Slashdot Mirror
The Secret China-U.S. Hacking War?
bored-at-IETF-ntp-session writes "In an article at eWeek Larry Seltzer examines the supposed hacking war between the US and China. He surmises 'Even if you can't prove that the government was involved ... it still bears some responsibility'. He quotes Gadi Evron who advised the Estonians during the Russian attacks. 'I can confirm targeted attacks with sophisticated technologies have been launched against obvious enemies of China ... Who is behind these attacks can't be easily said, but it can be an American cyber-criminal, a Nigerian spammer or the Chinese themselves.' Seltzer concluded 'It's just another espionage tool, and no more or less moral than others we've used in the past.'" This a subject we've also previously discussed.
Fixed that for you.
Trolling is a art,
in terms of morality is like talking about faith in terms of science
neither have anything to do with one another
sure, this remark of mine will invite obfuscating semantic gymanastics in an attempt to talk about faith in terms of science, or espionage in terms of morality. but when you come right down to it, the former are pretty much defined as exceptions to latter
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Please. Everyone knew what was going on. The evidence is so many zombified spam spewers all over the place.
Resistance is futile. Your technological distinctiveness will be added to our own. You will become one with the morgue
I can confirm this. I work for the department of defense, and we get port sweeps every day coming from china.
China is doing a lot more to wage war on us than just hacking. All the tainted products are a part of it, too. Read more!
The Uncoveror: It's the real news.
Too Many Secrets !
Take Nobody's Word For It.
Well, isn't this a surprise. The USA (and US media) is pointing fingers at an outside force for causing internal problems. Sure, it probably happens (that people in china attack american networks) ... but people all over the world do the same. Why target china? well... the US economy is in trouble, and china is economically booming.
Then again, both Hillary and Obama have said they'd renegotiate NAFTA if elected (and basically blaming canada and mexico for their problems) - which is already skewed in the favor of america - to fix their domestic problems.
And engages in no similar practices.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
WTF, Batman?! If we've done this one already, and you know that well enough to put it in the initial summary, then what's the frackin point? Since when did "piling-on" become "News That Matters?"
Hmmm. Your ideas are intriguing to me and I wish to subscribe to your newsletter.
What I'm listening to now on Pandora...
They are looking for weaknesses in our defenses against melamine-free wheat gluten, procedures for testing toys for lead paint, and new marketing strategies to get more teenage girls mesmerized by Hello Kitty.
I'm tired of the US govt. spying on me, i constantly get scanned by US IP's.
1) Of course there is a hacking war going on! And this is news?
...
2) Blaming "China" is like blaming "America". I mean. How stupid is
oh
they do?
on Slashdot??
never mind
If said networks were better defended/defended at all I get the feeling this wouldn't be as much of a problem.
The US Government, the most incompetent show on earth!
Happiness does not come from having much, but from being attached to little.
So, let's see.. we are getting attacks from China (some definitions of "attack" include a simple Ping), but since their networks are such a mess it ~might~ not be them? Silly...
Where there is smoke there is fire (or at least hot things). These attacks and actual break-ins by Chinese are actually coupled with proof they are using the information they collect. This should come as no surprise because they have NO respect for Intellectual Property, including military/government "Intellectual Property" aka "secrets". If they pirate DVDs, copy hardware/clothes/etc then they can do the same with military "stuff" - this should come as no surprise. No, no all people who copy an MP3 are capable of espionage.. unless it is a systematic and widespread market tolerated and encouraged by the host government.
Anyhow I think their network "noise" is a little too convenient. Russian organized crime operates servers in China, maybe they are in cahoots to form botnets to steal financial information as well as commercial/military Intellectual Property (the former more important to the Russian criminals and the latter more important to the Chinese Government).
That kid threw a snowball at my car! Kids throw a lot of things, what makes you think it was that kid?
i dont like their cyberwar, they need to take it to the battle field and fight it out the old fashioned way with guns & bombs, some of us are want to download pr0n in peace...
