Chinese Hack Attacks on DoD Networks Coordinated

An anonymous reader writes " The Naval Network Warfare Command says that Chinese hackers are relentlessly targeting Defense Department networks with cyber attacks. The 'volume, proficiency and sophistication' of the attacks supports the theory that the attacks are government supported. The motives of the attacks emanating from China include technology theft, intelligence gathering, exfiltration, research on DOD operations and the creation of dormant presences in DOD network for future action. Onlookers warn that current US defenses against these attacks are 'dysfunctional', and that more aggressive measures should be taken to ensure government network safety."

Far outstripping other attackers

[ShaunC]

Attacks coming from China, probably with government support, far outstrip other attackers in terms of volume, proficiency and sophistication, said a senior Netwarcom official

Gee, ya think? China has more than a billion people. I know they're not all running around with shiny new laptops, but come on - this is akin to saying that the majority of low-temperature attacks on the United States come from Canada. Well, duh!

I can make the same "cyberattack" claims about my not-worth-cracking dedicated servers and the dinky firewall machine sitting on my cable modem, too, but that doesn't mean I'm engaged in a "cyberwar" with anyone. The majority of rooted machines trying to root mine are in China. Most of this comes in the form of automated attempts to bruteforce ssh, but I've seen targeted attempts where there's clearly a human on the other end of the wire.

While I don't doubt that DoD machines are probably being targeted intentionally, there's an overwhelming amount of garbage traffic coming out of central and eastern Asia, and it hits everyone. Nearly half of all my rejected SMTP traffic is from Chinese netspace, but most of it's trying to peddle western products to American consumers, the Chinese people have nothing to do with it. China's so full of compromised hosts that whoever's actually cracking DoD machines is probably sitting in an internet cafe in Milan, piping data through some rooted .gov.cn box...

Oh, and the next person to use "spear phishing" in an article is getting a swift kick in the nuts!

Re:Far outstripping other attackers

[zappepcs]

That is an interesting statement:

"China's so full of compromised hosts that whoever's actually cracking DoD machines is probably sitting in an internet cafe in Milan, piping data through some rooted .gov.cn box..."

I wonder how easy it would be to pin this on MS products that have been pirated?

Its an interesting twist of thought to think that MS is responsible for cyber attacks on the DOD. While that isn't true, it's still interesting in a 'haha' kind of way.

Makes me believe that there will be counter-attack strategies that include government sponsored worms traversing the Internet trying to secure those compromised hosts.

Re:Far outstripping other attackers

[Vicissidude]

China has more than a billion people.

Yes, and of those, only 137 million Chinese are online. In contrast, the US has about 185 million online. So, the fact that the majority of the attacks are coming from China is indeed significant. That is particularly true given the sophistication of the attacks cited and the military targets they are going after.

Re:Far outstripping other attackers

[Vicissidude]

And of those online in China, only 36 million have broadband connections. Further, black markets and pirated software are not just limited to China. In fact, they're all over. So, with the prevalence of pirated software worldwide, why are the majority of the attacks coming from one place? Why are the attacks from that one place going to US military targets? And why are the attacks so sophisticated?

It is widely known that the Chinese want our secrets and technology, especially those surrounding the military. It is widely known that the Chinese actually do copy and steal US trade and military secrets and technology. And it is widely known that as friendly as the Chinese act toward the US, that the Chinese work behind the scenes to subvert US influence and control.

Given the number of sophisticated attacks coming from a single country against US military targets, especially coming from a country that has been militarily hostile to us in the recent past, then I'd say we probably are getting attacked.

Re:Far outstripping other attackers

[AdamKG]

Unless I'm in denial about either China or my intelligence, you're wrong. Care to elaborate on how China is a long-term threat to us? All I have been able to fathom is that they are very likely to overtake the United States economically, largely because they have a more productive populace. But how is that a threat? Is it a threat because they seem to be succeeding economically while their government continues to be relatively free of Washington's influence?

Seriously, the idea that a functioning non-capitalist economy (notwithstanding that China has a somewhat free market) is so offensive as to require total economic isolation and military incursions was something that was fashionable in the 60's. (Cuba anyone?) Don't tell me it's back again.

Re:Far outstripping other attackers

[grcumb]

Because we all know that non-Windows servers never get hacked.

No, most online, public-facing servers are at least theoretically hackable, depending on the value one assigns to 'hack'.

But that's not the point GP is making. The important element here is that, in many cases, if you can find an exploit in the Windows operating system, you can attack millions of them with little more effort than it would take to pwn one. This is a result of the Windows monoculture, and it's inherently unhealthy.

This is not the case with the other server operating systems available on the market. The number of different configurations and permutations that exist in the wild make even the juiciest targets of much more limited value. So someone who wants to conduct a large-scale, concerted attack against a number of servers would have to invest a vast amount of time and effort into succeeding.

Small-scale, targeted attacks are a different proposition entirely. With enough time and effort, it's often possible to penetrate even the more sophisticated security arrangements by exploiting a weakness in the specific implementation. But that's not at all germane to GP's point, which is that the systematic (systemic, too) breakdown of security in the US government's computing infrastructure can be largely attributed to its over-reliance on a very limited set of products whose security is questionable at best.

