• This is a stand-to for an incoming competition, one of our most expensive yet.
    Later this week we're going to be offering the opportunity to Win £270 Rab Neutrino Pro military down jacket
    Visit the thread at that link above and Watch it to be notified as soon as the competition goes live

China Crafts Cyberweapons

#1
The People's Liberation Army (PLA) continues to build cyberwarfare units and develop viruses to attack enemy computer systems as part of its information-warfare strategy, the U.S. Department of Defense (DOD) warned in a report released on Friday.

http://www.pcworld.com/article/id,132284-pg,1/article.html(News)

Not to worry, we have LIAG(V): http://www.army.mod.uk/royalsignals/ta/cvhq/liag/index.htm

msr
 
#3
Current instability in Estonia is blamed on Russia (be it state or non-state actors) - who have taken down most of the e-government sites over there in protest at the Estonians decision to relocate a memorial to Soviet soldiers.

This capability would seem to be being developed as a means of allowing nations to "express discontent" without military or economic action, and in a (relatively) deniable way.
 
#4
Hydro said:
Did they just conduct the Cyberwarrior Phase 1 training final exercise on the JPA system then?
:)
I remember a story about a small company network that got rooted by a skilled cracker, when the company called in an expert to help them the expert concluded that the cracker was doing a better job of maintaining their systems than their own admin and the company network was, as a result, performing better than ever! :D
 
#7
And what exactly do LIAG do in terms of CND?

Sod all-that's the answer...
 
#8
I remember an Economist article years back now where I first heard of 'logic bombs'. Allegedly, some viruses are Chinese 'live-fire' exercises...
 
#9
Juvenal said:
It's a fool who connects something that critical to the web in the first place.
Just finished reading about the incident. It's inconclusive what exactly happened but I was a little worried about this bit:
Taken from the NRC letter about the incident to the Dept. of Homeland security:
http://homeland.house.gov/press/index.asp?ID=212
...The licensee notified the NRC of the incident and the corrective actions implemented, which included placing a firewall that limits connections and traffic to any devices on the plant’s integrated computer system (ICS) network.
I know hindsights a wonderful thing but surely that's a tad late! :roll:
 
#10
msr said:
The People's Liberation Army (PLA) continues to build cyberwarfare units and develop viruses to attack enemy computer systems as part of its information-warfare strategy, the U.S. Department of Defense (DOD) warned in a report released on Friday.

http://www.pcworld.com/article/id,132284-pg,1/article.html(News)

Not to worry, we have LIAG(V): http://www.army.mod.uk/royalsignals/ta/cvhq/liag/index.htm

msr
So this is proof that Star Trek is real :roll:
 
#11
JPA Has gone down here start of the invasion?!?
 
#12
I have always worried about cyber-warfare.

My fears were given full visibility when I joined ARRSE, and found my PC bombarded with sh1t.

Are the COs actually Chinese cyber-warriors? Was The Lord Flasheart actually Fu Kyew in disguise? Will my firewall cope?

Or is the Interweb bigger than its designers intended? We should all be VERY aware ...
 
#13
Taken From MI5 website:
The UK is a high priority espionage target and a number of countries are actively seeking UK information and material to advance their own military, technological, political and economic programmes. (See also "Methods of attack and targets").

We estimate that at least 20 foreign intelligence services are operating to some degree against UK interests. Of greatest concern are the Russians and Chinese.
We all get security training with regards to the primary terrorist threat but when it comes to espionage, especially on the internet, there seems to be none.
Common sense is just presumed (wrongly) to be enough.
I cleaned a toms laptop the other day which was fully trojaned up, I found the text file the keylogger was dumping to and showed him all his crap passwords, needless to say he was a bit shocked :pale:
This wasn't a stupid guy, he held a DV and worked in a special role.
Is it time we introduced IT security training for all personnel?
Maybe wee jimmy mouse-mats with "you don't need admin rights to surf for porn" etc would get the message through :D
 
#14
Not_Whistlin_Dixie said:
Here's a disturbing area of vulnerability: web-connected programmable logic devices controlling safety-critical systems at nuclear generating stations.

