Slashdot Mirror
Cyber Attacks on US Linked to Chinese Military?
wiredog writes "Security expert Bruce Schneier is reporting on a continuing effort to penetrate US government and industry computer systems that most likely stems from the Chinese military." From the Terranet article: "The attacks have been traced to the Chinese province of Guangdong, and the techniques used make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity."
Take, for example this story which includes the quote:
Let's not forget how important our information infrastructures are and how dependent we have been on computers for quite sometime. Let's also not forget common rules of war one of which is cutting off an enemy's supply line ASAP to reduce their cone of influence. A pre-emptive move to "test the waters" of U.S. security by China would not surprise me.
My work here is dung.
Does this sound like another blame game when something bad happens in USA? If they have already traced the source and still couldn't fend it off, I don't know what they would do next, calling President Hu?
These attacks come from someone with intense discipline. No other organization could do this if they were not a military organization
Does this rhyme with "Space exploration is both demanding and dangerous. No other nations could do this if they did not have a space shuttle".
Virtual Betting on Facebook for non-geeks.
This was brought up on my local SAGE mailing list earlier. Someone brought up the good point: Aren't there an awful lot of news stories recently (heck, there've been three on /. in the past few days) villianizing China? Almost as if some large government- or media-induced program is going on to remind us how Evil they are and influence the collective consciousness to be in favor of breaking off relations with the most populous nation on Earth? (Or, to some extreme, treating them like our last Axis of Evil?)
so does this mean in the coming information war they are going to use that commie OS, what is it...
Linux, I think it's called?
Bury me in mashed potatoes.
Nice try, China! Your silly attempts to raise yourself to the level of the U.S. will never succeed. The U.S. is the dominant super power and always will be!
Just ask Britain and France! If anyone understands that national standing on the international scene, once established, is permanent... it's them!
I'm a big tall mofo.
Does this, combined with the Air Force's new mission statement, constitute an Act of War?
And the Americans are not doing the same to the Chinese?
I would have been shocked if this was not going on in both directions - in dozens of directions for that matter.
For those who think that China is a big teddy bear full of love for the world, freedom, and independence of the people we have two words to remember: Tiananmen Square.
I will never forget the images of those young people being shot at, arrested, stampeded out of the square by the Chinese military.
Their government is not warm and fuzzy and has nothing to do with basic human rights. They are fellow humans, the people of China. They deserve better than that gang of thugs in power. I wish them luck in outlasting their predecessors' mistake in choosing to empower those creeps.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Just ask anyone involved in the free Tibet movement or any of the ISP's that host websites with the words free Tibet, they used to get massive attacks from DOS right through to serious and well planned attempts to hack these sites. Spent an entire week assisting the fending off of one of these and having to rebuild a server after the attack got through with it.
There is no crime in China. Repeat: There is no crime in China.
2. Do you really think that anything really sensitive would be able to be accessed from the Internet?Hey now! I'm sensitive and accesible from the Internet.
You were 80% angel, 10% demon. The rest was hard to explain. - Over The Rhine
"Math in a song is good."-Linford
And, in the aftermath you get to see how hypocritical our government (U.S.) is when it comes to authoritarian regimes. We're more than happy to open up the gates for business with China, yet we crack down on democracies (Venezuela, Haiti) who don't fit in with our Project for the New American Century.
Forget all that "Freedom is on the march" propaganda and start looking at our REAL foreign policy.
I swear to God...I swear to God! That is NOT how you treat your human!
I was really surprised by the whole energy of the place. When I went to McDonalds and they didn't have my food immediately, they said no problem we will find you and bring it to you when its ready. 2 min latter I had my fries. This particular McDonald's had around 30 registers all open. They said that they served 6000 lunches everyday -- just nuts. You won't find any fast food resturant in the US that can manage that volume and provide good service too.
The only downside was all the street vendors, which annoyed our tour guide. She said that they all had day jobs, but would often call in sick to go run side businesses to make extra money.
In closing, the US needs to sell $3,000,000,000 in bonds everyday to China just to keep running. If they really wished us harm they could just stop buying our debt. Once China no longer relies on exports we will be at their mercy. That will happen in around 10 - 20 years just when the US needs money to fund SS payments to baby-boomers.
It isn't the Chinese!
Everyone knows that the Chinese could shut down the U.S. military by mailing a baker's dozen fingercuffs to the Commander in Chief and the War Cabinet.
Can't push the nuke button without use of your fingers, can you?
"I've been saying all along that China is a threat- and this is really the third front of WWIII."
"World war..." I do not think it means what you think it means.
See, when cities start getting wiped off of the face of the planet and an entire generation of young men gets decimated and then decimated again, then you get to call it a "World War III." Ask Europeans or even Chinese of the proper age group to tell you what a real world war looks like.
Very, very few people in North America have seen what a war actually looks like since the freakin' 1860's (and they had to travel to see it), which is probably why people like tossing around the word "war" without having any fucking clue what it entails ("War on Poverty," "War on Drugs," "War on Terrorism," "War on Christmas," and the silliness of calling the whole Red State vs. Blue State thing the "Second American Civil War).
