Slashdot Mirror
Black Duck Eggs and Other Secrets of Chinese Hacks
Roberto123 writes "Network World offers some insights into the way China infiltrates US organizations, physically and via computer, to steal information. Security expert Ira Winkler says there are far more serious threats out there than the 'laughable' uproar over China's hack of Google."
My local mexican restaurant regularly delivers blackened huevos rancheros. I wonder if they're in on this whole "restaurant espionage" thing, too?
My wife has no problems buying black eggs of any kind in asia stores in Germany. Oh, and black eggs can be mailed long distance, it's fermented and thereby preserved food.
And you really can't conclude from the menu of a chinese restaurant what's going or not going on behind the scenes. I call bullshit on this one. No corporate espionage ring would need to use a "safe house" or "safe restaurant" for that matter to drop off secret information or to secretly meet. It's the information age, dummies!
--- Eat my sig.
Makes you wonder why there's a R&D in the middle of Nowhere
Yes you beat be to that little bit of BS. I was going to quote it too.
http://michaelsmith.id.au
The black egg anecdote was in Ira's 2005 book, 'Spies Among Us', which I do not recommend except for some of the stories like that.
And furthermore:
Huh? I can see infiltrating them with spies ... but infiltrating them with people who you will then try to recruit to be a spy?
Isn't that a bit ... stupid?
This article reads like those doom-crying rants I've seen on truther/birther/tinfoilhat websites. Seriously? The people down at the local Chinese food restaurant are a threat? And you think this because your former Russian spook friend 'Stan' told you so?? Dude, WTH. And don't even get me started about the various source-uncited claims about Chinese student-spies infiltrating our schools 21 Jump Street style. My god...this is sad.
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
Why even risk the possibility that one of them will NOT take the offer?
Cut out the middleman and simply send them spies to be hired. Spies who have ALREADY agreed to be spies for you.
The spies buy the cheap eggs (because spies have to keep pretending they don't have lots of money) and put the microfiche inside the egg shell and leave it on the table for the "waiter" to pick up and send back to Hong Kong via carrier pigeon.
Hate to blow you out of the water but the US government does leak private details of foreign companies collected by it's national security agencies. A good example was the US government being caught red handed leaking secret wheat price bids from Canadian companies to local US suppliers collected by the NSA. So if the US is happy to stab a trading partner like Canada in the back what do you think they are doing to none aligned entities like China!
The Chinese aren't the only spies in the international game, every country, police force, and big corporation, etc has them. They usually don't kill, torture, etc, just gather and take secret information from one secret vault to another, so it's, erm, somewhat peaceful, really.
Build your own energy sources from scratch. http://otherpower.com/
I RTFA'ed and couldn't wrap my head around the first paragraph. My mom puts black duck eggs into the porridge she makes every other week or so. I wonder if that means I need to check around the house for dead drops or start questioning visitors about their national allegiances.
It is rare that a /. tagline will make me chortle sufficiently as to draw attention to myself from others in the room. Perhaps it was the sly Asian voice in my head, drawing out the 'like' and raising the inflection.
Bravo.
For optimal comment enjoyment, take red pill now.
It's in the process of coming around, actually. China has been hit by problems of other countries providing unskilled labor for lower rates, resulting in an outsourcing of work. This has cost millions of jobs. On top of that, China is under constant pressure from other nations to allow its currency to float freely, something that it refuses to do, instead setting a narrow range of values within which it can float (0.5% above or below a parity rate set by the Bank of China). Right now, the official rate is around 6.80 to the US dollar, while many estimates suggest that it should be closer to 2 or 3 to the dollar.
However, doing so would do a great deal of damage to the Chinese economy, causing exports to plummet as costs rise dramatically. While this provides some stability now, in the long run it is probably damaging the world economy, and creating a false impression of strength of the Chinese economy.
You can never go home again... but I guess you can shop there.
Okay for some slash-support now. I have added a certain editor to my excludes list in my index settings, however, there is no way for my RSS reader to know this as it just uses the standard slashdot feed. My question is, how do I get an RSS feed that excludes certain editors?