Re:Far outstripping other attackers

[SageMusings]

"they are very likely to overtake the United States economically, largely because they have a more productive populace"

China could overtake the economy because they have a work force that is paid low wages, has a lower standard of living, and is less educated. Another reason they can overtake is because our own American CEO's are falling all over themselves to have everything manufactured over there at the expense of American workers' jobs. Let's see what else? Oh yeah, did I mention that American companies invest in R&D and then GIVE AWAY that technology to China? Did you also know that the Chinese government gets an automatic 50% stake in every business venture over there?

Did you happen to know that the American workforce is among the most productive in the world?

Is China a threat?

Ask the Tibetans, Taiwanese, or people living in Hong Kong. Hell, dig up a history book and learn what happened in the 50's when the U.S. military while fighting the North Koreans suddenly found themselves fighting 8 Divisions of Chinese.

China is no one's friend. They especially want to get even with the U.S. and Europe for humiliating them during the 1700s and 1800s during the gun-boat diplomacy phase of history with them.

Finally, look up their information on their economy and the fact the yuan is artificially valued. Who needs to play by international rules, anyway?

Re:Far outstripping other attackers

[catalina]

Note a few things about China: They spend more money on their military then any other nation in the world. They are modernizing their military far beyond what's necessary to attack any other nation.
In the above, I think you misspelled USA....
The premier of China has threatened to nuke Los Angeles
You seem to have misspelled North Korea

Re:Far outstripping other attackers

[TapeCutter]

"What, the US wants Chinese trade and military secrets? That might be true if China weren't running behind the US in either."

So your saying the US strategy is to wait until China is "in front" of the US and then start spying, the US sure are good sports about this stuff wouldn't you agree?

"That's almost completely negated by the US sending tons of business their way."

Ahhhh, I see. The US is not losing bussiness to a competitor they're being generous to the underdog, what kind souls they are.

/sarcasm

Re:Far outstripping other attackers

[PHPfanboy]

He might be a fucktard, but you sir, are being very flexible with the facts. I'd go so far to call you the kind of dangerous liar that likes to engage in expeditionary warfare. Would love to see you send your own kids, then we'll see how much of a hero you are.

Now, I'm not Chinese and have no special affiliation with them, but according to this inconvenient report http://rand.org/publications/MG/MG260/index.html by RAND Corporation (Wikipedia says this: The RAND Corporation is a nonprofit global policy think tank first formed to offer research and analysis to the United States armed forces)

China's defense spending is estimated to be between 2.3 and 2.8 percent of the nation's GDP. This is 40 to 70 percent higher than official Chinese government figures, but substantially lower than previous outside estimates of the share of GDP devoted to defense. ... The authors forecast that Chinese military spending is likely to rise from an estimated $69 billion in 2003 to $185 billion by 2025-approximately 61 percent of what the Department of Defense spent in 2003.

As for: They are modernizing their military far beyond what's necessary to attack any other nation. I'd add - "just like the US are...."

And lastly: "The premier of China has threatened to nuke Los Angeles" - it was the 2nd in command of the army who said it in response to a declassified US army report that named China as one of six possible nations that could face nuclear strikes from America.

Remind us when was the last time China went to war? And when was the last time the US did?

What say you now, Sir?

Attacks? We know what to do

[Kohath]

Time for the US to execute a "phased redeployment" away from the Internet.

Back to uunet or fidonet, where our bits can be safe.

Sure

[TheRealMindChild]

Onlookers warn that current US defenses against these attacks are 'dysfunctional', and that more aggressive measures should be taken to ensure government network safety.

Sure... drop some bombs. What could possibly go wrong?

Onlookers?

[rehtonAesoohC]

I am a civilian contractor for the US government, and I can guarantee that we are hit all the time with attempts to get into our networks on the secret and SCI sides.

However, I would like to know who these "onlookers" are... The defense measures (can't say specifically of course) that we take are plenty effective against all types of attacks we get. One of our top priorities is writing code that is solid and secure. We run scans (again, specifics are classified) nightly to test the security of our infrastructure and applications.

Whoever these "onlookers" are, I would love to hear about how THEY successfully hacked into our network instead of just criticizing with no actual knowledge.

Re:Onlookers?

Why in the hell do you have your secret and SCI sides on the internet? That's DOD/DOE no-no number one!

Separate systems, separate networks, separate terminals.

I can tell you from my experience as a person who contracts as a "Q" that not only is the DOE stepping up their security methods, they're cutting funding to places that don't keep the mustard. LANL may be cut at the end of this FY -- thanks to the fiasco a few weeks ago where someone walked out of the labs with thumb drives of info. Needless to say, they were audited, and they brought out a lot of epoxy to glue down the USB/Firewire ports.

Also, weak passwords should be pretty much a thing of a past -- now that DOE's mandating that everyone use CryptoCards in the next year-ish (no, not those expensive RSA things -- they're out of a company in Canada).

Re:Onlookers?

[b4stard]

I, also, am a civilian contractor for the US government. I can't say specifically, of course, but we got these lasers and we laser stuff. Yes indeed. Lasering stuff is what we do. Whenever we're cracked (or partially cracked), we laser the crackers. We are no ordinary crackees, though I can't say specifically in what way (other than what I just mentioned about the lasers).

