Now this is some wild stuff. Any computer security experts have an opinion here? Remember when it was found the picture frames the Chinese were selling were sending intel back to China?

In case some of you are unaware the Peoples Liberation Army of China has a special unit known as Unit 61398, the analysts over at Mandiant did a giant expose of them last year. I’m not going to labor on all the details as it’s out of scope for this post but, the skinny of why 61398 are important is that they develop and deploy all kinds of malware and other nasties for the sole purpose of infiltrating US systems. These systems are not confined to defense related boxes either. They are actively targeting US manufacturing and other commercial entities, with a view to literally stealing intellectual property. You can bet if Ford are designing a new vehicle the PLA probably already know about it and a vehicle that looks remarkably like our the new Ford, is already rickshaw-dodging around Beijing.

How *might* this be happening?

While I will dock my cap, and admit, 61398 are dedicated and VERY ‘talented’ cyber operators for China, it’s entirely possible that we are defending the wrong perimeters. That’s not to say those perimeters don’t need defending, but while we are concentrating on their right hand the left is sucker punching us. I don’t think these guys are coming at us over the wire and defeating our corporate and government IDS, IPS, Firewalls, and DMZs as much as we think (well not all the time anyway).

I’m getting to the point, I promise…

‘Vaping’. In case you weren’t aware ‘vaping’ is the new smoking. Its not as cool as smoking used to be back in the James Dean era just yet but it’s gettting there, and the US is a big ole market. Vaping is basically a battery, a ‘tank’ containing a flavor + nicotine if you so wish and and atomizer. All in a handy little tube, some even look like actual cigarettes if only for their crazy green glow when you take a pull.

Cont:

http://www.jesterscourt.cc/2014/03/14/what-would-i-do-if-i-was-in-the-chinese-pla/

Interesting but couldn't one just take the thing apart and see if any sort of chip or what not was inside? It would, I assume, have to be something capable of automatically connecting to the internet and then transmitting data to wherever, so there would almost certainly have to be some incriminating component inside somewhere. The chargers are pretty small, not a whole lot of room to hide anything.

Interesting but couldn't one just take the thing apart and see if any sort of chip or what not was inside? It would, I assume, have to be something capable of automatically connecting to the internet and then transmitting data to wherever, so there would almost certainly have to be some incriminating component inside somewhere. The chargers are pretty small, not a whole lot of room to hide anything.

Per the article, hey shows the adapter opens a Chinese IP, so something inside that adapter is not as "stupid" as it appears. The topic is well above my pay grade, so that's about as far as I get, but we know it's nothing new for the Chinese to that type of thing.

My best friend is a big Internet security guy that does national level stuff. He has told me stories about the Chinese hackers. There is a full blown cyber war going on right now.

Per the article, hey shows the adapter opens a Chinese IP, so something inside that adapter is not as "stupid" as it appears. The topic is well above my pay grade, so that's about as far as I get, but we know it's nothing new for the Chinese to that type of thing.

So as the charger connects in real time couldn't it drop a malware app? I don't charge anything from other than a remote power supply usually provided. How about a usb cheap Chinese cam? This could be a whole can of worms.

It's beyond tiny now.. 64GB cruzer

http://ecx.images-amazon.com/images/I/41i6%2BkUgxML.jpg

My best friend is a big Internet security guy that does national level stuff. He has told me stories about the Chinese hackers. There is a full blown cyber war going on right now.

It's like The Matrix, a full on war most are totally unaware of it seems. I have no doubt the US et al have some very smart people on it giving back as good or better than we get it, and we tend to hear one side of the story. Ergo, we hack at them and mess with them, etc, as they do to us. But dang those Chinese are sneaky SOBs eh? :cool:

Vaping is one thing, how many of you plug your smart phone (that you conduct ALL your life's business on) into a computer at work or home to charge it via a USB port?

Yeah, that is what I thought.

Vaping is one thing, how many of you plug your smart phone (that you conduct ALL your life's business on) into a computer at work or home to charge it via a USB port?

Yeah, that is what I thought.

We are actually expressly forbidden to plug in anything onto our workstations even if it is just for recharging or other purposes. I actually recharge my smart phone using a regular outlet.

Vaping is one thing, how many of you plug your smart phone (that you conduct ALL your life's business on) into a computer at work or home to charge it via a USB port?

Yeah, that is what I thought.

Anybody that is stupid enough to plug a non-secure device into a computer containing information they deem sensitive is a drooling moron.

Go to DEFCON or Black Hat and look for your name on the Wall of Sheep if you do that.

Also, JB Weld can be used for a lot more than fixing radiator leaks. Makes a handy USB security tool as well.

And in some things, it pays to be a Luddite. Put it on paper and lock it in a physical safe with secured access. Or just make it "tribal knowledge" that is not written down at all. Some things we do, we don't even keep paper records of, much less electronic ones.

You do a threat analysis, then a risk analysis, then you spend your money to mitigate threats as economically as you can. There is a reason they call it risk management, and not risk elimination.

Also, JB Weld can be used for a lot more than fixing radiator leaks. Makes a handy USB security tool as well.



Label me a retard but what do you mean by the above statement? JB Weld the USB port closed?

Anybody that is stupid enough to plug a non-secure device into a computer containing information they deem sensitive is a drooling moron.

Go to DEFCON or Black Hat and look for your name on the Wall of Sheep if you do that.

Also, JB Weld can be used for a lot more than fixing radiator leaks. Makes a handy USB security tool as well.

And in some things, it pays to be a Luddite. Put it on paper and lock it in a physical safe with secured access. Or just make it "tribal knowledge" that is not written down at all. Some things we do, we don't even keep paper records of, much less electronic ones.

You do a threat analysis, then a risk analysis, then you spend your money to mitigate threats as economically as you can. There is a reason they call it risk management, and not risk elimination.

It pays to be a cheap bastard (err or is that paranoid) like myself and forgo the modern convenience of smart phones all together lol.

I won't forgo the smart phone, but I have never used it for anything important. Probably the most important thing I do on it is browse M4.

Label me a retard but what do you mean by the above statement? JB Weld the USB port closed?

Yes, for the cost of a tube of JB Weld you can seal the USB ports shut, so no one can plug in a USB key or external drive to steal data. Also they cannot plug in a keyboard, mouse or KVM switch, to assist with a physical compromise.

It's just one small defensive measure. You need to use a lot of defensive measures.

I honestly cannot make myself or my organization completely invulnerable to attack. But I can make it so difficult and costly that they either go someplace else, or I catch them breaking in because they "make noise".