Slashdot Mirror
Google Attackers Identified as Chinese Government
forand writes Researchers, examining the attacks on Google and over 20 other companies in December, have determined 'the source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof.'"
Coming to a planet near you.
âoeAny society that would give up a little liberty to gain a little security will deserve neither and lose both.
It couldn't be them. China would never do anything wrong.
That... or they'll just blame it on their status as a "developing nation" and that they shouldn't be held to the same standards as everyone else.
Nothing.
It's hardly a secret that governments conduct cyber-espionage - what seems shocking in this instance is that they have been caught and that a major company, a telecoms giant and the US government have all gone on the offensive. This seems like a pretty dramatic shift, and you have to wonder what China's really done to provoke such a reaction after everyone's spent the last decade quietly appeasing them to try and get a foothold in their markets. It sounds like reading the subject lines of a few Chinese activists' emails is only the tip of the ice berg in this case, it'll be interesting to see what else has yet to be revealed.
Bad China! BAD! Now give me more cheap, exploitable labor. AWWWE, how can we stay mad at you!
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
So what are we going to do about it? By we, I mean we as:
1. a body of corporations (those 20 or so affected)
2. a nation
3. a global community of nations (UN)
4. a cybercommunity
What can we do, and what is most likely to happen?
If a foreign government had attacked non-digital assets of any US corporation, you would expect some kind of formal reprisal. Maybe not an airdrop of Marines, but certainly something more than Hilary Clinton threatening to write a stern letter.
What I have not doped out yet to my own satisfaction is whether the tepid response from Washington is the fault of the current administration, confusion regarding the digital nature of the breach and assets, or a little of both.
Who didn't see that one coming from a mile away? I called it the moment I read that there was a sophisticated attack on Google.
Whether its all fabricated or not, I like the idea of Google pulling out of China. Google is one of the leading innovators in the western world - and by keeping their services out of China it sends a message to the government: Stop Oppression.
and tell them how proud you are that they finally took a stance befitting their "do no evil" stance. Better late than never, and they deserve our support for this courageous action. I for one have changed my mind about them significantly based on this single action alone.
If the EU can fine a US company for what amounted to unfair business practices, what should the US do to China? Debt? What debt?
This same thing has been said for a long time. The fact is in the majority of companies (Google/Defense industry excepted), is that security is the first area of a company to get hacked to bits. So I don't think it's so much a procedural issue as much as it is a fundamental problem with visibility. The only time security workers get noticed is when something goes wrong, because when nothing bad happens, it just looks to management like they're not doing anything yet taking a good portion of their budget. All that said, you're probably right, nothing will change.
Q.E.D.
Working for a Defense contractor, one of our systems was compromised. Fortunately, the idiot who gained access screwed up SSH which alerted us to what was going on, and prevented them from erasing their tracks. All SSH connections were from computers in China. They've been doing this for years, and no one has really called them on it until now. It takes Google to make a big enough splash before anyone really pays attention to it.
What did China do when they found all the bugs the US government put in the plane we sold them?
Nothing.
http://articles.latimes.com/2002/jan/20/news/mn-23796
This question is repeated endlessly at almost every major world event, "Does this come as a surprise to anyone?"
Stop already, its just a useless waste of bits.
...embargo on!
Sorry, I don't think it's likely Google will switch to Microsoft IIS anytime soon.
The Wall Street Journal had a great article about some of the details behind the scenes of this particular incident, and also another article that did a good job of summarizing what has been discussed here over the last couple of years. The main stream media is openly stating that the People's Liberation Army is actively encouraging "citizen cyber militias" to conduct "cyber attacks" (good Lord how I hate that term) against foreign (read, United States) corporations. Although they haven't gone so far as to state that those militias have active backing of the government, they have said that the government is turning a blind eye to their activities. Furthermore, the WSJ goes on to state that there are United States agencies involved in similar espionage activities.
Given that background, it seems like hacking Chinese companies should be fair game for up and coming "security researchers" here in the United States. In the 1990s the United States government made it quite clear that they were going to come down hard on people who mess with government and Fortune 500 systems. Given the option between really securing the systems and punishing those who exploit the lack of security, they went with the latter. A lot of people, myself included, decided that once we turned 18 and faced the threat of real Federal prosecution, the wise move was to turn off the war dialers, stop snarfing ESN/MIN pairs out of the air, and stop trying to run exploit code against computers that we don't control.
We can't hone our craft in the United States anymore. Although there is a whole market for securing IT resources against attack, there isn't a playground to pick up skills in. My suggestion is that China is that playground. My suggestion is that Chinese corporations in the United States are the targets. I mean lets face it, there are hundreds of thousands of compromised computers in the United States. The United States government can't be held accountable for malicious activity directed toward Chinese corporations. It would be unfortunate for those entities to be DDoS'd. It would be unfortunate for their internal workstations to be the target of vulnerability research.
I can't find the link to the actual report in TFA.
I don't doubt that there's a strong suggestion that the Chinese government was somehow involved in the intrusion attempts mentioned by Google, and generally it isn't Google's habit to lie or deceive in these high profile matters.
But two days after the Google announcement a report comes out saying "yes it's the Chinese government, yes it's them!"? Without obvious links to the actual report?
