ZOMG China HACKED the US!
Olson told Threat Level that the attackers are “incredibly good” at finding new exploits and infecting the right people but that nothing he’d seen in the malware indicated they were above average in writing malicious code.
“The sophistication here is all about the fact they were able to target the right people using a previously unknown vulnerability,” he says.
Full article on Wired
OMG OMG OMG OMG CHINA used an 0-day to hack defense contractors and Silicon Valley!
… And this is new how? No, really, this is new and deserves all of this attention as if it were incredible news? INCONCEIVABLE! Chinese hackers got us with crafted emails to important targeted people and got them to, no, don’t say it! Can it be true? TO CLICK ON THEIR LINKS OR FILES!!!! NOOOOOOO IMPOSSIBLE!
C’mon news media! C’mon Security Blogosphere! Where have you all been these last oh, at least 4 years? This is NOTHING new! So why all the fuss and why all the OMG I cannot believe this!
To top it off… ad Adobe 0-day surprises you all?
Shucks.. Say, would you all like to buy a bridge I just happen to own? Perhaps some nice land in Florida?
Let me tell you this is nothing new, nothing innovative and really, all of the security theater that is going to follow in posturing and news cycles will mean nothing. You want to know why? Because people are people and they are the weakest link in the security chain. Basically, its a social engineering exploit.
Click this link! It’s important! It’s from HR! It’s your new PDF version of that book that isn’t out yet! It’s PR0N!
CLICK CLICK CLICK CLICK!.. P0wn.
I have news for you all.. This is not new nor should it be getting all the attention out there that it is. I see this all the time and much of what has been going on is kept quiet by the companies out there being hit. That is, IF they actually catch on to the compromise. I mean geez, how do you think the Chinese got hold of all that data on the JSF from Lockheed huh? What was it 2.5 Gig of data passed out of their network before they caught on?
Nope, now had this exploit been targeted to attack mostly *NIX machines (servers) and had been infiltrated by a hapless technoween’s clicked PDF email.. THEN we would have something. This though… Meh. Face facts that we are just cyber challenged and the Chinese are using this to their advantage. After all, they created the game of “Go” A game most people here would say, “Uh game of what?”
Oh, and another thing.. Seems to me I remember there being charges leveled not too long ago by a Chinese company that Google stole their Pinyin code..
But.. Nah, that never would have happened.. Not Google!