Slashdot Mirror
China's 5-Year Cyberwar Met With Western Silence
jfruhlinger writes "McAfee yesterday outlined what it calls Operation Shady RAT, a five-year campaign of cyberespionage launched by a national government against international organizations and private corporations. That government was almost certainly China's, so the question becomes: why are the Western nations silent about it? One fact revealed by the raids is that, predictions of cyberpunk novels nonwithstanding, private companies are still quite weak in the face of national governments — and it's those national governments that must act against such intrusions."
It's just not in their interest to fight.
Given the recent anonymous/lulzsec/anti-sec hacking/ddos campaigns, I think it's become pretty obvious that it doesn't take a lot of man-power or resources to cause chaos. If companies and governments can't defend against a small group of teenage hackers they certainly don't have any chance of stopping a government with an army of hackers.
They're like fire extinguisher salesman who rave about the dangers of fire. They sell FUD. There's I'm sure some truth to this, but let's not accept whole the idea that what's good for McAfee is good for the nation.
LulzSec / Variants copy some email addresses - GET TEH TERRORISTS!!!
China wages a 5 year espionage capaign against multiple targets:
((Crickets))
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Honest, boss, I wasn't on goat.sx it was a one-armed Chinese man with an eye-patch!
Denial ain't just a river in Egypt, gang.
Who did what now?
Eh? The majority of the US debt (~68%) is owned by he US. Next troll please.
Because, financially, China has the West (especially the US) by the balls and everybody knows it. "If you're unhappy about our alleged cyberespionage, then you'll be even more unhappy when we buy fewer bonds or make fewer investments in your country."
National governments send in non-technical spokespeople from their security agencies to talk to company IT departments, giving general ominous warnings along with cryptic and non-specific hints ... essentially the same things you would see on the evening news. Then the IT people go back to their desks and see that in the elapsed hour a new batch of tickets has arrived about failed servers, a meeting invite to discss the state of an overdue project and a voicemail from a manager suggesting a better shade of orange for the spreadsheets to be coded in.
Come on now. IF the West has been secretly attacked, why would it/we launch a PUBLIC attack in retaliation. I'd be inclined to believe that there are constant "cyber attacks" in both directions. I'd say you'd be a fool not to believe that there is retaliation of some sort, after stuxnet.
Most ignorance is vincible ignorance. We don't know because we don't want to know. --Aldous Huxley
so if someone in the US where to hack china what will happen?
Or is the west saying it's a free for all?
Nobody will start a fight with China, at least while they manufacture Apple products, how would the west cope without iPads etc?
Same misconception that people had in the 70's and 80's about Japan buying up America. Do some research before your spout off stats feed to you by the media.
US and Individuals own: 42.2%
Social Security Trust Fund: 17.9%
All other foreign nations: 11.6%
China: 7.5%
US Civil Service Retirement Fund: 6.4%
UK: 3.4%
US Military Retirement Fund: 2.1%
Oil Exporters:1.6%
Brazil(?): 1.3%
So, that means 68.6% if our debt is held by ourselves.
http://seekingalpha.com/article/246958-guess-who-owns-the-most-u-s-debt-not-china
Retaliation doesn't even have to be in the form of a cyber attack. You can have the embassy in Beijing send over a note saying basically "hey, we know you're doing this, you need to stop." It can take the form of a little extra military aid to Taiwan, or encouraging some companies to switch to Taiwanese suppliers for the next contract. Maybe we just have a few extra ships stop by Taiwan for liberty, or have a large exercise in the area. Maybe a few extra flights right outside Chinese territory. Remember, in the international arena, you don't always respond tit for tat, or even immediately. Retaliation can come weeks or months later, and it can be in a form dissimilar from the original injury. So, just because we aren't talking publicly, doesn't mean we aren't responding, and they don't know we are responding.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Has Rupert Murdoch bought Slashdot?
Inquiring minds want to know!
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Really, who would cry foul when we are doing the exact same thing? Sure, our companies may be upset, but there is little chance any Federal agencies will lend real support when we are actively pursuing intelligence and assisting with cyber-attacks. Does anyone really believe that the Israelis managed the sophisticated Stuxnet attack on the Iranian uranium enrichment centrifuges all by themselves? The cold war is not dead, it just went cyber, and the list of hostiles grew exponentially.
In Command and Conquer: Generals, you just nuke them. They'll be sitting in a field with a laptop.
If the US defaulted on it's debt, who stands to lose more, China or the US? China's put their eggs in one basket. They're not the ones with the power. Besides, the overwhelming amount of US debt is owned by, wait for it, the US. It's China that controls much of the foreign-owned debt.
