Slashdot Mirror
China's 5-Year Cyberwar Met With Western Silence
jfruhlinger writes "McAfee yesterday outlined what it calls Operation Shady RAT, a five-year campaign of cyberespionage launched by a national government against international organizations and private corporations. That government was almost certainly China's, so the question becomes: why are the Western nations silent about it? One fact revealed by the raids is that, predictions of cyberpunk novels nonwithstanding, private companies are still quite weak in the face of national governments — and it's those national governments that must act against such intrusions."
It's just not in their interest to fight.
Given the recent anonymous/lulzsec/anti-sec hacking/ddos campaigns, I think it's become pretty obvious that it doesn't take a lot of man-power or resources to cause chaos. If companies and governments can't defend against a small group of teenage hackers they certainly don't have any chance of stopping a government with an army of hackers.
Just who exactly bought the majority of the U.S. national debt? Likewise for some European countries.
They're like fire extinguisher salesman who rave about the dangers of fire. They sell FUD. There's I'm sure some truth to this, but let's not accept whole the idea that what's good for McAfee is good for the nation.
LulzSec / Variants copy some email addresses - GET TEH TERRORISTS!!!
China wages a 5 year espionage capaign against multiple targets:
((Crickets))
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Nothing to see here, move along, go back to eating cheetos and watching your soap-operas...
is that a camera you are pointing my way? step here please, turn that off, you are charged
with obstructing justice...
Honest, boss, I wasn't on goat.sx it was a one-armed Chinese man with an eye-patch!
Denial ain't just a river in Egypt, gang.
Who did what now?
Because, financially, China has the West (especially the US) by the balls and everybody knows it. "If you're unhappy about our alleged cyberespionage, then you'll be even more unhappy when we buy fewer bonds or make fewer investments in your country."
I'll tell you why: they are all wholly-owned subsidiaries of China.
"I'm just here to regulate funkiness."
It's just not in their interest to fight.
Yes. They are businessmen, not soldiers. They don't want to fight it out. They have other ways to be part of the carnage. They want to be like the international bankers. Whenever there is a conflict in the world, you finance both sides. No matter who loses, you win! Then you start liking war since you don't see the mangled dead bodies and widows and destruction. You see the dollar signs! Cha-ching! Woohoo! Let's go invade sovereign nations for no good reason, uh for the flag, for God, for applie pie, whatever excuse you need, c'mon let's GO.
The saying is true. We will finally have world peace once the last lawyer is strangled with the entrails of the last banker. The very worst bankers of all are the ones who can print currency. Oh sorry you thought that was the government doing that? Hah-hah! That was co-opted a long time ago. Now it's a private corporation and guess what, you don't own shares in it.
Now it's cyber-this and cyber-that. The practice is the same. "Cyber" war just means less "collateral damage". Maybe somebody's favorite web site won't load up. That's better than someone's relatives not coming home. Long as the money flows those things won't matter either way, not to the profiteers. Yay for technology.
Anyone else dream of a world that isn't full of corrupt, self-centered, self-serving, fevered ego bastards who fuck it up for everyone else with their insatiable appetites for money and power and all the useful idiots who are brainwashed into going along with them? The fevered egos leading the charge are a tiny minority. The useful idiots are a large majority. It's really hard to find people who don't fit into one of those, or are not aspiring to be one of those.
National governments send in non-technical spokespeople from their security agencies to talk to company IT departments, giving general ominous warnings along with cryptic and non-specific hints ... essentially the same things you would see on the evening news. Then the IT people go back to their desks and see that in the elapsed hour a new batch of tickets has arrived about failed servers, a meeting invite to discss the state of an overdue project and a voicemail from a manager suggesting a better shade of orange for the spreadsheets to be coded in.
Come on now. IF the West has been secretly attacked, why would it/we launch a PUBLIC attack in retaliation. I'd be inclined to believe that there are constant "cyber attacks" in both directions. I'd say you'd be a fool not to believe that there is retaliation of some sort, after stuxnet.
Most ignorance is vincible ignorance. We don't know because we don't want to know. --Aldous Huxley
so if someone in the US where to hack china what will happen?
Or is the west saying it's a free for all?
Because their Chinese bankers are the only ones left to fund the handouts necessary for preventing the local populace from building an excessive number of guillotines.