I just sense it's just the "security companies" trying to ride the PR bandwagon. I mean, it's just on everybody's mind, and "somebody had to say it out aloud". So you cobble together related bits and pieces and make a grand pronouncement, making everybody happy. But does it prove anything? Not until we find the evidence. Until then it's all just hearsay.
Besides, would you really base your conclusions on findings from "VeriSign's iDefense security lab"? From the company who tried to f*ck up NXDOMAIN?
This is not the end of the story. I suspect more juicy bits will come through.
Don't quote me on this.
The premise is that China hacked Google to access the accounts of these Chinese Human rights activists. Given that Google already complies with Chinese law, why did China not openly contact Google over this?
In the article it says they located the Command and Control box. I did a little investigation of my own and see what they mean. It's oh so obvious this was perpetrated by the Chinese government. Just look at the facts!
joe@joe-nix:~$ whois PwnedC&CServer.org .ORG WHOIS information is provided to assist persons in
NOTICE: Access to
determining the contents of a domain name registration record in the Public Interest Registry
registry database. The data in this record is provided by Public Interest Registry
for informational purposes only, and Public Interest Registry does not guarantee its
accuracy. This service is intended only for query-based access. You agree
that you will use this data only for lawful purposes and that, under no
circumstances will you use this data to: (a) allow, enable, or otherwise
support the transmission by e-mail, telephone, or facsimile of mass
unsolicited, commercial advertising or solicitations to entities other than
the data recipient's own existing customers; or (b) enable high volume,
automated, electronic processes that send queries or data to the systems of
Registry Operator or any ICANN-Accredited Registrar, except as reasonably
necessary to register domain names or modify existing registrations. All
rights reserved. Public Interest Registry reserves the right to modify these terms at any
time. By submitting this query, you agree to abide by this policy.
Domain ID:D2289308-LROR
Domain Name:PwnedC&CServer.org
Created On:05-Oct-1997 04:00:00 UTC
Last Updated On:11-Dec-2009 20:14:46 UTC
Expiration Date:04-Oct-2010 04:00:00 UTC
Sponsoring Registrar:Tucows Inc. (R11-LROR)
Status:OK
Registrant ID:Bob@PRC.gov
Registrant Name:Host Master
Registrant Organization:People's Republic of China, duh!
Registrant Street1:Main Street
Registrant Street2:HQ for Cyber Warface against Capitalistic West
Registrant Street3:
Registrant City:Bejing
Registrant State/Province:
Registrant Postal Code:
Registrant Country:CN
Registrant Phone:+1-800-Yur-Pwnd
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:Bob@PRC.gov
"Beer is proof that God loves us and wants us to be happy - Benjamin Franklin"
They don't have to pull out, but removing "Most Favored Nation" trade status might help.
The government/culture of The People's Republic of China has only been in existence for about 70 years. Before that, it was the nationalistic Republic of China for about 35 years. And before that, it was an hereditary monarchy or thousands of year.
Maybe you should pick up a history book some time.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Well, the "Christmas Bomber" is in prison right now, being prosecuted, and probably, at the end of the day, going to prison for a large number of years. I doubt the Chinese will help us do the same thing to their "warriors". Or did you just fumble a rather irrelevant (and stupid) slam against the current administration?
That is all.
What did China do when they found all the bugs the US government put in the plane we sold them?
They debugged it?
The Tao of math: The numbers you can count are not the real numbers.
Western culture goes back to the ancient Greeks, Hebrews, Phoenicians, and even Egyptians. It is extremely likely that Western culture and Chinese culture share a lot of similar roots, and they definitely did a lot of cultural trading throughout the millennia. So clearly you are not referring to culture with your 'few thousand years' statement.
As for the current government, it's only been around for sixty or so. During that time they killed millions with famine caused specifically by poor government policy (the great leap forward: people were literally eating their own children. It was horrible). Then they killed and tortured millions more, in the temper tantrum of the youth known as the Cultural Revolution. This was once again encouraged and caused by poor government policy.
Furthermore, I don't think I need to go over all the things the government currently does that violates human rights. Let's just say when the torch came to San Francisco, protesters had to color coordinate so they could keep track of what exactly they were protesting.
Qxe4
Actually, China
The reason China is able to compete is because of a handful factors:
* Enslavement/enticement of foreign countries to utilize their natural resources (see: Africa)
* Cheap-as-fuck labor
* Wanton IP theft
* A docile populace
* Totalitarian state able to push all this through to the populace
* UN complicity towards Chinese abuse of standards which everyone else "has" to abide by. (See: pollution/global warming crap)
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Sorry, I was about to make a really rude and sarcastic comment here, but I won't.
Western culture began in the ancient Mediterranean thousands of years ago. You would find most aspects of modern western culture in ancient Greece, but a lot of it was around even before that. The major elements are government by representative democracy, the rule of law and emphasis on scientific legalism (I don't know what else to call it) in the fields of science and philosophy. Also the belief in the right to personal liberty for land owning males remains intact even today. Your claim that western culture is young is patently absurd.
You're trying to make a comparison between the age of the USA and the age of eastern culture. That comparison makes no sense.