Slashdot Mirror
Black Duck Eggs and Other Secrets of Chinese Hacks
Roberto123 writes "Network World offers some insights into the way China infiltrates US organizations, physically and via computer, to steal information. Security expert Ira Winkler says there are far more serious threats out there than the 'laughable' uproar over China's hack of Google."
My local mexican restaurant regularly delivers blackened huevos rancheros. I wonder if they're in on this whole "restaurant espionage" thing, too?
My wife has no problems buying black eggs of any kind in asia stores in Germany. Oh, and black eggs can be mailed long distance, it's fermented and thereby preserved food.
And you really can't conclude from the menu of a chinese restaurant what's going or not going on behind the scenes. I call bullshit on this one. No corporate espionage ring would need to use a "safe house" or "safe restaurant" for that matter to drop off secret information or to secretly meet. It's the information age, dummies!
--- Eat my sig.
The black egg anecdote was in Ira's 2005 book, 'Spies Among Us', which I do not recommend except for some of the stories like that.
And furthermore:
Huh? I can see infiltrating them with spies ... but infiltrating them with people who you will then try to recruit to be a spy?
Isn't that a bit ... stupid?
Why even risk the possibility that one of them will NOT take the offer?
Cut out the middleman and simply send them spies to be hired. Spies who have ALREADY agreed to be spies for you.
Hate to blow you out of the water but the US government does leak private details of foreign companies collected by it's national security agencies. A good example was the US government being caught red handed leaking secret wheat price bids from Canadian companies to local US suppliers collected by the NSA. So if the US is happy to stab a trading partner like Canada in the back what do you think they are doing to none aligned entities like China!
I RTFA'ed and couldn't wrap my head around the first paragraph. My mom puts black duck eggs into the porridge she makes every other week or so. I wonder if that means I need to check around the house for dead drops or start questioning visitors about their national allegiances.
China simply encourages people to go abroad (they have plenty to spare) and keeps on good terms with them. Then agents just keep in cotanct and, by playing on national pride, ask expats what they know about X. (say a new chemical process or code snippet or whatever) It *almost* doesn't qualify as spying, I understand they are fairly upfront and just say stuff like, "we want to make a better car but we keep having problems with the fuel line, how does the company you work for solve this" or "do you have any advice". If they get "secret" information in the process, so be it.
They don't bother to train spies and send them out because it isn't that type of espionage.
The issue for us is to understand what is important to protect and what isn't. The Soviets had a great security system, it was so secure they kept their inventions secret from themselves.
Can't get black duck eggs?
While I have not looked in San Francisco, I frequently find black duck eggs in packs of six in "Superstore" in Canada. I have been buying them for years to put in my rice porrige (Jook) that I like to make.
I fail to see how a product available at every Superstore I have been to is hard to find in San Francisco, I mean, SF has the largest Chinatown in North America does it not?
Try to hack my 31337 firewall!
They have done similar to the UK. It was the aerospace industry.
Some readings of UK history post WW2 could be seen to show economic sabotage that only changed when we said that we could not afford to help with Korea.
I'll see your Constitution and raise you a Queen.
I'm not sure if the author of the article is actually a moron who can't shop and also a complete racist, or smart enough to realize his article would have no readers without putting in a culturally ignorant title, but I'd like to know where the hell he has been shopping in SF.
First of all, you can get black duck eggs damn near everywhere. I can get them in Fremont, Sunnyvale, or Cupertino, California at a variety of locations (Lions, 99Ranch, etc.), and I'm PRETTY sure you'd be able to find it in one of the biggest Chinatowns this country has to offer.
Hell I live in Madison, Wisconsin now and I'm 10 minutes (walking distance) away from a run down Chinese grocery outlet the size of a 7-11 that sells black duck eggs, and two out of the three crappy fast-food only takeout restaurants here serve porridge with black duck eggs.
To use decades old "cultural insight" that black duck eggs are a "Chinese Delicacy" without realizing that within the last two decades foods and goods Chinese people have only heard about in stories have become commonplace items not only in China, but also internationally as exports, is just pathetic.
But I guess there really was no other way to emphasize the ridiculously commonplace adage--that the human link is the weakest in security--without resorting to making ridiculous and dated cultural assumptions.
It's alright that he's not too good with cultures and people I guess. I mean, he's Russian after all, they're only good at math and physics.
It is very heartwarming to see the stories I grew up with behind the Iron curtain about CIA agents coming in to ruin our happy socialist lives being rehashed on what used to be the "free" side of the said curtain :)
Because middle of somewhere would have people ready to pull the NIMBY card on any big factory proposal (assuming a factory, although any large facility will bother some of the population). Middle of nowhere will be a lot easier to persuade with the promise of jobs and "the pollution won't be that bad, trust me".