China is the largest holder of U.S. public debt http://en.wikipedia.org/wiki/United_States_public_debt and we don't want to publicly shame them, so we keep quiet and fight them in private. It harms our interests, but gives us something to do in the form of developing hardened software and infrastructure (which China can then steal later).
Nobody will start a fight with China, at least while they manufacture Apple products, how would the west cope without iPads etc?
As if by clockwork the daily anti-china propoganda piece shows up.
Retaliation doesn't even have to be in the form of a cyber attack. You can have the embassy in Beijing send over a note saying basically "hey, we know you're doing this, you need to stop." It can take the form of a little extra military aid to Taiwan, or encouraging some companies to switch to Taiwanese suppliers for the next contract. Maybe we just have a few extra ships stop by Taiwan for liberty, or have a large exercise in the area. Maybe a few extra flights right outside Chinese territory. Remember, in the international arena, you don't always respond tit for tat, or even immediately. Retaliation can come weeks or months later, and it can be in a form dissimilar from the original injury. So, just because we aren't talking publicly, doesn't mean we aren't responding, and they don't know we are responding.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Maybe western nations are silent about it because it isn't actually important yet.
I mean let's face it, until command and control systems start getting fucked up, who cares?
It's not like robots that walk and talk (or fly and launch hellfire missles), are being hijacked and turned into political assassins. We aren't getting hit with power outages and downed water treatment facilities. (the 2003 american northeast blackout was aging hardware malfunctions)
The Toyota recall, due to weird accelerations still stinks to me, but that's the only thing that has yet raised warning bells in my mind.
Everything else it just so much paper. Until someone hacks a communications satellite, and brings it down on my head, or launches a nuke, it's not a *PROBABLY* serious problem.
That's not saying things won't change. And given the inherent stupidity of mobs of people, it very well may change for the worse.
Let's hope it doesn't.
Really, who would cry foul when we are doing the exact same thing? Sure, our companies may be upset, but there is little chance any Federal agencies will lend real support when we are actively pursuing intelligence and assisting with cyber-attacks. Does anyone really believe that the Israelis managed the sophisticated Stuxnet attack on the Iranian uranium enrichment centrifuges all by themselves? The cold war is not dead, it just went cyber, and the list of hostiles grew exponentially.
In Command and Conquer: Generals, you just nuke them. They'll be sitting in a field with a laptop.
I used to work at a fairly large mid-western university and my experience was the Chinese government was sponsoring kids who came to the US to learn how to hack. I was responsible for network security for the engineering and CS building's network and saw many attempts at hacking by Chinese students within the network and directed outward to the Internet. No one in the university was interested in taking action against these students when incontrovertible evidence was collected and offered. Faculty were defending the hackers and administration largely supported faculty so there were no sanctions. I don't know if these students were directed to this behavior but there was certainly a culture which was pervasive among these Chinese students that you did not see among other groups of international students from places like India, Pakistan, Nepal, the Mideast, the former Soviet republics and/or eastern Europe.
so if someone in the US where to hack china what will happen?
I suppose that depends were in china they hack. Their probably not going to hack Chinese government wear there going to notice. That was harder to right than it is for you all to reed.
Given the interdependency of everyone, I fail to see the international cabal of bankers rooting for war. Anyone you want to identify?
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
We have information crimes punishable by 16 years in prison. And now we're having information "wars."
The Internet is the Wild West. If you don't like it, create a physically secure regimented network and don't let unregistered bad people onto it. Stop with the "war" rhetoric.
Think for half a second. Who would want a cyberwar and who would benefit from one? Now ask yourself: Who would end up doing the dying when the cyberwar turned ugly?
This is just a variant of the nonsense that the RIAA is trying to pull. People with money want to capitalize and control the internet, and violence, and the threat of violence (the killing and imprisoning kind) are the traditional means of imposing control.
Don't buy into the bullshit. "Information war" can become just another synonym for the restriction of free speech.
OK, Western governments (and corporations) know damn well China is conducting cyber-attacks. Suppose Secretary of State Clinton goes to the Chinese and makes a formal accusation, what do they do? Deny it, of course, complain about how the West is oppressing them, threaten to do various nasty things.
