Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Tuesday October 20 2015, @06:57AM   Printer-friendly

CNet reports:

Seven US companies have been attacked by government-associated Chinese hackers in the three weeks since the US and China announced a pact that banned government spying on companies, a US security firm said Monday.

The hacks by "actors we have affiliated with the Chinese government" targeted five technology companies and two pharmaceutical companies, US security company CrowdStrike said in a blog post. The first of these occurred the day after the two countries struck a landmark pact in which they agreed not to spy on one another to steal business secrets. They "are continuing to this day", the company said.

Computer world reports:

Facebook will now warn people if it has a strong suspicion an account is being targeted by a nation-state.

The social networking service already takes steps to secure accounts that may have been compromised but has decided to directly alert users of the type of attack that's under way, wrote Alex Stamos, Facebook's chief security officer.

Since state-sponsored attacks can be more sophisticated "having an account compromised in this manner may indicate that your computer or mobile device has been infected with malware," he wrote.


Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by LoRdTAW on Tuesday October 20 2015, @11:44AM

    by LoRdTAW (3755) on Tuesday October 20 2015, @11:44AM (#252247) Journal

    This isn't some one way street where China is the only aggressor. Though i'm sure the US government wants to paint that picture so we forget about their little NSA snafu.

    I'm pretty sure everyone, and I mean everyone, is hacking everyone else.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 1, Interesting) by Anonymous Coward on Tuesday October 20 2015, @05:51PM

    by Anonymous Coward on Tuesday October 20 2015, @05:51PM (#252391)

    To me it seems more like Facebook trying to scare more users into giving them their real phone numbers.

    From the article:

    When Facebook sees someone logging on from a different browser or computer, it sends a one-time passcode to their mobile phone that must be entered in order to access the account.

    Anyone who knows their IT security stuff would know that the one-time passcode would be traveling in clear-text form through many unencrypted channels to that phone.

    So if a nation state is truly targeting you and they aren't hiring/using completely incompetent fools Facebook would be helping them gain control over your account!

    Doesn't even need to be a nation-state:
    https://en.wikipedia.org/wiki/IMSI-catcher [wikipedia.org]
    http://www.wired.com/2010/07/intercepting-cell-phone-calls/ [wired.com]
    http://www.twelvesec.com/using-a-gsm-tester-to-intercept-calls-and-sms-part-2-equipment-and-setup/ [twelvesec.com]

    And if it really is a Nation-State, as far as I know the encryption is only between the phone and the cellular tower- the messages on the wire are plaintext (or effectively plaintext to the Telco). So a determined Nation-State with significant resources might be able to pwn the Telco if it didn't already own it- e.g. you're visiting/living in that Nation-State and using their Telco's network - they just have to look at the log/archive of text messages.