China simply encourages people to go abroad (they have plenty to spare) and keeps on good terms with them. Then agents just keep in cotanct and, by playing on national pride, ask expats what they know about X. (say a new chemical process or code snippet or whatever) It *almost* doesn't qualify as spying, I understand they are fairly upfront and just say stuff like, "we want to make a better car but we keep having problems with the fuel line, how does the company you work for solve this" or "do you have any advice". If they get "secret" information in the process, so be it.
They don't bother to train spies and send them out because it isn't that type of espionage.
The issue for us is to understand what is important to protect and what isn't. The Soviets had a great security system, it was so secure they kept their inventions secret from themselves.
Can't get black duck eggs?
While I have not looked in San Francisco, I frequently find black duck eggs in packs of six in "Superstore" in Canada. I have been buying them for years to put in my rice porrige (Jook) that I like to make.
I fail to see how a product available at every Superstore I have been to is hard to find in San Francisco, I mean, SF has the largest Chinatown in North America does it not?
Try to hack my 31337 firewall!
They have done similar to the UK. It was the aerospace industry.
Some readings of UK history post WW2 could be seen to show economic sabotage that only changed when we said that we could not afford to help with Korea.
I'll see your Constitution and raise you a Queen.
I thought this story was going to be about Easter Eggs that were planted by Chinese hackers and were just called black duck eggs. Turns out they are actually talking about black duck eggs...WTF This is one of the stupidest articles i ever read. I think I am more stupid for having read it.
IMHO, the rest of the article are garbage and show the author's bigotry than actual knowledge. At least, I want to correct the facts about the eggs. "I can't get black duck eggs in San Francisco, let alone this little piece of crap town in the middle of nowhere." You can get the "black duck eggs" in every Chinatown including San Francisco. In fact, most Chinese grocery shops will have them. You just have asked with the right name "Century egg". http://en.wikipedia.org/wiki/Century_egg
This article serves no purpose other than to spread propped-up fear and hatry and to promote his own security consultancy.
Reading TFA has been the best laugh I have had all morning!
It said "windows 98 or better" so I installed Linux
But that wouldn't afford us the luxury of seeing "POTENTIAL CHINESE SPY" in every single Asian face we encounter.
Yeah, I went there. Someone had to.
DRM: Terminator crops for your mind!
the U.S. and other countries spy on each other all the time, but the U.S. would never spy on Toyota and share that intelligence with General Motors
And we know this how?
And keep in mind, the government bailed out GM and other American car companies. To not share what they know with their investments when the other guys are? That would just be downright investing stupidly, even by government standards. Sure, questionable as far as ethics go, and maybe international trade, but when did those become concerns for governments?
I'm not sure if the author of the article is actually a moron who can't shop and also a complete racist, or smart enough to realize his article would have no readers without putting in a culturally ignorant title, but I'd like to know where the hell he has been shopping in SF.
First of all, you can get black duck eggs damn near everywhere. I can get them in Fremont, Sunnyvale, or Cupertino, California at a variety of locations (Lions, 99Ranch, etc.), and I'm PRETTY sure you'd be able to find it in one of the biggest Chinatowns this country has to offer.
Hell I live in Madison, Wisconsin now and I'm 10 minutes (walking distance) away from a run down Chinese grocery outlet the size of a 7-11 that sells black duck eggs, and two out of the three crappy fast-food only takeout restaurants here serve porridge with black duck eggs.
To use decades old "cultural insight" that black duck eggs are a "Chinese Delicacy" without realizing that within the last two decades foods and goods Chinese people have only heard about in stories have become commonplace items not only in China, but also internationally as exports, is just pathetic.
But I guess there really was no other way to emphasize the ridiculously commonplace adage--that the human link is the weakest in security--without resorting to making ridiculous and dated cultural assumptions.
It's alright that he's not too good with cultures and people I guess. I mean, he's Russian after all, they're only good at math and physics.
It is very heartwarming to see the stories I grew up with behind the Iron curtain about CIA agents coming in to ruin our happy socialist lives being rehashed on what used to be the "free" side of the said curtain :)
This was happening long before bailouts...
The author didn't state it elegantly, but he still made the point -- Chinese industrial espionage is very real, is here now, and it is state-sponsored. China views hacking not only as a fast-track to becoming an industrial superpower, but they view it as a method of becoming a military superpower, too. A good part of China's military buildup involves locating and training talented young people, as well as hiring the already established hacker-underground folk for military purposes. They figure (probably correctly) that they are nowhere near capable of competing with the US military on a technological front, but if they can shut down our command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) networks (not coincidentally, this is also why they developed the satellite-killing missile), then they have essentially shut us down, especially for any military response to an attack on Taiwan.