Our lasers are plenty effective. Don't criticize me with no actual knowledge.

Re:Onlookers?

Why in the hell do you have your secret and SCI sides on the internet? That's DOD/DOE no-no number one!

To answer you, the guy is speaking out of his ass. He's probably an EDS sub-contractor on the NMCI handling help desk calls about email and web proxies and probably thinks SNORT ACID is something he can get busted for.

Mr. ChooseAnother probably doesn't realize that commenting on this, attributing to himself as an insider is a sure-fire way to get his nads hooked to some 'trodes and get his non-clearance revoked.

But, man, he does sound so C O O L don't you want to be just like him when you grow up?

A Military Attack is Military Attack

[TheSuperlative]

The United States really needs to change doctrine to prevent these sorts of attacks in the future. An assault on government networks by a foreign country should be responded to like any other attempt to impair, hinder, or steal information from the government by a foreign country - with an escalating response based on severity from diplomatic rebukes, cyber counterattacks, sanctions, and ultimately military strikes.

They reap what they sow

[Kludge]

Shouldn't this be expected? It's not as if this is a surprise. Their systems should be built from the ground up expecting every and any kind of attack.

Re:Idiots

[Tablizer]

The US government gives way too much leeway to China in general. They screw with exchange rates, make it difficult for outsiders to do business inside China (Donald Trump even complained), give weapons to our enemies, take our jobs, have crappy human rights record, use mass pollution to take shortcuts and undercut prices, and are not a democracy.

The theory is that free trade will turn them into a democracy. So far its proven to be hooey. Are we going to allow this shit to keep going on decade after decade with the delusion that eating KFC will make them democracy?

Speculation?

[Brian+Cohen]

"Attacks coming from China, probably with government support, far outstrip other attackers in terms of volume, proficiency and sophistication" Government support of attacks on DOD networks is not a minor accusation. You would need a lot more evidence beyond potential motives and speculation to suggest that such an attack is government supported.

Re:Idiots

[gravesb]

I agree that we give China too much leeway in a variety of venues, but things are changing there. They have the special economic zones, which are essentially capitalist, and the government is losing its grip on a lot of places. It appears their accounting rules are becoming more westernized, and with them, more transparency in to their economy.

Nethack Terminus

[SMACX+guy]

By creating a planetary network, mankind on Planet now has the ability to share information at light-speed. But by creating a single such network, each faction has brought themselves closer to discovery as well. At the speed of light, we will catch your information, tag it like an animal in the wild, and release it unharmed -- if such should serve our purposes.

Re:Nethack Terminus

[nuzak]

C'mon, we're talking about a Chinese distributed hack here. Here's the quote that should have leaped into your head.

"If I determine the enemy's disposition of forces while I have no perceptible form, I can concentrate my forces while the enemy is fragmented. The pinnacle of military deployment approaches the formless: if it is formless, then even the deepest spy cannot discern it nor the wise make plans against it." -- Sun Tzu, The Art of War

counterattack?

[gravesb]

I wonder how much China would complain if the NSA launched an attack against any confirmed hosts? If there is evidence that computers are attacking use, either live or as bots, can China make a real complaint about us protecting our interests?

mitigate the problems

[DaMattster]

The DoD should create a firewall rule to automatically drop any packets it recieves from China, North Korea, South Korea, or any of those countries trying to root its machines. On my dad's dinky little small business network with one segment and 10 machines, I saw no less than 300 daily attempts to root the gateway via SSH coming from North Korean and Chinese IP addresses. Now, mind you, I use SSH to remotely administer the gateway. Naturally, the gateway is a secure BSD machine as I wouldn't dare front end a network with a Windows 2003 server. I was dismayed that, in these attempts, the attackers are getting a login and password prompt. Thank God syslog reported that no attempts got past that point. So, I made SSH listen to a non-standard port and added a PF firewall rule to drop ANY incoming connection attempts from Pacific Rim countries. I also checked to see if there were any strange binaries or daemons running and ran a netstat -n to look at activity and there was nothing suspicious. Finally, as an additional safety precaution, I decided I would add firewalls to drop the Microsoft ports in and outbound. Now, instead of reporting access denied, syslog reported copious amounts of dropped packets for about two weeks and then the attacks seemed to drop off altogether. Now I see one only occasionally.

Re:mitigate the problems

[fishthegeek]

I strongly suspect that DoD WANTS to see the attacks. You are exactly right, if the DoD were really concerned about the loss of classified information they would simply block those IP ranges. Something more sophsiticated is probably at work.

1. Create a honeypot that doesn't look like a honeypot.
2. Fire off press releases complaining about how intelligent and crafty those 1337 Chinese Hackers are.
3. Watch and learn.

I can't think of a better way to assess the level of skill the Chinese possess. I seriously doubt that valuable classified information is within reach of internet connected machines. This article and probably most like it are misinformation designed to encourage the Chinese.

Re:mitigate the problems

[TubeSteak]

I seriously doubt that valuable classified information is within reach of internet connected machines.

You are probably right.
But only in the most literal sense.

