Governments, IOC and UN Hit By Massive Cyber Attack

fysdt writes "IT security firm McAfee claims to have uncovered one of the largest ever series of cyber attacks. It lists 72 different organisations that were targeted over five years, including the International Olympic Committee, the UN and security firms. McAfee will not say who it thinks is responsible, but there is speculation that China may be behind the attacks. Beijing has always denied any state involvement in cyber-attacks, calling such accusations 'groundless.'"

"Groundless"

[betterunixthanunix]

OK, so China says the accusations are groundless. Obvious question: why were the accusations made? Is it just because of China's reputation, or is there a real reason to think that China is involved?

Re:"Groundless"

[nospam007]

Not to mention that 'attacks' that endure for several years are usually called 'war'.

Re:"Groundless"

[i+kan+reed]

Yeah, if we started presenting evidence and not conjecture, maybe we'd be doing a better job of convincing the world, if not China, that China is up to nefarious deeds. Also, what reason does China have to attack the olympics? They just got an olympic event a couple years back? I don't see any reason to hold a grudge there.

Re:"Groundless"

[Nidi62]

OK, so China says the accusations are groundless. Obvious question: why were the accusations made? Is it just because of China's reputation, or is there a real reason to think that China is involved?

The accusations probably arise from a few things. First, how many time have you heard about the Chinese government, or Chinese firms, getting hacked? Not too many. Second, China is one of the few countries that has uniformed hacker units in their military. They also have hacking divisions in their state security and intelligence apparatus. Third, most professors and students of CS are basically kept on call by the government; almost a hacker National Guard.

Re:"Groundless"

[vlm]

Maybe its just ignorance... China is really freaking big. Saying "its china" is about as pointlessly vague as saying "it was done by young males". In both cases theres about a billion suspects.

Also all the PCs in China are unpatched, owned zombies. Don't waste time claiming they based it on IP addrs.

Re:"Groundless"

[Stargoat]

Most other attacks are accompanied by Internet chatter. A business should not be surprised if it is hit by lulzsec or another social group attack. Typically, there are warning signs, and large businesses pay a good deal of money to be forewarned about such attacks. But a wide attack like this.... If there was no warning, chances are it was the Chinese.

Perhaps people need to start realizing what an authoritarian, reclusive, and paranoid regime can do to the world. After all, look at the damage the US has done under Bush and Obama.

Re:"Groundless"

[Nidi62]

Also, what reason does China have to attack the olympics?

Well, there were all of the accusations of the Chinese gymnastics team horribly under-age(10, 11 years old). We know the soviets cheated in the Olympics (lots of steroids), and if the Chinese were cheating in gymnastics, odds are they were probably cheating in other sports as well. It's possible that they would hack into the IOC to see if there were any allegations or investigations being circulated/planned for, so that they could prepare for them (changing evidence and all that).

Re:"Groundless"

[Stargoat]

You've never spent any time with northern Han, have you? There are some seriously paranoid, screwloose individuals there. With the amount of effort they spent on the Olympics, they would feel required to monitor Olympic Committee activity for years to come.

Re:"Groundless"

[JBMcB]

How about this - the attacks are traced to China, or at least, they endpoint at their firewall. China monitors all internet traffic coming into and going out of their country. Their ISPs retain logs of all internet traffic as well. Governments ask for China's help tracking down an attack - China says "didn't come from here."

So what are we to believe? Either China's government is covering up the attacks, they are behind them, or they are incompetent at running a network.

Re:"Groundless"

An authoritarian, reclusive and paranoid regime owns 10% of your debt, that is what they can do. Usa is so fucked.

Re:"Groundless"

Also, what reason does China have to attack the olympics? They just got an olympic event a couple years back? I don't see any reason to hold a grudge there.

Jim Lewis, a cyber expert with the Center for Strategic and International Studies, said it was very likely China was behind the campaign because some of the targets had information that would be of particular interest to Beijing.

The systems of the IOC and several national Olympic Committees were breached before the 2008 Beijing Games. And China views Taiwan as a renegade province, and political issues between them remain contentious even as economic ties have strengthened in recent years.

From Reuters.

If I knew the Olympics were coming to town, I would seriously love to have all the information they weren't giving me if I were hosting. Were they angry? Were they lying to my face? I'd like to know.

Also mfw the BBC picture for lulzsec. >:[

Re:"Groundless"

[tukang]

I suspect China because the Google incident showed that they're actively engaged in such activities.

Re:"Groundless"

The Chinese women cheated very recently in swimming using steroids as well in the 1990s.

Re:"Groundless"

[GameboyRMH]

I would assume they're pointing the finger at China because the attacks originated from there.

That said, if I were to do something shady, I'd proxy through China so the authorities will just say "damn dirty Chinese!" instead of looking for me on the other side of the planet.

Re:"Groundless"

[FhnuZoag]

Man, the Time to Racism on these China related articles...

Re:"Groundless"

[WindBourne]

They have a trained troop for doing this. They admit it. The crackers in China have a death penalty against them, UNLESS it is directed at the west and they sell the information to the Chinese gov. (think of how the brits used pirates against the french and Spanish). That in the intel world have put out honeypots, seen the attacks from Chinese IPs and seen the false information from it show up in Chinese reports later on.

But other than that, no real reason to believe that China is the one who would want more information about holding games in China (like the way hitler did), or that China is spying on the west.

Re:"Groundless"

[FhnuZoag]

Well, there's a lot of Chinese computers infected with spyware, etc, and general status of cybersecurity is very poor - just look at the numbers using IE6. Even using high end estimates, we're looking at 1 'internet policeman' per 10,000 Chinese users. Despite the fame of the great firewall system, it's mostly run on automatic - it would be implausible for the Chinese to monitor and log and datamine individual activity. Proportionately to internet user population, the NSA alone employ a much larger number of employees than the Chinese do, and have greater experience and sophistication with surveillance. No one assumes the US sanctions every attack.

