Chinese Hacking of iBahn Internet Services

Citing unexplained "intelligence data," an unnamed "senior intelligence official," and an anonymous "privacy security official," Bloomberg News claims that iBahn -- the company that runs Internet services for a bunch of hotel chains -- has been hacked by the Chinese. The rest of the story is pretty obvious: all sorts of private e-mails stolen, corporate networks hacked via iBahn, China does lot of hacking, and so on. iBahn has denied the story.

Come on, people. I know that China hacking stories are plausible, but the bar for actual evidence should be higher than this.

Posted on December 21, 2011 at 5:55 AM • 21 Comments

Comments

TomDecember 21, 2011 6:41 AM

Then change the title! Some people will read just that and it will be enough to cement the idea in their heads

SteveDecember 21, 2011 6:47 AM

Even if this is true, blaming iBahn and/or China is probably not going to help anyone. It's just another scare story for Halloween.

Nobody should ever trust a public or semi-public network such as iBahn for the handling of corporate data.

The real challenge is to educate users in the simple and self-evident basic requirements and habits required to ensure corporate data security.

Corporate users should work on the basis that the only trusted network is the corporate VPN, hence step one is always to sign into the VPN after connecting to any untrusted network, and before doing anything else (including browsing of public sites). At least that way, if data is accessed without permission, the responsibility will clearly start with corporate IT security.

Taken to the extreme, this requires users to log in to the corporate VPN when working from home, as their home network or ISP might equally be under surveillance!

MichaelDecember 21, 2011 8:48 AM

Nope. You're right - no evidence. And I know it's BS because it's got the word 'cyber' in the first paragraph.

AnonCowardDecember 21, 2011 8:55 AM

Going anonymous for this one and I'm bound to get flamed for my opinion.
Occam's razor applies, IMO. No smoke without fire and all that.
If I was exfiltrating data from organizations sure, it would be tempting to use compromised accounts in China. Computers in China are /generally/ less well patched, extradition would not be an issue, scapegoating, etc. BUT, given that the data is commercially sensitive, sensitive enough for me to be motivated to steal it in the first place, I would NOT want it to fall into the hands of others, such as the Chinese who have a known program of monitoring traffic passing through the great firewall of China. If I had fought hard to steal these industrial (and military) secrets, I would NOT be giving them away.

Clive RobinsonDecember 21, 2011 10:27 AM

@ Bruce,

"Come on, people. I know that China hacking stories are plausible, but the bar for actual evidence should be higher than this"

A lot lot higher.

The problem is arguably China has in many ways set themselves up for being blamed by not getting a grip on through traffic and hosting of websites etc used for what many regard as criminal activities.

Whilst I assume that China are upto espionage in one form or another (it would be nieve to assume otherwise) so are most other countries, including most the US's closest allies, many corperates and sundry criminal gangs.

But the relentless cry of "China APT / Cyber-xxx" to me just seems to be a case of unreasoned "them whot dunit".

MikeADecember 21, 2011 10:38 AM

I don't travel all that much anymore, so this is a serious question. Have the "sorta free WiFi" services vastly improved lately? If not, how is one supposed to get past the chicken-and-egg problem where you have _NO_ actual internet access until you have clicked the "I have read and agree to whatever bogus terms are on that page that won't render because my browser is not an exact match to that used by some muppet developer" button. Until then, every packet gets either dropped (best case) or sent to a lame proxy which (in my experience) gets wrapped around the axle pretty often if, e.g. I try to ssh to anywhere, or my mail client tries to poll for new mail before the super-secret l33t javascript kicks in with a popup, which then gets buried because I have a couple applications bleating that there is a problem with the net...

If you shut everything down before sleeping your laptop, it might not be a complete CF, but it will still be annoying to re-start, and you have already let a script from some at-best-clueless provider run and possibly alter your network settings. At that point, closing the barn door by starting a VPN is a bit late.

JD BertronDecember 21, 2011 11:16 AM

Why does it seem necessary to always use the veil of secrecy when discussing hacking ?
Yes the Chinese hack all the time.
Yes, we don't want to divulge the methods we use to detect them when they hack into military honeypots.
No, we don't need the veil of secrecy to report that some ISP got hacked. It just plain fear mongering.

Brett ODecember 21, 2011 12:22 PM

Let me say that I am amazed on what the story actually stated. I know firsthand about "Byzantine Foothold"* and "Byzantine Hades"*. The article was factual and accurate (do note that attribution to PRC, as with anything on internet, is shady at best)

This is actually several years old. Imagine How Many More Hacks since the events in the article!!
We should be teaching this stuff in school.

But, moreover, we should also be teaching business that there VPN is useless if the network is overrun (or run) by bad guys. And the VPN benefit is negated if the tunnel is split or the PC is insecure. (& MikeA's comments too).

If it is important, it shouldnt be connected to the internet ever

And there should be an Open Protection & Intelligence Establishment (OPIE) that does what the unnamed intel agencies have been doing (for the US Gov). Why create OPIE - so companies can get the info without waiting years for some leak of classified data from the government.

*(c) 12/16/2011, Business Week, Bloomberg, et al :O

Brian MilnesDecember 21, 2011 12:41 PM

Two years ago at a major hotel chain's hotel in HI I was given what appeared to be false certificates for gmail and other services. The use of hundreds of these CISCO desktop routers, which have a terrible patch record for security, seems like a very easy target.

