Slashdot Mirror
China's 5-Year Cyberwar Met With Western Silence
jfruhlinger writes "McAfee yesterday outlined what it calls Operation Shady RAT, a five-year campaign of cyberespionage launched by a national government against international organizations and private corporations. That government was almost certainly China's, so the question becomes: why are the Western nations silent about it? One fact revealed by the raids is that, predictions of cyberpunk novels nonwithstanding, private companies are still quite weak in the face of national governments — and it's those national governments that must act against such intrusions."
They're like fire extinguisher salesman who rave about the dangers of fire. They sell FUD. There's I'm sure some truth to this, but let's not accept whole the idea that what's good for McAfee is good for the nation.
I don't think so. In my experience big corporation have really crappy security and a lot of disgruntled and/or underpaid employees practically begging for someone to offer them cash to screw over the man. So they're poorly equipped to counter any kind of real threat.
Maybe I've just been working in the wrong places :-/
If all else fails, immortality can always be assured by spectacular error.
LulzSec / Variants copy some email addresses - GET TEH TERRORISTS!!!
China wages a 5 year espionage capaign against multiple targets:
((Crickets))
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Eh? The majority of the US debt (~68%) is owned by he US. Next troll please.
Because, financially, China has the West (especially the US) by the balls and everybody knows it. "If you're unhappy about our alleged cyberespionage, then you'll be even more unhappy when we buy fewer bonds or make fewer investments in your country."
Come on now. IF the West has been secretly attacked, why would it/we launch a PUBLIC attack in retaliation. I'd be inclined to believe that there are constant "cyber attacks" in both directions. I'd say you'd be a fool not to believe that there is retaliation of some sort, after stuxnet.
Most ignorance is vincible ignorance. We don't know because we don't want to know. --Aldous Huxley
Nothing of value was lost and no one gives a crap.
Right. Not yet, but it will be. And just because there are few published reports or incidents of the "West" retaliating doesn't mean there isn't massive preparation underway. If there isn't, it's due to incompetence. Waiting to show your hand is just a smart play in the game.
Or am I just paranoid and the "rival"/"co-dependent" governments are just looking for a way to stay friendly and exchange daisies?
He's getting rather old, but he's a good mouse.
Nobody will start a fight with China, at least while they manufacture Apple products, how would the west cope without iPads etc?
I have a different view. Megacorps view this stuff the same way they view the rampant theft at retail stores. It's a cost of doing business and it's passed on to competitors. It's only worth fighting to the extend that they can get a competitive advantage over their competitors to improve their margins. Given that the effort required to have a meaningful affect on the "hackers" is quite large and the return on that investment is quite small, it doesn't happen and the cost is just passed on to customers.
Check out my lame java blog at www.javachopshop.com
Same misconception that people had in the 70's and 80's about Japan buying up America. Do some research before your spout off stats feed to you by the media.
US and Individuals own: 42.2%
Social Security Trust Fund: 17.9%
All other foreign nations: 11.6%
China: 7.5%
US Civil Service Retirement Fund: 6.4%
UK: 3.4%
US Military Retirement Fund: 2.1%
Oil Exporters:1.6%
Brazil(?): 1.3%
So, that means 68.6% if our debt is held by ourselves.
http://seekingalpha.com/article/246958-guess-who-owns-the-most-u-s-debt-not-china
Retaliation doesn't even have to be in the form of a cyber attack. You can have the embassy in Beijing send over a note saying basically "hey, we know you're doing this, you need to stop." It can take the form of a little extra military aid to Taiwan, or encouraging some companies to switch to Taiwanese suppliers for the next contract. Maybe we just have a few extra ships stop by Taiwan for liberty, or have a large exercise in the area. Maybe a few extra flights right outside Chinese territory. Remember, in the international arena, you don't always respond tit for tat, or even immediately. Retaliation can come weeks or months later, and it can be in a form dissimilar from the original injury. So, just because we aren't talking publicly, doesn't mean we aren't responding, and they don't know we are responding.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
"Companies and governments can't defend" - Companies, perhaps. Governments, not so much. http://xkcd.com/932/
Really, who would cry foul when we are doing the exact same thing? Sure, our companies may be upset, but there is little chance any Federal agencies will lend real support when we are actively pursuing intelligence and assisting with cyber-attacks. Does anyone really believe that the Israelis managed the sophisticated Stuxnet attack on the Iranian uranium enrichment centrifuges all by themselves? The cold war is not dead, it just went cyber, and the list of hostiles grew exponentially.