Re:"Groundless"

[Xest]

I wonder the same but from a different perspective.

Time and time again security firms like Sophos and McAfee make these grand claims - "MASSIVE STATE ATTACK ON US DOD" or whatever, yet do they ever release any evidence?

Of the ones I've bothered to read TFA for so far they seem to be little more than claims, we never see any evidence, just speculation or arbitrary bullshit like they follow a "profile" - the profile probably being nothing more than the attacks were carried out on the internet or something stupid like that.

If anything it seems to be more a case of security firms loving the fact that all they have to do is come up with some sensationalist wankfest and all of a sudden their firm is advertised right across every section of the media across the globe.

I'm getting tired of it. Security firms- either publish all your relevant data to prove your claims, or shut the fuck up. Otherwise I'll just assume the best your firm can do is conjure up marketing stories, because you certainly can't produce trustworthy virus scanners.

Re:"Groundless"

[Stargoat]

What exactly is racist about cultural understanding?

It is stupidly PC (or even post-modernist) to ignore the way that culture drives decisions. Of course some people do things different than others for difference reasons. And cultural diversity extends beyond food. In fact, it extends to (gasp) culture.

And seeing as how I have an entire family who are from that region, perhaps you'd like to reconsider your statement. Unless I'm self-hating. Oh, that must be it. Please excuse me while I head out to cut my throat. Or maybe you'd like me to commit Harry Carey. Ah 1, Ah 2, Ah 3! Fhnu, you're a Pan Asian buffoon.

Re:"Groundless"

[jank1887]

or persistent criminal activity. really depends on scope and players.

Re:"Groundless"

[inviolet]

Man, the Time to Racism on these China related articles...

Sorry, no, you don't get any virtue points for pointing at a useful cultural observation and shrieking "racism!!!1!".

I realize the other routes to virtue are a lot more work. We apologize for the inconvenience. Perhaps you'd find veganism to be adequately easy.

Re:"Groundless"

You are assuming that there are attacks in the first place? I mean if mcaffe says so, then it must be so right?

Please tell me you've noticed that before each and every time we go and destroy a country in the name of "democracy", we see lots and lots of reports spewed out with exponential rapidity through all media forms untill these reports (which we have no way to verify) are take as truth by the general public.

Well if they tell us, it must be true!

Come on people, we are being assumed idiots. I would hope that here on SD, many of us can see the fallacy in all these "largest ever" "cyber attacks". It wasn't so long ago that Obama somehow? predicted that 2011 would be the year of "cyber war". Really? I wonder why he would say that.

There are no more attacks coming from China then there have been in the past. And even if there were, do you think it is impossible for other countries to route their attacks through china?

Please wake up to this bullshit reporting, please. It is making us into idiots!

Re:"Groundless"

[couchslug]

A new Cold War could make money for many people. Follow the money.

I welcome "cyber attacks" because they can coerce immune responses and punish bad security practices.

It's unfortunate for overall internet health that the slowest zebras are "infected by parasites" instead of "killed outright".

Re:"Groundless"

[FhnuZoag]

Han is a race. It's not a culture, but a genetic lineage. If you were to even refer to 'chinese' or whatever you could cover your arse by saying you are just referring to culture, but complaining about northern Han on a majority western forum is equivalent to talking about northern black americans and just as dumb.

Re:"Groundless"

[FhnuZoag]

Also, I am a 'northern Han' emigree, and whenever I go back there the people I meet are the friendliest, most open, and most level-headed people, despite the horrible chinese government, so seriously, fuck you and your 'cultural understanding'.

Re:"Groundless"

Yes, Chinese are paranoid, psychotic people - what an astute "cultural observation" you racist fucktard.

Re:"Groundless"

[FhnuZoag]

Labelling literally hundreds of millions of people by their genetic ethnic type, espousing a negative stereotype of 'paranoid, screwloose' from vague anecdotal armwaving and generalising to the entire group, and inserting it non-sequitir into a discussion that has absolutely no mention of ethnic Han in the north isn't an "useful cultural observation". It's racism by definition.

Re:"Groundless"

Also, I am a 'northern Han' emigree, blah blah blah, fuck you and your 'cultural understanding'.

I'm not really taking sides in the issue, but that was an outstanding response.

Re:"Groundless"

Why this comment gets an audience is understandable given the inequalities of high school education now adays, but there are definitely a lot of assumptions being made here, especially that China even hacked anyone. It is completely counterproductive to make any attempt to make points based on pure conjecture.

Re:"Groundless"

That's because you're one of them, you dumbfuck. Go to St. Petersburg and see how you're treated there versus how the locals treat each other. They are friendly, open, and level-headed despite the horrible conditions... as long as you don't look different or come from a different culture.

Re:"Groundless"

[FhnuZoag]

And maybe you might want to take a look in the mirror sometime.

Re:"Groundless"

Racism, my ass... Quit injecting noise into the signal. It's cultural. Spent two years teaching in Shanghai and Beijing- Innovation is not valued quite as much as it is in the West. They need innovation, however, and paradoxically innovation, in certain contexts, can be a threat to the State. So, you import it and bring it home in a controlled fashion- You send your youth to Western universities, and you take it from sloppily defended Western information systems.

Re:"Groundless"

[Stargoat]

Northern Han emigree? Let's see. Chauvinism? Check. An inability to accept even indirect cultural criticism? Check. A willingness to whine about racism? Check. An inability to articulate a contrary thought without reducing it to violence or swearing? Check.

FhnuZoag, you are a caricature of the Ugly Chinaman. Look in the mirror. You are what Bo Yang was warning of.

