Vast spy system loots computers in 103 countries

Researchers said that the spying, which infiltrated the offices of the Dalai Lama, was controlled from computers based almost exclusively in China.
(From The New York Times)

The story "Vast spy system loots computers in 103 countries" published March 28, 2009 at 5:17 PM is no longer available on CNET News.

Content from The New York Times expires after 7 days.

[FutureGuy]

"Government connection unproven" do you really think that if the Chinese goverment was involved they would make it easy to prove a connection?

[globalist_agenda]

Stop picking on China. All you peoples keep picking on China. China good country. Just looking for oatmeal cookie recipes on computers.

[imhodudes]

"This could well be the CIA"

Well indeed.

[mattumanu]

"What Chinese spooks did in 2008"...

DUDE! Is that an exact quote?

[Maccess]

Yet another reason not to use Windows for high security applications.

[richto]

What would you suggest instead then? Windows is one of the most secure general purpose Operating Systems avaiable.

The other obvious choices of LINUX and Mac OS are massively more insecure than Windows with many times more hackable vulnerabilities that take much longer to get fixed. e.g.

http://blogs.technet.com/security/archive/2008/10/28/download-h1-2008-desktop-vuln-report.aspx

http://blogs.msdn.com/the_hardman/archive/2008/04/13/report-microsoft-fastest-to-issue-os-patches-sun-slowest.aspx


This is why the military run their nuclear submarine and aircraft carrier command and control systems on Windows, and LINUX was rejected as too hard to keep secure.

[cyberspittle]

Are you speaking from military experience? My guess is no. The military chose Microsoft Windows as the learning curve is much shorter (people have general knowledge of windows). The military needs computer users, not computer scientists. Training people to understand how computers work and to fix them requires a lengthy amount of training. For a kid out of high school on a 4-year (or less) active duty stint, training them to understand computers, rather than using them doesn't make sense.

[odubtaig]

Awesome sources. After their 'get the facts' campaign, I know I can trust sites wholly run and owned by Microsoft to report on the security of competing operating systems without bias or massaging of the figures.

Let us know when an independently run security report agrees with the MS propaganda machine and doesn't, oh say, report that "of the 227 vulnerabilities Red Hat patched in 2007, 226 of them involved third-party applications" while "Microsoft released 38 patches (two of which involved third-party applications)".

Yes, I'm sure it's easier to patch a flaw faster when the flaw is entirely of your own making. Also, let's have look at how many vulns were found in XP in he first year and compare that to now. I wonder if absence of proof is not in fact proof of absence and if it takes time for the crackers to learn their way around a relatively new system?

Nice how that link also completely glossed over the number of ActiveX vulnerabilities compared to other browser plugins or that "Microsoft's Windows XP and Windows Vista, meanwhile, have the dubious distinction of being the only operating system where a full 82 percent of vulnerabilities were found either client-side or directly within the browser."

Amazing. I feel more secure already.

Spin, spin, spin, spin, spin.

Cyberspittle: Comparing the Windows that the US military run to any version anyone else uses is an exercise in futility, it's been stripped down to the bare minimum necessary for the task and hardened. I wonder what's going to happen given that the US military has been reported to be looking at moving as much as possible onto PPC based systems (as the lower commonality will make them a harder target)?

[Seaspray0]

@odubtaig. Then how about this report from IBM. They have no love for microsoft.

http://news.cnet.com/8301-1009_3-10154662-83.html
The Macintosh and base Linux kernel operating systems have dominated the top spots for vulnerabilities by operating system over the past three years

[odubtaig]

You mean http://www-935.ibm.com/services/us/iss/xforce/trendreports/xforce-2008-annual-report.pdf

Can't imagine why you linked to an editorial piece instead of the actual report itself. Unless...

Quite apart from this being a measure of _disclosed_ vulnerabilities (which is useless when MS is known for including 3 patches as one and sitting on vulnerabilities it knows exist, admitting them only when someone else finds them) it says nothing about how many are left unpatched or the severity of the vulnearbilities.