There are multiple levels of classification and squarely in the middle of unclassified and secret is sensitive information. If you add enough of it together, you can end up with information that can be considered secret.

The best example i can think of is this story:
Grad Student's Work Reveals National Infrastructure
Duped the next day: Fiber-Optic Map: A Classified Dissertation?

Just because information isn't classified as secret, doesn't mean it's useless.

Re:mitigate the problems

[omegashenron]

On my dad's dinky little small business network with one segment and 10 machines, I saw no less than 300 daily attempts to root the gateway via SSH coming from North Korean and Chinese IP addresses.

Thats a little hard to believe given most North Korean's dont have computers let alone internet access. If they really are attacks from North Korea, your dad must be involved in more than a "dinky little small business".

PC Anywhere

[skinfitz]

By 'hackers' do they mean people scanning their networks for machines with no firewall running PC Anywhere with default passwords like Gary McKinnon did?

Re:Idiots

[Tablizer]

those are all true of the United States too.

If we screw with the exchange rates, why do we have a trade and credit deficit? As far as being difficult for outsiders to do business, we have one of the most open-to-business countries there is. It is not perfect, but one of the top in that regard. And although we slipped on the human rights with Gitmo etc., it is still far more open a proces than what China has. Our system is a B-, their's is an F. And, our polution regulations are much tougher than theirs. I've been there and seen a red moon directly overhead (it was not an eclipse). True, US regs are weaker than Europe's, but Europe is not the issue here.

Takeout food, anyone?

[Tablizer]

It's like their food: you hack away, but find you are not satisfied after a few hours and have to hack some *more* ;-P

view from a different perspective

I often find those postings one-sided. In this case,some posters are readily to advocate the USE of military as a result of this. We have the most sophisticated electronic and information warfare capability in the world and people just tend to pretend that we don't do this kind of information warfare everyday. And whenever other nations are "alleged" to conduct such, those ignorant people just ready to beat the drum of war.

Another thing is, as of now, China doesn't even need to fire a single bullet to beat the crap out of us if we decide to launch a war on them.

China currently has 1000 billion US dollar foreign reserve, that is somewhere 1/5 to 1/4 of ALL US dollar reserve held by foreign countries. At the onset of the war, China will have three options: one is conventional warfare, two is nuclear warfare, three is financial warfare.

Conventional warfare is something US would avoid, think Korean War. Nuclear Warfare is something both would avoid, unless the fat lady sings(the absolute last resort.)

At the beginning, we of course would bomb the crap out of their infrastructure and military installation, given our air superiority, as we did in Iraq. And China knows this and know they would not win in this course of action.

All they need to do is to make a threat or actually dump US dollar reserve on the international market.

Don't think this would happen? Brush up your knowledge of Suez Canal crisis of 1956. That was exactly what happened when British and French forces rapily withdrew after successful military invasion after Eisnehower threathened to sell US reserves of British pound and thereby to collapse the British currency. Of course the British pound was already under pressure after decades of British colonial expansions that spent a lot of money, not unlike the current US national debt of today. Most historians agree the Suez Canal is the major milestone of the demise of British empire.

When you have 25% of another country's currency on the market, that is a pretty powerful hand. All you need to do is dump all that at once onto the international market. It effectively and immediately collapses the US currency and the whole American economy. Do you think other countries will have the capacity and more importantly the willingness to buy those currency. Do you think other nations would be willing to lend us money by buying up treasury bills, knowing our money would be worthless on the market.Hell no. People all over the world will be dumping US dollar like crazy. US stockmarket will crash; there will be endless runs to the bank.

The economy as we know of will cease to exist.

Some people of course will doubt that China woud do this. But when you are been bombed crap out of you a-ss and you are getting desperate. Trust me, you'lldo anything.

This, my friend, is how the war between China and US will play out NOW. But very very unlikely to happen. It is like two big boys on the playground. Of course it is nice to be the only king of THE playground. But sometimes it easier to share it a little with someone as strong as you are. That is, the essence of international relation. Boy, I just hope we don't have some airheads in the administration thinking otherwise.

So for those people ignorant of economy and internation politics, you can stop making those senseless remarks. Brush up on your knowledge before making a fool out of yourself.

Re:view from a different perspective

China currently has 1000 billion US dollar foreign reserve, that is somewhere 1/5 to 1/4 of ALL US dollar reserve held by foreign countries. At the onset of the war, China will have three options: one is conventional warfare, two is nuclear warfare, three is financial warfare.

Their reserves include US treasury bonds and other debt instruments, which makes financial warfare a case of Mutually Assured Destruction. At the outset of war, renege: declare all bonds in their hands to be enemy assets: void,worthless, and never to be repaid. "If you owe the bank $100,000 you're their debtor. When you owe them $1,000,000,000,000 you're their partner, whether they like it or not!"

