Posts Tagged: NASA


13
Oct 15

Arrest of Chinese Hackers Not a First for U.S.

The Washington Post reported last week that the Chinese government has quietly arrested a handful of hackers at the urging of the U.S. government, a move described as “an unprecedented step to defuse tensions with Washington at a time when the Obama administration has threatened economic sanctions.” While this a welcome and encouraging development, it is not the first time Beijing has arrested Chinese hackers in response to pressure from the U.S. government.

Image: Democracynow.org.

Image: Democracynow.org.

The action reported by The Post and other media outlets came shortly before Chinese President Xi Jinping’s state visit to Washington late last month. The hackers arrested had reportedly been identified by U.S. officials as having stolen commercial secrets from U.S. firms to be sold or passed along to Chinese state-run companies.

Although The Post has described this action as unprecedented, U.S. government cybercrime investigators have had success convincing Chinese authorities to take such actions in at least one other case previously.

In a report (PDF) presented to Congress on Feb. 29, 2012, the Office of Inspector General for the National Aeronautics and Space Administration (NASA) noted that a lengthy investigation into the cyber theft of sensitive technical data from its systems culminated in the arrest of a Chinese national in China.

“As a result of an OIG investigation and lengthy international coordination efforts, a
Chinese national was detained in December 2010 by Chinese authorities for violations of
Chinese Administrative Law,” NASA Inspector General Paul K. Martin told a House oversight committee. “This case resulted in the first confirmed detention of a Chinese national for hacking activity targeting U.S. Government agencies. Seven NASA systems, many containing export-restricted technical data, were compromised by the Chinese national.” Continue reading →


22
Feb 12

Feds Request DNSChanger Deadline Extension

Extradition of Accused Masterminds Moves Forward

Millions of computers infected with the stealthy and tenacious DNSChanger Trojan may be spared a planned disconnection from the Internet early next month if a New York court approves a new request by the U.S. government. Meanwhile, six men accused of managing and profiting from the huge collection of hacked PCs are expected to soon be extradited from their native Estonia to face charges in the United States.

DNSChanger modifies settings on a host PC that tell the computer how to find Web sites on the Internet, hijacking victims’ search results and preventing them from visiting security sites that might help detect and scrub the infections. The Internet servers that were used to control infected PCs were located in the United States, and in coordination with the arrest of the Estonian men in November, a New York district court ordered a private U.S. company to assume control over those servers. The government argued that the arrangement would give ISPs and companies time to identify and scrub infected PCs, systems that would otherwise be disconnected from the Internet if the control servers were shut down. The court agreed, and ordered that the surrogate control servers remain in operation until March 8.

But earlier this month, security firm Internet Identity revealed that the cleanup process was taking a lot longer than expected: The company said more than 3 million systems worldwide — 500,000 in the United States — remain infected with the Trojan, and that at least one instance of the Trojan was still running on computers at 50 percent of Fortune 500 firms and half of all U.S. government agencies. That means that if the current deadline holds, millions of PCs are likely to be cut off from the Web on March 8.

In a Feb. 17 filing with the U.S. District Court for the Southern District of New York, officials with the U.S. Justice Department, the U.S. Attorney for the Southern District of New York, and NASA asked the court to extend the March 8 deadline by more than four months to give ISPs, private companies and the government more time to clean up the mess. The government requested that the surrogate servers be allowed to stay in operation until July 9, 2012. The court has yet to rule on the request, a copy of which is available here (PDF).

Not everyone thinks extending the deadline is the best way to resolve the situation. In fact, security-minded folks seem dead-set against the idea. KrebOnSecurity conducted an unscientific poll earlier this month, asking readers whether they thought the government should give affected users more time to clean up infections from the malware, which can be unusually difficult to remove. Nearly 1,400 readers responded that forcing people to meet the current deadline was the best approach. The overwhelming opinion (~9:1) was against extending the March 8 deadline.

KrebsOnSecurity readers voted almost 9-1 against the idea of extending the Mar. 8 deadline.

In related news, the six Estonian men arrested and accused of building and profiting from the DNSChanger botnet are expected to be extradited to face computer intrusion and conspiracy charges in the United States.  Continue reading →