Re:"Groundless"

[FhnuZoag]

It's not chauvism to point out you shouldn't judge people on their race. It's not "cultural criticism" to insult someone on the basis of their racial background when you know *absolutely nothing* about the environment they are brought up in. I said I'm north Han, and so the assumptions immediately start to flow. At no point did I enquire or comment on your race or background. At no point did I even say China was superior in any way. Look outside your racial lens and judge people as individuals please. And if you can't, fuck off.

Re:"Groundless"

So what you're trying to demonstrate is that the Northern Han are overly sensitive assholes? That they tend to play the race card at the drop of a hat?

Re:"Groundless"

[cavreader]

China's investments (ie debt purchasing) create are a bigger risk for China then the US. What are they going to do if the US defaults on their investments? Send dunning notices? Create a global crusade to harm the US financial interests in other countries? This would only cause the US to ban or restrict Chinese imports since China produces nothing the US is not capable of obtaining elsewhere or produce domestically. Sure consumer prices might increase in the short term until other countries like India, Vietnam, Brazil, or any other emerging economies stand up provide their products to the US. On the other hand China would risk losing +30% of their global export market. The vast majority of US debt is held by the US treasury.

Re:"Groundless"

"Northern Han"? lol. Stop pretending, NorthernGoat. it's really embarrassing.

Re:"Groundless"

Your logic is failing you... he was talking about the CULTURE of the Northern Han. It would be like him saying Eastern African American Culture is harsher than Western African Culture. If he said Northern Han were all in bred and genetically messed up, that would be racism.

Calling it racism is an easy way to "win" an argument, but it's also the death of a valid discussion.

Re:"Groundless"

[Bardwick]

I don't accept the premise. The US brings in plenty of tax revenue to cover our bond holders. There is not now, nor was the ever a chance to "default" on treasury notes, just not buying that.. We may not be able to pay the airlines $200,000,000/year to fly into places with low populations, or provide cell phones and broadband internet access for low income families, pay people $10,000 to buy electric cars though... In order to keep the U.S. afloat, we need to borrow almost 10 trillion dollars over the next several years. The interest rates alone, the U.S. will fund the entire Chinese military in the next couple years. That's at the current interest rate. If China says no, where in the hell are we going to get $10,000,000,000 just to function?

Re:"Groundless"

[jimbolauski]

Racism by definition is "Believing that one race is superior to all others". Stereotypes are not racism as they can be negative or positive, they are generalizations made about a group based on encounters with a few. I don't think the English are inferior because they have bad teeth, or Irish because they have fiery tempers and drink allot, or the Italians for being plumbers and jumping on mushrooms.

Re:"Groundless"

[Stargoat]

Shhhh. That's a secret. ;)

Re:"Groundless"

[FhnuZoag]

Racism, n:

The belief that all members of each race possess characteristics or abilities specific to that race, esp. so as to distinguish it as inferior or superior to another race or races

Prejudice, discrimination, or antagonism directed against someone of a different race based on such a belief

Re:"Groundless"

[FhnuZoag]

The claim that 'I am talking culture' is without foundation. How is painting people living in a region the size of Europe, with vast differences from West to East (even in terms of language, Han Chinese speaking the traditional accent from NW China would scarcely be intelligible to NE Chinese), who possess little similarity beside their specifically pointed out racial subtype, a cultural observation? How is talking about 'paranoid' and 'having a screw loose' a cultural observation? Observe that stargoat's first instinct was to jump to anti-Japanese racial slurs. And then, on revelation of my ethnicity, he decided to make 'cultural criticism' of me. In what way is culture distinguished from race here? When it's inescapable through education and upbringing, applied in blanket form along strict ethnic lines, and comes with no attempt to understand the source and context of certain attitudes and behaviours your culture is merely a politically sanitised way of selling the old racism. This the sort of 'cultural criticism' that led to islamophobes to attack a fellow islamophobe because he looked arabic.

Re:"Groundless"

[cavreader]

My opinion rested on several factors: 1. The US has the means to inflict economic penalties if China adopts that strategy. 2. China could disappear tomorrow are there are plenty pf other countries and other sources of ready to pick up the slack to avoid US reprisals. 3. Debt instruments in the US are very attractive and safe investments regardless of the budget/borrowing limits shit storm that just happened. 4. 97% of the US debt is held by the US treasury 5. If the US economy was to falter it would take the world economy down at the same time. 6. Any foreign country trying to tank the US economy would suffer a hell of a lot more than the US. 7. The only way other countries can attack the US economy would be through military actions and the US is more than capable of blunting this option and would most likely end up not only winning the military conflict but also adding other countries resources and money.

Re:"Groundless"

Calling someone out form making general negative comments by saying general positive comments is too common and dangerous.

It is akin to saying 'How dare you say white people enslaved other races. I am white so I know they are the most sincere, hard working, handsome people; so seriously, fuck you and your "cultural understanding"'

Re:"Groundless"

[FhnuZoag]

No, I'm saying xenophobes exist in all races and societies.

Re:"Groundless"

[hesaigo999ca]

You can show them actual proof of someone in china sitting behind a desk and hacking into a system, and they wouuld still deny it, saying all sorts of claims of fraud or whatever. Bottom line is the US as a whole is not recognized as a governing body in china as it might be for the rest of the world. I am not bashing americans, but i do think sometimes they think too highly of themselves, and expect others to just bow down each time they claim something.

Sort of like the big bully of the school yard who tends to think he can take from you because he can, until he falls upon another big bully, then we get to see who truly has better kung fu....no pun intended....ok, well maybe just a little.

Re:"Groundless"

What exactly is racist about cultural understanding?

