Slashdot Mirror
The Secret China-U.S. Hacking War?
bored-at-IETF-ntp-session writes "In an article at eWeek Larry Seltzer examines the supposed hacking war between the US and China. He surmises 'Even if you can't prove that the government was involved ... it still bears some responsibility'. He quotes Gadi Evron who advised the Estonians during the Russian attacks. 'I can confirm targeted attacks with sophisticated technologies have been launched against obvious enemies of China ... Who is behind these attacks can't be easily said, but it can be an American cyber-criminal, a Nigerian spammer or the Chinese themselves.' Seltzer concluded 'It's just another espionage tool, and no more or less moral than others we've used in the past.'" This a subject we've also previously discussed.
Fixed that for you.
Trolling is a art,
Please. Everyone knew what was going on. The evidence is so many zombified spam spewers all over the place.
Resistance is futile. Your technological distinctiveness will be added to our own. You will become one with the morgue
I can confirm this. I work for the department of defense, and we get port sweeps every day coming from china.
Too Many Secrets !
Take Nobody's Word For It.
Well, isn't this a surprise. The USA (and US media) is pointing fingers at an outside force for causing internal problems. Sure, it probably happens (that people in china attack american networks) ... but people all over the world do the same. Why target china? well... the US economy is in trouble, and china is economically booming.
Then again, both Hillary and Obama have said they'd renegotiate NAFTA if elected (and basically blaming canada and mexico for their problems) - which is already skewed in the favor of america - to fix their domestic problems.
And engages in no similar practices.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
WTF, Batman?! If we've done this one already, and you know that well enough to put it in the initial summary, then what's the frackin point? Since when did "piling-on" become "News That Matters?"
Hmmm. Your ideas are intriguing to me and I wish to subscribe to your newsletter.
Note that this wasn't a "hacking war," and it wasn't a "Russian attack". It was a 20-year old Estonian kid with a botnet. More details here
http://www.geoffreylandis.com
It will indeed. Espionage is hardly immoral, when done by countries vs. one another. But, it is immoral to allow the collateral damage to get too high, to sweep innocent people into the fray, etc.
All science requires the articles of faith that the world makes sense, will continue to behave in the future the same as in the past, we can trust our senses/are not brains within jars, etc. But you are correct that most other articles of faith are orthoginal to science.
Your ad here. Ask me how!
What I'm listening to now on Pandora...
Well unlike religion and science, espionage are quite tangled. Ostensibly, in the case of national security, one undertakes espionage as part of a larger effort to preserve a morality. Espionage is a security measure against threats to a certain group's morality. Most would agree that there is at least some consideration due when discussing the morality of espionage "Semantic gymnastics" aside, it's pretty hard to disentangle espionage from morality in any useful way.
I got a catholic block.
They are looking for weaknesses in our defenses against melamine-free wheat gluten, procedures for testing toys for lead paint, and new marketing strategies to get more teenage girls mesmerized by Hello Kitty.
I'm tired of the US govt. spying on me, i constantly get scanned by US IP's.
The first thing that popped to my mind when I heard it turned out to be an Estonian kid was the question if anyone would stop thinking of it as a Russian aggression. I guess not. It is a more exciting version of history, to be sure.
That's of course not the case, but I don't think the issue of morality within espionage is remotely cut-and-dry.
He's getting rather old, but he's a good mouse.
1) Of course there is a hacking war going on! And this is news?
...
2) Blaming "China" is like blaming "America". I mean. How stupid is
oh
they do?
on Slashdot??
never mind
You can't talk about Wikipedia's flaws on Wikipedia
It should be noted (search for it if you don't believe me) that these so-called russian attacks on estonia were actually done by an estonian teenager. Kind of makes me doubt that expert's expertness.
Fleur de Sel
To censor its internal internet, China has built a "Great Wall" around it internet with relatively few portal links. Thta makes it quite vulnerable to attack.
