Prepare for more cyber attacks on US

The “patch and pray” system within the United States has killed cyber security. Nobody is willing to commit any funds to protecting the system until something has already happened. Unless this way of thinking is changed and experts begin to go on the offense with cyber defense, America’s IT infrastructure is as good as dead.

 

Another week, another wave of cyber alarm in America. On Wednesday both the New York Stock Exchange and United Airlines suspended activity for several hours due to mysterious computing problems, while the Wall Street Journal’s website briefly went down. All three insisted that the outages reflected technical hitches, not malicious attack. But many are anxious after past assaults on mighty American companies and agencies.

In February Anthem, an insurance company, revealed that cyber hackers had stolen information on 80m customers. The Washington-based Office of Personnel Management said cyber hackers had taken data on millions of federal employees. Companies ranging from retailers to banks have been attacked, too. Continue reading →

Chinese Army Unit Is Seen as Tied to Hacking Against U.S.

Headquarters building of PLA Unit 61398

On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.

The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.

An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area. Continue reading →