U.S. accuses Chinese citizens of hacking law firms, insider trading

vanzandt said:
What would even be easier and less high tech would be to buy off someone at the wireless carriers, and track CEO's cellphone movements via GPS. Say you tracked the CEO of Fitbit(Park) and you saw him showing up several times at Nike's HQ. CaChing. Will work in any industry with any CEO. lol
More...
With the amount of money involved why even bother doing something illegal like that. Simply hire someone to follow the guy and report back, perfectly legal and even legal to trade off it.
 
vanzandt said:
What would even be easier and less high tech would be to buy off someone at the wireless carriers, and track CEO's cellphone movements via GPS. Say you tracked the CEO of Fitbit(Park) and you saw him showing up several times at Nike's HQ. CaChing. Will work in any industry with any CEO. lol
More...
Of course this post just made the brother- in- laws of every NSA employee rich. Oh well.
 
Sig said:
Generally I find it's a good idea not to pontificate on something if you don't know anything about it. There is no such thing as an "external US IP address" that would be "foreign inside the firewall", in fact that sentence is pretty much gibberish.
I am curious if they were caught by network security or SEC market surveillance. I'm guessing it was market surveillance, since I doubt law firms get the best and brightest of the IT pool. If the same trader wins on several M&A acquisitions in a row it's probably pretty trivial for the SEC to catch them. Also much easier to identify the responsible party than trying to track down an intrusion, which is virtually impossible to do without NSA level assets as long as the hacker isn't a complete idiot and knows how to use Tor or something similar.
More...
may appear gibberish when you don't understand. You shouldn't talk about topics without some basic knowledge, here ya go jr
http://security.stackexchange.com/q...g-out-firewall-is-this-automated-scans-or-are
http://subnettingpractice.com/ip_allocation.html
 
lylec305 said:
may appear gibberish when you don't understand. You shouldn't talk about topics without some basic knowledge, here ya go jr
http://security.stackexchange.com/q...g-out-firewall-is-this-automated-scans-or-are
http://subnettingpractice.com/ip_allocation.html
More...
I run a company with a significant cloud software component so I kind of do have some basic knowledge in this area, while you stated that you do not. In the interest of educating rather then flaming, however, I'll explain a little. If a regular user from China hits your server you will indeed see their IP address in your server logs. A firewall is simply a construct set up to screen packets before they get to your server, and you would see those IP addresses there as well and could also instruct your firewall to block any range of IP addresses.
However, it is trivial to use a VPN or proxy in the U.S. This is a computer that takes in a packet from anywhere in the world, then resends it to its destination. When it is resent, the packet has the VPN or proxy's IP address. If that VPN or proxy is in the U.S. It will have a U.S. IP address and there will be no way for the server's administrator or the firewall to know where it originated short of getting a warrant to search the proxy computer. Networks like Tor take this to another level with a network of thousands of computers around the world set up as proxy's, most private computers, with each packet randomly bouncing between several computers in a number of jurisdictions with no records maintained and again easy to ensure a U.S. or European last hop to get their IP address. Anonymizing systems like this make it almost impossible to track down the origin of any hacker who has very basic level know-how. Go ahead, install Tor on your computer, hit your server, look at your server logs, and tell me what IP address you see?
Suffice it to say it wouldn't be at all surprising if there was a person much like lylec305 in mgt at the law firm who was sure they were fine because they'd blocked overseas IP addresses at the firewall without having a real understanding of what that meant.
 
Sig said:
I run a company with a significant cloud software component so I kind of do have some basic knowledge in this area, while you stated that you do not. In the interest of educating rather then flaming, however, I'll explain a little. If a regular user from China hits your server you will indeed see their IP address in your server logs. A firewall is simply a construct set up to screen packets before they get to your server, and you would see those IP addresses there as well and could also instruct your firewall to block any range of IP addresses.
However, it is trivial to use a VPN or proxy in the U.S. This is a computer that takes in a packet from anywhere in the world, then resends it to its destination. When it is resent, the packet has the VPN or proxy's IP address. If that VPN or proxy is in the U.S. It will have a U.S. IP address and there will be no way for the server's administrator or the firewall to know where it originated short of getting a warrant to search the proxy computer. Networks like Tor take this to another level with a network of thousands of computers around the world set up as proxy's, most private computers, with each packet randomly bouncing between several computers in a number of jurisdictions with no records maintained and again easy to ensure a U.S. or European last hop to get their IP address. Anonymizing systems like this make it almost impossible to track down the origin of any hacker who has very basic level know-how. Go ahead, install Tor on your computer, hit your server, look at your server logs, and tell me what IP address you see?
Suffice it to say it wouldn't be at all surprising if there was a person much like lylec305 in mgt at the law firm who was sure they were fine because they'd blocked overseas IP addresses at the firewall without having a real understanding of what that meant.
More...
That's a long winded explaining on the blog. I have network and security personnel on my team. Check the links i provided. Gov agencies are a lot more complex than cloud, a new buz word for something we did long ago. Cloud is a security risk, will dissipate just like corba.
Anyhow, what i was attempting to say in as few words possible. All hackers start with something. They just don't pull from thin air.
 
Last edited:
lylec305 said:
That's a long winded explaining on the blog. I have network and security personnel on my team. Check the links i provided. Gov agencies are a lot more complex than cloud, a new buz word for something we did long ago. Cloud is a security risk, will dissipate just like corba.
Anyhow, what i was attempting to say in as few words possible. All hackers start with something. They just don't pull from thin air.
More...
Do you disagree with anything I posted or just can't be bothered to put a couple minutes in to understand a complex topic, so you criticize it on length alone? Have you installed Tor and checked your server logs? Oh, you don't have a server nor would you know how to check the logs if you did and it's just too much to install an app, so you'll just criticize the concept of cloud computing, something else you clearly don't even have a rudimentary understanding of.
Unbelievable! As I said it's people like you that allow these types of breaches to occur because you make decisions based on a dangerous misconceptions and apparently have not only stopped learning, but refuse to.
 
Sig said:
Do you disagree with anything I posted or just can't be bothered to put a couple minutes in to understand a complex topic, so you criticize it on length alone? Have you installed Tor and checked your server logs? Oh, you don't have a server nor would you know how to check the logs if you did and it's just too much to install an app, so you'll just criticize the concept of cloud computing, something else you clearly don't even have a rudimentary understanding of.
Unbelievable! As I said it's people like you that allow these types of breaches to occur because you make decisions based on a dangerous misconceptions and apparently have not only stopped learning, but refuse to.
More...
You're to long winded. I have personnel to take care of a box called security on the architecture diagram. Check the link i sent you.
Interested to see a firewall breach pull something of significance without any inside info. Could be more forensic audit to come to understand the whole picture.
You criticized me and now you say i criticized you first hahaha. Typical know it all...
 
Last edited:
lylec305 said:
You're to long winded. I have personnel to take care of a box called security on the architecture diagram. Check the link i sent you.
Interested to see a firewall breach pull something of significance without any inside info. Could be more forensic audit to come to understand the whole picture.
You criticized me and now you say i criticized you first hahaha. Typical know it all...
More...
You gotta love willful ignorance!
 
Sig said:
You gotta love willful ignorance!
More...
You cannot bait me into a BS discussion on a blog. You didn't comment correctly from the beginning. Think subnet mask inside LAN and a breach thru the firewall. That'll be picked off immediately. Unless they have side info. Plus developing large scale systems, security is merely a utility.
 

Attachments

  • NeverArgueStupid.jpg
    NeverArgueStupid.jpg
    32.8 KB · Views: 3
You must log in or register to reply here.
Back
Top