Here are just a few examples of the many, many already known about cases of Chinese espionage.
- The infamous Cox Report (regarding the PRC stealing our most advanced nuclear weapon designs)
- The well-known Google attacks
- A Boeing engineer was sentenced to 15 years for espionage, selling rocket technology to the PRC
- The FBI caught an American with very high security clearance and a Taiwanese-American selling classified information about weapon-sales to Taiwan to the PRC.
- The British MI5 released a report detailing all kinds of Chinese espionage. For example, high-profile UK businessmen have been approached by PRC spies with lavish gifts which include USB flash drives infected with trojans to steal information, and in 2008, an aide to Gordon Brown had his Blackberry stolen after a sexy Chinese woman approached him in Beijing -- a classic, almost too classic to be true, Soviet-style tactic. Other diplomats, too, have been sexually blackmailed by the PRC to divulge information.
- Here is a research paper by Northrop Grumman regarding China's cyber-warfare abilities, 88 pages filled with the stuff. Turn to page 67 for a "Timeline of Significant Chinese Related Cyber Events 1999-Present," let alone the details of the rest of the paper which shows the large effort by the PRC to improve their cyber-warfare and espionage abilities.
Here are some more excerpts:
MI5 Report
The MI5 report described how China’s computer hacking campaign had attacked British defense, energy, communications and manufacturing companies, as well as public relations companies and international law firms. The document explicitly warned British executives dealing with China against so-called honey trap methods in which it said the Chinese tried to cultivate personal relationships, “often using lavish hospitality and flattery,” either within China or abroad.
“Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurize individuals to cooperate with them,” it warned. “Hotel rooms in major Chinese cities such as Beijing and Shanghai which have been frequented by foreigners are likely to be bugged. Hotel rooms have been searched while the occupants are out of the room.”
Some people spend so much time concentrating on the technical brilliance involved in computer hacking, they tend to forget that most of the pertinent and crippling attacks are byproducts of simple social engineering and breaches in trust.
If you work in, say, any financial institution, pay attention to the way your co-workers talk and behave.
This is blatant racism and fear mongering, and it's utterly offensive.
This guy is a quack. The entire article sounds like the ramblings of a paranoid schizophrenic that has a bit of technical knowledge. He thought some random Chinese restaurant he had lunch in was actually a front for corporate espionage simply because they had "black duck eggs" on the menu. Seriously. That was his one and only reason. He goes on to accuse the Chinese of planting spies in oil companies and Google specifically. I hope he was actually quoted out of context or we've got some serious mental patients for "security experts".
Couldn't the restaurant... buy regular duck eggs and ferment them?
A century egg can apparently be made quickly by soaking the egg in salt and sodium hydroxide for a week or two. Or you could actually bury it in alkaline soil... believe it or not, you don't actually have to be in China to accomplish this.
I propose we round up any dirty chinamen buying drain cleaner at the grocery store on the grounds that they must be no good commie spies!
Scratched Emulsion
"Don't you know black duck eggs are a delicacy in China?" Winkler said Stan asked. "I can't get black duck eggs in San Francisco, let alone this little piece of crap town in the middle of nowhere." Stan's conclusion was that the Chinese restaurant was a front for a Chinese espionage operation targeting the Fortune 5 business.
why? why did he conclude that?
The article basically lays out this argument:
I read the article, expecting at least some cursory information about system cracking techniques that have been detected. Instead, there's just this vapid paranoia that Chinese people may be up to something. It smacks of racism.
China sends spies to work in IT departments of all major political parties. It is a great way to steal complete lists of contributors/donors/supporters and, thereby, have complete knowledge of who the major movers and shakers are. Keep your eyes and ears peeled and be very, very careful.
*** Don't be dull.***
Governments seem to need something to do. So why not let them sneak about trying to steal each others secrets? On the other hand we couldn't even get New Orleans rebuilt and now it stands to be an oil rich city if the wind shifts a bit.