I used to work at a fairly large mid-western university and my experience was the Chinese government was sponsoring kids who came to the US to learn how to hack. I was responsible for network security for the engineering and CS building's network and saw many attempts at hacking by Chinese students within the network and directed outward to the Internet. No one in the university was interested in taking action against these students when incontrovertible evidence was collected and offered. Faculty were defending the hackers and administration largely supported faculty so there were no sanctions. I don't know if these students were directed to this behavior but there was certainly a culture which was pervasive among these Chinese students that you did not see among other groups of international students from places like India, Pakistan, Nepal, the Mideast, the former Soviet republics and/or eastern Europe.
so if someone in the US where to hack china what will happen?
I suppose that depends were in china they hack. Their probably not going to hack Chinese government wear there going to notice. That was harder to right than it is for you all to reed.
Given the interdependency of everyone, I fail to see the international cabal of bankers rooting for war. Anyone you want to identify?
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
I take it you really mean, the vast majority of US government debt is owned by US-based banks. Its pretty hard to owe yourself money :)
Still, China owns enough ot make everyone worried, and yes they're foreign (to the US) so they would own most of the foreign-owned debt.
FYI, China owns a vast load of Euro debt too, they just have so much of our money they don't know what to do with it.
Reading http://www.vanityfair.com/culture/features/2011/09/operation-shady-rat-201109 ....
"After identifying the command-and-control server, located in a Western country"
Mb the average Western spook wanted to keep it flowing to see who collected or what was been collected in a part of the world where telcos where 'friendly'.
Nothing like a "Room 641A" in a "Western country" for ducting off a telcos bulk data in real time, no questions, legal teams, contacts, requests, meetings...
Also think of national self interest and the joy of having a huge flow of interesting international data ending in a local telco/isp- and getting the first look.
Domestic spying is now "Benign Information Gathering"
We have information crimes punishable by 16 years in prison. And now we're having information "wars."
The Internet is the Wild West. If you don't like it, create a physically secure regimented network and don't let unregistered bad people onto it. Stop with the "war" rhetoric.
Think for half a second. Who would want a cyberwar and who would benefit from one? Now ask yourself: Who would end up doing the dying when the cyberwar turned ugly?
This is just a variant of the nonsense that the RIAA is trying to pull. People with money want to capitalize and control the internet, and violence, and the threat of violence (the killing and imprisoning kind) are the traditional means of imposing control.
Don't buy into the bullshit. "Information war" can become just another synonym for the restriction of free speech.
UK: 3.4%
This just confuses me. We have a massive debt of our own, why are we lending money to the USA? We owed the USA a lot after World War II, and that was only paid back in the '90s as I recall, so this is recent borrowing. Unless we each lend each other money using some kind of crazy accounting trick.
I am TheRaven on Soylent News
OK, Western governments (and corporations) know damn well China is conducting cyber-attacks. Suppose Secretary of State Clinton goes to the Chinese and makes a formal accusation, what do they do? Deny it, of course, complain about how the West is oppressing them, threaten to do various nasty things.
OK, suppose she brings irrefutable proof that the attacks originate from China? Well, they deny some more and complain some more, but maybe they get pinned down. Now they blame some "rogue elements", execute a few random people they wanted to execute anyway, and continue doing what they've been doing.
Suppose she brings and demonstrates proof it originates within a certain department of the Chinese Government itself? Again, same reaction: denial, rhetorical counterattacks, and maybe execution of a few scapegoats.
To who's benefit is any of this? They aren't going to stop. Nobody is going to think any better of the United States or worse of China if the accusation is made. It's just a waste of diplomatic effort.
BTW, I'm pretty sure that despite was implied in the rest of the article, Google is still not censoring search results in China.
Let's not for a second think that this is a one-way street. If one nation is at it, you can bet that pretty much everyone else is, too (just like torture). That it's done under the radar and with no public acknowledgement just tells us that it falls under the category of black-ops, rather than ordinary warfare.
And unlike ordinary warfare, where it's pretty obvious who's shooting at you, in cyberwar I doubt that it's possible to tell who are your friends, or even if the concept of allies actually exists. It's not about ideology it's about sticking the boot in to anyone who appears to be getting the upper hand.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
I found it rather astonishing while watching CNN a week or so back to hear them reporting that the DoD was indicating the U.S. had been subject to a large-scale hacking attack by a sovereign state, but -they weren't releasing which one it was-.
I couldn't help thinking about this stance as it would be applied to, say, Pearl Harbor. "Yes, the United States is under attack. No, you as an American citizen and taxpayer aren't entitled to know who is attacking you, from your own defense agencies. We're prioritizing the interests of Said Foreign Power, including any right-to-know you may feel you have, ahead of our citizenry."
This is an incredible stance to take, and the fact it was a "cyber-attack" seems be pretty irrelevant to the basic questions regarding representative government this raises. Yet, CNN doesn't even blink an eye flatly reporting this without noting any objection.
Strange Days.
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
Without these hostile actions, we'd never harden our defenses. We'd never worry about XSS or SQL injections.
I was shocked the first time I looked at the http logs of a "real site" It just amazed me. So now, even if I am going throw-away work on a hobby site, I am sure to guard against these attacks. And everything is better.
Better to know the hackers are out there, rather than assume they don't exist. It makes the threat credible and real and that leads to improvements.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
"open it's door"? Way to fail at a grammar nazi post there. http://www.angryflower.com/aposter3.jpg
________
Entranced by anime since late summer 2001 and loving it ^_^
The link in previous post doesn't have a lot of specifics, but I suspect that the UK debt is largely held by individual investors and banks. Also, whatever the UK has for a central bank probably needs to sit on some large and liquid dollar investments in order to help regulate the monetary supply and keep the currency stable.
By "UK", I assume they mean "bond investors in the UK", not "the UK government".
If you were to think of where is the best place to stage an attack from, it would probably be China. That doesn't mean that you are Chinese.
In addition to blocking unwanted open ports to the world, have just about all of China's IPs in my ipfilter, denying them access to anything but HTTP (they might want to read my blogs...right?). Also the other countries called out by http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/ are likewise blocked. Yeah, that's about 10K IP blocks in the filter, but it seems to run just fine, and I end up with only sporadic and apparently random (or maybe successful) failures in my auth files.
Not that I want anyone to see this as any kind of challenge...I'm sure someone is spending more time to access and zombie my machines than I'm spending to try to cut them off!
End the FUD
I'll leave it to my tech betters to do the chops on things like Chinese ip addresses vs proxies vs Chinese Govt involvement. To get the kids from Lulzsec we called four countries worth of law officials and picked up the ... likely ... middleman.
If the Chinese Government spent *five years* attacking targets, I think we'd notice - now reporting it is something else again, and there are Onion Layers of partially correct news here, but to play the "no evidence" card is a little thin - after McAfee put themselves on the line saying it was. If that was a total lie don't you think McAfee would be pulverized for it?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
The answer is quite simple: It's because China is a huge market, and Western companies want to be there much more than they mind being attacked.
I can give you a perfect example of this. I have a buddy who is an engineer with a major auto manufacturer. A few years ago, he was telling me how the Chinese car companies are blatantly ripping off the designs of other companies. He even said that GM found that Cherry Motors was doing such a good job of it that their parts were identical to and interchangeable with Chevy parts. Still, the big car manufacturers were lining up to enter into partnerships with their Chinese counterparts. I asked him why they would do this, knowing full well that their designs would be ripped off. He said that, yes, they knew this would happen, but the Chinese market was so big that they felt they could still make money there, and besides, the Chinese companies were going to rip off their designs whether they were partners or not, so they might as well form partnerships and at least make some money.
For a nice visual, try
http://www.mint.com/blog/trends/china-vs-united-states-a-visual-comparison/
As you can see, China is bigger with manufacturing, US is bigger with services; China doesn't have the debt, or the excesses in the stock market. China has cash, and gold reserves. China doesn't have external debt. China exports more than it imports.
About the ONLY metric that China falls behind in is GDP -- which, from the other indicators is simply being propped up by... China.
(Oh, and the US has more energy reserves).
Have fun with the easy graphics. The GP was right -- China pretty much owns the US.
Just another "Cubible(sic) Joe" 2 17 3061
Yep, it's not "lending money" in an altruistic sense.
...but to play the "no evidence" card is a little thin - after McAfee put themselves on the line saying it was. If that was a total lie don't you think McAfee would be pulverized for it?
Except for the fact that the McAfee report doesn't say it was -- everyone REPORTING on the report says it was. McAfee just says there are some possible Chinese connections (there are likely some possible Russian connections and Romanian connections too; this is points of operation, not places where we've outed ringleaders).
There's a reason McAfee didn't say it was the Chinese government -- that's because they don't have proof it was the Chinese government -- just as they don't have proof it was the US government, NATO, the UN, Iran, and North Korea. McAfee *would* likely be pulverized for blatantly blaming the Chinese government -- although with the publicity they'd get, they'd probably weather the pounding rather well.
I'm sure China does their share - like France, Russia... Hell even bleedin' Scotland.
When you have a serious foreign policy allegation released by the subsidiary of a major corporation, it is wise to question the release as disinformation.
Again, I would put Israel at the centre of any serious inquiry of large-scale, cyber-espionage.
Whatever the case, I would categorise this story as misdirection - and would request that the authors disclose their full evidence and sources for public scrutiny - if they are to be taken as legitimate.
"Flyin' in just a sweet place,
Never been known to fail..."