It should be noted (search for it if you don't believe me) that these so-called russian attacks on estonia were actually done by an estonian teenager. Kind of makes me doubt that expert's expertness.
Fleur de Sel
To censor its internal internet, China has built a "Great Wall" around it internet with relatively few portal links. Thta makes it quite vulnerable to attack.
Attacks by the Chinese are known to have occurred for at least 10 years. The first amateurish and easily traced attacks were against a particular US based "free Tibet" web site owned by a Brit, and followed by attacks on other sites of a similar nature. Within weeks the same IP range (clearly within the Chinese ministry of defense) was used to breach a mail relay at a US naval installation in Virginia. (To be fair to the Navy, the system was a relic with the then still common non-closed relay, and was a purely administrative system, not part of anything security or defense-sensitive). The reports were publicly released and largely ignored, as have been some that followed. The little public attention waned as rapidly as it tends to for larger events that fall out of the news over time. I suspect escalation, probably by both sides, occurred after attention fell off, taking advantage of that and adding expert spoofing to insure that most would not be able to consider further reports reliable.
/. questions was recruiting for. It's already in progress. I'd enjoy the hell out of serving again, and being able to do so without having to put on a uniform. I'd especially enjoy it when I found that the majority of "combatants" were somewhere below my own level of expertise, though somewhat higher than script kiddies -- interesting but not too frustrating.
If I were going to conduct surgical attacks against a government from within a large IP block, I'd allow others with less ambitious nasty plans to use it, and hide my activities within the flood from them, like hiding an artillery attack within a thunderstorm. I have little doubt that there are "Nigerian spammers" and such using Chinese machines. That doesn't preclude their government doing it -- to my mind it indicates the probability.
And they wouldn't want reports to be entirely absent either. Taking over or subverting the infrastructure that carries content is as much a part of psychological warfare as is the content itself. Subversion of the medium is also the message, and that must become known to the system's owners and their allies. It causes mistrust in the system, its owners, and any messages to come from them. The general public wouldn't care or pay attention, but those who did care would get the intended message. And you have.
This is the war that the General who recently answered
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
This a subject.
...for 'hacking' into the redflag-linux.com mysql database (which had no root passwd, btw), and defacing their site to say "Hacked by America". It's just been tit-for-tat ever since. =/
the only permanence in existence, is the impermanence of existence.
To a good portion of the Chinese netblocks:
http://www.apnic.net/apnic-bin/ipv4-by-country.pl?country=cn
Just stick them in your firewall to drop all packets and go on with life.
http://it.slashdot.org/article.pl?sid=08/03/10/1855201 if it's got the DOD quaking in their boots, then why aren't the Chinese already doing it? how would we know if that 'raided pirate cisco gear' wasn't loaded with mal-firmwares... hrm? anyone?
does anyone bother to backup their firmware, and do a quickie md5 sum vs it and the version that it's supposed to be on the manufacturer's site? that's how i caught a Working Bios virus that blackhats got on my machine... and two of my parents computers... there were obvious symptoms (especially on the one i changed to Linux)
I even had to Diff a clean install of windows and a 'rooted' one to find and submit virus files that normal anti-virus and anti-rootkit software can't even detect, let alone stop from being installed... (I'm not proud of my failed security, but i WAS depending on a cheap hardware firewall to protect 3 systems... along with 'free' anti-virus...and knowing that "none of us use 'bad' sites")
https://www.gnu.org/philosophy/free-sw.html
My biggest expenses are:
1) Taxes (35%)
2) Rent (17%)
3) Food (11%)
4) Tythe (10%)
5) Transportation (7%)
6) Student Loans (7%)
7) Therapy (6%)
6) Bills (4%)
7) Other stuff (3%)
Most of the stuff I buy from china comes from the "other stuff" department, which is my smallest expense. I think this is also a pretty typical for other Americans. I don't think it's fair to say that I or people like me waste "all their money on useless shipt that they hardly ever use and dont really need."