Hate to blow you out of the water but the US government does leak private details of foreign companies collected by it's national security agencies. A good example was the US government being caught red handed leaking secret wheat price bids from Canadian companies to local US suppliers collected by the NSA. So if the US is happy to stab a trading partner like Canada in the back what do you think they are doing to none aligned entities like China!
Canada? Wait, I thought it was European companies and the UK helped.
Or are you talking about a different government-agency-aided case of industrial espionage?
You can't take the sky from me...
So you're admitting on a public website that your friend is engaged in a data smuggling operation, carrying evidence of Chinese sabotage across state lines? I suspect you'll be getting a knock on your door soon.
When I clicked on your link, the menu at the restaurant did not feature black duck anything.
My wife has no problems buying black eggs of any kind in asia stores in Germany.
Oh my God; the Germans are in on the plot too? It wouldn't be the first time.
The same company had financial help building and running a motel nearby in Fremont where some of their customers stayed, but it also many other business people meeting with various companies. The motel was bugged, I was told by a close Chinese-American friend in the semi company. The semi firm got the customer private conversations and I think phone conversations.
In another case, an Israeli telecom chip company was designing software that is used in many datacom systems through which a LOT of US packets flow. I heard that there were backdoors in the hardware/software systems they sold to major communications operators. Some of us non-Israelis knew that Mossad ran some of the people in the company, but what could we do about it? The company got financial backing from Israeli intelligence but it would have been hard to prove since it was run through the Cayman Islands.
A lot of designs and technology have been pirated by Chinese, Taiwanese, and other governments. It's somewhat common knowledge here. And there are some very worrisome backdoors, for example the known sly replications of chips used in routers but with additional logic for remote access. The US military is well aware of this and there have been published stories about it. Just because the black egg story has credibility issues doesn't mean others aren't more solid.
Comment removed based on user account deletion
They must be eaten with rice porridge (congee). Otherwise the flavor is too strong. But, as a crumbled garnish on a savory rice porridge... yum!
Here's a recipe(hack;) that uses the eggs:
Cantonese Lean Pork Congee
How many more years will slashdot have an off-by-one error on your Score in your profile?
This should become a meme for "utterly pathetic, contentless, fear-mongering slashdot story" but then it would become over-used much too quickly.
To have a right to do a thing is not at all the same as to be right in doing it
You must be kidding me. Robert Mullins article is not worthy of publication, just because it is has a catchy byline regarding smelly duck eggs. The content is vague and overstated in many places. The content nothing more than bits of fluff without any kind of supporting detail. It has nothing it in that is new or inspiring and is so dry and boring, I simply began to fall asleep halfway through it. Robert Mullins should be slapped with a wet noodle for writing such drivel.
The only saving grace to the whole thing, was in the comments submitted by readers. Inside this is a gem of links supplied by one such anonymous reader. If you want the tip of the iceberg on hundreds of Chinese Government espionage cases, then follow these links.
http://www.washingtonpost.com/wp-dyn/content/article/2008/04/02/AR2008040203952.html
http://www.cbsnews.com/stories/2010/02/25/60minutes/main6242498.shtml
http://www.popularmechanics.com/technology/military/3319656
http://www.atimes.com/atimes/China/KG31Ad01.html
http://www.nytimes.com/2010/02/01/world/europe/01spy.html?src=sch&pagewanted=all
http://www.intelligencesearch.com/ia068.html
However to dig deeper. The Chinese are not the only ones targeting Government and other high tech companies in the US. There are many others, but China is going much further than just the US. It would seem that the Chinese officials, are casting a huge net to capture just about anything they can get and only later throwing away what they don't need. No wonder China is advancing so fast in all the major technologies, including space, military and civilian.
"From Rice Paddies to Rocket Ships". In only a few short years has China advanced or simply stolen it's future? Followed by actual case studies and methods, would have made an article worth reading and a far better byline. I can't believe I wasted 10 minutes of my time reading that piece of crap. Thank the gods for an enlightened and intelligent reader that offered a few links and with just that small effort did far more than Robert Mullins did in a whole page.
Let's assume, as a thought experiment, that the Chinese government has been very successful at penetrating whatever American enterprise they've targeted. What will China do with this intel?
