Monday, November 17, 2014

US businesses are being robbed blind, wiped clean every day by militarized Chinese hackers. Jobs, technology walking out the door, yet no demand is made of Congress or Pres. to do anything to stop it-CNS News

.
Retiring Rep. Frank Wolf chairs House Commerce-Justice-Science subcommittee:If you are a major law firm and you’re working on a trade case with China, they’ll strip your computers.”

------------------------ 

11/14/14, "Rep. Wolf: Chinese Hackers ‘Literally Taking Whatever They Want’," CNS News, Barbara Hollingsworth

"Washington is not doing nearly enough to stop Chinese hackers who reportedly broke into the National Oceanic and Atmospheric Administration’s (NOAA) computer system in September from stealing critical information from U.S. government agencies and American businesses, says Rep. Frank Wolf (R-VA). 

“They have a more sophisticated spying apparatus than the KGB had,” Wolf told CNSNews.com.

We’re losing jobs, technology, everything is leaving. It’s like they’re coming in and literally taking whatever they want to take. And so sometimes you find out about it and sometimes you don’t, but there needs to be a coordinated effort [to stop them],” Wolf continued. “And you don’t see a coordinated effort either from the Congress or from the administration.”

Wolf told CNSNews.com that he believes special Chinese military units are responsible for roughly 80 percent of the cyber-attacks on American businesses, foundations and government agencies.

If you are a major law firm and you’re working on a trade case with China, they’ll strip your computers,” said the Virginia Republican, who is retiring this year after serving in the House since 1980.

“We fund the FBI on my committee. I’ve looked at the list. They’re hitting major law firms. They’re hitting all the companies,” said Wolf, who chairs the House Commerce-Justice-Science Subcommittee and whose own computer was previously hacked by the Chinese.

“The fact is, the saying was there’s two kind of companies: Those that have been hacked and know it and those who have been hit and don’t know it. This isn’t the first time. They just got [data on] 800,000 postal employees.”

“I consider them a big threat. They have tremendous capability. They have [Red Army] units that do nothing but this,” Wolf told CNSNews.com.  But there have been “no repercussions” from Washington, he pointed out. Until the administration speaks out and tells China to stop, 

and there is a penalty, it will continue.”

Wolf characterized the Obama administration as “particularly weak” in dealing with the Chinese. On Wednesday in Beijing, President Obama announced specific targets to cut U.S. greenhouse gas emissions up to 28 percent by 2025, while Chinese President Xi Jinping would only commit to an effort to start reducing emissions by 2030, a deal hailed as a “breakthrough” by Secretary of State John Kerry.

Wolf noted that NOAA did not report the cyber-attack to the Commerce Department’s inspector general, as required by law, until nearly a month later.

“They didn’t tell anybody. I think they were hoping that people would not know it and they could cover it up.  And they were saying that the computers were down for a couple of days for maintenance, [so] they were not telling the truth there.”

“Maybe this [NOAA] thing didn’t come out because they didn’t want to upset the Chinese because they wanted to go to Beijing and have that deal. I don’t know that’s the case, but maybe it is the case,” Wolf speculated, adding that the Obama administration also has “one of the weakest records on human rights and religious freedom.”

“I don’t think the secretary [of Commerce] knew, and if they’re not going to tell the secretary, they’re not going to tell Congress,” Wolf said in reply to a question from CNSNews.com on whether Congress had been notified of the security breach.

However, he pointed out that the cyber-attack on NOAA may have affected national security because the weather agency shares a satellite with the Pentagon and NASA.

“What may not appear important initially may be very significant as you add it in with something else. If they were looking at what NOAA’s doing, at rocket launches, at military maneuvers, who knows? What if they are able to shut down the grid? What if they are able to shut down the banking system?” he asked.

Wolf also pointed to the Oct. 20 indictment of Xiafen “Sherry” Chen, a Chinese-born naturalized U.S. citizen and NOAA hydrologist in Ohio who was accused of downloading “sensitive files from the National Inventory of Dams.”

Wolf was quick to point out that the Chinese people are also victimized by their government.

“Probably more Chinese dissidents come through this office than any office on the Hill. The Chinese people are wonderful people, Christianity is growing dramatically, the Catholic Church is growing, so I don’t want to criticize the Chinese people,” he added. “They have problems with their own government. Look at the crackdown taking place now in Hong Kong.”

