Slashdot Mirror
The Secret China-U.S. Hacking War?
bored-at-IETF-ntp-session writes "In an article at eWeek Larry Seltzer examines the supposed hacking war between the US and China. He surmises 'Even if you can't prove that the government was involved ... it still bears some responsibility'. He quotes Gadi Evron who advised the Estonians during the Russian attacks. 'I can confirm targeted attacks with sophisticated technologies have been launched against obvious enemies of China ... Who is behind these attacks can't be easily said, but it can be an American cyber-criminal, a Nigerian spammer or the Chinese themselves.' Seltzer concluded 'It's just another espionage tool, and no more or less moral than others we've used in the past.'" This a subject we've also previously discussed.
I can confirm this. I work for the department of defense, and we get port sweeps every day coming from china.
And engages in no similar practices.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Note that this wasn't a "hacking war," and it wasn't a "Russian attack". It was a 20-year old Estonian kid with a botnet. More details here
http://www.geoffreylandis.com
Well unlike religion and science, espionage are quite tangled. Ostensibly, in the case of national security, one undertakes espionage as part of a larger effort to preserve a morality. Espionage is a security measure against threats to a certain group's morality. Most would agree that there is at least some consideration due when discussing the morality of espionage "Semantic gymnastics" aside, it's pretty hard to disentangle espionage from morality in any useful way.
I got a catholic block.
They are looking for weaknesses in our defenses against melamine-free wheat gluten, procedures for testing toys for lead paint, and new marketing strategies to get more teenage girls mesmerized by Hello Kitty.
1) Of course there is a hacking war going on! And this is news?
...
2) Blaming "China" is like blaming "America". I mean. How stupid is
oh
they do?
on Slashdot??
never mind
China's economy isn't booming quite to the extent that the American media would have us believe. Inflation is becoming a serious problem there. It may not be as big an issue for the small percentage of the population who are well off, but given that most of the nation still lives close to or in poverty it is a serious problem.
There are economists who believe China has a bubble economy built on credit and corruption. So far they've done well for themselves but it's only a matter of time before they hit a downturn. And when that happens they're going to have serious problems with civil unrest. My concern is that when that happens the government will quickly start blaming other nations for all their ills.
Believe me, Chinese people have a lot to be resentful of. All that economic growth has been great, but many people have suffered greatly for it. Thousands, if not millions have lost their homes to what amounts to eminent domain to make way for new development. People have gone off to work only to return to find their homes demolished. Supposedly the government has passed property rights laws but they don't seem to have amounted to much of anything. And let's not forget how they control free speech, although people seem to have largely forgotten about that in the midst of this economic boom.
And they may be right in a few regards. There is already the big issue of low-quality goods coming out of the country. Just recently a number of people in Japan died from having eaten tainted food from China. Sales of Chinese foods have dropped dramatically. Quality clearly isn't improving but it's getting more expensive to manufacture in China. As infrastructure improves in places like India, Vietnam and elsewhere American, European and Japanese companies are going to look to those nations for their manufacturing needs.
From personal experience, a few years ago in Taiwan everyone and their grandmother was chomping at the bit to do business in China. Many gave it a try and most failed. Nowadays, there's still a good deal of interest, but people have are a lot more tentative. China's market is over-saturated with competition and business is too cutthroat. And that's to say nothing of all the corruption.
I'm not saying there aren't problems with the American economy, because there are. But the fundamentals are still good and we're on a somewhat more stable ground. This current downturn is due to speculation more than anything. Gasoline prices are high because of the weak dollar, and more importantly because of speculators. Some economists are saying that oil's value should be at about $70 per barrel, not $100+. Demand has actually dipped in the US. The problem is who the hell knows when a correction is coming. Speculation has led the housing and stock market to the situation we find ourselves today. Look at all the people who overpaid for homes because they expected to continue seeing these absurd increases in values. And that was despite the fact that we were being warned of the housing bubble.
Now, on to the topic at hand, some people have this tendency to criticize the US for it's supposed double-standards regarding this sort of thing. How can the US government complain about China doing the very thing they themselves are engaged in?
Well, here's my thinking, I live in the United States, not China. China is free to do whatever they like, of course, but I want my nation to have the upper-hand economically and militarily. I'm not saying the US should go around pushing everyone around with impunity, nor do I think the US should be invading every second country who looks at them the wrong way.
One thing China does have is a lot of nationalistic pride. Even when they're critical of the government they still manage to have a lot of ambition. When they set their minds to doing something they get it done and don't get mired in all kinds of nonsense like is so often the case here. I think that's admirable and something sorely lacking in the US.
You can't talk about Wikipedia's flaws on Wikipedia
Attacks by the Chinese are known to have occurred for at least 10 years. The first amateurish and easily traced attacks were against a particular US based "free Tibet" web site owned by a Brit, and followed by attacks on other sites of a similar nature. Within weeks the same IP range (clearly within the Chinese ministry of defense) was used to breach a mail relay at a US naval installation in Virginia. (To be fair to the Navy, the system was a relic with the then still common non-closed relay, and was a purely administrative system, not part of anything security or defense-sensitive). The reports were publicly released and largely ignored, as have been some that followed. The little public attention waned as rapidly as it tends to for larger events that fall out of the news over time. I suspect escalation, probably by both sides, occurred after attention fell off, taking advantage of that and adding expert spoofing to insure that most would not be able to consider further reports reliable.
/. questions was recruiting for. It's already in progress. I'd enjoy the hell out of serving again, and being able to do so without having to put on a uniform. I'd especially enjoy it when I found that the majority of "combatants" were somewhere below my own level of expertise, though somewhat higher than script kiddies -- interesting but not too frustrating.
If I were going to conduct surgical attacks against a government from within a large IP block, I'd allow others with less ambitious nasty plans to use it, and hide my activities within the flood from them, like hiding an artillery attack within a thunderstorm. I have little doubt that there are "Nigerian spammers" and such using Chinese machines. That doesn't preclude their government doing it -- to my mind it indicates the probability.
And they wouldn't want reports to be entirely absent either. Taking over or subverting the infrastructure that carries content is as much a part of psychological warfare as is the content itself. Subversion of the medium is also the message, and that must become known to the system's owners and their allies. It causes mistrust in the system, its owners, and any messages to come from them. The general public wouldn't care or pay attention, but those who did care would get the intended message. And you have.
This is the war that the General who recently answered
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Not to play devil's advocate, but do we know it is the Chinese hacking the U.S.'s data networks?
One of the comments above mentioned that "just mentioning the words 'network security' in China can land you a lot of jail time." If this is correct, then it seems to me that there are probably a lot of unsecured networks and hosts in China. If that is the case, then how do we know that it is really the Chinese who are trying to hack DoD and business networks rather than some thirteen year old script kiddie in Hackensack who just happened to find a way into a computer in some backwater school in China?
Just because you are seeing hits from Chinese IP addresses doesn't mean the Chinese are behind it. The real question is "how deep does the rabbit hole go?" Unfortunately, there isn't really any way to know unless you hack the originating IP(s) yourself.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?