Attacks by the Chinese are known to have occurred for at least 10 years. The first amateurish and easily traced attacks were against a particular US based "free Tibet" web site owned by a Brit, and followed by attacks on other sites of a similar nature. Within weeks the same IP range (clearly within the Chinese ministry of defense) was used to breach a mail relay at a US naval installation in Virginia. (To be fair to the Navy, the system was a relic with the then still common non-closed relay, and was a purely administrative system, not part of anything security or defense-sensitive). The reports were publicly released and largely ignored, as have been some that followed. The little public attention waned as rapidly as it tends to for larger events that fall out of the news over time. I suspect escalation, probably by both sides, occurred after attention fell off, taking advantage of that and adding expert spoofing to insure that most would not be able to consider further reports reliable.
/. questions was recruiting for. It's already in progress. I'd enjoy the hell out of serving again, and being able to do so without having to put on a uniform. I'd especially enjoy it when I found that the majority of "combatants" were somewhere below my own level of expertise, though somewhat higher than script kiddies -- interesting but not too frustrating.
If I were going to conduct surgical attacks against a government from within a large IP block, I'd allow others with less ambitious nasty plans to use it, and hide my activities within the flood from them, like hiding an artillery attack within a thunderstorm. I have little doubt that there are "Nigerian spammers" and such using Chinese machines. That doesn't preclude their government doing it -- to my mind it indicates the probability.
And they wouldn't want reports to be entirely absent either. Taking over or subverting the infrastructure that carries content is as much a part of psychological warfare as is the content itself. Subversion of the medium is also the message, and that must become known to the system's owners and their allies. It causes mistrust in the system, its owners, and any messages to come from them. The general public wouldn't care or pay attention, but those who did care would get the intended message. And you have.
This is the war that the General who recently answered
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Sounds like somethings Dr Evil would say.
(\__/) This is Lapinator
(='.'=) copy it in your sig
(")_(") so it can take over the world
...for 'hacking' into the redflag-linux.com mysql database (which had no root passwd, btw), and defacing their site to say "Hacked by America". It's just been tit-for-tat ever since. =/
the only permanence in existence, is the impermanence of existence.
To a good portion of the Chinese netblocks:
http://www.apnic.net/apnic-bin/ipv4-by-country.pl?country=cn
Just stick them in your firewall to drop all packets and go on with life.
http://it.slashdot.org/article.pl?sid=08/03/10/1855201 if it's got the DOD quaking in their boots, then why aren't the Chinese already doing it? how would we know if that 'raided pirate cisco gear' wasn't loaded with mal-firmwares... hrm? anyone?
does anyone bother to backup their firmware, and do a quickie md5 sum vs it and the version that it's supposed to be on the manufacturer's site? that's how i caught a Working Bios virus that blackhats got on my machine... and two of my parents computers... there were obvious symptoms (especially on the one i changed to Linux)
I even had to Diff a clean install of windows and a 'rooted' one to find and submit virus files that normal anti-virus and anti-rootkit software can't even detect, let alone stop from being installed... (I'm not proud of my failed security, but i WAS depending on a cheap hardware firewall to protect 3 systems... along with 'free' anti-virus...and knowing that "none of us use 'bad' sites")
https://www.gnu.org/philosophy/free-sw.html
My biggest expenses are:
1) Taxes (35%)
2) Rent (17%)
3) Food (11%)
4) Tythe (10%)
5) Transportation (7%)
6) Student Loans (7%)
7) Therapy (6%)
6) Bills (4%)
7) Other stuff (3%)
Most of the stuff I buy from china comes from the "other stuff" department, which is my smallest expense. I think this is also a pretty typical for other Americans. I don't think it's fair to say that I or people like me waste "all their money on useless shipt that they hardly ever use and dont really need."
A bigger contributor to the trade deficit is China's deliberate manipulation of their currency. Measured in nominal dollars, the GDP of china is only about $2.5 trillion, but at purchasing power parity with US prices, it's $10 trillion. That's means that a dollar is worth four times as much in china as it is in the US. It's no wonder people chose to manufacture things in China.
Not to play devil's advocate, but do we know it is the Chinese hacking the U.S.'s data networks?
