including aerospace engineering, military research, bioinformatics, fusion simulation and more." The group alleges the information is linked to "top organizations" including the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology.

Cyber security experts who have reviewed the data say the group is offering a limited preview of the alleged dataset, for thousands of dollars, with full access priced at hundreds of thousands of dollars. Payment was requested in cryptocurrency. CNN cannot verify the origins of the alleged dataset and the claims made by FlamingChina, but spoke with multiple experts whose initial assessment of the leak indicated it was genuine. The alleged sample data appeared to include documents marked "secret" in Chinese, along with technical files, animated simulations and renderings of defense equipment including bombs and missiles.

So

[RitchCraft]

The hacker stole back stolen data then?

Re:

[CEC-P]

I was just gonna say, I bet a lot of those schematics look familiar. Well, a bunch of Chinese companies are about to go on the entity list.

Re:

[AmiMoJo]

Just remember that everything developed by Western companies is stolen Chinese tech from now on.

How the fuck?

[anoncoward69]

Do you not notice 10 PETABYTES of data transmitting out of your data center? This was either a slow transfer over a REALLY long time, or they pegged the network to download it all really quickly.

Re:

[zlives]

RTFA but even 6 months seems like it should have triggered something. unless they rely on AI to monitor the alerts, and if you know the model you can game it.

Re:

[nightflameauto]

RTFA but even 6 months seems like it should have triggered something. unless they rely on AI to monitor the alerts, and if you know the model you can game it.

I wonder if you did a slowly accelerating transfer if it would just be shrugged off as a natural escalation of something. What, wouldn't know, but folks tend to get really stupid when something starts at a trickle and builds slowly over time.

Re: How the fuck?

[sziring]

The only indication was a small blinking red light that was partially hidden by an empty coffee mug. It happened just like in the movies. You think they would have learned by now not to cover important blinking lights.

Re: How the fuck?

[rayzat]

That was one of my first two thoughts. How long did it take to get that out and where the heck did you store it. That's not an insignificant amount of capacity to acquire.

Re:

[sabbede]

Well, they didn't have to solve that problem in a day. If you had three weeks to do it, I'm sure you could find a way to store a petabyte. That, ten times.

Re:

[93 Escort Wagon]

Well, finding the culprit should be easy - just look for someone who made a whole lot of disk orders from AliExpress over the course of a few weeks.

Re:

[sabbede]

If I had such a concern, what I would do was setup a fake marketing materials business and order a ton of USB sticks (or blank writable blurays, whatever) as if I was going to print logos on them. I thought about a fake retail shop, but then I'd need to setup a fake shopping site.

Re:

[nightflameauto]

That was one of my first two thoughts. How long did it take to get that out and where the heck did you store it. That's not an insignificant amount of capacity to acquire.

Maybe they used middle-out compression. Richard Hendricks is gonna sue somebody.

Re:

[omnichad]

Even over 6 months, that's 5 Gbps averaged out. That's USB 3.0 speeds. Must have been a really impressive compression algorithm or a lot of filler/duplicate data that is easily compressed.

Re:

[anoncoward69]

Still seems this should have triggered multiple alerts. Disk IO usage, compute resource usage, bandwidth and data transmission usage. Even without specific alerts you would think someone would notice degraded system performance.

Re:

[HiThere]

Maybe they do streaming backups, and he just duped the stream.

Re:

[breeze95]

Do you not notice 10 PETABYTES of data transmitting out of your data center? This was either a slow transfer over a REALLY long time, or they pegged the network to download it all really quickly.

Even so, it will take a long time to download 10 PETABYTES of data. For example, if they downloaded the data at 1 Gbps (this is about standard for a business internet connection) or 125 MB/s, it will take over 2 years to download 10 petabytes—assuming there is no lag, latency or throttling. If they download it at 10Gbps it takes around 3 months. Downloading at 1 Gbps and higher will be noticed, so; I am skeptical that they were able to download 10 petabytes of data. But you never know.

Re:

[anoncoward69]

I would think they would want to transfer as fast as they can to get as much as they can before being detected and cut off. Initiating a slow transfer that might just be seen as noise on any monitoring leaves significantly more time to be detected and cut off, or detected, monitored and traced.

Re: How the fuck?

[kenh]

"A few backpacks full of drives"? Really? it would take 10,000 terabyte drives...

Never underestimate the bandwidth of a station wagon full of magnetic tapes...

Re:

[TwistedGreen]

That would be only 454 22TB drives, so at 670 grams each that would only be around 670 pounds of hard drives occupying 10,830 cubic inches or 178L of space.

That could easily fit into 4-5 backpacks if you're okay with your party moving at half speed due to being overburdened.

Re:

[Mal-2]

This is why the Bag of Holding remains such a popular magic item. That would reduce 500 pounds down to 15, and the remaining 170 could easily be distributed across the party.

Re:

[fabioalcor]

Maybe they've used the (much probably existing) gov't backdoor, which log activities are directed to /dev/null .

Not in all the world

[Spazmania]

There's not 10 petabytes of sensitive data in all the world. 10 petabytes is enough to store a copy of every movie and television show ever released to DVD plus every book ever written in any language on Earth.

What they captured was some sensitive data and a whole lot of garbage that someone could possibly, maybe analyze to make some statistical inferences about conceivably sensitive data.