Sherman said "War is Hell" and went on to aptly demonstrate that fact. This, this isn't even a hissy fit. If you have the liesure time to piss away posting on a website, it ain't war.
I have been following this for some time.
This is not the first time this story has appeared on Slashdot. The last time it did (last year, I think), it covered a person who had traced the attacks back as far as China and gave some basic information about the methods and types of attacks. Also there is some reason to think that some military systems have indeed been penetrated and such items as flight control software stolen.
My own suspicion is that you have some sort of DMZ from which these attacks are occurring. You have a number of people stationed in shifts around the clock logging into these systems (possibly remotely) and using them for the attacks. There is plenty of reason to suspect the Chinese military here. These are not defacement attempts but are pretty surgical attempts at military data theft. This means organized crime (terrorist or not) and military are your only major suspects. The military is more likely the purpetrators given not only the specific type of data being targetted but also the Chinese Gov't's general unwillingness to cooperate with an investigation.
LedgerSMB: Open source Accounting/ERP
While I agree with the gist of what you're saying, my firewall logs are constantly filled with hack attempts originating from our Chinese cyber-neighbors. What I'd be interested to know is whether these are concentrated attacks (most do not seem to be) or whether China's tenancy towards software piracy has become a problem for them. Would it surprise anyone if many widely-circulated, Chinese-pirated copies of Windows XP were pre-infected with trojan rootkits? In that case the botnets would be deployed from the moment the OS was installed. That being said, the responsibility ultimately lies with them either way.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
In the 50s, 60s, and 70s, thousands of American soldiers died in an effort to stop the threat of Chinese communism. Today, China is one of our top trading "partners". What has changed? China is still one of the worst human rights violators, and routinely abuses its neighbors (Taiwan and Tibet). In trading terms, China is probably our most abusive partner. Any project done in China must also have any related side projects completed there. China also devalues their currency, further imbalancing trade.
The China situation probably pisses me off more than any single other issue. Its an issue where both parties are on the same side; the side of profit-whoring multinationals that have no problem selling out American workers and small business and buddying up to the rights-abusing monster that is the Chinese govt.
I have been worried for a long time about the apparent naivete of the U.S. government and military regarding the Chinese.
The Chinese government and military are extremely savvy so long as they are not blinded by their communist dogma. When it comes to trade, information, spying, and weapons technology, they understand the reality that those who play fair lose.
If you are a businessman, have no illusions that your papers and files are safe in your hotel room in China. There have been documented cases of government-sponsored spies following businessmen and bugging or entering their hotel rooms to scour their belongings for useful trade secrets and intellectual property.
We can see clearly that they are pursuing a strategy of mercantilism in trade, to our great disadvantage, thanks to the cluelessness of free-traders in Congress and the White House.
Who can doubt that the same issues exist with regard to sensitive military information? The Chinese sponsor students to come to the U.S. with the express goal sometimes of infiltrating research staffs and supplying tech info back to China. The same surely occurs with U.S. government and military employees, although the screening is more thorough.
In my opinion, the CHinese government would see hacking U.S. government or military sites as a requirement for successful international competition. Hopefully, the NSA and others like them are on top of the problem. I don't doubt, though, that they have gained access to lots of systems on the lower end of the confidentiality spectrum.
It needs to be impressed on people in government, military, and intelligence work, that the Chinese are playing one mean game of chess in everything they do vis-a-vis the U.S. Their sense of time spans centuries and millennia rather than decades. Any suspicious activity on their part needs to be treated with the greatest skepticism by our guys, rather than with apathy or giving them the benefit of the doubt...
First, the argument that an attack is disciplined thus it must be the national military is just plain stupid -- and I frequently agree with Bruce S.
Even then, how is this not anticipated? Governments spy on each other (and their own citizens) prolificly, even their allies. We do it, they do it. European countries and the US are constantly one-upping each other in government sponsored corporate espionage. The Internet's done nothing but created a new medium. We steal corporate and military secrets from them, and they from us. Big deal.
The fact is that this means nothing. We know how to prevent this from being a problem, we do it, and we even disseminate disinformation this way.
The Iraq boondoggle aside, countries are actually very good about researching each other. There's a level of transparency between nations that is completely hidden to the average citizen. I think that everyone understands that at some level. The problem is, of course, that the public understanding of geopolitics is quite different than that of world leaders and the intelligence community. China could be an invasion threat, or on the verge of a dramatic shift to democracy and becoming our (USA) 51st state -- but, honestly, how many people are privileged enough to have access to sufficient information to make that call? Almost certainly not you.
By avoiding transparency, governments can avoid accountability to their citizens and other nations. That lack of accountability makes people easy to assuage, makes governments appear artificially effective, etc. In the US we demand little transparency because making information available puts us at risk (so the logic goes). Thus, by simply augmenting the perception of risk (nwes about terrorists, spies, etc.), people will lower their accountability demands, enabling more flexibility for things probably not in the public interest.
Of the top 100 economic powers in the word, 52 are corporations, and 48 are countries. About 1/3rd of goods transferred over a national border are goods that don't transfer ownership because they stay within a multinational corporation that is internally transferring those goods). It seems that some good geopolitical FUD can make you richer than Croesus if you're an inside player in the game.