Because the USA pays interest on it. What, lending != giving away
NO SIG
And we pay interest on the money that we're borrowing. Since the USA has a better credit rating than the UK, I'd expect the interest that they pay to be less than the interest that we pay.
I am TheRaven on Soylent News
It sounds to me like this is an opportunity for US hackers to give the Fox News Twitter account a rest and do something for their country... I don't know about the rest of you, but at least 2/3'rds of the hack attempts we see on our servers come from IPs originating in China. It's like every restaurant has a box in the kitchen scanning for exploits. Maybe it's state-sponsored and maybe it's not, but China is a haven for hackers that seem to focus specifically on theft of classified technological and military information and intellectual property. This is a fact and it's been common knowledge long before this particular news story broke. It's also common knowledge that China influences economic and foreign policy in this country. It's been that way going back 20+ years to the days of Most-Favored Nation (MFN) status and it's worse now that China is the #1 investor in US Treasuries. I suspect that makes it pretty hard for the US Government to mount any kind of meaningful retaliation against the Chinese. But clandestine hacking groups are under no such restrictions. Maybe US-based members of hacking groups such as Anonymous and others should stop slipping porn vids onto YouTube and DDoS'ing Australia for a few months and focus on tracking and sabotaging hackers in China in retaliation. Kind of like a modern-day cyber militia defending the virtual homestead. Call it Project AybabtUS.
"private companies are still quite weak in the face of national governments" [Citation needed]
It's already happened. http://yro.slashdot.org/story/11/04/27/1849233/Does-Chinas-Cyber-Offense-Obscure-Woeful-Defense
Why? That is set by the markets and the markets are run by ugly mean people that do whatever they want to make more money. You might not like the interest rates and cry foul at them all you want, but that doesn't keep your government from borrowing money anyway.
NO SIG
My main fear is, what if they hacked the super computer at the centre of our government that tells cogress and the president what to say and what to argue about. C'mon- you don't think they were really arguing about the debt deal all that time- they were trying to get the computer to reboot to tell them what to do!
"That's the way to do it" - Punch
Because, financially, China has the West (especially the US) by the balls and everybody knows it.
How exactly do you figure that? Sure China sells a lot of merchandise in the US but that means they are exactly as dependent on the US as the US is on them. In fact if anything China is more dependent on the US because it's not like there are a lot of other markets the size of the US market. The old maxim goes that if you own the bank $1000 and can't pay, you have a problem. If you owe the bank $1 million and can't pay, the bank has a problem. Same thing applies here except the number is roughly $1 trillion and the bank is China.
Furthermore virtually everything made in China can be made elsewhere. Might be inconvenient in the short term to do so but certainly possible. I used to do global sourcing of manufactured goods from Mexico, China and elsewhere. China is merely one option and not necessarily the best. Heck, they aren't even the largest trading partner with the US (that would be Canada).
you'll be even more unhappy when we buy fewer bonds or make fewer investments in your country."
China buys those bonds to control their currency valuation. Until very recently the Yuan was pegged to the dollar. You maintain a peg by buying sovereign debt. They can't get rid of it easily or quickly. There is no one to sell that much debt to and even if they did sell it it would invite all sorts of problems. There is nothing the Chinese can do to the US that wouldn't cut their own throats in the process.
"The U.S. could protest cyberattacks by sending a couple of aircraft-carrier groups to the China Sea for a little gunboat diplomacy, but it would be pretty embarrassing if China were to just repossess the whole fleet as partial repayment of the $1.2 trillion the U.S. owes it. "
As if.
Now let's examine the facts, shall we? American-based multinationals have offshored the jobs, the technology, the US foreign aid (to build all those factories, production facilities, high-end chip factories, R&D labs, etc., etc.) as have Japanese and Euro multinationals as well, so what exactly is the logically framed problem????
If they don't like the cyberespionage (only repeating that godawful word "cyber" in context) then they wouldn't ship all the tech there, now would they??? That's rather obvious now.
As for that talking point mantra you repeated, it's a symbiosis, although it is both economically and financially too complex for you to grasp, they shipped the jobs to China due to the cheap labor, and there's a reason the third-world countries have the cheapest labor, dood, it's called poverty ---- and what do you suppose China originally purchased American bonds (junk paper) with???? Obviously, there's a Ponzi scheme of international proportions taking place --- the Transnational Capitalist Class offshores the jobs and technology and aid to build the infrastructure there and elsewhere, and they purchase the Treasuries and bonds, etc. (Beginning to grasp the overall structure by this time, one hopes?)
Remember, David Rockefeller established his bank branches in Beijing and Moscow back in 1973. 1973, got that? Figure it out for yourself, the next time.......
Consider Corporations as the game pieces upon which the Governments of the world are the Board. They will most certainly let security breach scenarios run their course to see how close predicted outcomes are to reality. From there they will develop new security models to adapt.