Re:view from a different perspective

Utterly alarmist nonsense. Suppose the Chinese did attempt to dump all of their US dollars on the international market. What would that gain them? The value of the yuan would skyrocket and they would no longer be able to export anything anywhere. 1 trillion is roughly the GDP of china. It is 1/10th the GDP of the US and the total US debt is only 40% of GDP. If China dumped their US treasuries, the only consequence would be a small blip in the strength of the dollar and a slightly higher interest rate on subsequent treasury sales. I and tens of millions of other people in the US alone would be more than happy to shift my holdings to bonds if they suddenly paid 8% or higher. The Suez crisis (which was an interesting reference) was in an era of gold-backed currency, fairly close after two world wars that had greatly increased indebtedness to the US and thus highly irrelevant.

I am the Decider.

[dpbsmith]

"My job is to pertect the American people from cyberattack. When we find IP packets that are in that country that are hurting our computers, we're going to do something about it. ... Does this mean I'm looking for a pretext to start a war with China? No. It means I'm trying to protect our computers. That's what that means.

Despite our warrantless wiretaps, I don't think we know who picked up the phone and said .Hackers, go do this,. but we know it's a vital part of the Chinese government."

Secretary of States Bill Gates added "For the umpteenth time, we are not looking for an excuse to go to war with China. We are not planning a war with China. Yes, we do have contingency plans for wars with every other country in the world, but not China. And even it we did, we have not taken any actual final decisions to act on them in the immediately foreseeable future. We have just sent elint-equipped cruisers to the East China Sea, but those are just there to help Taiwan with its streaming internet video capacity."

In response to a question from reporters as to whether cyberattacks originating from other countries, such as Saudi Arabia, had been observed, Gates said "That's classified information. And besides, who cares? We're not talking about Saudi Arabia, we're talking about China."

Once upon a time

[Beryllium+Sphere(tm)]

the military drove technology advances and used their money to get computer systems researched and built to their requirements.

Why aren't they running hardened clients on the inside? Why are they running systems against which phishing is useful? Why aren't they deploying advanced OS technology in which stealing a password or compromising a browser doesn't give away the entire machine?

Not to mention that the whole article doesn't make sense. Either the source IP addresses are in China or they aren't. If they are, why haven't they simply dropped all packets from China, and why are they so convinced that a Chinese IP means a Chinese attacker? If the IP addresses aren't from China, what is their reason for believing it's a Chinese-0wned set of machines?

Re:A Military Attack is Military Attack

[solevita]

Someone once posted me a rather hurtful letter from France once. It's only obvious that we bomb the shit out of the French postal service.

I think that's the sort of logic the OP is going for at least...

Re:A Military Attack is Military Attack

[Tablizer]

you didn't seriously think America doesn't do exactly the same thing to everyone else, did you?

Yes, but we pray to Jesus before we do it. Makes all the difference.

WTF are computers with sensitive info...

[knorthern+knight]

...connected to the public internet in the first place. Most sensitive US DOD sites have armed soldiers guarding the physical gateways. They don't let the general public meander through the grounds. Yet they're doing exactly that with their computers.

If China did it, it wouldn't use Chinese IPs

[dysk]

Basically, if it were the Chinese government behind it, they would find machines in the US and Europe to zombify, and launch their attacks on government computers from those machines. They would use so many layers of net access that it'd be exceedingly difficult to track it back to hacker.gov.cn. If there was a coordinated attack by the Chinese government, and the US managed to track it back to them, the NSA would probably keep quiet about it so that they don't give away their capabilities and so that they'd have a method to feed China misinformation.

This is most likely a coordinated attack by someone who wants US information (could be any country/organization in the world) and developed a botnet which happens to mostly reside in China, since China's computers tend not to get frequent security updates. The fact that the IP addresses are originating from China indicates that it's probably anyone but China.

However...China-bashing does score political points right now.

Re:Idiots

[omegashenron]

The US is just as bad - look at the Australia/US free trade agreement regarding extending patent terms and its affect on generic medicines.

Don't play the human rights card because every nation has abuses eg

• Australia's stolen generation and lack of a national apology
• US rendition program
• Guantanamo Bay
• Abu Graib

What makes you think democracy is so great? The US is the best examples of its failures. At least in China when an official is caught taking bribes/etc he/she is placed under house arrest... too bad that type of thing doesnt happen with pork barreling in the US.

The US has been screwing the world for years, it's about time we had a new superpower to keep the US under thumb.

Re:Idiots

[dbIII]

As far as being difficult for outsiders to do business, we have one of the most open-to-business countries there is

There are many examples of why this is incorrect - sugar, steel and beef for a start. Why do you think many US foods are full of a more expensive sweetener made from corn which doesn't taste as good? Geological history has left the USA with sulphur rich coal which results in the cheap steel being of very low quality and unsuitable for some roles (Liberty ships were the most exhaustively documented example). You have good beef - but there is very stong protectionism there. The US pharmacutical industry is another big can of protectionist worms which is indirectly fueling enormous qualitities of spam which you would have noticed. There are reasons behind all this but there is still no reason for people to lie about it and talk about "free trade" - Australia was solidly screwed on a free trade agrement with the USA but our representative stupidly agreed to a time limit and they would take whatever was offered at the end of it.

As for pollution regs - they are getting very tough in China because they have to be.

Re:Launch All Missiles

[WED+Fan]

... And have the UN come crashing down hard on charges of crimes against humanity, use of WMD's, etc. While the UN may not have the military might to slap the USA around, its member countries, collectively

Thats a fun mastabatory game you are playing there.