One of the comments above mentioned that "just mentioning the words 'network security' in China can land you a lot of jail time." If this is correct, then it seems to me that there are probably a lot of unsecured networks and hosts in China. If that is the case, then how do we know that it is really the Chinese who are trying to hack DoD and business networks rather than some thirteen year old script kiddie in Hackensack who just happened to find a way into a computer in some backwater school in China?
Just because you are seeing hits from Chinese IP addresses doesn't mean the Chinese are behind it. The real question is "how deep does the rabbit hole go?" Unfortunately, there isn't really any way to know unless you hack the originating IP(s) yourself.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Honestly, what the hell? I live in the United States and I have to tell you most of the people I deal with don't seem to give a damn about any other country. There are still some who think invading Iraq was the right thing to do (even though it was most definately not for the reasons we were given) but aside from that handful people are worried about paying the bills and just getting on with life. I'm sorry, but from my personal experience most Americans just don't really care about the rest of the world. We have our own problems. We recognise there are issues that need to be dealt with in other countries at times, but most of us seem to prefer it if we weren't the damn aggressor. I really wish Congress would keep a firmer leash on the military. I tend to be a military favoring kind of guy, but unless we work out some sort of agreement for aid or we are attacked we should keep our troops out of other people's business. Should note that I also think military aid should be a "one time" thing (eg stop helping pay for Israel's military might when we have domestic issues that need more funding) and that some things need to be stopped no matter the cost (such as genocide like the Holocaust). I've also noticed, at least on freenet, that the perception of America depends widley on where you sit. Every country seems to have a different opinion, some are grossly misinformed (including some Americans) on what actually goes on in the US and countries where it uses its power. I just think its interesting how 90% of people's perceptions are completely colored by outside sources. Their belief in what they see is unflappable usually, which is one reason war is a common trait to human history. All of these "China is attacking us" stories tend to involve computers and the Internet. They also seem to not realise that just under 20% of the population OF THE WORLD is in China. Just from random script kiddies, most of the 'attacks' should be from China, followed by India (16%) depending on the level of Internet access. Considering those two countries, I think several people at least have the capability to steal some bandwidth. So Slashdot, why do you and Something Awful seem to think China is an aggressor? If these attacks could at all be linked back to the Government of China there would be some global consequences. If China really wanted to hurt the US, they'd just have to stop doing business with us. Rare is the product that is not made in China.
Firstly, espionage happens - get over it. It may be immoral, but funnily it is not immoral enough to stop anybody from doing it. The Chinese do it, no doubt, and they get away with a lot of things, but then, so do we, whoever 'we' are.
Secondly, I think espionage is less of a national venture these days and more of an international business. The nationality of a spy may matter less - an Iraeli spy, say, might spy on America and sell to whoever bids the most; China, Russia, UK, whatever. Or perhaps even the US. There isn't a lot of pride and glamour in the spying business.
I am Mr. Daniel kankan, one of about hundred talented American IT professionals, who at any time are working overseas in secret. Please don't treat this mail as spam but rather give it the priority it deserves because I only resorted to mailing you when my attempt to reach you on ___________ failed due to poor network. I have just returned from the remote deserts of Oman where I swapped the swamps of the Niger Delta eighteen months ago, working for the Software Development Oman Company in temperatures above fourty degrees centigrade. I have fasted and prayed for 3 days before accosting you.
Our path narrowly missed in 2002 when a friend Mr. Brian Sheehan of Fortress Firewalls Florida recommended your company ____________ for our patronage. We were then sourcing for _____________ for our off-shore secret accounts. Mr Sheehan's company supplies us the hi-tensile aluminium server cases until the death of Mr. Sheehan in a ghastly motor accident in Florida in year 2003.
As a highly esteemed auditor with this corporation, I have been working selflessly and tirelessly in every facet and my imprints can be found in all over the company. Year in year out, in smooth or unpleasant economic and climatic environment, I had always stood my ground working to ensure that my promise to succeed and my spirit of enterprise is not shaken. I faced my job with a quiet mind, a firm courage, and an entire reliance on God. Courage belongs to the immortal soul and is the red badge of our immortal spirit. who lives and grows by sacrifice and faith and love. With this astute profile I became famous, highly connected with a reputation that cut across.