OK, suppose she brings irrefutable proof that the attacks originate from China? Well, they deny some more and complain some more, but maybe they get pinned down. Now they blame some "rogue elements", execute a few random people they wanted to execute anyway, and continue doing what they've been doing.
Suppose she brings and demonstrates proof it originates within a certain department of the Chinese Government itself? Again, same reaction: denial, rhetorical counterattacks, and maybe execution of a few scapegoats.
To who's benefit is any of this? They aren't going to stop. Nobody is going to think any better of the United States or worse of China if the accusation is made. It's just a waste of diplomatic effort.
BTW, I'm pretty sure that despite was implied in the rest of the article, Google is still not censoring search results in China.
Let's not for a second think that this is a one-way street. If one nation is at it, you can bet that pretty much everyone else is, too (just like torture). That it's done under the radar and with no public acknowledgement just tells us that it falls under the category of black-ops, rather than ordinary warfare.
And unlike ordinary warfare, where it's pretty obvious who's shooting at you, in cyberwar I doubt that it's possible to tell who are your friends, or even if the concept of allies actually exists. It's not about ideology it's about sticking the boot in to anyone who appears to be getting the upper hand.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
The only source that suggests this is McAfee, and even they called it "speculations...maybe". Symantec even proposed that "There has been some discussion of this being a government-sponsored attack. However, the finger can’t be pointed at any particular government. Not only are the victims located in various places around the globe, so too are the servers involved in these attacks" There's too strong an unsupported accusation here.
I found it rather astonishing while watching CNN a week or so back to hear them reporting that the DoD was indicating the U.S. had been subject to a large-scale hacking attack by a sovereign state, but -they weren't releasing which one it was-.
I couldn't help thinking about this stance as it would be applied to, say, Pearl Harbor. "Yes, the United States is under attack. No, you as an American citizen and taxpayer aren't entitled to know who is attacking you, from your own defense agencies. We're prioritizing the interests of Said Foreign Power, including any right-to-know you may feel you have, ahead of our citizenry."
This is an incredible stance to take, and the fact it was a "cyber-attack" seems be pretty irrelevant to the basic questions regarding representative government this raises. Yet, CNN doesn't even blink an eye flatly reporting this without noting any objection.
Strange Days.
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
Without these hostile actions, we'd never harden our defenses. We'd never worry about XSS or SQL injections.
I was shocked the first time I looked at the http logs of a "real site" It just amazed me. So now, even if I am going throw-away work on a hobby site, I am sure to guard against these attacks. And everything is better.
Better to know the hackers are out there, rather than assume they don't exist. It makes the threat credible and real and that leads to improvements.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
"open it's door"? Way to fail at a grammar nazi post there. http://www.angryflower.com/aposter3.jpg
________
Entranced by anime since late summer 2001 and loving it ^_^
The West doesn't need to respond. The Chinese political system is built on a failed premise and will collapse eventually. The only thing that will come out of a US / China shouting match is the incentive the Chinese leadership needs to stay in power.
If you were to think of where is the best place to stage an attack from, it would probably be China. That doesn't mean that you are Chinese.
In addition to blocking unwanted open ports to the world, have just about all of China's IPs in my ipfilter, denying them access to anything but HTTP (they might want to read my blogs...right?). Also the other countries called out by http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/ are likewise blocked. Yeah, that's about 10K IP blocks in the filter, but it seems to run just fine, and I end up with only sporadic and apparently random (or maybe successful) failures in my auth files.
Not that I want anyone to see this as any kind of challenge...I'm sure someone is spending more time to access and zombie my machines than I'm spending to try to cut them off!
End the FUD
I'll leave it to my tech betters to do the chops on things like Chinese ip addresses vs proxies vs Chinese Govt involvement. To get the kids from Lulzsec we called four countries worth of law officials and picked up the ... likely ... middleman.
If the Chinese Government spent *five years* attacking targets, I think we'd notice - now reporting it is something else again, and there are Onion Layers of partially correct news here, but to play the "no evidence" card is a little thin - after McAfee put themselves on the line saying it was. If that was a total lie don't you think McAfee would be pulverized for it?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
around the country to stop hackers getting in
The answer is quite simple: It's because China is a huge market, and Western companies want to be there much more than they mind being attacked.