A bigger contributor to the trade deficit is China's deliberate manipulation of their currency. Measured in nominal dollars, the GDP of china is only about $2.5 trillion, but at purchasing power parity with US prices, it's $10 trillion. That's means that a dollar is worth four times as much in china as it is in the US. It's no wonder people chose to manufacture things in China.
Not to play devil's advocate, but do we know it is the Chinese hacking the U.S.'s data networks?
One of the comments above mentioned that "just mentioning the words 'network security' in China can land you a lot of jail time." If this is correct, then it seems to me that there are probably a lot of unsecured networks and hosts in China. If that is the case, then how do we know that it is really the Chinese who are trying to hack DoD and business networks rather than some thirteen year old script kiddie in Hackensack who just happened to find a way into a computer in some backwater school in China?
Just because you are seeing hits from Chinese IP addresses doesn't mean the Chinese are behind it. The real question is "how deep does the rabbit hole go?" Unfortunately, there isn't really any way to know unless you hack the originating IP(s) yourself.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
"He quotes Gadi Evron"
if anything other than, "I am a media-whoring fucktard" follows that, the article can safely be ignored:
-> curl http://www.eweek.com/c/a/Security/The-Secret-ChinaUS-Hacking-War/ | egrep '(whore|fucktard)'
[snip curl verbosity for junk filter]
->
yup, ignore away.
actually, the point the article makes is interesting; it's just a shame they chose to quote someone who will go out on such a limb as to state that china in a dangerous place for the internet.
Thank you for that gem, Gadi. Don't you have some important security conference to organize? Some reporter/blogger to bug?
Honestly, what the hell? I live in the United States and I have to tell you most of the people I deal with don't seem to give a damn about any other country. There are still some who think invading Iraq was the right thing to do (even though it was most definately not for the reasons we were given) but aside from that handful people are worried about paying the bills and just getting on with life. I'm sorry, but from my personal experience most Americans just don't really care about the rest of the world. We have our own problems. We recognise there are issues that need to be dealt with in other countries at times, but most of us seem to prefer it if we weren't the damn aggressor. I really wish Congress would keep a firmer leash on the military. I tend to be a military favoring kind of guy, but unless we work out some sort of agreement for aid or we are attacked we should keep our troops out of other people's business. Should note that I also think military aid should be a "one time" thing (eg stop helping pay for Israel's military might when we have domestic issues that need more funding) and that some things need to be stopped no matter the cost (such as genocide like the Holocaust). I've also noticed, at least on freenet, that the perception of America depends widley on where you sit. Every country seems to have a different opinion, some are grossly misinformed (including some Americans) on what actually goes on in the US and countries where it uses its power. I just think its interesting how 90% of people's perceptions are completely colored by outside sources. Their belief in what they see is unflappable usually, which is one reason war is a common trait to human history. All of these "China is attacking us" stories tend to involve computers and the Internet. They also seem to not realise that just under 20% of the population OF THE WORLD is in China. Just from random script kiddies, most of the 'attacks' should be from China, followed by India (16%) depending on the level of Internet access. Considering those two countries, I think several people at least have the capability to steal some bandwidth. So Slashdot, why do you and Something Awful seem to think China is an aggressor? If these attacks could at all be linked back to the Government of China there would be some global consequences. If China really wanted to hurt the US, they'd just have to stop doing business with us. Rare is the product that is not made in China.
Firstly, espionage happens - get over it. It may be immoral, but funnily it is not immoral enough to stop anybody from doing it. The Chinese do it, no doubt, and they get away with a lot of things, but then, so do we, whoever 'we' are.
Secondly, I think espionage is less of a national venture these days and more of an international business. The nationality of a spy may matter less - an Iraeli spy, say, might spy on America and sell to whoever bids the most; China, Russia, UK, whatever. Or perhaps even the US. There isn't a lot of pride and glamour in the spying business.