It is stupidly PC (or even post-modernist) to ignore the way that culture drives decisions. Of course some people do things different than others for difference reasons. And cultural diversity extends beyond food. In fact, it extends to (gasp) culture.

And seeing as how I have an entire family who are from that region, perhaps you'd like to reconsider your statement. Unless I'm self-hating. Oh, that must be it. Please excuse me while I head out to cut my throat. Or maybe you'd like me to commit Harry Carey. Ah 1, Ah 2, Ah 3! Fhnu, you're a Pan Asian buffoon.

This guy is a straight liar, he's some white kid just talking out his ass. Culturally, the US has a nice long history of making of Golem-stories to persecute minorities.

Re:"Groundless"

[Assmasher]

You're confusing ethnicity and race. In the western world, which is how you describe this forum, Han Chinese are considered an ethnic group.

Re:"Groundless"

[Assmasher]

I'm sorry, did you just claim that Northern Han share "little similarity beside their specifically pointed out racial subtype"? - LOL

I'll remember that the next time I'm in China - "Note to self, the Han Chinese in the north are only genetically similar, otherwise they are all different..."

Re:"Groundless"

[timeOday]

We know the soviets cheated in the Olympics (lots of steroids), and if the Chinese were cheating in gymnastics, odds are they were probably cheating in other sports as well.

Darn commie cheaters!

Marion Lois Jones (born October 12, 1975), also known as Marion Jones-Thompson, is a former world champion track and field athlete, and a former professional basketball player for Tulsa Shock in the WNBA. She won five medals at the 2000 Summer Olympics in Sydney, Australia but has since forfeited all medals and prizes dating back to September 2000 after admitting that she took performance-enhancing drugs.[1][2]

Re:"Groundless"

[Nidi62]

I said "Chinese" and "Soviets", as in a systematic problem with cheating. With the Soviets, cheating was shown to be both widespread and sanctioned(if not outright encouraged) by the highest levels of their athletic governing bodies. You mention one person, acting individually. There is a big difference.

Re:"Groundless"

I think you are extrapolating too far. China just spied on what was of it interest to it, and they were extremely interested in the Olympics, so they probably wanted to make sure they had all the information, so they could be in control of the events. Its not necessarily about "attacking" the Olymptics or taking down or retaliating, but simply the acquisition of as all the information they wanted. Information can be power.
China says the attacks are groundless, but it seems that thats just a propaganda line. The evidence that China was involved, as a state actor, not merely Chinese hacktivists trying to advance their perceived national interest., has become very persuasive. I suspect that we are not done finding out the extent of the exfiltration of information and that further evidence will further incriminate.

That says it all

[shoehornjob]

but there is speculation that China may be behind the attacks

OMG ya think? Who else has the ability to put something this massive together?

Re:That says it all

[josephtd]

OMG ya think? Who else has the ability to put something this massive together?

Just off the top of my head.... The US, Russia, the UK, Israel, Germany Not saying they aren't behind it, just that they aren't the only game in town.

Re:That says it all

[Baloroth]

Who else has the ability to put something this massive together?

Judging from Stuxnet, I'd say the US and Israel at least. The Russians, almost certainly. Or hell, considering that they stole mostly industrial information (according to TFA), just about any company. Actually, its probably an underground cracking organization that contracts out to companies to get the information. Maybe funded by China, but it's most likely government independent. Governments rarely operate on that kind of scale illegally, especially against commercial targets. Too much risk of backlash should it be traced back to them. And I would be shocked if such organizations didn't exist.

Re:That says it all

[cyfer2000]

The news of the world and the News Corp?

Re:That says it all

[Alex+Belits]

OMG ya think? Who else has the ability to put something this massive together?

Me?

Re:That says it all

[TheRaven64]

OMG ya think? Who else has the ability to put something this massive together?

Absolutely. China is the only country with more than half a dozen bored and disaffected teenagers.

Re:That says it all

[shoehornjob]

We have pretty good relations with the UK so I assume we would know about something this big. Israel maybe but they have been at the spy game for a while and I think they're slick enough to get in and out without making it obvious. Russia is in the cybercrime business but shouldn't be ruled out. Don't really know anything about stae sponsored hacking in the US or Germany for that matter but I'm sure all of the above are engaged in state sponsored hacking but China (if it is them) appears to be the most blatent.

Re:That says it all

[shoehornjob]

LMAO classic.

No one ever got fired for buying IBM

[rbrausse]

as the old saying claims.

today it's more like "No one ever got fired for blaming China" - it may be possible (even likely to some extent), but those rumours and speculations are IMO mostly based on political bias/reasons.

Re:No one ever got fired for buying IBM

[synapse7]

From the article it sounds like pure speculation with Russia tossed in for good measure. What I want to know is, were these McAfee clients, else how did they discover these intrusions in so many different networks.

Re:No one ever got fired for buying IBM

[couchslug]

The Chinese and US both have huge governments who can and do exploit each other as "threats" so they can excuse the expenditure of even more money. Follow the money.

Never mind that the US has no rational military interest in Asia, we must FEAR the EVIL CHICOMS and spend sweet billions to defend our useless client states (so they can save on military budgets and spend the diff on economic competition WITH THE US).

Lulzsec or Anonymous?

When the IMF was hacked, China was blamed. Later it was found out that IMF was hacked by Lulzsec and Anonymous.

Maybe

For one, why do the security companies and media insist on making this a state sponsored problem; especially when most hacks have been private organizations such as Anonymous over the last few years?

McAfee said it did not know what was happening to the stolen data, but it could be used to improve existing products or help beat a competitor, representing a major economic threat.

This is why some folks are saying it's "China". If the Chinese can't con a western company to move manufacturing into the country with their subsequent technology under the guise of "saving money on labor", maybe the Chinese, or most likely just Chinese companies, are just stealing the technology via these hacks.