I was on vacation so I simply called up their IT support office and reported it and connected to no secure services from the hotel room.

derpxDecember 21, 2011 2:17 PM

so if anybody uses a compromised server in china to launch an attack china is automatically blamed? arch nemesis japanese hackers prob do this all the time lol

gurgleDecember 21, 2011 4:04 PM

Scenario 1. A group of American guys decide to hack into some system to make money. PUBLIC VERDICT: They are not controlled by the U.S. government (U.S. government is like Google, they do not do bad stuff).

Scenario 2. A group of Russian guys decide to hack into some system to make money. PUBLIC VERDICT: They *could well be* controlled by the Russian government.

Scenario 3. A group of Chinese guys somewhere in China decide to hack into some system to make money. PUBLIC VERDICT: They have something to do with the Chinese government.

Scenario 4. A group of US/EU expat youths in China decide to hack into some system to make money. PUBLIC VERDICT: (As long as nobody knows that they are from the west) they have something to do with the Chinese government.

Scenario 5. A group of Iranian expats in Israel decide to hack into some system in Iran to make money. PUBLIC VERDICT: Confusion.

Actually then we can have a group of [people] from [country / countries] that decide to first hack into servers in [country] to make it look like they are from there before they use those to hack into servers in [country].

llewellyDecember 21, 2011 5:07 PM

"Scenario 5. A group of Iranian expats in Israel decide to hack into some system in Iran to make money. PUBLIC VERDICT: Confusion."

Nonsense. The "public verdict" would be "VICIOUS CYBERWAR RAGES
BETWEEN ISRAEL AND IRAN
"

DanielDecember 21, 2011 5:21 PM

The number one rule of any security agency is to act like they know what's going whether they know what's going on or not. I'm laughing at all the language permutations that the US Government is using to say, "We learned about it on TV just like everyone else" in regards to North Korea.

It's not about proof, as you know Bruce, it's about confidence and trust. Didn't you just write a book about that, hmmm.

Dirk PraetDecember 21, 2011 5:53 PM

If the same article had been published by the official press agency of the DPRK, I guess it would have been dismissed immediately as "hearsay" or "propaganda".

posedge clockDecember 21, 2011 6:47 PM

@MikeA:

No better today. I just got back from a business trip to Dallas. The hotel had free Internet, but you had to click through after a browser redirect to get on. You need to click through once a day. However, even closing the lid on my MacBook was enough to take down the Wi-Fi. Even though I didn't need to click through, I still had to submit some web query to get redirected to the hotel's landing page before anything else could work. And this is a major U.S. based hotel chain; highly reputable.

The client I'm working for has a similar setup: you need to apply for (outside firewall) guest Internet access while working in their building. You then need to redirect and click through each time. It didn't help that the Wi-Fi was flaky and every time the connection dropped I had to click through again. Again, a major U.S. based corporation, that makes serious product (e.g. not Zynga/Facebook/etc.)

Another guest at the hotel was quite offput that her iPhone wasn't working well. It seems all these fancy shmancy Javascript enabled AJAX apps get confused when their queries are redirected to a page they never asked for...

DavidDecember 21, 2011 10:32 PM

Lots to criticize in this article, but I though the timing was interesting, considering these two quotes

“They are stealing everything that isn’t bolted down, and it’s getting exponentially worse,”

“We are going after things to defend ourselves against future attacks,”


and this article:

Police are questioning the crew of the MS Thor Liberty after what were described as 69 Patriot anti-missile missiles were found aboard.

Just interesting that the alarms are being raised about foreign nationals, private or not, getting into US companies, but when US equipment goes "astray"...

When we do it (whatever it may be), it's defense. When "they" do it, it's stealing/hacking/espionage.

Clive RobinsonDecember 22, 2011 3:31 PM

@ Daniel,

The number one rule of any security agency is to act like they know what's going.... ...to say, "We learned about it on TV just like everyone else" in regards to North Korea.

For some time many people have been joking that not only would it be a significant money saving, but also be a considerably faster to just sub contract basic intel gathering to CNN...

On person apparently sugested that CIA now stands for "CNN Instant Analysis"...

meDecember 25, 2011 6:31 PM

[begin blah blah]

Many people do not want actual evidence as quickly as they want to believe an exaggeration. Isn't fiction more popular to purchase than non-fiction?

There was a guy on NPR stating that the Chinese are ahead of us by two or three decades in the digital spy zone and have stolen all this stuff from various uber-secret orgs within our gov. Personally, I find it hard to believe that our most important secrets would be stored anywhere that's accessible by the interwebz. Maybe even argue that it shouldn't be on an intranet. I dunno...

The fear of foreign hacking is selling a lot of books and airtime I guess but agree, if I may, with Mr.Schnier that there ought to be evidence before reaction.

[end blah blah]

Mao's DongJanuary 11, 2012 9:25 AM

China hack anything they can manage. 50 years of communism has stifled creativity to a point where they can no longer invent anything themselves.

In China, lying and deceit is par for the course in any business. All the more (tragically) amusing it is to see them imprison Western associated business people for "bribery" time and again.

The military policy of being ahead of the US by 2025 further goads the country's hacking endeavours.

China hack anything and everything. This is a veritable axiom today.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..