I can give you a perfect example of this. I have a buddy who is an engineer with a major auto manufacturer. A few years ago, he was telling me how the Chinese car companies are blatantly ripping off the designs of other companies. He even said that GM found that Cherry Motors was doing such a good job of it that their parts were identical to and interchangeable with Chevy parts. Still, the big car manufacturers were lining up to enter into partnerships with their Chinese counterparts. I asked him why they would do this, knowing full well that their designs would be ripped off. He said that, yes, they knew this would happen, but the Chinese market was so big that they felt they could still make money there, and besides, the Chinese companies were going to rip off their designs whether they were partners or not, so they might as well form partnerships and at least make some money.
For a nice visual, try
http://www.mint.com/blog/trends/china-vs-united-states-a-visual-comparison/
As you can see, China is bigger with manufacturing, US is bigger with services; China doesn't have the debt, or the excesses in the stock market. China has cash, and gold reserves. China doesn't have external debt. China exports more than it imports.
About the ONLY metric that China falls behind in is GDP -- which, from the other indicators is simply being propped up by... China.
(Oh, and the US has more energy reserves).
Have fun with the easy graphics. The GP was right -- China pretty much owns the US.
Just another "Cubible(sic) Joe" 2 17 3061
The people will.
"One fact revealed by the raids is that, predictions of cyberpunk novels nonwithstanding, private companies are still quite weak in the face of national governments — and it's those national governments that must act against such intrusions"
Maybe I'm reading this wrong... but is the summary seriously suggesting that the government must take responsibility for network security for private companies?
...but to play the "no evidence" card is a little thin - after McAfee put themselves on the line saying it was. If that was a total lie don't you think McAfee would be pulverized for it?
Except for the fact that the McAfee report doesn't say it was -- everyone REPORTING on the report says it was. McAfee just says there are some possible Chinese connections (there are likely some possible Russian connections and Romanian connections too; this is points of operation, not places where we've outed ringleaders).
There's a reason McAfee didn't say it was the Chinese government -- that's because they don't have proof it was the Chinese government -- just as they don't have proof it was the US government, NATO, the UN, Iran, and North Korea. McAfee *would* likely be pulverized for blatantly blaming the Chinese government -- although with the publicity they'd get, they'd probably weather the pounding rather well.
I'm sure China does their share - like France, Russia... Hell even bleedin' Scotland.
When you have a serious foreign policy allegation released by the subsidiary of a major corporation, it is wise to question the release as disinformation.
Again, I would put Israel at the centre of any serious inquiry of large-scale, cyber-espionage.
Whatever the case, I would categorise this story as misdirection - and would request that the authors disclose their full evidence and sources for public scrutiny - if they are to be taken as legitimate.
"Flyin' in just a sweet place,
Never been known to fail..."
It sounds to me like this is an opportunity for US hackers to give the Fox News Twitter account a rest and do something for their country... I don't know about the rest of you, but at least 2/3'rds of the hack attempts we see on our servers come from IPs originating in China. It's like every restaurant has a box in the kitchen scanning for exploits. Maybe it's state-sponsored and maybe it's not, but China is a haven for hackers that seem to focus specifically on theft of classified technological and military information and intellectual property. This is a fact and it's been common knowledge long before this particular news story broke. It's also common knowledge that China influences economic and foreign policy in this country. It's been that way going back 20+ years to the days of Most-Favored Nation (MFN) status and it's worse now that China is the #1 investor in US Treasuries. I suspect that makes it pretty hard for the US Government to mount any kind of meaningful retaliation against the Chinese. But clandestine hacking groups are under no such restrictions. Maybe US-based members of hacking groups such as Anonymous and others should stop slipping porn vids onto YouTube and DDoS'ing Australia for a few months and focus on tracking and sabotaging hackers in China in retaliation. Kind of like a modern-day cyber militia defending the virtual homestead. Call it Project AybabtUS.
"private companies are still quite weak in the face of national governments" [Citation needed]
It's already happened. http://yro.slashdot.org/story/11/04/27/1849233/Does-Chinas-Cyber-Offense-Obscure-Woeful-Defense
And of course, the western governments would never do the same.
My main fear is, what if they hacked the super computer at the centre of our government that tells cogress and the president what to say and what to argue about. C'mon- you don't think they were really arguing about the debt deal all that time- they were trying to get the computer to reboot to tell them what to do!
