China Accuses NSA of Hacking National Timekeeping Agency (apnews.com)
- Reference: 0179836768
- News link: https://slashdot.org/story/25/10/20/1731258/china-accuses-nsa-of-hacking-national-timekeeping-agency
- Source link: https://apnews.com/article/china-us-cyberattacks-allegations-time-b3408ed2352c113904350f80e505ab9f
The facility in Xi'an provides high-precision timekeeping service for the government, civil society, and various industries. It also supplies data used to calculate international standard time. Chinese authorities said investigators found that private servers worldwide were employed to conceal the attacks' origin. The accusations emerge against a backdrop of mutual cyber-espionage claims between Washington and Beijing. Western governments and companies have repeatedly blamed Chinese hackers for intrusions in recent years.
[1] https://apnews.com/article/china-us-cyberattacks-allegations-time-b3408ed2352c113904350f80e505ab9f
To what end? (Score:3)
Did US Intelligence Agencies hack the national timekeeping agency to set their clocks back 10 minutes in order to make it seem like everything was running late?
Re: (Score:2)
If you can control an organization's time servers, you can wreak havoc within the organization.
Re: (Score:3)
If one uses multiple time servers, detectability of one set being skewed is 100%. There is no reason a device cannot use 127 time servers at the same time from around the world to confirm the time they are getting is accurate, only problem is a nation blocking access to the rest of IPv6 space via a firewall. Skewing time of either the server or the client more than 1 hour stops HTTPS/TLS cold.
[1]https://www.ntppool.org/en/joi... [ntppool.org]
Authentication of NTP is covered in NTPsec
RFC 8915 Network Time Secu
[1] https://www.ntppool.org/en/join.html
Re: (Score:2)
> Skewing time of either the server or the client more than 1 hour stops HTTPS/TLS cold.
That's the least of what is possible.
And yes, using a bunch of distributed, worldwide time servers will detect manipulation. But what if your government to too paranoid to use someone else's time servers for the national authority timer servers? Dictatorships tend to be paranoid.
Re: (Score:2)
Controlling time gives you all sorts of magic powers.
If you're boring, you can trivially just break shit - make systems stop trusting TLS certificates, blow up Kerberos (which underlies AD), make it much harder to figure out what's going on via logging (which in turn will usually suppress alerting), etc.
Being a just little more clever and you can do all sorts of things.
Pot, kettle, black, etc. (Score:3)
It's downright hilarious that a country with a very large and very active government-run intrusion team is now indignant that they have found themselves on the other end of a government-run intrusion operation.
Re: (Score:1)
Liar.
Re: (Score:2)
Chinese misinformation trolls are working overtime on this one
why? (Score:3)
Who benefits from this? It seems likely to be a demonstration, maybe a proof of skill that a satisfied a contractual point for payment. There are some mad skills out there, a recent example being the hacker who was annoyed enough by N Koreans assuming his identity that he hijacked their entire national system.
A government, US in particular, or Taiwan, would keep *this* skill secret until needed, most obviously in the event of war. Changing the network time could make a whole slew of weapons systems less reliable, if not useless.
I'd care... (Score:3, Insightful)
I'd care if they were a government that gave their citizens proper human rights and didn't have clearly stated expansionist goals at their neighbor's expense. Never mind that they're constantly going after us with hacks as well.
With things as they are now I don't really care.
Re: (Score:2, Insightful)
yawn. do people really still this shit unironically? this was a line of thought we have when we're 15, not 56 year old men
Re: (Score:3)
You're ridiculous if you actually think the US and China are the same on such things.
Re: (Score:3, Insightful)
correct. even a broken clock is right once a day!
the list of instances of us violations of international law and sovereignty, civil and human rights, coups, wars and straight out war crimes not including genocide on foreign countries is simply way too large for me to compile here, by comparision that of china would be anecdotal, and that would likely apply to most if not all arbitrary periods of time for the entire existence of the us, including the present moment.
and if you still feel somehow special i ha
Re: (Score:2)
Yes but it's still useless since you have no way of knowing at what time that instance accurs which is why I've never understood the point of thst expression. But tis is skashdot not a linguistics forum abd I'm straying ot
Re: (Score:3)
twice a day mate
Re: (Score:2)
> not including
typo, means "including".
Re: (Score:3)
I'll grant you that china is miles ahead on the repression of it's citizenry, but America is catching up fast - siccing the DOJ on critics, disappearing "undesirables", and telling the totality of the nation's military leadership that the new enemy are the American citizens who oppose the regime. Where's that lead?
Re: (Score:2)
Oh, grow up.
Re: (Score:2)
While I do agree with you, as a citizen of a country that's been on the receiving end of some 51st state rhetoric lately, do you see how the US is being a little expansionist now too?
Re: (Score:1)
Now?
Re: (Score:2)
That's a pretty fair point, the Greenlanders could likely make the same.
I do think there is a bit of a difference between the agenda of a limited term presidency of extremists and the agenda of the Chinese communist party though. Never mind the whole democracy thing.
Re: (Score:1)
Yes they do.
Re: (Score:2)
Why would you think they wouldn't?
Re: (Score:2)
Grow up.