Do you seriously think that?

While not a fan of our current policies and actions, if the U.S. decided to tell the U.N. to take a flying-f*ck at the moon, absolutely nothing, aside from a vote to tell the U.S. that other people are peeved at us, would happen. Why?

Like it or not, we are still the big boys on the block; Economically and Militarily.

Do you know how many of those countries that take political pot shots at the U.S. are receiving huge chunks of cash and economic incentives to play nice with us on the economic side of the house? If other countries decided to put the money screws to the U.S. (and economic is arguably the biggest persuader in the arsenal) the U.S. could wreak more havok on them. Yes, it would be difficult for us, but in the long run, we'd come out of that game on top as well.

This is like those old samurai movies. Zatoichi, is attacked by a mob of sword weilding henchmen. The first few guys get cut down fast and horribly. A few more try to rush him and end up dead or maimed. Finally, the big ones, the ones that talk the toughest, take off running, trying to figure out how they can make a deal with him. (Also note: It's always the tough bosses in the movies that send the little guys in.) To finish, the U.N. will talk tough, Venezuela and a few others will take economic action, the U.S. will cut them off. And the French, Germans, Russians, Japanese, Italians, Polish, and Indians will still have their teams in the U.S. making trade deals and wrangling for the U.S. dollar and market.

You see, when the average household makes and spends in a month what 3 Indian families do in a year, and your country depends on the availability of that market, thats too big of risk.

Perhaps that's why the 5th column in the U.S. is so busy trying to wreck the U.S.

Need to pull a japanese type mis information

[WindBourne]

Years ago, a Japanese company found that a Chinese operative was attempting to steal info. So they fed her with their formulas for capacitors from the 60's. In particular, several formulas that were well known to fail after only a few years of service. Sound Familiar?

We need to do the same. China is bright enough to not run Windows in their equipment (frightening that USA does on our ships which will be used in defending Tiawan). But we can provide ideas/plans that we will not use or that we found subtly flawed. Basically, disinformation. I would be surprised if we are not doing just that.

Re:Need to pull a japanese type mis information

[WindBourne]

Being globalized is not the problem. The problem is China has tied their money to American money and at a significantly lower rate. In response, American companies have shifted the work from America to China. For the last 4-5 years, we should have had the ability to prevent China from doing this if we had proper leadership. The problem is that the USA is so tied up with Iraq, that W. can not afford to really take on anything else. Basically, he needs China to not oppose his actions. As it is, they do not openly, but are engaging in a cold war with America (and that includes the whole west for that matter) by encouraging other nations to mess with us. All in all, I believe that W. and Cheney have been busy playing the fiddle.

Oh nonsense. Here are the biggest problems.

[btarval]

Honestly, if this were an attempt to bring us down for good, it would simply be far, far easier to just use the backend offices of the banks which have been offshored, and take out our economic system.

The amount of confusion and damage that this could do would be enormous. And it would have the added benefit (to the attacker) of leaving the hard assets (buildings, people) in place, unlike an actual war. These could be simply bought up later, rather cheaply.

There are different ways to root a country. Actual destruction is the most expensive and inefficent approach there is.

The real cause of these cyberspace attacks is that the U.S. government has actively encouraged them. First, the Feds have actually punished Government employees who have tried to stop these attacks. Read The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them) This is a variation on a common theme of the attitude of the U.S. government, unfortunately. Protecting the U.S. appears not to be a priority.

The second biggest problem is that the Federal Government has set up a hostile enviroment to discourage Security Research. Security researches are threatened with prosecution, jail time and civil lawsuits that can bankrupt them. The common occurance is when a Researcher reports a problem with a flaw in a product. There are no Safe Harbor procedures or provisions in any Federal law which allow this to happen so that society in general can benefit.

This has had a rather chilling effort on the IT industry as a whole. There is no safe way to study real cracking, so our students (and industry workers) really don't understand how the bad guys work. This also has the added downside that new technologies are developed without any real understanding (or even concern) of what the attack vectors are. MS Windows is the best known example. Javascript is the second best.

Had the U.S. implemented Safe Harbor provisions, we'd be in far better shape to deal with hostile attacks, throughout the entire industry.

While the offshoring of jobs has had an effect, without the above two points we'd still have this problem. Furthermore, if we had shored up and expanded our efforts in Security Research, we would be a lot more resistant to backoffice exploits.

It is also obvious that security can't be offshored. So if the Federal government had made security a priority, your original point would be moot.

Re:Oh nonsense. Here are the biggest problems.

[lmpeters]

The second biggest problem is that the Federal Government has set up a hostile enviroment to discourage Security Research. Security researches are threatened with prosecution, jail time and civil lawsuits that can bankrupt them. The common occurance is when a Researcher reports a problem with a flaw in a product. There are no Safe Harbor procedures or provisions in any Federal law which allow this to happen so that society in general can benefit.

At my university (I won't say which one), a computer science professor decided that it would be a good idea to teach a class on computer malware. He offered a solid rationale, which could be paraphrased to that computer science is the only field in which research into potentially dangerous materials (code) is actively discouraged. In fact, I'm taking an introductory biology course right now where one of the lab exercises involves E. Coli!!! Nobody seems to be freaking out over that!