"That's the way to do it" - Punch
... this FUDmercial©
Lately, McAfee reports sounds like short-hand for McAfee needs revenue a bump, so McAfee hands Useful Idiot Media© diatribe about 'merica's [pause for flag wave and salute] latest Necessary Enemy© cyber-attacking your dog's dish.
While it could be true, one gets suspicious about motives when they can get get so much free* press by making grandiose unchallenged statements.
---
*it's not free, WE pay for it one way or another
There are two ends to every string.
The US may be saying little about PRC cracking because big business is heavily invested in cheap Chinese labor if not some sort of imaginary or real Chinese marketplace and they fill US politicians pockets through their various lobbies.
It is all of their best interests to sell the PRC as a friend so the plebs continue to buy the junk made there.
Because, financially, China has the West (especially the US) by the balls and everybody knows it.
How exactly do you figure that? Sure China sells a lot of merchandise in the US but that means they are exactly as dependent on the US as the US is on them. In fact if anything China is more dependent on the US because it's not like there are a lot of other markets the size of the US market. The old maxim goes that if you own the bank $1000 and can't pay, you have a problem. If you owe the bank $1 million and can't pay, the bank has a problem. Same thing applies here except the number is roughly $1 trillion and the bank is China.
Furthermore virtually everything made in China can be made elsewhere. Might be inconvenient in the short term to do so but certainly possible. I used to do global sourcing of manufactured goods from Mexico, China and elsewhere. China is merely one option and not necessarily the best. Heck, they aren't even the largest trading partner with the US (that would be Canada).
you'll be even more unhappy when we buy fewer bonds or make fewer investments in your country."
China buys those bonds to control their currency valuation. Until very recently the Yuan was pegged to the dollar. You maintain a peg by buying sovereign debt. They can't get rid of it easily or quickly. There is no one to sell that much debt to and even if they did sell it it would invite all sorts of problems. There is nothing the Chinese can do to the US that wouldn't cut their own throats in the process.
"The U.S. could protest cyberattacks by sending a couple of aircraft-carrier groups to the China Sea for a little gunboat diplomacy, but it would be pretty embarrassing if China were to just repossess the whole fleet as partial repayment of the $1.2 trillion the U.S. owes it. "
As if.
Now let's examine the facts, shall we? American-based multinationals have offshored the jobs, the technology, the US foreign aid (to build all those factories, production facilities, high-end chip factories, R&D labs, etc., etc.) as have Japanese and Euro multinationals as well, so what exactly is the logically framed problem????
If they don't like the cyberespionage (only repeating that godawful word "cyber" in context) then they wouldn't ship all the tech there, now would they??? That's rather obvious now.
As for that talking point mantra you repeated, it's a symbiosis, although it is both economically and financially too complex for you to grasp, they shipped the jobs to China due to the cheap labor, and there's a reason the third-world countries have the cheapest labor, dood, it's called poverty ---- and what do you suppose China originally purchased American bonds (junk paper) with???? Obviously, there's a Ponzi scheme of international proportions taking place --- the Transnational Capitalist Class offshores the jobs and technology and aid to build the infrastructure there and elsewhere, and they purchase the Treasuries and bonds, etc. (Beginning to grasp the overall structure by this time, one hopes?)
Remember, David Rockefeller established his bank branches in Beijing and Moscow back in 1973. 1973, got that? Figure it out for yourself, the next time.......
"That government was almost certainly China's"
This is an absurd statement supported by no evidence whatsoever.
"it's those national governments that must act against such intrusions."
Another gross absurdity. The private sector has by far the most technologically advanced labor force and it is massive compared to any government's. Most government's outsource the vast majority of their IT to the private sector.
Consider Corporations as the game pieces upon which the Governments of the world are the Board. They will most certainly let security breach scenarios run their course to see how close predicted outcomes are to reality. From there they will develop new security models to adapt.
Why 'freak out' and take offensive, or retaliatory, action right away, thus giving up the game, when you can take quiet measures and monitor/analyze the design qualities of the attacks and establish easy intelligence?
collected in a part of the world where telcos where 'friendly'.
"Where" and "were" are two entirely different words. You're a fucking idiotic douchebag, you functionally illiterate douchebag!
US external debt to GDP ratio is 100%
US public debt to GDP ratio is 78%
http://www.usdebtclock.org/world-debt-clock.html