I used to work at a fairly large mid-western university and my experience was the Chinese government was sponsoring kids who came to the US to learn how to hack. I was responsible for network security for the engineering and CS building's network and saw many attempts at hacking by Chinese students within the network and directed outward to the Internet. No one in the university was interested in taking action against these students when incontrovertible evidence was collected and offered. Faculty were defending the hackers and administration largely supported faculty so there were no sanctions. I don't know if these students were directed to this behavior but there was certainly a culture which was pervasive among these Chinese students that you did not see among other groups of international students from places like India, Pakistan, Nepal, the Mideast, the former Soviet republics and/or eastern Europe.
Reading http://www.vanityfair.com/culture/features/2011/09/operation-shady-rat-201109 ....
"After identifying the command-and-control server, located in a Western country"
Mb the average Western spook wanted to keep it flowing to see who collected or what was been collected in a part of the world where telcos where 'friendly'.
Nothing like a "Room 641A" in a "Western country" for ducting off a telcos bulk data in real time, no questions, legal teams, contacts, requests, meetings...
Also think of national self interest and the joy of having a huge flow of interesting international data ending in a local telco/isp- and getting the first look.
Domestic spying is now "Benign Information Gathering"
We have information crimes punishable by 16 years in prison. And now we're having information "wars."
The Internet is the Wild West. If you don't like it, create a physically secure regimented network and don't let unregistered bad people onto it. Stop with the "war" rhetoric.
Think for half a second. Who would want a cyberwar and who would benefit from one? Now ask yourself: Who would end up doing the dying when the cyberwar turned ugly?
This is just a variant of the nonsense that the RIAA is trying to pull. People with money want to capitalize and control the internet, and violence, and the threat of violence (the killing and imprisoning kind) are the traditional means of imposing control.
Don't buy into the bullshit. "Information war" can become just another synonym for the restriction of free speech.
Or it's due to the fact that China could bankrupt the US by simply refusing to buy any more treasury bonds.
Let's not for a second think that this is a one-way street. If one nation is at it, you can bet that pretty much everyone else is, too (just like torture). That it's done under the radar and with no public acknowledgement just tells us that it falls under the category of black-ops, rather than ordinary warfare.
And unlike ordinary warfare, where it's pretty obvious who's shooting at you, in cyberwar I doubt that it's possible to tell who are your friends, or even if the concept of allies actually exists. It's not about ideology it's about sticking the boot in to anyone who appears to be getting the upper hand.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
I found it rather astonishing while watching CNN a week or so back to hear them reporting that the DoD was indicating the U.S. had been subject to a large-scale hacking attack by a sovereign state, but -they weren't releasing which one it was-.
I couldn't help thinking about this stance as it would be applied to, say, Pearl Harbor. "Yes, the United States is under attack. No, you as an American citizen and taxpayer aren't entitled to know who is attacking you, from your own defense agencies. We're prioritizing the interests of Said Foreign Power, including any right-to-know you may feel you have, ahead of our citizenry."
This is an incredible stance to take, and the fact it was a "cyber-attack" seems be pretty irrelevant to the basic questions regarding representative government this raises. Yet, CNN doesn't even blink an eye flatly reporting this without noting any objection.
Strange Days.
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
I think that's an economic version of Mutually Assured Destruction. Of course, both sides are trying to get out of that cycle and China is prevailing, but right now China would never go to economic war with the US because there is no winner, only multiple losers. Cyber warfare, however, just gives one side an edge over the other with little repercussions. Sometimes I feel like, here on /., anytime rivalry between the US and China comes up somebody just knee-jerks and feels the insatiable need to bring up the debt regardless of how irrelevant to the discussion.