So what was the fallout of this idea? Several companies (including some of the large antivirus companies) have stated that they will not hire anyone who takes this class. And we recently determined that someone who came in on the first day of class, supposedly to offer test preparation for entry into graduate school, was actually a mole for an as-yet-unidentified organization (thus far we've determined that the company she claimed to work for does not exist). And it seems like everyone who can actually see the logic in his argument is too scared to say anything.

Sheesh, no wonder the U.S. is taking such a beating from foreign hackers.

Short term gain vs. long term goals

[kbahey]

China is too lucrative a market, that American corporations are pressuring the US government to be lenient with China, despite of all the problems that you listed.

Some decades in the future, China will turn out to be a real and formidable rival (economically, geopolitically, culturally, ...etc.), and will probably be the next empire.

Meanwhile, instead of preparing for such a prospect, the US has forsaken the obvious means of combating terrorism, for example intelligence, infiltration, disruption, and targeted strikes, and went into a full all out war on two countries, draining its budget, increasing its dead, and earning it the wrath of much of the world.

Go figure ...

Re:Attacks? We know what to do

[finity]

http://en.wikipedia.org/wiki/SIPRNet

SIPRNet is mostly separate. From what I've heard, people aren't allowed to move information between SIPRNet computers and other 'insecure' computers at all.

Re:Idiots

[Karzz1]

..."it's about time we had a new superpower to keep the US under thumb."

Be careful of what you wish for my friend.

so?

[whathappenedtomonday]

The DoD/gov't better stop whining, it's not like they don't spy on other nations - friendly nations at that. Think full SWIFT access, PNRs they want to retain for some 50 years, ECHELON and the likes.

Everybody knows that all of this is - of course - merely a part of fighting terrorism, since industrial and military espionage require different, more sophisticated and technically more complex and costly measures. Calling any of these measures disproportionate is considered heresy.

Sarcasm aside: protect your networks, or prepare to be hacked.

Blah.

[Fantastic+Lad]

It always bothers me when people compare Iraq and Vietnam. Have you checked the casualty rate between the two? Don't get me wrong, 3000 American combat casualties is nothing to sneeze at, but in 1968 alone there were 14000 soldiers and Marines killed in action. So basically, you're an idiot who chides people for being sheep and going along with the popular "let's go to war!" sentiment while being a sheep and going along with the "Let's bash the war!" sentiment, using the same "It's another Vietnam" line of bullshit as all the other sheep. Congratulations.

First and foremost, Americans aren't the only people losing their lives in Iraq. Racism is for fools.

Second of all, we are talking about a government which we know lies as a matter of course. So taking the body counts they offer as proof in any sort of argument makes little sense. --Having learned from their experiences with Vietnam, the government now conceals the number of U.S. Service people wounded or killed in Iraq. There have been more than 3000 American casualties.

Other commentators have noted the discrepancy between the number of wounded in combat listed by the military and the large number of service personnel medically evacuated from Iraq, an action, one would imagine, that the military does not encourage or take lightly. In passing, for example, an article in the November 5 European edition of Stars and Stripes noted that the Landstuhl military hospital in Germany had "treated more than 7,000 injured and ill servicemembers from Iraq." At that time, the military had recorded some 2,000 combat casualties.

Consider also that a significant part of the war is being fought by 'private contractors' (a fancy name for mercenaries) whose deaths are not recorded by the official stats and whose own public records are almost certainly false.

Body armor has also improved much over the last thirty years. Many of the same kinds of wounds received in Vietnam led to death whereas we now have thousands more American kids coming home missing arms and legs than we did from Vietnam.

The Pentagon reports deaths on a daily basis at although its own total always lags behind the wire services number because it insists survivors must be informed before a dead solider, marine, sailor or airman can be added to the casualty lists. [. . .] we can count U.S. military occupation forces casualties as more than 50,371 as of Dec. 27. The total includes 2,400 killed and 22,565 wounded (which includes both severely and less severely wounded) by what the Pentagon classifies as "hostile" causes. By that date, another 583 military personnel had died from "non hostile" causes such as accidents, suicides (there were 99 "self inflicted fatalities") and illness and, as of Dec. 2, another 24,823 had been injured or become ill seriously enough to require medical evacuation.

Thirdly, just because the official casualty statistics in Iraq and Vietnam do not happen to match on the front page of the New York Times does not mean that the two wars have no other significant parallels. Those who cannot see the parallels are either blind or are deliberately not looking.

Fourth, NONE of this discounts my primary points; that propaganda and ignorance on the part of the populace are what to war. --We are now seeing the same tactics with regard to China. These are my main points.

Fifth, and finally. . . You say that bashing the war is sheep-like behavior. Sorry. Wrong. The war was started by those who were blind and foolish. The Administration lied. This is an uncontested fact. (Or rather, the facts are only contested by fools who cannot see reality when is is posted directly in front of their noses. Not even the Bush Administration is trying to sell the WMD's line of bullshit anymore. Not that it matters; fools are willing to accept any new lie which they put forth.)