Has anyone alerted Scotland Yard?

[ShaunC]

Quick, arrest a bunch of English teenagers and everything will be just fine!

Fluff piece

Frankly, this "news release" says nothing, links to no concrete evidence, and makes wild speculations about "China the bogeyman".
Nothing to see here at all - move along.

Rosetta Stone Chinese, anyone?

[kundi]

Let's "suppose" this IS China's hacking handy work. This is happening in conjunction with a whole host of other subtle acts that would lead one to think China is engaging in the most contemporary war this planet's ever seen (AND IT'S WORKING!!!) Really, why invade a country on foot and turn things into a blood bath when you can slowly choke everyone out (i.e., virtual occupation!) using subtle and not so subtle tactics of financial squeezes, cheap labor practices with horrendous humanitarian violations that STILL manages to draw US dependency on Chinese mfg. industry, social engineering and high tech information stealing? Got a give 'em credit, they are outsmarting everyone, and in this race, they are just fine taking on the persona of the "turtle" - unsurprisingly Zen of them - and we all know know who wins. Tell me China isn't engaging in an undeclared war with the US first and foremost as well as every other 1st world nation - who knows - maybe it's every nation! By the way, the other morning news where China reduced US credit rating from an A+ to an A...remember, "slow and steady wins the race". Rosetta Stone Chinese anyone?

Re:Rosetta Stone Chinese, anyone?

[Culture20]

Really, why invade a country on foot and turn things into a blood bath when you can slowly choke everyone out (i.e., virtual occupation!)

If you think Chinese Second Life Flying Penises (SLFP) can beat out American SLFP, you've got another think coming.

Re:Rosetta Stone Chinese, anyone?

[memyselfandeye]

Every comrade knows, Soviet Russian SLFP are bigger than American SLFP. Soviet Russian SLFP are biggest SLFP! Sing to the Motherland home of the FREE!

Re:Rosetta Stone Chinese, anyone?

[subreality]

China isn't engaging in an undeclared war. War is when you use enforce your political policy through violence.

China, more than any other nation, knows how to play the long game. They've been very carefully avoiding violence, instead making long-term strategic maneuvers. They don't need war; in fact, they're playing by our own rules: they're using (and perhaps abusing, but that's not "war") the free market to compete us right into the ground.

Re:Rosetta Stone Chinese, anyone?

[kundi]

I guess we could entertain "what is the intent behind the "non-violent" acts"? Ohhhhhh, I know... maybe they're just routing around for info that will lead them to a few hints on what they should get the United States for it's 236th birthday! I bet they're coming to the conclusion that they'll be sending every US citizen Rosetta Stone Chinese!

Re:Rosetta Stone Chinese, anyone?

[subreality]

The intent is to make China the world's number 1 superpower without starting a war.

I just object to diluting the term 'war' when what they're doing is something considerably more subtle.

Re:Rosetta Stone Chinese, anyone?

[kundi]

Point taken, when you made your first point. And actually, you are making a really important distinction b/c as it isn't technically war at all! Yet, we sure don't seem to be giving it near the attention it should be demanding! However, the attention that is does seemingly deserve goes a lot farther back than noticing it 3 or 5 years ago. It has a lot, if not everything, to do with our crumbling infrastructure and severely waning education system in the last 20 (?) years. The subtly of them just playing to their strengths (discipline, finances in order, etc.) and highlighting weaknesses (no really support or encouragement for bolstering our education system, financially out of order, attitudes of entitlement. It's all "gimmee, gimmee, gimmee", rather than get up off your tushie and figure out that you start somewhere by doing SOMETHING rather than sitting on the couch watching reality TV ad nauseam. Pardon the digression...err sidebar rant. As far as the TV remark, I am allowed to say such in that as I don't subscribe to cable TV - haven't for a loooooooong time - and yes I can afford it. Anyway, let's face it they didn't start all the "subtly" just last month or even last year. The solutions is anything, but a single answer/approach. Hmmm, I do wonder who, if anyone out there in our government is paying attention and taking it seriously. I'll leave it at that...geez I am starting to depress myself with where the different threads of thought from this lead... Cheers!

Re:Rosetta Stone Chinese, anyone?

[subreality]

Oh, I know this isn't a recent thing. As I said, China knows how to play the long game.

Global network; local governments

The core problem with any story like this is that we have nation-states at all. What point do they serve in a globally connected economy/culture?

City-states make a lot more sense: they are tied to the local economy, ecology, and culture. Having giant nations has no redeeming quality except to protect each other from other gigantic nations.

Maybe when we move to new forms of governance, we can simultaneously break our archaic dependence on this ridiculously primitive form of social organization.

Re:Global network; local governments

[cavreader]

So instead of a relatively small number of nation states, which can hardly agree on whether the world is round or flat you advocate creating 1000's of little "states" and think things would be better? If you want a look at the results of that approach just look at all the tribal divisions in the middle east and see how smoothly they work together. The only time they show the slightest hint of cooperation is when they are denouncing Israel and the US. Other than that all they do is concentrate on killing each other for sport.

NEWS FLASH!

[nimbius]

major security company with international government and defense contracts has recently detected an enormous cyber attack!
the attacks is from China, because the chinese manufacture our televisions and appliances and therefore are most identifiable in the minds
of american senators congressmen and those who sign perpetual service contracts and license agreements.

action is to be immediately taken in the form of Visa, Mastercard, American Express, Purchase Order, or your local security company
sales team immediately! for only then can you rest assured the evil attacks of cyber will abate.

additional: malfunctions in your television, home computer, blender, and dishwasher should immediately and unquestionably be attributed to
this latest cyber attack.

Re:NEWS FLASH!