He's getting rather old, but he's a good mouse.
Except if you're looking for motives to tip-toe around China, the U.S. debt is a big one.
To quote a line from one of my favorite old movies 'ya know how they do this? Its because they fucking steal, they steal every idea that ain't nailed down" and in the end that is what most of this "cyber" bullshit is about, it is another classic case of sticking "On The Internet" to something that every single government has done for ages. let me give a few examples.
My grandfather used to be posted on one of the USAF bases on the edge of West German territory and he used to laugh about how "If the Russians ever wanted to attack all they'd have to do is use a single plane with a bomb". why was that? because the guys had standing orders don't shoot if its a single plane because it was common knowledge we were offering a "bounty" on any Soviet aircraft that a defector could snatch so whenever a new model would come out, sure enough some pilot would take his and fly it straight to us. Sure the Russians bitched, sometimes we gave it back (after "inspecting' it of course) sometimes we didn't, but this let us know EXACTLY what they were up to behind the curtain.
On the flip side the Russians paid good money to the Chinese for the USA Sidewinder missile. Apparently when they first came out we gave some to Taiwan who were getting their F86s stomped by the faster MiGs. One actually stuck in a plane but didn't go off and they managed to land it. According to Wiki after the wall fell they called that sidewinder "A university course in modern missile design" and the version they cooked up was so damned much a copy of ours you could interchange parts and the missile worked. but that is no surprise as they copied the B29 after we refused to give it to them on lend lease but had to set three down there after bombing runs over Japan. Again this gave the Soviets a BIG boost to their bomber design.
Then you have the Israelis and the Mirage which they stole the plans to after the French hit them with an embargo to make the Nesher. And finally speaking of China they paid dirt farmers in Kosovo to go dig up the remains of our downed F117 which crashed there in the 90s so they could steal stealth technology, which they are using for their new stealth fighter.
So while you will get a few like Israel and Stuxnet most of this stuff is gonna end up about theft, pure and simple. If you can steal your potential adversaries (or even allies, there have been cases of Israel snatching tech that the USA didn't sell) technology not only does that give you an idea of what to expect but depending on your own tech can give you a BIG boost without the R&D costs. Hell it has been going on for ages. I'm sure we are currently setting up some "cyber command and control" that will look good for the press, but it isn't like the CIA and NSA haven't been doing the same shit for years and years, they just don't go blabbing about it. But if someone in the BRIC comes up with some whiz bang new military tech you can bet your last dollar if they won't sell it to us we WILL have it, one way or another, and they'll do the same to us. that is just how the game is played.
ACs don't waste your time replying, your posts are never seen by me.
Currently china's holdings of usa treasury debt ($1.16 trillion ---> http://www.treas.gov/tic/mfh.txt).
USA cash deficits (issuance of new debt) [approximate to 1/10 $trillion)
fy 2008 $0.5 trillion
fy 2009 $1.4 trillion
fy 2010 $1.2 trillion
fy 2011 $1.6 trillion (projected)
While china does hold a lot of USA treasury debt, they are hardly the only buyer. As of late the USA treasury has been issuing more new debt in one year than china's entire holdings of said debt.
I don't believe the claim "china could bankrupt the US" is strictly factual. As we continue to issue more debt, the impact of any hypothetical liquidation of USA treasury debt by china, would become more and more muted.
If they refuse to buy more I'm sure someone else will.
In order to a entice sufficient "someone else" to buy the Treasury bonds we'd have to raise interest rates -- unless the bonds are being purchased for non-investment reasons. The Federal Reserve is buying the bonds to artificially lower the interest rates on the bonds: the major side effect of this action is inflation.(1)
Or we could just default on the ones they are holding.
If we default on the ones we're holding (yeah! debt free!) then no-one in the future will buy more bonds for fear that we'll default on their holdings -- we're now an incredible credit risk. If we eventually do con people into buying our bonds again, they'll want exorbitant interest rates: just like if you walk away from your house, you'll be charge a significantly higher interest rate on your next house.