Re:

[anoncoward69]

I'm sure there is. Doesn't Linus Tech Tips have a 1PB NAS just for storing their raw video content? I can only imagine the amount of storage that the world's intelligence agencies have to be able to hoover up the contents of the internet traffic to mine intelligence out of.

Re:

[Spazmania]

Unanalyzed raw video. Internet noise. Those would qualify as, "a whole lot of garbage that someone could possibly, maybe analyze to make some statistical inferences about conceivably sensitive data."

Re:

[Ed_1024]

Maybe there are many network access points (it is a major centre) and the attackers used a lot of them in parallel to exfiltrate the data?

Re: How the fuck?

[kenh]

The original CNN report said it took 6 months to extract all that data, no word on where it is stored - maybe they squirreled it away in one of those "unlimited" Gmail accounts - I remember there was a utility to treat a Gmail account as a form of file system 'back in the day'...

wtf

[methano]

What, pray tell, would you even do with 10 petabytes of data?

Re:

[Fly Swatter]

Will it fit in a station wagon? Never underestimate the bandwidth...

Yes, yes it will fit in a station wagon Re:wtf

[davidwr]

10TB 3.5" drives are common enough. 1000 of those could easily fit in a station wagon.

Re:

[DDumitru]

its the old joke about bandwidth versus latency. A suburban can hold an awful lot of 1TB uSD cards.

Re:

[symbolset]

Those cards would be worth far more than the data at the moment.

Re:

[methano]

Show your face, you sniveling coward!

Where would you even keep it?

[jfdavis668]

How can you transmit it, what would you do with it, but the big question is where would you put it?

Re:Where would you even keep it?

[Scutter]

They bought a 10PB thumb drive from Aliexpress for $16.

The Alliance Needs To See That

[NMBob]

Look for the folder called, "Stardust".

What country are the hackers in?

[ukoda]

I wonder what country the hackers are in and if they have state connections? Chinese government, like most governments, has double a standard when it comes to hacking. So while they have no problems with their own hackers operating against offshore targets I doubt they will take it well once if they work out which country to blame for this.

If the hackers are based in the USA it would not help relations between them but given how bad they are I guess little would come of it. On the other hand if they a

Re:

[sabbede]

Russian hackers would cause tension, yeah. To that end, the US should do everything possible to make it look like it was a Russian with government ties. After securing access to the data.

Filleted alive

[ebonum]

These guys could have quietly cut a deal with the NSA/CIA. Now that China knows to look for them, they better watch their backs. Talk about poking the dragon.

Re:

[sabbede]

There's already an NSA representative knocking on the guy's door. With a big check in one hand and something terrifying in the other.

Re:

[ebonum]

The CIA is running Chinese language ads looking for spies.
https://www.theguardian.com/us... [theguardian.com]

The US will pay very good money for secrets.

Oops!

[jenningsthecat]

The "donate an organ today" item that WASN'T on some poor Chinese IT sod's To Do list will soon have a check mark beside it...

"A hacker"... underselling

[felixrising]

Kind of underselling the type of hacker who has 10 Petabytes of storage on hand. It's not your average everyday hack. That is an organisation and likely state sponsored.

Re: "A hacker"... underselling

[angryman77]

Maybe there's some really kick-ass compression algorithm involved.

Re:

[felixrising]

Probably TurboQuant, or another Pied Piper compression algo. ;j

10 PB doesn't cost all that much.

[TheMiddleRoad]

I figure it could be put together for $250k with a mix of used and new hardware. Possibly less. Certainly less than 300k. And that's with parity. The power bill would suck.

Re:

[parityshrimp]

$50k worth of LTO-9 tapes, no compression.

Re:

[TheMiddleRoad]

With LTO-9, you will need about 12 carousels, 48 tapes each, costing about $12k each on the low end. That's $144k. Then the tapes, and I'll accept your math on that. So 200k for something a fraction of the speed and far harder to use. There's reasons people buy spinny disks.

Where did he store it?

[juancn]

I mean, 10PB is not easy to store.

Re:

[Ryanrule]

this is ripe for a "your mother" joke

OH NO!

[Ryanrule]

anyway...

Bandwidth And Storage

[SlashbotAgent]

What "hacker" has that sort of bandwidth and storage available to them? We're talking over $200,000 worth of bandwidth and storage. For the lulz and a chance to sell the data?

Sounds improbable.

Re:

[Deal In One]

If you think you can "hit it big", you might be able to convince a few people in your "circle" to "invest" in getting the gear. I don't think bandwidth costs all that much, since it's not expensive or difficult to get 1 gbps / 10 gbps connections for homes in many countries.

Or they could even have hacked a bunch of home / other company systems and storing the data a few GB here, and few TB there, etc.

With sufficient redundancy, it will all be accessible / usable.

Of cos I have no idea what may have happened

10 PB is 10,000,000,000 MB and at 1 MB/s

[hcs_$reboot]

10 PB is 10,000,000,000 MB, at, say, 1 MB per second on average, that would make a 31 years hacking operation.
Rather unbelievable...
It's more likely to be an internal operation.

Imagine if...

[magusxxx]

...it included the complete Epstein files and Hilary's e-mails.

Cyber experts are a chimera

[Mirnotoriety]

“unauthorized access was granted via a compromised VPN domain [securitymagazine.com]. From there, the threat actor deployed a botnet to extract, download and store the data. The exfiltration took approximately six months.”

Chimera: a thing which is hoped for but is illusory or impossible to achieve.

if

[groobly]

If it was so easy, what are the chances that US spooks have already done it, too?