I am Mr. Daniel kankan, one of about hundred talented American IT professionals, who at any time are working overseas in secret. Please don't treat this mail as spam but rather give it the priority it deserves because I only resorted to mailing you when my attempt to reach you on ___________ failed due to poor network. I have just returned from the remote deserts of Oman where I swapped the swamps of the Niger Delta eighteen months ago, working for the Software Development Oman Company in temperatures above fourty degrees centigrade. I have fasted and prayed for 3 days before accosting you.
Our path narrowly missed in 2002 when a friend Mr. Brian Sheehan of Fortress Firewalls Florida recommended your company ____________ for our patronage. We were then sourcing for _____________ for our off-shore secret accounts. Mr Sheehan's company supplies us the hi-tensile aluminium server cases until the death of Mr. Sheehan in a ghastly motor accident in Florida in year 2003.
As a highly esteemed auditor with this corporation, I have been working selflessly and tirelessly in every facet and my imprints can be found in all over the company. Year in year out, in smooth or unpleasant economic and climatic environment, I had always stood my ground working to ensure that my promise to succeed and my spirit of enterprise is not shaken. I faced my job with a quiet mind, a firm courage, and an entire reliance on God. Courage belongs to the immortal soul and is the red badge of our immortal spirit. who lives and grows by sacrifice and faith and love. With this astute profile I became famous, highly connected with a reputation that cut across.
I have decided to contact you on an issue at hand that Mr Brian Sheehan could have quickly executed if he had been alive. Today the price of patience beckons as the dawn dares when it breaks. A big time opportunity gave rise to my urgent quest for a trustworthy across-the-continent friend that can handle a quick transaction and be trusted to deliver fast with intergrity and not tell stories. I have reasons to confide in you based on the impression I received of you and your company. This is purely personal and confidential to bring us a highly anticipated glory at the end and make us giants among equals. I got involved because for 23 years I have served him well and it is now time to serve myself. To live intelligently, man must have that buoyancy of spirit and willingness to embrace issues that will make him live without burdens forever more. I will expect you to use your intuition to understand what was going on here.
An American federal government initiative was introduced to encourage and empower local contractors in America's multi billion dallar information technology industry. This dream was applauded, but like other dreams and initiatives, was later transmuted to a well orchestrated plan by indigenous operators and top corrupt executives of the American National Programming Corporation (ANPC) to suck the economy dry. In the hollowed chambers of the ANPC is a powerful syndicate, an extensive network of top management staff engaged in mind bugging swindles with unimaginable brazenness. While highly placed officials subvert due process and award illegal contracts, unscrupulous local IT operators and dubious foreign contractors serve as conduit to fleece the nation of it's vast programming skills.
The huge amount of money often involved in the looting spree and the seeming helplessness of government or security agencies to check the menace is their own headache. All that matters now is that in my vault I have two dud (ghost) contract files which I discovered myself and had kept it all to myself.
All you need to do is to front yourself as the executor and the deed is done. I have already employed the services of an attorney for drafting and notarization of probate/administration. With due respect and regards, my concerns are: Can you handle this project, can I give you this trust and what will be your commission? If you can spons
Based on past experience, this could also be the CIA or similar working through useful idiots to help make a case for more control of the Internet by the US government. Given everything else we've seen in recent years, this IS the most likely explanation.
Only boring people are ever bored.
Yes, I was learning Python by myself and wrote a script using the HTTPLib package. Purely for an exercise. The script just greps information from a Web server's HTTP response header. By careless misconfiguration the script started an infinite loop! And I was banned by Slashdot (yes I was connecting to Slashdot, my favorate Website). I sent an Email to expain and I'm here again.
Your missiles, please.
PS. This is really terrible to admit. In punishment to the troublemaking script I mv'ed it to /dev/null. That's cruel.
Colorless green Cthulhu waits dreaming furiously.
Do we know for certain that all of these attacks originated wholly in China, or is there a possibility that the attacks originated somewhere else, and were simply proxied through a Chinese server?
Just playing devil's advocate.....
"Life is pain Highness. Anyone who says otherwise is selling something"
Westly, The Princess Bride