Sheep are NOT those who see the lies and refuse to believe them. Seeing a lie

Re:Launch All Missiles

[Runefox]

Not that this was an overly serious post to begin with, I guess I'll start off by saying that's "masturbatory". But anyway.

The United States of America, as a country, is wholly dependent upon other countries for its own prosperity. Look around you; Virtually everything that you can afford to buy is manufactured in China, (SOMETIMES) Japan, Mexico, Taiwan, Hong Kong, and so on and so forth. Most of those electronics are also designed in Japan (Sony, Hitachi, Pioneer, Panasonic, Nintendo), Europe (Philips), Korea (Samsung, LG) and Taiwan (ASUS, MSI, Biostar, DFI). Why? Cheap labour. Do you realize how much it would cost to purchase a television whose manufacture was solely performed in the United States, with well-paid workers and stricter quality standards? Let's just say there's no such thing as a $20 DVD player in that sort of world.

Like it or not, there is a massive amount of interdependency between the United States and the rest of the world, and there isn't a whole lot that the average American could do with their lives were the United States to end the rest of the world as we know it, or even just cut off contact. Not only that, but the aforementioned brands that people in the 'States use every day would cease to exist in American society. Considering that these electronics companies are pretty much the staple of our electronic consumption for both appliances and entertainment, that means that entertainment as we know it would also take a nosedive.

As I type this, I'm using an Acer computer, with an ASUS motherboard, an LG optical drive, a Microsoft optical mouse (made in China), a Philips 17" CRT, and a Siemens (Germany) DSL modem. Were I living in the United States, and the USA simply decided that it were to isolate itself from the world, all of those things would simply cease to be. Well, that's not entirely true. Existing products would obviously still be around, but when it comes time to buy something else, or if one of those components should fail, I'd be SOL, especially since I don't know of any motherboard manufacturers based in the United States who make AMD motherboards.

My point is, American industry is mostly on the ropes as it is - General Motors, for instance, is scrambling to keep up with cheap, efficient imports of increasingly higher quality. Chrysler is now merged with Daimler-Benz, a German company, meaning that if ties with the EU were cut, the fate of Chrysler in the USA would be in question.

Like it or not, imported goods are a vital part of any economy, and arguably especially the USA's. Economic sanctions would devastate the American economy, and as far as that goes, I wouldn't underestimate the strength of the EU, China and Russia militarily. While not strictly a superpower even combined, they have more than enough nuclear weaponry to glaze over the entire US mainland, and China has more than enough manpower to launch a sustained conventional assault on the United States, as well.

While I highly doubt nuclear weapons will EVER be used by any sane government, it's still in the USA's best interests to avoid pissing off the neighbors.

I can confirm this

[n1_111]

As a webmaster for several popular sites, I can attest that most probes\hack attempts\spambots come from net-blocks within China. I do wonder if it is a trick to get all of us to block all China traffic, so that it helps the Great Firewall?

Re:Idiots

[JackieBrown]

We are not a democracy. We are a republic.
Bush did win the majority on the last election.
China is not known for its enviromentalism either or human rights record.

asses versus elbows

[e-scetic]

After the Iraq WMD fiasco I don't trust the US to know its ass from its elbow when it comes to these sorts of things.

The standards of evidence are obviously so low that nowadays all you have to do is imagine a threat and suddenly it's real and all sorts of circumstantial evidence points to it being true.

Re:A Military Attack is Military Attack

[davidsyes]

So much for the Interstellar Ark:

http://science.slashdot.org/science/07/02/18/13592 14.shtml

Only when humans decide to get out of and deprive governments and wealthy of the "defense" industry will humans have money and worthiness of being allowed doe DESERVE an interstellar ark.

Elevating Chinese attempts to breach a DOD (or any government) database to the level of military attack is just ASKING for excuses to wage war. Since vastly many interconnected ties exist in economics, land, and employment schemes, traditional war would be immensely devastating not only to average workers but to the wealthy land owners, property owners and even the high tech companies.

I call madness. Oh, and don't forget the US DOD is probably running stealth "attacks" on Chinese, Russian, French, Canadian, Australian, UK, Venezuelan and innumerable other nations' databases and networks, friend and foe alike.

remember, there are at least to sides to every story. Stop making Chinese out to be the big bad guy. Any nation with something to fear will do what China is known to have been doing for years, and what many informed as well as ignorant "red-blodded 'merkuns" overlook when the US is exposed for doing the same things. In the end, it's specious, corrosive human conduct. If all these people focus on poverty, disease, hunger, underemployment, and other things (like lessening the causes of reactive terrorism), then maybe we can concentrate as a collective on pursuing interstellar travels.

The database and network attacks will be less of a problem if the networks are not accessible via internet junctions. More honeypots need to be set up, more honeynets need to be spun off, and less classified information should be available.

Hell, I suspect that these things HAVE been done, and that the reports many of you armchair politicos (you know who you are-- just informed enough to be barely credible) and the rest of us see are the "leaked" stuff which was generated from logs of Chinese (and other nations') penetration attempts and successes against honeynets and honeypots, and the reports are just mostly useful for facilitating creation of domestic antipathy toward or or mistrust of the Chinese, or whomever is the boogieman of the quarter.