Military Warns Chinese Computer Gear Poses Cyber Spy Threat

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Normally reports like this shy away from actually naming a company suspected of cyber spying against the U.S. government, instead opting for the generic "Chinese company." That's what makes this report different, the Pentagon’s Joint Staff actually called out Lenovo by name, saying the company was actively trying gain access to classified military information networks.

A recent internal report produced by the J-2 intelligence directorate stated that cyber security officials are concerned that Lenovo computers and handheld devices could introduce compromised hardware into the Defense Department supply chain, posing cyber espionage risks, said officials familiar with the report. The “supply chain” is how the Pentagon refers to its global network of suppliers that provide key components for weapons and other military systems.
 
Is this a reputable news site? I read the article and it's hard to tell how much is sensationalist xenophobia and how much is a coordinated cyber security threat with actual intent.
 
All of our stuff is made in a foreign country. Shouldn't we expect backdoors, trojans, and other malware from the country of origin? It would be the easiest way.
 
Im more concerned about the little USB network adapters, and other small peripherals like that coming from china. So many flooding the market with random names, if 1 gets caught, they just change the package/name and continue selling.
 
cageymaru said:
All of our stuff is made in a foreign country. Shouldn't we expect backdoors, trojans, and other malware from the country of origin? It would be the easiest way.
Click to expand...


On the classified networks? It's fruitlessly impossible. They do not share any communications links with other networks. Let's say there is a compromised network switch and it tries to "phone home" with all the traffic it's passing, it can't because the communications lines are not connected to the same infrastructure, no common connections.

The unclassified networks yes, not the classified ones.
 
We did this to Russia with telecom equipment. We could listen to EVERY call they made. Also, Remember what we did to Iran. Their centrifuges were "isolated" but we still got in and did a ton of damage.
 
Trepidati0n said:
We did this to Russia with telecom equipment. We could listen to EVERY call they made. Also, Remember what we did to Iran. Their centrifuges were "isolated" but we still got in and did a ton of damage.
Click to expand...

Getting a WORM in is one thing, making computers that share no common connection talk to each other is a different thing isn't it?

I mean, I work in a software development lab that has three different development networks for three different classification levels and there are no common connections between them and no connections out to the world at all. They don't share switches or patch panels, nothing, even the network cable is color coded.
 
lcpiper said:
and there are no common connections between them and no connections out to the world at all.
Click to expand...

That you know of. It would be relatively easy for an item with a wifi adapter to use that adapter despite it being disabled in the BIOS or the OS.
 
Quartz-1 said:
That you know of. It would be relatively easy for an item with a wifi adapter to use that adapter despite it being disabled in the BIOS or the OS.
Click to expand...

Unless USB is completely disabled in the BIOS since servers in a DC shouldn't need any active USB ports. Or a Faraday cage in the walls of the DC.
 
lcpiper said:
Getting a WORM in is one thing, making computers that share no common connection talk to each other is a different thing isn't it?

I mean, I work in a software development lab that has three different development networks for three different classification levels and there are no common connections between them and no connections out to the world at all. They don't share switches or patch panels, nothing, even the network cable is color coded.
Click to expand...
The fans man the fannns! Americas enemies have the patience for vengeance...

Clever Attack Uses the Sound of a Computer’s Fan to Steal Data
 
lostinseganet said:
The fans man the fannns! Americas enemies have the patience for vengeance...

Clever Attack Uses the Sound of a Computer’s Fan to Steal Data
Click to expand...


Because virtual machines have virtual fans .......


BTW, I work in a SCIF and there is another building, also a SCIF that is right next door.

I did a Google search for the names of these two buildings to see if I could find a photo online for either one and I found zilch, nada, not a single photo of either building. Now my building I understand, the people who work here are long term employees mostly. But the other building is a training site and it sees hundreds of students a year transitioning through it. Perhaps it's cause the buildings are ugly with no windows and no real appeal. Maybe it's because taking photos of the buildings is discouraged. Maybe there is another reason.

But then I did another search just for the word SCIF and although I found many images of buildings with windows, which SCIFs don't have, and many of portable SCIFs because companies have found a market for those with the wars over the last 15 years. But it's unusual that there are no pictures of what would typically look like a SCIF that I could find.
 
Last edited:
lcpiper said:
On the classified networks? It's fruitlessly impossible. They do not share any communications links with other networks. Let's say there is a compromised network switch and it tries to "phone home" with all the traffic it's passing, it can't because the communications lines are not connected to the same infrastructure, no common connections.

The unclassified networks yes, not the classified ones.
Click to expand...

Not true at all, I'm guessing you know about as much as Hillary around classified info. And I agree with you on quite a lot of things. Not trying to be rude ,but there are so many different types of classified documents it's nuts. Superfish was not an accident. And it affected many SMB's. I mean hell, they could build their own procs and change the microcode, sell it to a CDW, wait for it to get installed at a sub-tier contractor and wait for them to go to sleep.

If the SMB's do not have ways of seeing these things (95% don't have the money) the technical readouts for that battle-station (or drone modem frequency) could be stolen easily.

Now. There are other ways to get the info, pose as a supplier, dig through trash, pose as a new hire and find an unguarded system. But it's worth thinking about as many as possible =)

The "Russian Reset" was a perfect example. That was supposed to be a technology exchange between our countries, what it really was, was Russia trying to infiltrate contractors and glean military data. Guess who set that up...yeah, HRC. And they are trying to blame all this covert Russian spy crap on DJT. If you have a brain you see through that and saw those instigators at the DJT rallies way before the media did.
 
Last edited:
lcpiper said:
Because virtual machines have virtual fans .......


BTW, I work in a SCIF and there is another building, also a SCIF that is right next door.

I did a Google search for the names of these two buildings to see if I could find a photo online for either one and I found zilch, nada, not a single photo of either building. Now my building I understand, the people who work here are long term employees mostly. But the other building is a training site and it sees hundreds of students a year transitioning through it. Perhaps it's cause the buildings are ugly with no windows and no real appeal. Maybe it's because taking photos of the buildings is discouraged. Maybe there is another reason.

But then I did another search just for the word SCIF and although I found many images of buildings with windows, which SCIFs don't have, and many of portable SCIFs because companies have found a market for those with the wars over the last 15 years. But it's unusual that there are no pictures of what would typically look like a SCIF that I could find.
Click to expand...

Incorrect. SCIF's can indeed have windows, they just need to have blinds.
 
You must log in or register to reply here.
Back
Top