[genner]

major security company with international government and defense contracts has recently detected an enormous cyber attack! the attacks is from China, because the chinese manufacture our televisions and appliances and therefore are most identifiable in the minds of american senators congressmen and those who sign perpetual service contracts and license agreements. action is to be immediately taken in the form of Visa, Mastercard, American Express, Purchase Order, or your local security company sales team immediately! for only then can you rest assured the evil attacks of cyber will abate. additional: malfunctions in your television, home computer, blender, and dishwasher should immediately and unquestionably be attributed to this latest cyber attack.

All those things are made in....gasp........China!,

Assuming It Is China

[cosm]

Assume it is China. Why is it that when transnational attacks occur on a scale this large against our nations infrastructure, financial sectors, and defense systems the politicians shrug it off or turn a blind eye, but when citizen schmoe downloads some files or leaks some dox the entire system goes full assault on their asses with ICE raids, take down notices, special committees on intellectual property, etc. etc.

If they were concerned about national security, they would denounce the culprit (they know what country they're coming from), and work on hardening security. But it is not about national security. It is about corporate security and defending the status quo. That is why the US seeks to extradite file sharers, hell, link sharers, from other countries, but when massive ddos attacks are directed at us by governments that we trade with, nothing is generally done.

Oh, and this entire rant uses the word cyber once; in this sentence.

Re:Assuming It Is China

Picking on an individual or picking on a nation that is coming to rival your own? I don't know about you, but if I was the government I would pick a battle I knew I could win. Or at the very least, doesn't have the potential to lead to World War III.

Re:Assuming It Is China

[Registered+Coward+v2]

Assume it is China. Why is it that when transnational attacks occur on a scale this large against our nations infrastructure, financial sectors, and defense systems the politicians shrug it off or turn a blind eye, but when citizen schmoe downloads some files or leaks some dox the entire system goes full assault on their asses with ICE raids, take down notices, special committees on intellectual property, etc. etc.

Simple - Citizen Schmoe doesn't control minerals, oil, access to SLOCs, etc that you need - so you play the diplomacy game since both sides don't really want to alienate the other; they just want an upper hand. OTOH, you have nothing to lose by smacking Citizen Schmoe to deter others so they don't drain resources while you play the diplomacy game.

Remember - today's enemy may be tomorrow's friend, because countries have permanent interests, not permanent friends or enemies.

If they were concerned about national security, they would denounce the culprit (they know what country they're coming from), and work on hardening security. But it is not about national security. It is about corporate security and defending the status quo. That is why the US seeks to extradite file sharers, hell, link sharers, from other countries, but when massive ddos attacks are directed at us by governments that we trade with, nothing is generally done.

Denouncing does nothing but cause a public fight. Instead, you harden your networks and work behind the scenes to let them know you are pissed off. In addition, watching what they do gains insights into hat the are doing and want; as well as the opportunity to plant information as well. Or, why not let them give you to add selected payloads as part of the info they d/l to make it easier to tap their systems? Plus, if they think their current tools are effective they may not try to develop better ones. If you let your enemy think they are smarter than they are and you are dumber than you really are you can win a lot of battles or make a whole lot of money.

Re:Assuming It Is China

[cosm]

I just don't believe our government is competent enough to undertake the actions in your last paragraph.

Re:Assuming It Is China

[cosm]

An easier fight, perhaps, but turning on your citizens doesn't help the longevity of the regime either.

Re:Assuming It Is China

[sl3xd]

There are more than enough competent federal employees. Don't make the mistake of assuming the lunacy of the generals also applies to the troops in the trenches.

Re:Assuming It Is China

[bgt421]

If they were concerned about national security, they would denounce the culprit (they know what country they're coming from), and work on hardening security.

In most cases, we can't tell where traffic comes from. Between botnets, Tor, and other proxies, the best we can do is say "it looks like the attacks are coming from IP addresses from Karblockistan." Attack attribution is difficult, if not impossible. Hypothetically, I can attack your network and make it look like it came from anywhere in the world. If I want to be extra convincing, I'll use Chinese language tools so that you suspect the Chinese. An attack from Chinese IP's doesn't mean the PRC had anything to do with it.

As for the rest of your comment, have you not seen the flood of news articles on how DoD et al. are trying to hire security experts in droves? Besides, information security is a lot harder than putting bars on the windows. In many cases, you cannot know where you are vulnerable in the software (and hardware!) until after a breach, and in some of the more prominent attacks, the method was spear-phishing -- social engineering. You can't patch (or harden) stupid. Security is, always has been, and always will be a non-trivial problem.

Re:Assuming It Is China

[sp3d2orbit]

If politicians are all about "corporate security" and a large number of "corporations" got attacked then wouldn't the politicians be making a big stink?

Never assign to malice what can be attributed to stupidity.

Re:Assuming It Is China

[cosm]

Touche.

Re:Assuming It Is China

[aaronpeacock]

a light bulb turns on. the smell of fresh air. thank you. succinct

Duh!

[muckracer]

It was 'Al Quaida'....obviously!

Re:Duh!

[muckracer]

The /bin/nedal rootkit binary gave it away. AQ thought, by misspelling the name nobody would notice but Ha!...security through obscurity just never works!

What was the plan?

[biodata]

Do they think China wanted to change the results of the Olympics or something?

Brute Force Attacks from IPs in China

[Mysticeti]

I get several emails a day alerting me to the fact that yet another IP address has been banned for brute force attacking a server I have on the internet. For a while I tried to track down where these attacks were coming from and I was amazed at both the diversity of countries of origin and also the sheer number coming from China.

Now just because the attack is coming from an IP address in China doesn't mean all that much. It would be a stretch to conclude the attacks are state sponsored. But I find it odd that for a country with such authoritarian control over 'net usage somebody somewhere in their government isn't either aware of this. I tend to think that if they're not supporting they're at least sanctioning the attacks.