According to the Economist, the "<a href="http://www.economist.com/world/asia/displaystory.cfm?story_id=16059990">china model</a>" is to embrace capitalism as a way of funding state control of key sectors of China's economy. As <a href="http://www.washingtonpost.com/wp-dyn/content/article/2010/05/13/AR2010051303551.html">James McGregor's op-ed</a> in the Washington Post points out, "[China has decided] that key sectors of the economy will remain "state dominated," including automotive, chemical, construction, electronic information, equipment manufacturing, iron and steel, non-ferrous metals, and science and technology. Others will stay "largely in state hands," including aviation, coal, defense, electric power and grid, oil and petrochemicals, shipping and telecommunications. State-owned companies in these industries are thriving in their protected home market. They have buckets of cash and easy access to state bank loans to carry out government directives to pursue overseas acquisitions and "go global."
So, one possibility is for China to replace all foreign-sourced technology with Chinese versions. They could massively de-couple themselves from the world market, and never be dependent on trade with anyone other than themselves.
Doing business in China may be a fool's errand.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
At least when it comes to doing top secret stuff, I would think...
* Isolate your networks from the outside world.
* All backups are double encrypted. No single person has the password to decrypt.
* Enforce strict no carry in / no carry out policy. All your personal belongings go into a locker. Notebooks are numbered and are checked in and out. Pens / Pencils / etc. are supplied.
* Have a phone system that only works internally. Want to call home and see how the wife is doing? Go check out your cell phone and go outside, when your done it's put back into a locker.
* You don't have a PC at your desk, you've got a thin client.
It factors down into people, polices and procedures.
Yes Francis, the world has gone crazy.
Ask her if she's still operating, is in a ceasefire, or is currently active, that should give us some clue.
I don't see how a Chinese restaurant means corporate espionage. People open Chinese restaurant near big companies because corporate folks love Chinese food for lunch, it's good money. The guy makes it sound like any ethnic restaurant in the middle of no where implies they're doing something suspicious, that's the most bigoted piece of BS I've heard. Even if China wanted to conduct espionage, they have better ways to do it than opening a restaurant next to a Fortune 500 company. Oh one more thing, black duck eggs are not exactly a delicacy. Delicacy implies luxury and is something rare. "Black duck eggs" were more of a I need food for the winter, so I will preserve this egg. Now a days, they're just sold everywhere. Anyways, bear paw is a delicacy, black duck eggs pretty common.
One of the things that's remarkable about US history is that the US ruling class has been incredibly consistent and unified on foreign policy. One of the motivations for the American Revolution was that merchants wanted access to Asian markets without having to go through Britain. Empire building, particularly in the form of dominance of global trade, and especially controlling trade with Asia, has been the central concern of the US ruling class for over two centuries.
The current anti-Chinese paranoia has a couple of elements. Portraying Asians as if they were all unindividualized parts of some sort of menacing hive mind has been a staple of American racism for a long time (and it shows up in science fiction frequently -- take the computer game Alpha Centauri for instance). It also picks up some rehashed "Red Scare" paranoia (see Lou Dobbs and Glen Beck), and there's some stuff that looks a lot like 19th century anti-Catholic bigotry.
In the IT field, which used to employ white men almost exclusively, there are a lot of people who have immigrated to the US from China, India, and other places. Some of us regard this as a good thing, some respond with racist anxiety.
Really have to answer to this, if for nothing else but for the entertainment value! Spying - at least in business and IT has bee around forever - well, for IT only as long as IT has been around! Living, working (in IT/IS), partying with "spies" (they had the money / budget, even bigger that IT people?), dealing maybe most IT using countries (at that time - 70's, etc), and so on - it was fun, nothing new, be careful, etc! My operators alerted "the secret service" about spies, real spies - caught in airport with a lot of documents, pictures, etc - laughing russian "spies" photographing us going to "secret" entrances in military computer installations, giving "a little too many drinks" to an western spy and listen all the stories he / she had to tell - it was fun! Yeah - it was Helsinki, Finland - long, long time ago - middle of everything what happened at that time - still is?
There's been a few. One of the more obvious ones was parts of Airbus designs ending up in Boeing aircraft with a really obvious paper trail via US intelligence agencies that were either too incompetent to hide it or most likely didn't care who found out. There was legal action on that one but it didn't get very far.