The sections covering IE and ActiveX as compared to Firefox or Flash are much more illuminating.

[richto]

I note that it doesnt say they were using Windows above. However seeing as virtually no one uses Linux as a desktop or MAC OS outside of a school then its probably a reasonably assumption.

nb - I note that MAC OS lost the annual PWN2OWN hacking contest for the 3rd year in a row and was owned in less than two minutes, lol.

[netguy007]

LMAO...... are you serious? really!!! but seeing your profile, I understand that you are a "...soft" minion....so.......

[JCPayne]

"I'm A PC" --- OHH MOJAVE!


There you go... you should have spent the extra money on an Apple....

[goodspeed8701]

mac users dont know they are being attack as the pride of apple and the fools who buy the apple with worm inside thinks their os is perfect. Come to think of it they are steady losers in the hacking contest. people have codes that they use to exploit the mac and apple dont realy have a way to discover it. os x is the most unsecured between windows, ubuntu and os x

[RF373]

**said they believed that in addition to the spying on the Dalai Lama**

LOL - what could that dude possibly have on his computer? ;^)
He should put some religious teaching on there, and covert the communists...
-- found a cool site; Balkingpoints ; global forum + incredible satellite view of earth

[biparis]

Does seem pretty laughable, but that old boy is the Head Buckaroo all Tibetians - and as such scares the weewee out of the Chinese government who see regime threats in every nook and cranny.

[RF373]

He should convert them, also... ;^)

[biparis]

Want to think about something REALLY scary? This business of the Chinese emulating cyber criminal bots to do the snooping may be only the tip of proverbial iceberg.

I bought a Lenovo S10 netbook a few weeks back and while poking around to eliminate the usual preloaded crapware, came across the little "power management" program. A quick check for malware turned up that this program is the property of "Lenovo [Beijing] Ltd." That started wheel turning and with a bit more digging it turns out that the program comes with a "hook" in the background that allows Lenovo Beijing - I suppose, since the hook dll is from same source - to monitor my keyboard, watch the screen and God knows what else. I erased the files associated with the program, but am not at all confident that that did the job.

In any even the bottom line is that a couple of million S10s, not to mention all the other made-in-China models from Dell, HP, etc, etc, are flooding the market with already installed [potentially dangerous] software. That's not to even broach the question of Chinese made chip sets.....yikes!

Wonder if the rocket scientists over at NSA and other organizations have taken into consideration this type of possible threat. After all, their employees and possibly even the organizations themselves have countless laptops, netbooks, etc up and running.

[biparis]

Want to think about something REALLY scary? This business of the Chinese emulating cyber criminal bots to do the snooping may be only the tip of proverbial iceberg.

I bought a Lenovo S10 netbook a few weeks back and while poking around to eliminate the usual preloaded crapware, came across the little "power management" program. A quick check for malware turned up that this program is the property of "Lenovo [Beijing] Ltd." That started wheel turning and with a bit more digging it turns out that the program comes with a "hook" in the background that allows Lenovo Beijing - I suppose, since the hook dll is from same source - to monitor my keyboard, watch the screen and God knows what else. I erased the files associated with the program, but am not at all confident that that did the job.

In any even the bottom line is that a couple of million S10s, not to mention all the other made-in-China models from Dell, HP, etc, etc, are flooding the market with already installed [potentially dangerous] software. That's not to even broach the question of Chinese made chip sets.....yikes!

Wonder if the rocket scientists over at NSA and other organizations have taken into consideration this type of possible threat. After all, their employees and possibly even the organizations themselves have countless laptops, netbooks, etc up and running.

[hackingbear]

If this is a power management program, how does it do it job without monitoring your keyboard and other activities? You need to prove where that program sends the data to? I doubt you can prove anything.

[biparis]

Dear Hackingbear - I'm not out to "prove" anything. Just expressing a few thoughts that crossed my mind. In fact, I've got a number of programs that monitor my system, but none of them are "Lenovo Beijing Ltd" products. Guess you don't see any problem with Chinese cyber espionage issue which is where this issue arose.

As mama used to say, I'm slow, not stupid.