I fully admit that this is anecdotal at best and would love to hear from others who have servers on the 'net that have kept more detailed records.

Re:Brute Force Attacks from IPs in China

[The+O+Rly+Factor]

Like everyone else who has ever run any sort of public facing sever in the last 10 years, I also get a disproportionate number of scripted brute force attacks that come from China. From what I understand, it's almost considered a hobby over there. Mr. Joe Citizen works for big-state-sponsored-foreign-run-computer-company, and at the end of the day before he leaves he sets his desktop computer to nmap and brute force as many addresses as possible all night. What they do when they finally get one, well...I'm not really sure, never had one get through. 99.99% of the attacks are generic brute force attacks that use generic usernames that no sane sysadmin would ever allow on their system anyway (admin, ftp, phpmyadmin, faculty, staff, etc.), and most of the scripts they use are almost always run with their default configuration, so basic security precautions stop them cold.

Re:Brute Force Attacks from IPs in China

[mlts]

An attack coming from an IP address in China doesn't mean much to me -- It gets blocked and life goes on.

It could be a botnet client, or it could even be someone who compromised a machine just to make things look like it was an overt Chinese attack. If Elbonia hackers were probing a target, why not use Latveria's machines so the probes appear to be coming from there?

Regardless where the attack comes from, unlike most theaters of wars where the best defense is a good offense, the best defense on this front are solid security guidelines (defense in depth, separation of privs, user security, dedicated backbones for critical traffic, etc.)

Re:Brute Force Attacks from IPs in China

Our mail server was being attacked by dozens of different countries, or bounced through Chinese servers (very likely), before we switched mail servers we were able to monitor current connection attempts. They are often looking for unpatched mail servers, as our old server did not have the rejection abilities our new one does. We simply just blocked blocks of IP addresses of each country we didn't want to connect to our mail server and reduced a great load on our server. As one article states, "An attack that appears to come from a Chinese server could as easily have been started by a 16 year-old in Kansas if that Chinese server were already compromised and used to relay the attack. Getting a Chinese server's logs to be able to trace back the next step of relays is probably not that easy. You can't just assume the attack came from where it appears to originate."

This is something that needs to be considered so paranoia doesn't set in thinking that a country is attacking the U.S. bringing a defensive standpoint from China. This could be quite unnecessary and cause problems itself, just as the media is openly accusing China of... To combat this though, China could and should bring an open and honest technical informative explanation of how and why bouncing servers and botnets are allowed to exist. Thanks to Windows, infecting a computer is not difficult... Here are some stats showing the massive numbers of botnet IP's in China: http://botnet-tracker.blogspot.com/2011/07/botnet-statistics-2011-07-23.html Perhaps some day politicians will be technically knowledgeable enough to explain these things to the media who also doesn't understand and misreports things like virus attacks and other such things.

If a company doesn't want their sensitive data stolen, they just have to go back to the old fashioned way of not connecting their machines to the public internet... If a connection is needed, it should be done securely for a very small amount of time to upload or download. This is called a Demilitarized Zone. Its just that people who set up these networks in the first place don't know what they are doing which is what the common public hacking groups are exposing.

Its the cost of the redesign of the systems that companies don't want to invest in. There has to be money made by the company to justify the cost. Often the greatest problems come from creating systems that make things seemingly more convenient for those who are in the nearest proximity.

Re:Brute Force Attacks from IPs in China

We've gotten into the habit of outright blocking anything originating from China due to similar report findings on connections to our servers.

Re:Brute Force Attacks from IPs in China

If you put up a web page on your host that contains material banned in China, will the Great Firewall of China block all other attacks?

Other news

I also heard that Chinese people eat US-ian children for lunch!

Yea that sounds like Mcaffee

[Osgeld]

To tell you shit after it doesn't matter and wont do anything about it anyway

"Attack" vs. "Peek" Article Language

[retroworks]

I read the NYT version of the article. I seems like we need more vocabulary to define "attack" vs. "tresspass" vs. "spying" vs. "wikileaking". The UN should by all rights be FOIA (Freedom of Information Act) accessible, providing this information to everyone. For five years, someone peeked through agency files. I wouldn't expect anything I sent to the UN to remain a secret.

Re:"Attack" vs. "Peek" Article Language

[ironjaw33]

I read the NYT version of the article. I seems like we need more vocabulary to define "attack" vs. "tresspass" vs. "spying" vs. "wikileaking". The UN should by all rights be FOIA (Freedom of Information Act) accessible, providing this information to everyone. For five years, someone peeked through agency files. I wouldn't expect anything I sent to the UN to remain a secret.

From what I read in both articles, I wasn't able to gain an understanding as to what actually happened. The word "attack" in the online context is meaningless. Too many people try to apply physical world characteristics and descriptors to the internet when many of these carry over terms aren't appropriate. The vocabulary issue also demonstrates that many of those in power really don't understand the problem.

Re:"Attack" vs. "Peek" Article Language

and (an)other UN organization had to send their data to the UN in Geneva for 'safe backup storage'

'cause it is much safer ;-) than in-house.

dear china/lulzsec/whoever..

[EvilStein]

if you're going to wipe something off the internet, take out something that's just bad for the whole internet as it is: SORBS. Please obliterate them once and for all.

Re:dear china/lulzsec/whoever..

I agree.

one of my customers cannot send emails to a supplier because of SORBS, they even paid the ridiculous extortion, not removed.

SORBS is a gigantic scam and the supplier should feel bad for even using them.

"Groundless" = "You have no Proof"... but not...

[divisionbyzero]

"We didn't do it."

time to get out of mom's basement and get a tan

It could well be the Chinese who knows.
But instead of focusing on good science, it is so much easier to troll the internet after another all-nighter playing MMO.
Nothing personal but all that pink skin might be getting to your head.