"Data storm" blamed for nuclear-plant shutdown
Robert Lemos, SecurityFocus 2007-05-18
http://www.securityfocus.com/news/11465
Except they weren't 'web-connected', there is a difference between networked and web-based. All it means is that an ethernet unit failed so they weren't able to remotely control (from on-site!) a PLC, so they manually closed a system down. Nor does it suggest that the other functions of the PLC (such as the monitoring of the controlled system) were affected. It obviously wasn't 'safety-critical' because those type of systems are generally hardwired or use safety-rated PLCs (essectially three PLCs in the same box with majority voting).
 
#15
deadc0de said:
Taken From MI5 website:
The UK is a high priority espionage target and a number of countries are actively seeking UK information and material to advance their own military, technological, political and economic programmes. (See also "Methods of attack and targets").

We estimate that at least 20 foreign intelligence services are operating to some degree against UK interests. Of greatest concern are the Russians and Chinese.
Bit rich that, coming from MI5. Those nasty foreigners. It's just not cricket. Are we to assume that we don't have our own people in MI6 'operating to some degree against non-UK interests'?
 
#17
Taz_786 said:
Its true!

Everytime you go into a uni IT centre, its full of Chinese students!
And every time you go to a Uni bar, it's full of British ones. That's the real reason we'll be vulnerable to cyber-warfare.
 
#18
frenchperson said:
deadc0de said:
Taken From MI5 website:
The UK is a high priority espionage target and a number of countries are actively seeking UK information and material to advance their own military, technological, political and economic programmes. (See also "Methods of attack and targets").

We estimate that at least 20 foreign intelligence services are operating to some degree against UK interests. Of greatest concern are the Russians and Chinese.
Bit rich that, coming from MI5. Those nasty foreigners. It's just not cricket. Are we to assume that we don't have our own people in MI6 'operating to some degree against non-UK interests'?
So? Isn't that a good thing? Why shouldn't we be keeping a lid on hostile internet shenanigans?

Besides which, the Brit version is probably an old lady with a ZX Spectrum and a dusty chinese-english dictionary in an attic somewhere...

We're cr@p at IT security in the MOD. Everybody I know thinks that the systems are secure because "they're MOD systems". Complete nonsense. The Pentagon's security is breached several times a month. Given that the Pentagon is one of the most highly secure internet connected sites there is, what price the 1 Loamshires cr@ppy little DII connections? I won't go on, for OPSEC reasons.

This sort of thing is likely to develop into a form of conflict in the next few years, if it hasn't already, and we are totally rubbish at it. Bit of forward thinking required at PJHQ perhaps? Do we really want to leave this to the spooks?
 
#19
Juvenal said:
It's a fool who connects something that critical to the web in the first place.
Question is what isn't connected to the Internet?

Using a bank as an example - that impregnable mainframe that does every ultra secure billion dollar transfers? You telling me that the geek monitoring and who can log onto it doesn't have web access? He doesn't have email? You subvert his machine and you're in. Sure I'm not saying its easy - but engima was unbreakable right?

Now I don't know how UK/US military networks - but I find it really hard to believe that they aren't cabled into the Internet together some way.

Cockoo's Egg is definately worth the read. You really think it's any better now?
 
#20
Caradoc said:
Juvenal said:
It's a fool who connects something that critical to the web in the first place.
Question is what isn't connected to the Internet?

Using a bank as an example - that impregnable mainframe that does every ultra secure billion dollar transfers? You telling me that the geek monitoring and who can log onto it doesn't have web access? He doesn't have email? You subvert his machine and you're in. Sure I'm not saying its easy - but engima was unbreakable right?

Now I don't know how UK/US military networks - but I find it really hard to believe that they aren't cabled into the Internet together some way.

Cockoo's Egg is definately worth the read. You really think it's any better now?
Just about anything on a major control system network for a start, devices may be networked but that doesn't mean that it it is connected to the internet unless there is a VERY good reason to allow it to be. A good example may be a web-page (or series of them) that show read-only values to allow the status of a system to be viewed remotely, or an e-mail server that sends notification messages that there is a fault.

Banks must, by definition, deal with the public. Internet access for customers introduces vulnerabilities to hacking, but in general the banks are very good at protecting customer information. It's simply not good business sense to be poor at IT security and they can afford to employ brighter web-heads than the various 'spy' organisations.
 

Similar threads

Latest Threads

Top