(This isn't intended to be anti-corporate, I am just coming up with what I think a plausible explanation).
My webcomic
The author didn't state it elegantly, but he still made the point -- Chinese industrial espionage is very real, is here now, and it is state-sponsored. China views hacking not only as a fast-track to becoming an industrial superpower, but they view it as a method of becoming a military superpower, too. A good part of China's military buildup involves locating and training talented young people, as well as hiring the already established hacker-underground folk for military purposes. They figure (probably correctly) that they are nowhere near capable of competing with the US military on a technological front, but if they can shut down our command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) networks (not coincidentally, this is also why they developed the satellite-killing missile), then they have essentially shut us down, especially for any military response to an attack on Taiwan.
Here are just a few examples of the many, many already known about cases of Chinese espionage.
- The infamous Cox Report (regarding the PRC stealing our most advanced nuclear weapon designs)
- The well-known Google attacks
- A Boeing engineer was sentenced to 15 years for espionage, selling rocket technology to the PRC
- The FBI caught an American with very high security clearance and a Taiwanese-American selling classified information about weapon-sales to Taiwan to the PRC.
- The British MI5 released a report detailing all kinds of Chinese espionage. For example, high-profile UK businessmen have been approached by PRC spies with lavish gifts which include USB flash drives infected with trojans to steal information, and in 2008, an aide to Gordon Brown had his Blackberry stolen after a sexy Chinese woman approached him in Beijing -- a classic, almost too classic to be true, Soviet-style tactic. Other diplomats, too, have been sexually blackmailed by the PRC to divulge information.
- Here is a research paper by Northrop Grumman regarding China's cyber-warfare abilities, 88 pages filled with the stuff. Turn to page 67 for a "Timeline of Significant Chinese Related Cyber Events 1999-Present," let alone the details of the rest of the paper which shows the large effort by the PRC to improve their cyber-warfare and espionage abilities.
Here are some more excerpts:
MI5 Report
The MI5 report described how China’s computer hacking campaign had attacked British defense, energy, communications and manufacturing companies, as well as public relations companies and international law firms. The document explicitly warned British executives dealing with China against so-called honey trap methods in which it said the Chinese tried to cultivate personal relationships, “often using lavish hospitality and flattery,” either within China or abroad.
“Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurize individuals to cooperate with them,” it warned. “Hotel rooms in major Chinese cities such as Beijing and Shanghai which have been frequented by foreigners are likely to be bugged. Hotel rooms have been searched while the occupants are out of the room.”
Some people spend so much time concentrating on the technical brilliance involved in computer hacking, they tend to forget that most of the pertinent and crippling attacks are byproducts of simple social engineering and breaches in trust.
If you work in, say, any financial institution, pay attention to the way your co-workers talk and behave.
Potential Chinese spy. Potential illegal immigrant. They all look the same to us here in Arizona.
The trick is being certain that none of the other 99 will go to the cops - or worse, to the organization to be spied on.
DRM: Terminator crops for your mind!
This guy is a quack. The entire article sounds like the ramblings of a paranoid schizophrenic that has a bit of technical knowledge. He thought some random Chinese restaurant he had lunch in was actually a front for corporate espionage simply because they had "black duck eggs" on the menu. Seriously. That was his one and only reason. He goes on to accuse the Chinese of planting spies in oil companies and Google specifically. I hope he was actually quoted out of context or we've got some serious mental patients for "security experts".
The article basically lays out this argument:
I read the article, expecting at least some cursory information about system cracking techniques that have been detected. Instead, there's just this vapid paranoia that Chinese people may be up to something. It smacks of racism.
There's a huge difference between one company spying on another and a government spying on foreign companies then passing the information to domestic ones. The latter case is the one being discussed.
When I clicked on your link, the menu at the restaurant did not feature black duck anything.
Try looking for thousand-year-old eggs.
This ain't rocket surgery.
The same company had financial help building and running a motel nearby in Fremont where some of their customers stayed, but it also many other business people meeting with various companies. The motel was bugged, I was told by a close Chinese-American friend in the semi company. The semi firm got the customer private conversations and I think phone conversations.
In another case, an Israeli telecom chip company was designing software that is used in many datacom systems through which a LOT of US packets flow. I heard that there were backdoors in the hardware/software systems they sold to major communications operators. Some of us non-Israelis knew that Mossad ran some of the people in the company, but what could we do about it? The company got financial backing from Israeli intelligence but it would have been hard to prove since it was run through the Cayman Islands.
A lot of designs and technology have been pirated by Chinese, Taiwanese, and other governments. It's somewhat common knowledge here. And there are some very worrisome backdoors, for example the known sly replications of chips used in routers but with additional logic for remote access. The US military is well aware of this and there have been published stories about it. Just because the black egg story has credibility issues doesn't mean others aren't more solid.