This is Official Chinese Policy

[sp3d2orbit]

This is part of China's asymmetric warfare strategy laid out in this document over ten years ago:

Unrestricted Warfare
by Qiao Liang and Wang Xiangsui

http://cryptome.org/cuw01.htm

Read through the document. China is at war with the US because the Chinese Politburo knows that the only way they can hold on to power in the long run is to crush all viable alternative economic systems. The accumulation of US debt, the hacking of US and Western systems, and the ongoing Charm Offensive are all designed to put the US and the West in a position where we are forced into the Chinese model.

Most likely, politicians don't say anything because they are simply too scared. I'm sure China has dirt on many of our leaders. This is why we have not pressed China on WTO issues such as undervaluing the Chinese currency and the rare earth mineral export ban -- both of which are illegal under the treaties China signed in 2001.

Re:This is Official Chinese Policy

[FhnuZoag]

That's not a secret strategy document, that's a popularly published book on military strategy by a couple of mid-ranking PLA officers. An odd choice for a secret masterplan.

Re:This is Official Chinese Policy

[sp3d2orbit]

I never said it was secret. This brings me to a second point. China actively pays individuals to post on forums like this:

http://articles.cnn.com/2010-03-26/tech/china.astroturf_1_bloggers-china-government?_s=PM:TECH

Looking through your posts clearly shows you are a pro-Chinese anti-American poster with comments such as:

"No, it's because the US is a democracy, and many Americans are
fucking stupid"
"Maybe we can get the Chinese to put this thing up"
"So, uh, murder is okay now because the US government exists"

Then again, perhaps you are not a penny blogger and are simply a racist.

Re:This is Official Chinese Policy

[FhnuZoag]

Um, the third statement is in defense of the US government re: people saying that wikileaks has no responsibility with respect to endangering people's lives because OMG the US military sometimes gets people killed in Afghanistan. The second statement is pointing out the irony of the US cutting critical NASA projects whilst simultaneously cutting collaboration with China in the space, noting that the latter exacerbates the damage of the former. The first statement is a counter to people blaming US politicians for failures to enact healthcare reform, when as a democracy, the problem is due to the stupidity and ignorance of the electorate in consistently voting for anti-healthcare politicians. This is racist how?

But enjoy your paranoia. The Unrestricted Warfare book is not a strategy document, it's not official Chinese government strategy. It's a popular book published in bookstores including the US, like Sun Tzu or Machiavelli's Prince. You can't read it and go 'oh China is at war with America', as if you've found your protocols of elders of zion.

Re:This is Official Chinese Policy

[FhnuZoag]

I wish I *was* paid for this though.

Pictures or it didn't happen

[synapse7]

Anybody care to wager how McAfee knows about intrusions into so many different networks? Anonymous/lulzsec provide proof of hacks, how do we know this isn't a hoax.

I laughed when I read how they did it.

[satuon]

Every time I hear about the 'nefarious' and 'dangerous' cyberattacks coming from China, it always turns out that they involve sending emails probably saying 'look at nude photo - http://www.youtube.com.cn/video.exe'. If the Chinese are so dangerous, why can't they make something more technically challenging like Stuxnet? They might have the quantity, but their methods show something about the quality of their hackers - it's Chinese quality.

Re:I laughed when I read how they did it.

[synapse7]

This propaganda is all over the net now.

McAfee and Symantec

I wish they were both dead already so that some of the precious bandwidth could be put to productive use.

China and not China

I believe the Chinese government is allowing and encouraging this. However, when I lived in China about 8 years ago I had the chance to capture packets in the wild at a Chinese University. I was just curious what was going on out there.

The overwhelming amount originated from automatic bots, on unsecured copies of windows, and never once did I see anywhere in China anti-virus software. Imagine a country where computer viruses are allowed to propagate unchecked for say 15 years?

Every computer I turned on in China had a virus. Some of them were very old. I caught a few on my thumb drive where I was teaching and dissected them. Some of the code was over 5 years old when I found it, and it was obvious it had been modified repeatedly.

Anyone that wants to know what China is up to, should read this white paper on unrestricted warefare written by two chinese colonals in 1999.
http://cryptome.org/cuw.htm

IPv4 - ARIN

When I was working back in the day with megapops, I would see from midnight PST to 3AM PST, thousands of attacks per second on our networks coming from China, Russia and the Netherlands. Therefore, using the IPv4 network ARIN map, for some downstream providers we blocked at our edge routers every external IP network other than the US continental IP blocks. Our network traffic reduced by 90% and only two customers complained from France who wanted something. SPAM went from 95% to 1%.

Since China blocks trade exports from the US in as much as we allow China imports (Wally World) - we should reciprocate. China Blocks Google from within, we should reciprocate and block all China Internet traffic and don't worry about the workarounds. I am sure they have enough of satellite connected back hauls from within the US bouncing from satellite to satellite on some unknown carrier to evade most blocking. They might as well continue to under the table pay Level 3.

Welcome to the new world of IP address blocking lists. This is not censorship, it is our US Freedom to block unwanted peeping toms on our intellectual property.

China's public image

[Synerg1y]

What it comes down to is who held the last smoking gun, China got caught once or twice, didn't defend itself too well, and now everybody can just assume it's them. IMHO it probably is, they seem to have their IT down better than the rest of the world including the US, I mean they censored like 1/3 of the world's population from the internet and are seemingly keeping on top of their filters.

What China has to realize though is how long standing public image is, and how much it will mess with them in the future. They are slowly creating spite against themselves, but... they are just following in US footsteps, everybody already hates us, and non-conspiracy based 9/11 wouldn't have happened if it wasn't for our public image, and a decade later we're still at war.