BlackBerry uncovers China-backed hacking campaign

RackMaster

Nasty-Dirty-Canuck
SOF Support
Joined
Feb 8, 2007
Messages
11,786
Location
Land of Swine and Maple Syrup
Speaking of China.

BlackBerry Ltd. says its researchers have uncovered how China-backed hackers have been able to extract data from many of the world's servers for a decade -- largely without being noticed by cyber security. It says the tactics give the hackers the ability to extract information from huge amounts of valuable data from computers using the Linux operating system, which is used on most of the world's web servers and cloud servers.

BlackBerry uncovers China-backed hacking campaign
 
Holy shit! That is huge! I can't imagine the amount of data the Chinese have had due to these breaches. Fuck... depending on the severity, China could've had real time access to intel and comms as it was being disseminated via those servers and devices. If anyone remembers the Clinton Email Fiasco, part of scandal was that Hillary kept an unsecured cell phone and server alongside her Gov issued BlackBerry.

Not sure how it is now, but it used to be that BlackBerries were the preferred means for Gov officials and bureaucrats to have secured comms.
 
If I remember correctly, that changed with Obama insisting on having an iPhone as his device.

I've been out for sometime now, so I can't speak to the Gov or Mil, but finding anyone with a BlackBerry nowadays is like finding out your house is built ontop of buried pirate treasure.
 
If I remember correctly, that changed with Obama insisting on having an iPhone as his device.

I've been out for sometime now, so I can't speak to the Gov or Mil, but finding anyone with a BlackBerry nowadays is like finding out your house is built ontop of buried pirate treasure.
I feel like an iPhone being used a Presidential commo device is scary as all heck. While I ain't accusing Apple and Microsoft of having dual loyaties, it's worrisome how much the communications market is touched by the Chicoms.
 
Holy shit! That is huge! I can't imagine the amount of data the Chinese have had due to these breaches. Fuck... depending on the severity, China could've had real time access to intel and comms as it was being disseminated via those servers and devices. If anyone remembers the Clinton Email Fiasco, part of scandal was that Hillary kept an unsecured cell phone and server alongside her Gov issued BlackBerry.

Not sure how it is now, but it used to be that BlackBerries were the preferred means for Gov officials and bureaucrats to have secured comms.
IIRC, HRC as SecState did NOT have a government issued phone or Blackberry. She had a personal Blackberry synced with her personal (family) email server. I believe her position was that it was too difficult to maintain two devices/phone numbers/email addresses, although thousands of low-ranking federal employees manage to do so.

AFAIK, she did not use an official State Dept email address, but her personal family email address. If the OP is correct, this means the ChiComs probably scarfed up everything she sent and received as SecState.

I don't know of any federal agencies still using Blackberries. AFAIK, everyone is either on iPhones or Samsungs. Although I'm sure there are still some agencies out there.
 
Obama didn't have an Iphone while president, he had a Blackberry.

Blackberry's been on the high security end of phone stuff for a while, at least with regards to messaging smartphones. Now if you go dumber? well... there's phones that are pretty cool.
Pentagon just signed a contract for 17,400 (IIRC) iPhones.
 
I actually miss my work Blackberry....it was flawless and had no syncing issues with the secure business server. Our Android phones suck....I have a personal Samsung S10 and love it!! but it isn't locked down with security software that makes the work S9 suck.
I have two S9s; work and personal.

Our work S9s are actually better and more reliable now that they are locked down hard. They've stripped out a lot of the "included" apps like Bixby that cause problems and consume RAM. There are very few apps that can be installed anymore, and they're all work apps. We aren't even allowed to have airline, hotel, or rental car apps, even though we use them for official purposes. Thanks Pete, thanks Lisa.

I'd love to find a way to be able to get rid of all the crap Samsung and Sprint put on commercial phones. I have zero use for Android Auto, Your Phone Companion, and Bixby. :hmm:
 
I have two S9s; work and personal.

Our work S9s are actually better and more reliable now that they are locked down hard. They've stripped out a lot of the "included" apps like Bixby that cause problems and consume RAM. There are very few apps that can be installed anymore, and they're all work apps. We aren't even allowed to have airline, hotel, or rental car apps, even though we use them for official purposes. Thanks Pete, thanks Lisa.

I'd love to find a way to be able to get rid of all the crap Samsung and Sprint put on commercial phones. I have zero use for Android Auto, Your Phone Companion, and Bixby. :hmm:

We were able to root and re-load the AOSP base rom, or even a custom custom one from the XDA forums. That's really the only way I've found. Samsung's One UI is pretty slick now though. It's definitely getting better and better. super fast and responsive at 120hz on my s20 Ultra.
 
I hate Bixby and the fact that it is so easy to trigger it going off especially on the S9, it feels like on the note10 that you have to almost hold it down for it to trigger at times. Which is an improvement, but would be even better if I could get rid of it entirely.
I just changed what the button does, it now launches my camera I think.
 
RE: Operating systems and the like for the DoD...

Short version: Even the best computers are vulnerable.

Long, not-as-nerdy explanation:
DISA maintains STIG's which are essentially configurations for devices, operating systems, etc.

Understanding DISA STIG Compliance Requirements | SolarWinds
Security Technical Implementation Guides (STIGs) – DoD Cyber Exchange

In a nutshell a STIG is a checklist of things to disable when securing your whatever and they go pretty deep. However, you can "assume" or "mitigate" risks associated with not fully implementing the STIG. Say a Win 10 registry value breaks a piece of software, but DISA considers that registry value high risk. When you do your RMF package to put that Win 10 workstation (I'll spare you an RMF explanation) on a DoD network, you note the high risk and someone has to accept that risk OR find other ways of reducing said risk.

In other words, DISA STIG's aren't gospel.

Now take a Linux machine, out of the box that O/S is riddled with vulnerabilities. You can "STIG out" a machine, but at the end of the day it is an O/S and hackers devote insane amounts of time to find 0-day exploits, exploits unknown to the software publisher and for which there are no patches.

Maybe unrelated to the thread's OP, but funny all the same, this was one DISA's homepage, dated from Feb. 21, 2020.
DISA Has Released the BlackBerry UEM 12.11 STIG – DoD Cyber Exchange

You can go hard in the paint with your security, but eventually the bad guys will find a way into your network. If you want a secure computer, put it in a Faraday cage and without any outside connectivity.
 
Back
Top