It's never hack from home. Now, even if the Chinese are actively trying to .gov or .mil. I'm pretty sure so called
hack us, (why not, I am sure it's not just them and I'll bet money we are doing
it too), why would they source an attack from their primary location? Even if
the "attacks" are coming from there, that doesn't mean it's the Chinese. It
could be an American or British kid who took over a box there. And I gotta
tell you, if it were me, I would bounce my traffic around the world twice
before I even took a look at a
"military trained" hackers backed by the Chinese government could and would
have far more resources and could cover their tracks better than that. If it
were me, I would have all the attacks sourced from Britian or Iserail, or some
other friendly US ally. Color me suspicious.
SealBeater
-- Its survival of the fittest...and we got the fucking guns!!!
STEEE-RIKE!!!
sarcasm -------->
O
-|-
|
/ \
you
From your second paragraph (the first one quoted above), it appears we've already figured out what to do to cause harm to them.
American corporations will not stand for being refused entry to a market encompassing a sixth of the world's population. This pressure began to build in the seventies and has only increased. This is the determining factor in all US/China dialogue.
illegitimii non ingravare
While I don't approve of this method of cutting corners on R&D the Chinese are doing nothing that the US hasn't done in the past and still is doing today, and not just to nations that could be a potential threat either. The USA also spies on it's own allies and that includes abusing base rights and surveillance assets, supposedly there to be used for the benefit of NATO defense, to conduct industrial espionage on other NATO nations. The US has even used these assets to commit occasional acts of economic sabotage, a famous example would be the Saudi Arab airliner deal that Boeing managed to snatch away from Airbus with Uncle Sam's help. Not that I'm complaning mind you, we Europeans are not exactly angels either and the whole Airbus mess did have two positive results. Firstly we now know that we can't even trust our friends in the USA as far as we can throw them (a lesson they are now slowly learning them selves, in reverse, so to speak) and secondly many corporations here now take communications security more seriously than the military. Judging from the way it has been chewing away at Boeing's market share Airbus certainly seems to have learned it's lesson.
The price of peace is eternal vigilance.... even your friend will stab you in the back to butter his own slice of bread.... learn the lesson, go on and get over it.
Only to idiots, are orders laws.
-- Henning von Tresckow
I thought "War on ......" was a American euphemism for "an unsolvable problem we will futilely waste vast resources on in an ongoing and unsuccesful attempt to solve using means and methods long ago shown not to work." (Sounds like a corporate mission statement, doesn't it)
"War on Poverty," "War on Drugs," and "War on Terrorism" are perfect examples.
None of them can see the clouds; The polished wings don't care.
Consider going to Bejing, Shanghai or Hong Kong.
Beijing is hardly a futuristic city (not really sure why you included that one. It's a beautiful city, but it hardly fits in with the other two). Hong Kong's prosperity is completely and absolutely the result of the British rule and law, and it has diminished since the takeover.
If you go to Shanghai you should try the sooper high speed mag-lev train.
One thing about a statist economy is that you can put billions towards really dumb money sinks, all to get gullible citizens and tourists to proclaim about how futuristic it is. I hear Brazilia in Brazil is a real futuristic city as well.
I was really surprised by the whole energy of the place. When I went to McDonalds and they didn't have my food immediately, they said no problem we will find you and bring it to you when its ready. 2 min latter I had my fries. This particular McDonald's had around 30 registers all open. They said that they served 6000 lunches everyday -- just nuts. You won't find any fast food resturant in the US that can manage that volume and provide good service too.
You're impressed that they brought your food to you? Wow, your opinion really needs to be considered suspect. Fastfood restaurants everywhere bring food to you.
Regarding the McDonalds being big --- if that's your measure of prosperity... That's like saying that a town is a great town because they have the largest Walmart. I'm going to have to presume that you're being sarcastic.
In closing, the US needs to sell $3,000,000,000 in bonds everyday to China just to keep running. If they really wished us harm they could just stop buying our debt. Once China no longer relies on exports we will be at their mercy. That will happen in around 10 - 20 years just when the US needs money to fund SS payments to baby-boomers.
Ah, good old fear mongering and ignorant economics. Ignoring the fact that China isn't a big financer of debt (and hasn't been for some time), countries don't buy bonds because they're benevolent - they do it for their own best interest. In the case of China they buy up US $ (and formerly bonds) to prop up the dollar, which keeps the yuan undervalued and serves China.
Secondly, if China did something (ignoring that they couldn't do anything that could be rapidly circumvented) they would punish the US $, depreciating their own holdings in US bonds (most of which can't be cashed in for years and decades. Boy, win win!
Idiots that don't have the slightest clue about economics, and that are wide-eyed about isolated advantages (OMG! I hear that North Korea has gigantic pyramid towers! They must be super first world!) should just keep their ignorance to themselves. China is eventually joining the ranks of the first world, and will soon earn some "problems" like citizens that don't like being poisoned by the air and water, and who like some rights, but this pissy nonsense about how the US is doomed reeks of ignorance.