I have decided to contact you on an issue at hand that Mr Brian Sheehan could have quickly executed if he had been alive. Today the price of patience beckons as the dawn dares when it breaks. A big time opportunity gave rise to my urgent quest for a trustworthy across-the-continent friend that can handle a quick transaction and be trusted to deliver fast with intergrity and not tell stories. I have reasons to confide in you based on the impression I received of you and your company. This is purely personal and confidential to bring us a highly anticipated glory at the end and make us giants among equals. I got involved because for 23 years I have served him well and it is now time to serve myself. To live intelligently, man must have that buoyancy of spirit and willingness to embrace issues that will make him live without burdens forever more. I will expect you to use your intuition to understand what was going on here.
An American federal government initiative was introduced to encourage and empower local contractors in America's multi billion dallar information technology industry. This dream was applauded, but like other dreams and initiatives, was later transmuted to a well orchestrated plan by indigenous operators and top corrupt executives of the American National Programming Corporation (ANPC) to suck the economy dry. In the hollowed chambers of the ANPC is a powerful syndicate, an extensive network of top management staff engaged in mind bugging swindles with unimaginable brazenness. While highly placed officials subvert due process and award illegal contracts, unscrupulous local IT operators and dubious foreign contractors serve as conduit to fleece the nation of it's vast programming skills.
The huge amount of money often involved in the looting spree and the seeming helplessness of government or security agencies to check the menace is their own headache. All that matters now is that in my vault I have two dud (ghost) contract files which I discovered myself and had kept it all to myself.
All you need to do is to front yourself as the executor and the deed is done. I have already employed the services of an attorney for drafting and notarization of probate/administration. With due respect and regards, my concerns are: Can you handle this project, can I give you this trust and what will be your commission? If you can spons
Based on past experience, this could also be the CIA or similar working through useful idiots to help make a case for more control of the Internet by the US government. Given everything else we've seen in recent years, this IS the most likely explanation.
Only boring people are ever bored.
Yes, I was learning Python by myself and wrote a script using the HTTPLib package. Purely for an exercise. The script just greps information from a Web server's HTTP response header. By careless misconfiguration the script started an infinite loop! And I was banned by Slashdot (yes I was connecting to Slashdot, my favorate Website). I sent an Email to expain and I'm here again.
Your missiles, please.
PS. This is really terrible to admit. In punishment to the troublemaking script I mv'ed it to /dev/null. That's cruel.
Colorless green Cthulhu waits dreaming furiously.
From TFA: ...police are still trying to find others who may have been involved in the attacks, although the investigation is complicated since the attackers are likely outside Estonia...
Actually, a 20 year old Russian kid who happened to be born and live in Estonia. One of the problems of using the same words for an ethnic group and a nation.
Good point. Here in America, we would call somebody who was born in Estonia, raised in Estonia, and lives in Estonia as "Estonian," but it does confuse things, since in much of the rest of the world, identity really doesn't come from where you're born and raised. (The apex of this was Nazi Germany, of course, where people of Jewish descent whose families had been in Germany for a thousand years were labelled "stateless persons"-- oops, no reference to Godwin's law intended. (But then I don't think I trigger Godwin's law here, since I didn't mention Hitler... ooops...))
http://www.geoffreylandis.com
Do we know for certain that all of these attacks originated wholly in China, or is there a possibility that the attacks originated somewhere else, and were simply proxied through a Chinese server?
Just playing devil's advocate.....
"Life is pain Highness. Anyone who says otherwise is selling something"
Westly, The Princess Bride
eschatologic and apocalyptic outcomes could be explicated similarly; thus the comment is substantively and heuristically redundant.
My worst fears have come to pass.
Conflation has begun. Run for your lives!
You can't talk about Wikipedia's flaws on Wikipedia
Hee hee hee .... pretty colors!