“But part of the [Chinese] government is a Mafia operation. So do I believe what they say when they meet with the president? Do I trust the Chinese? No, I don’t trust the Chinese,” Wolf said."

==========================
===========================

Added: NASA computers were hacked at least 13 times in 2011:

3/2/12, NASA says it was hacked 13 times last year,” Reuters

NASA said hackers broke into its computer systems 13 times last year, stealing employee credentials and 
gaining access to mission-critical projects in breaches that

could compromise U.S. national security.”…

===================================  


11/14/12, “NASA Suffers “Large” Data Breach Affecting Employees, Contractors, and Others, spectrum.ieee.org, R. Charette
..
  Yesterday, NASA sent a message to all NASA employees informing them of a data breach involving an agency stolen laptop. 

According to the NASA message posted at SpaceRef.com, “On October 31, 2012, a NASA laptop and official NASA documents issued to a Headquarters employee were stolen from the employee’s locked vehicle. The laptop contained records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors, and others. Although the laptop was password protected, it did not have whole disk encryption software, which means 

the information on the laptop could be accessible to unauthorized individuals.  

We are thoroughly assessing and investigating the incident, and taking every possible action to mitigate the risk of harm or inconvenience to affected employees.”

The message goes on to state that NASA will be sending letters to affected individuals, 

once the agency figures out who they are,

which may take up to 60 days. Those individuals receiving letters will be offered a free credit and ID monitoring service….

NASA plans to have all of its laptops running whole disk encryption software by 21 December 2012….

Why it has taken so long for NASA to finally decide to fully encrypt its laptops remains a mystery, given its long-time poor record on IT security. As noted at NASA Watch, NASA has a 

history of laptops with personally identifiable information being stolen

one as recently as March.

Maybe NASA decided to act this time because it involved a NASA Headquarters’ person who in all likelihood is very senior and  

should have known better than to possess a laptop with no data encryption."


 

NASA Administrator Bolden 


=====================

An unencrypted NASA laptop was stolen from a locked car in a NASA parking lot In Oct. 2012 as described in article above. The BBC below uses the word "loss" instead of "theft" in its headline and opening paragraph. Obama appointee Bolden promised in March 2012 to have laptops encrypted but as of Nov. 2012 it wasn't done.  48 NASA devices were lost or stolen between 4/2009 and 4/2011.

11/15/12, “NASA to encrypt data after its latest laptop loss,” BBC

“US space agency NASA has ordered that the data on all its laptops must be encrypted, after losing another one of its portable computers. Until the process is complete, it has forbidden staff from removing NASA-issued laptops containing sensitive information from its facilities.

The order follows the loss of a device containing “sensitive personally identifiable information”.   

 
There have been several similar incidents over recent years.

Nasa said the latest incident had occurred on 31 October, when a laptop and documents were stolen from a locked vehicle of one of its employees at Nasa headquarters in Washington DC. The machine was password protected, but the agency acknowledged that the information might still be accessible to hackers since it was not encrypted.
 
Encryption would have scrambled the data, requiring a complicated code to make it understandable again. As a result, Nasa has warned its workers to watch out for bogus messages.

“All employees should be aware of any phone calls, emails, and other communications from individuals claiming to be from Nasa or other official sources that ask for personal information or verification of it,” an agency-wide email published by news site Spaceref stated.

“Because of the amount of information that must be reviewed and validated electronically and manually, it may take up to 60 days for all individuals impacted by this breach to be identified and contacted.”…

The Nasa Watch blog, which comments on affairs at the agency, had previously criticised it for a series of other data losses.

It noted that the organisation had been warned in 2009 that it was not taking enough steps to sufficiently protect information 

and had reported the loss or theft of 48 of its mobile computing devices between April 2009 and April 2011.

This is not the first time Nasa has promised action to address the problem.

In March, Nasa administrator Charles Bolden told the House Appropriations Committee Subcommittee on Commerce that he was going to sign a directive ordering all portable devices to use encryption, after

acknowledging the

agency was “woefully deficient” when compared to other government departments.”

==================================== 


No comments: