The Secret China-U.S. Hacking War?

← Back to Stories (view on slashdot.org)

The Secret China-U.S. Hacking War?

Posted by Zonk on Thursday March 13, 2008 @06:42AM from the can't-we-all-get-along-online dept.

bored-at-IETF-ntp-session writes "In an article at eWeek Larry Seltzer examines the supposed hacking war between the US and China. He surmises 'Even if you can't prove that the government was involved ... it still bears some responsibility'. He quotes Gadi Evron who advised the Estonians during the Russian attacks. 'I can confirm targeted attacks with sophisticated technologies have been launched against obvious enemies of China ... Who is behind these attacks can't be easily said, but it can be an American cyber-criminal, a Nigerian spammer or the Chinese themselves.' Seltzer concluded 'It's just another espionage tool, and no more or less moral than others we've used in the past.'" This a subject we've also previously discussed.

33 of 107 comments (clear)

s/secret/formerly secret/ by grub · 2008-03-13 06:46 · Score: 3, Funny

Fixed that for you.

--
Trolling is a art,
1. Re:s/secret/formerly secret/ by TheSpengo · 2008-03-13 07:23 · Score: 2, Insightful
  
  Actually he has a point, it's not exactly secret if it's being posted on /., so there's no reason for that post to be modded troll. It was posted in the past too such as in this article. Articles about China and the US beefing up their network security are all over the place too. Just put "china hacking" in the search bar. :P As far as I know, this has been public for a long time.
  
  --
  Weaksauce as they say...
Not suprised by Anonymous Coward · 2008-03-13 06:50 · Score: 5, Funny

I can confirm this. I work for the department of defense, and we get port sweeps every day coming from china.
1. Re:Not suprised by gnick · 2008-03-13 07:00 · Score: 3, Insightful
  
  ...we get port sweeps every day coming from china. Probably so, but I'd guess that you're also getting port sweeps from Russia, Korea, various others, and from within the US - Am I right?
  
  Also, FTA:
  Is the United States under attack again? If there any nation's government with a large on-line presence that isn't constantly under attack?
  
  --
  He's getting rather old, but he's a good mouse.
2. Re:Not suprised by Valcrus · 2008-03-13 07:30 · Score: 2, Interesting
  
  Yeah but I don't really rank the military up there in security. I High School I took a vocational network admin course for Novell. We had a couple of network engineers from the DoD come in to talk to us about what they did and they explained the basics of network layout (I believe one of them was a friend of the teacher). They even brought a layout of the network with them. It was great. The only issue was the layout the had listed all of the IP Addresses for the servers at each point. The next day they came and replaced it with one that did not have the IPs as we had been trying to connect to them all day while goofing around.
3. Re:Not suprised by JustAnObserver · 2008-03-13 07:39 · Score: 4, Interesting
  
  ...we get port sweeps every day coming from china. Probably so, but I'd guess that you're also getting port sweeps from Russia, Korea, various others, and from within the US - Am I right? Hardly. In my university (top 50), well over 90% of such attack attempts (and port scans are just a small fraction of those, mind you) come from China. Connection attempts from Russia happen much, much less often, and those from other sources are extremely rare exceptions.
  
  Yes I understand your scepticism. I used to think along same lines until having had looked at Snort logs.
4. Re:Not suprised by Deanalator · 2008-03-13 07:56 · Score: 2, Funny
  
  Seriously now, did I just get a troll mod point for mentioning the word "lulz"?
  
  geez.. some people.
5. Re:Not suprised by MightyYar · 2008-03-13 08:10 · Score: 5, Funny
  
  LOL.
  
  For kicks, I opened up my secure log (just on my home computer, which only has ssh enabled)...
  221.120.210.42 - Pakistan
  194.19.140.202 - Denmark
  201.251.126.210 - Argentina (who tried to log in with "fluffy", among others...)
  203.90.124.69 - India (and from a company my company contracts with! small world)
  80.55.178.206 - Poland
  61.115.238.121 - Japan
  218.95.228.154 - China! Finally.
  66.166.72.206 - California
  88.148.10.32 - Spain
  87.204.60.174 - Poland (again! WAR! WAR!)
  222.233.120.3 - Korea
  212.99.92.150 - France
  60.248.103.66 - Taiwan
  221.6.5.237 - China! Again! But it's the guy who starts with "fluffy" again...
  
  China has tried to hack me twice, along with Poland. We must be having a secret war! I'm going to declare war on California, too. You'll see my wrath in the form of an earthquake sometime in the next 30 years.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
6. Re:Not suprised by AaronW · 2008-03-13 09:04 · Score: 2, Informative
  
  I saw the same thing in my home firewall logs. One IP address in China filled 75% of the logs. Out of curiosity I googled that address and came up with a PDF file from the Department of Homeland Security from two years earlier listing the same IP address.
  
  It's well known that China has been spying on us since we periodically catch them and they make the news. It's probably safe to say that a lot of it is quietly supported by the Chinese government or at least they turn a blind eye to it. Much of the espionage on the US government is probably directly from the Chinese government. It's also well known that they break into US companies as well to steal technology and oftentimes the government turns a blind eye to companies infringing on patents.
  
  You can get lots of information on this just by typing chinese espionage in Google.
  
  --
  This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
7. Re:Not suprised by XnavxeMiyyep · 2008-03-13 09:14 · Score: 2, Funny
  
  I can confirm this. I work for the department of defense, and we get port sweeps every day coming from china.
  
  I can confirm this, too. I work for NetCraft.
  
  --
  I put the 't' in electrical engineering.
8. Re:Not suprised by angus_rg · 2008-03-14 00:17 · Score: 2, Insightful
  
  And 99% of the port sweeps aren't a hacking war. It's people looking for places to store warez. I'm not saying there is no hacking war, but I think it gets hyped up by a lot of unrelated traffic.
China ... is evil ... by PC+and+Sony+Fanboy · 2008-03-13 06:56 · Score: 2, Insightful

Well, isn't this a surprise. The USA (and US media) is pointing fingers at an outside force for causing internal problems. Sure, it probably happens (that people in china attack american networks) ... but people all over the world do the same. Why target china? well... the US economy is in trouble, and china is economically booming.

Then again, both Hillary and Obama have said they'd renegotiate NAFTA if elected (and basically blaming canada and mexico for their problems) - which is already skewed in the favor of america - to fix their domestic problems.
1. Re:China ... is evil ... by MaWeiTao · 2008-03-13 07:41 · Score: 5, Insightful
  
  China's economy isn't booming quite to the extent that the American media would have us believe. Inflation is becoming a serious problem there. It may not be as big an issue for the small percentage of the population who are well off, but given that most of the nation still lives close to or in poverty it is a serious problem.
  
  There are economists who believe China has a bubble economy built on credit and corruption. So far they've done well for themselves but it's only a matter of time before they hit a downturn. And when that happens they're going to have serious problems with civil unrest. My concern is that when that happens the government will quickly start blaming other nations for all their ills.
  
  Believe me, Chinese people have a lot to be resentful of. All that economic growth has been great, but many people have suffered greatly for it. Thousands, if not millions have lost their homes to what amounts to eminent domain to make way for new development. People have gone off to work only to return to find their homes demolished. Supposedly the government has passed property rights laws but they don't seem to have amounted to much of anything. And let's not forget how they control free speech, although people seem to have largely forgotten about that in the midst of this economic boom.
  
  And they may be right in a few regards. There is already the big issue of low-quality goods coming out of the country. Just recently a number of people in Japan died from having eaten tainted food from China. Sales of Chinese foods have dropped dramatically. Quality clearly isn't improving but it's getting more expensive to manufacture in China. As infrastructure improves in places like India, Vietnam and elsewhere American, European and Japanese companies are going to look to those nations for their manufacturing needs.
  
  From personal experience, a few years ago in Taiwan everyone and their grandmother was chomping at the bit to do business in China. Many gave it a try and most failed. Nowadays, there's still a good deal of interest, but people have are a lot more tentative. China's market is over-saturated with competition and business is too cutthroat. And that's to say nothing of all the corruption.
  
  I'm not saying there aren't problems with the American economy, because there are. But the fundamentals are still good and we're on a somewhat more stable ground. This current downturn is due to speculation more than anything. Gasoline prices are high because of the weak dollar, and more importantly because of speculators. Some economists are saying that oil's value should be at about $70 per barrel, not $100+. Demand has actually dipped in the US. The problem is who the hell knows when a correction is coming. Speculation has led the housing and stock market to the situation we find ourselves today. Look at all the people who overpaid for homes because they expected to continue seeing these absurd increases in values. And that was despite the fact that we were being warned of the housing bubble.
  
  Now, on to the topic at hand, some people have this tendency to criticize the US for it's supposed double-standards regarding this sort of thing. How can the US government complain about China doing the very thing they themselves are engaged in?
  
  Well, here's my thinking, I live in the United States, not China. China is free to do whatever they like, of course, but I want my nation to have the upper-hand economically and militarily. I'm not saying the US should go around pushing everyone around with impunity, nor do I think the US should be invading every second country who looks at them the wrong way.
  
  One thing China does have is a lot of nationalistic pride. Even when they're critical of the government they still manage to have a lot of ambition. When they set their minds to doing something they get it done and don't get mired in all kinds of nonsense like is so often the case here. I think that's admirable and something sorely lacking in the US.
2. Re:China ... is evil ... by grumpyman · 2008-03-13 09:49 · Score: 2, Interesting
  
  And they may be right in a few regards. There is already the big issue of low-quality goods coming out of the country. Just recently a number of people in Japan died from having eaten tainted food from China.
  
  Wiki tells a different story - about the Chinese Dumpling poison thing in Japan check this out:
  http://en.wikipedia.org/wiki/Food_safety_in_the_People's_Republic_of_China#Tainted_Chinese_dumpling
  http://en.wikipedia.org/wiki/Chinese_cardboard_bun_hoax
3. Re:China ... is evil ... by bug1 · 2008-03-13 10:14 · Score: 2, Insightful
  
  So, let me see if i understand this...
  
  China is the cause of the US problems as its lending the US money so that the US can afford to continue to buy stuff.
  
  I have an idea, maybe the US is to blame for being such a consumer driven society and wasting all their money on useless shipt that they hardly ever use and dont really need.
4. Re:China ... is evil ... by qazsedcft · 2008-03-13 20:57 · Score: 2, Informative
  Nice speech, but please look at the facts first. Reality check:
  
  The US debt is currently almost 9.4 TRILLION dollars. The biggest debt of any government in the history of the world, adjusted for inflation. Even the Romans had a better financial situation and historians agree that the Roman empire fell largely because it went broke.
  
  It's not like the trend is reversing either. The US government has declared a deficit of 175.6 billion dollars just for the month of February. The largest single month deficit ever.
  
  Even with the cheap dollar, the trade deficit continues to increase (0.6% larger in January).
  
  Just looking at inflation rates is silly and ignoring the other side of the equation. Looking at REAL growth rate (growth minus inflation) we see that the US has a growth rate of about 3% per year, while China has a growth rate of over 10% per year. This means that EVEN AFTER INFLATION the Chinese still grow richer every year.
  
  The US economy is already highly developed so that growth can only be achieved through technological advances. China is still developing so it can achieve substantially larger growth than the US by investing in infrastructure. China is only catching up to the rest of the world and still has plenty of growth potential left. The Chinese government knows this very well and that's exactly what they are doing.
  
  Rural people loosing their homes is not a concern for the Chinese government. Those people will just move to the cities and that's exactly what the government wants. The rate of rural-urban migration is so high that the urban population is predicted to surpass the rural population within the next 5 years.
  
  Unemployment is mostly a problem in rural areas. Bring those people to the cities so they can work and the problem is solved!
  
  There are many, many more points that I could bring up (Chinese trade, investments, the real value of the yuan, etc) but I don't have the time to find all the data at this moment.
  
  It's nice to find comfort in thinking that the situation is just temporary, but let's face it - the golden age of the USA has ended. The US is on the decline while other parts of the world are raising to prominence.
And the US is of course totally innocent by pembo13 · 2008-03-13 06:56 · Score: 4, Insightful

And engages in no similar practices.

--
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Now you're INTENTIONALLY duping? by beer_maker · 2008-03-13 06:56 · Score: 3, Insightful

WTF, Batman?! If we've done this one already, and you know that well enough to put it in the initial summary, then what's the frackin point? Since when did "piling-on" become "News That Matters?"

--
Hmmm. Your ideas are intriguing to me and I wish to subscribe to your newsletter.
Re:More than hacking by Geoffrey.landis · 2008-03-13 07:00 · Score: 4, Insightful

The article says: "He quotes Gadi Evron who advised the Estonians during the Russian attacks. "
Note that this wasn't a "hacking war," and it wasn't a "Russian attack". It was a 20-year old Estonian kid with a botnet. More details here

--
http://www.geoffreylandis.com
Re:talking about espionage by Actually,+I+do+RTFA · 2008-03-13 07:03 · Score: 2, Interesting

sure, this remark of mine will invite obfuscating semantic gymanastics in an attempt to talk about faith in terms of science, or espionage in terms of morality. but when you come right down to it, the former are pretty much defined as exceptions to latter

It will indeed. Espionage is hardly immoral, when done by countries vs. one another. But, it is immoral to allow the collateral damage to get too high, to sweep innocent people into the fray, etc.

All science requires the articles of faith that the world makes sense, will continue to behave in the future the same as in the past, we can trust our senses/are not brains within jars, etc. But you are correct that most other articles of faith are orthoginal to science.

--
Your ad here. Ask me how!
I'm thinking... by Otter · 2008-03-13 07:04 · Score: 3, Insightful
My guess is:
- Script kiddie idiots carrying out the attacks
- Self-promoting "security experts" making up far-fetched theories about "cyberwarfare" to get press coverage
--
What I'm listening to now on Pandora...
1. Re:I'm thinking... by Bagheera · 2008-03-13 09:06 · Score: 2, Informative
  Script kiddie idiots carrying out the attacks
  Self-promoting "security experts" making up far-fetched theories about "cyberwarfare" to get press coverage
  
  Being in InfoSec where I deal with this stuff a lot, I'd say you're over 99% right on the first part. And about 80% right on the second.
  
  The organization I work for sees a huge number of simple scans and lame intrusion attempts on a daily basis. A handful appear to be more sophisticated, and are sourced from a number of interesting locations: Mostly compromised machines acting as proxies.
  
  As for the self promotion, you're right for many of them. They have a Publish or Perish attitude, especially if they're consultants. Which means we see papers and interviews that often blow things way out of proportion. Though it doesn't mean there isn't at least a grain of truth in the warnings.
  
  Are the Chinese attacking the US over the Internet? Yeah, so? Stay tuned, Film at 11.
  
  Cheers
  --
  Never attribute to malice what can as easily be the result of incompetence...
Re:talking about espionage by explosivejared · 2008-03-13 07:06 · Score: 4, Insightful

Well unlike religion and science, espionage are quite tangled. Ostensibly, in the case of national security, one undertakes espionage as part of a larger effort to preserve a morality. Espionage is a security measure against threats to a certain group's morality. Most would agree that there is at least some consideration due when discussing the morality of espionage "Semantic gymnastics" aside, it's pretty hard to disentangle espionage from morality in any useful way.

--
I got a catholic block.
Reason Behind the Attacks by christoofar · 2008-03-13 07:15 · Score: 4, Funny

They are looking for weaknesses in our defenses against melamine-free wheat gluten, procedures for testing toys for lead paint, and new marketing strategies to get more teenage girls mesmerized by Hello Kitty.
1. Re:Reason Behind the Attacks by RazorBlade99 · 2008-03-13 07:56 · Score: 2, Insightful
  
  And why would they help the Japenese sell more Hello Kitty junk?
I'm tired... by Sheen · 2008-03-13 07:32 · Score: 3, Funny

I'm tired of the US govt. spying on me, i constantly get scanned by US IP's.
Re:talking about espionage by gnick · 2008-03-13 07:41 · Score: 2, Insightful

Espionage is hardly immoral... I think that the main reason that espionage is accepted is that it's so common. And, because it's so common, it's necessary. But, if only one country in the world was engaged in it, the rest of the world would consider it very immoral and possibly an act of war.

That's of course not the case, but I don't think the issue of morality within espionage is remotely cut-and-dry.

--
He's getting rather old, but he's a good mouse.
Well ... by BigBlueOx · 2008-03-13 07:41 · Score: 4, Funny

1) Of course there is a hacking war going on! And this is news?