Either of your solutions means that the United States stops borrowing. While that is a good long term fix, we're currently too addicted to spending to quit cold turkey.
(1) We do have ourselves in an interesting predicament where we have both deflation going on in durable goods (cars, appliances, houses) and inflation on the consumable level (e.g., food). This shows that (a) the fundamentals are bad for the currency, and (b) consumer confidence low enough that people don't want to make major purchases. What they're forced to buy (food) is going up in price; what they can avoid buying (durables) they are.
Way to fail at a grammar nazi post there.
I keep forgetting ... are they going to kill all the grammar Nazis before or after all the lawyers? At the very least I expect them to board the same ship as the telephone sanitation engineers and beauticians.
Actually, China buys our bonds to keep the dollar strong. See http://www.guardian.co.uk/commentisfree/cifamerica/2009/mar/30/us-economy-china-debt. That would bankrupt a lot of people who depend on "free trade" with China to maintain their wealth and their profits.
The diversity and expression of human opinion is essential to human survival.
It sounds to me like this is an opportunity for US hackers to give the Fox News Twitter account a rest and do something for their country... I don't know about the rest of you, but at least 2/3'rds of the hack attempts we see on our servers come from IPs originating in China. It's like every restaurant has a box in the kitchen scanning for exploits. Maybe it's state-sponsored and maybe it's not, but China is a haven for hackers that seem to focus specifically on theft of classified technological and military information and intellectual property. This is a fact and it's been common knowledge long before this particular news story broke. It's also common knowledge that China influences economic and foreign policy in this country. It's been that way going back 20+ years to the days of Most-Favored Nation (MFN) status and it's worse now that China is the #1 investor in US Treasuries. I suspect that makes it pretty hard for the US Government to mount any kind of meaningful retaliation against the Chinese. But clandestine hacking groups are under no such restrictions. Maybe US-based members of hacking groups such as Anonymous and others should stop slipping porn vids onto YouTube and DDoS'ing Australia for a few months and focus on tracking and sabotaging hackers in China in retaliation. Kind of like a modern-day cyber militia defending the virtual homestead. Call it Project AybabtUS.
"private companies are still quite weak in the face of national governments" [Citation needed]
We're (the US) one of Israel's strongest and most powerful allies (sans the weakened support by the current administration). Your "Israel" comment is buffoonery. As an aside, the day our support for Israel stops, so will our existence as a "blessed" nation. (Replace "blessed" with any positive adjective ascribable to our "greatest nation on God's green earth").
Proverbs 21:19 It is better to dwell in the wilderness, than with a contentious and an angry woman.
Forgive me for being unimpressed, but this argument has been carried out to the point of absurdity. From the article itself:
The U.S. could protest cyberattacks by sending a couple of aircraft-carrier groups to the China Sea for a little gunboat diplomacy, but it would be pretty embarrassing if China were to just repossess the whole fleet as partial repayment of the $1.2 trillion the U.S. owes it.
We'd end up having to pay off the whole debt just to get the boats back—plus whatever huge fee there would be for the towing and daily storage fee at the aircraft-carrier impound lot, and that's a lot of money to spend for bit of saber-rattling that would be futile in the real world and irrelevant in the virtual one.
Seriously? Take on a nuclear carrier group with a repo team? This kind of crap is even worse than the most egregious trolling by some of the loud-mouthed idiots found on slashdot. Please put some thought into a reasonable argument.
Stay sentient. Don't drink bad milk.
They wouldn't bankrupt they U.S., they would make interest rates go up.
However, China couldn't maintain the peg of their currency with the dollar if they stopped buying bonds, and that peg keeps the business in their factories.
Remember, China buying all these bonds is a policy that China instituted for the benefit of China and against the long-term interests of the USA.
Remember, China buying all these bonds is a policy that China instituted for the benefit of China and against the long-term interests of the USA.
U.S. "Hey, we need to borrow some money."
China: "Okay"
U.S. "Bad, China, bad!".
You do know how stupid this sounds, right?
C//