2) Blaming "China" is like blaming "America". I mean. How stupid is ...
oh
they do?
on Slashdot??

never mind
Re:talking about espionage by Stanistani · 2008-03-13 07:53 · Score: 4, Funny

sure, this remark of mine will invite obfuscating semantic gymnastics Worse, I feel it will invite eschatologically obtuse Apocalypticism.

--
You can't talk about Wikipedia's flaws on Wikipedia
Russian attacks? by matt4077 · 2008-03-13 08:12 · Score: 2, Informative

It should be noted (search for it if you don't believe me) that these so-called russian attacks on estonia were actually done by an estonian teenager. Kind of makes me doubt that expert's expertness.

--
Fleur de Sel
Secret or Ignored? by DynaSoar · 2008-03-13 08:26 · Score: 4, Insightful

Attacks by the Chinese are known to have occurred for at least 10 years. The first amateurish and easily traced attacks were against a particular US based "free Tibet" web site owned by a Brit, and followed by attacks on other sites of a similar nature. Within weeks the same IP range (clearly within the Chinese ministry of defense) was used to breach a mail relay at a US naval installation in Virginia. (To be fair to the Navy, the system was a relic with the then still common non-closed relay, and was a purely administrative system, not part of anything security or defense-sensitive). The reports were publicly released and largely ignored, as have been some that followed. The little public attention waned as rapidly as it tends to for larger events that fall out of the news over time. I suspect escalation, probably by both sides, occurred after attention fell off, taking advantage of that and adding expert spoofing to insure that most would not be able to consider further reports reliable.

If I were going to conduct surgical attacks against a government from within a large IP block, I'd allow others with less ambitious nasty plans to use it, and hide my activities within the flood from them, like hiding an artillery attack within a thunderstorm. I have little doubt that there are "Nigerian spammers" and such using Chinese machines. That doesn't preclude their government doing it -- to my mind it indicates the probability.

And they wouldn't want reports to be entirely absent either. Taking over or subverting the infrastructure that carries content is as much a part of psychological warfare as is the content itself. Subversion of the medium is also the message, and that must become known to the system's owners and their allies. It causes mistrust in the system, its owners, and any messages to come from them. The general public wouldn't care or pay attention, but those who did care would get the intended message. And you have.

This is the war that the General who recently answered /. questions was recruiting for. It's already in progress. I'd enjoy the hell out of serving again, and being able to do so without having to put on a uniform. I'd especially enjoy it when I found that the majority of "combatants" were somewhere below my own level of expertise, though somewhat higher than script kiddies -- interesting but not too frustrating.

--
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
I don't think that's a fair assessment by mosb1000 · 2008-03-13 11:27 · Score: 2, Insightful

My biggest expenses are:

1) Taxes (35%)
2) Rent (17%)
3) Food (11%)
4) Tythe (10%)
5) Transportation (7%)
6) Student Loans (7%)
7) Therapy (6%)
6) Bills (4%)
7) Other stuff (3%)

Most of the stuff I buy from china comes from the "other stuff" department, which is my smallest expense. I think this is also a pretty typical for other Americans. I don't think it's fair to say that I or people like me waste "all their money on useless shipt that they hardly ever use and dont really need."

A bigger contributor to the trade deficit is China's deliberate manipulation of their currency. Measured in nominal dollars, the GDP of china is only about $2.5 trillion, but at purchasing power parity with US prices, it's $10 trillion. That's means that a dollar is worth four times as much in china as it is in the US. It's no wonder people chose to manufacture things in China.
How do we know it's the Chinese? by element-o.p. · 2008-03-13 11:47 · Score: 4, Interesting

Not to play devil's advocate, but do we know it is the Chinese hacking the U.S.'s data networks?

One of the comments above mentioned that "just mentioning the words 'network security' in China can land you a lot of jail time." If this is correct, then it seems to me that there are probably a lot of unsecured networks and hosts in China. If that is the case, then how do we know that it is really the Chinese who are trying to hack DoD and business networks rather than some thirteen year old script kiddie in Hackensack who just happened to find a way into a computer in some backwater school in China?

Just because you are seeing hits from Chinese IP addresses doesn't mean the Chinese are behind it. The real question is "how deep does the rabbit hole go?" Unfortunately, there isn't really any way to know unless you hack the originating IP(s) yourself.

--
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?