Slashdot Mirror
China's Cyber-Warfare Capabilities Overstated
An anonymous reader writes "A new paper argues that China's cyber-warfare capability is actually pretty poor. '[China has] evinced little proficiency with more sophisticated hacking techniques. The viruses and Trojan Horses they have used have been fairly easy to detect and remove before any damage has been done or data stolen. There is no evidence that China's cyber-warriors can penetrate highly secure networks or covertly steal or falsify critical data,' the paper reads (PDF). 'They would be unable to systematically cripple selected command and control, air defense and intelligence networks and databases of advanced adversaries, or to conduct deception operations by secretly manipulating the data in these networks.'"
Thats what they want you to think.
Sig? Heil
Can we all just agree not to use the word "Cyber" anymore? It sound like some sort of silly late 80s early 90s grade B film.
Personally, I'd rather we far overstated China's abilities and designed our systems to counter such a threat.
Would you rather overestimate their abilities or underestimate them?
Because governments love to publicize when someone breaks into their highly secure networks. Every day, the spokespeople for various government agencies get to work and say to themselves, "Boy, I really wish I could announce that our networks have been hacked! That would really make my day!!". The leaders of said agencies go to sleep every night wishing that they could spend tomorrow being grilled by a legislative body over their swiss-cheese network defenses. But alas, tomorrow just brings another boring day of budget meetings.
Or just maybe they don't talk about it.
Look at their stealth bomber and their stealth fighter.. look familiar? You might think to yourself "hmm.. their stealth bomber looks nearly identical to ours.. and hey!! so does their stealth fighter!" And they just magic'd them out of nowhere. No decades of research.. no skunk-works or area 51 for testing.. just POOF.. a few years after we come up with them and BAM.. China has nearly identical copies. Just a coincidence i'm sure.
Does the summary strike anyone else as a bit xenophobic? Or perhaps a bit skewed toward occidental cultures?
looks like top gun! buzz the tower!!
Maybe the low level attacks are noise to mask something higher, I find it hard to believe China can't muster a sophisticated attack, very hard to believe.
It's even amusing that the report is in PDF form, not like there's any danger there ::eyeball roll::
Did we really need this paper to tell us that China's pathetic, underpaid skeleton of a software industry was no match for the NSA?
The Imperial mindset is this - if a potential rival or adversary is capable of even token resistance, then this is a major emergency and they are a threat to our entire way of life! See also, Sandanistas three days drive from Texas, the peril posed by Sioux and Mexicans, Saddam and his mushroom cloud, and of course the Yellow Peril.
I don't doubt that the Chinese would love to develop some kind of "cyberwarfare" capability as a deterrent to a potential attack we might launch. You may get an occasional Chinese loose cannon who'll hack into something state-side, but they'd have to be insane to actually start anything. Meanwhile, our massive "cyberwarfare" capability would let us take their entire grid dark, if they had the poor taste to introduce modern computer control to their infrastructure, which they'll probably do anyway, counting on the continued alliance between the CPC and the 0.1% of Americans getting rich off of exploiting the slave labor the CPC sells them.
They were good enough to compromise the RSA token database and then use that information to compromise lockheed martin. I suppose it would be more impressive if neither company had noticed it, but of course it is very likely they have compromised other companies who have no idea it happened.
They certainly aren't world leaders in this space, but they get the job done pretty regularly.
A few years ago, in Ramadi Iraq I got shot by a sniper (twice!). It was pretty bad, but not nearly as horrific as if a foreign nation had totally crashed my web domain and/or email server. God help me if those bastard wrecked my telnet... I probably wouldn't be here today to tell the tale.
Surely if Desmond Ball says it was not the Chinese military which took over control of U.S. Weather Satellites, potentially rendering them into anti-satellite weapons, then I guess we can stop worrying about it.
I don't know who this Desmond Ball person is, but... he published a paper! Wow.
Slashdot = Disinformative
title says it all
..whistling past the graveyard. It sounds a /lot/ like what US automobile manufacturers said about the Japanese in the 60s and 70s. And then the Japanese whipped Ford, Chrysler, and GM's collective asses.
Go ahead, dismiss your opponent as incompetent. Down that road lies complacency and defeat.
--
BMO
Have they learned from the Japanese!
http://www.southparkstudios.com/clips/103420/japanese-charm
Who or what entity has been hacking into major US companies if it's not China? North Korea, nope. Russia? Not their style.
Politicians and journalists from English speaking countries ALWAYS overstate the potential of national threats. And boy do they love their security theatre. The best one: The American president giving a speech abroad. Hilarious!
the principles behind how geometric shapes deflect, refract or break the radio waves have been known since 1950s. any object made to do that, would resemble another object built to do that.
Read radical news here
They would be unable to systematically cripple selected command and control, air defense and intelligence networks and databases of advanced adversaries, or to conduct deception operations by secretly manipulating the data in these networks.
But, could we (as in the US) do those things? Because that would be super.
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery?" - Patrick Henry
Just a PsyOp article to get China to show their full strength. Trollin the Chinese.
What difference does it make whether the attacks are detectable? DDoS for example is detectable, but that doesn't make it any less potent of a weapon. As someone who has dealt with blocking Chinese break-in attempts for years, and at one point blacklisted IP blocks from the entire region, I can tell you that China is a scourge on the internet at best, and a damaging force against major targets at worst. There's more than enough evidence of that.
with out the safety
In the japan system there is a 45-year, nearly 7 billion-passenger history, there have been no passenger fatalities due to derailments or collisions,
China system is no where near that.
To dismiss all of the attacks from China is a little naive.
There is a lot of spyware that comes out of China, and most of it is crap. They have different levels however, much like in the army you have lots of grunts who can perform simple attacks, and a small number of highly trained specialists who can perform very sophisticated attacks (and multiple levels in-between).
I've worked with a lot of companies that have gotten themselves caught out by the simple (grunt level) attacks because they haven't invested in security (or have does so poorly). I've also seen some very sophisticated attacks that have taken considerable effort and were entirely targeted at that organisation.
Getting the basics right is something that everyone should be doing in terms of IT security, but there's a lot more that should be done beyond that for large companies and critical infrastructure.
Making nearly identically looking copies of American products is an art the Chinese have perfected in generations.
are the ones that don't get caught. Americans only detect the lousy attempts.
They don't need particularly sophisticated techniques when their favored targets insist on using that steaming pile of insecure shit known as Windows. Using Windows for anything critical is sort of like being a gazelle and bathing in meat tenderizer, you are just making it too easy and too tempting for the lion to come and eat you.
Monstar L
Sounds kind of like the Bomber Gap.
HAHAHAHAHA, it's so adorable that you believe that Microsoft bullshit. You want to know why Microsoft servers are so rarely hacked? Because so many people got burned running Windows bullshit that very, VERY few websites actually run Windows or IIS, and thus they are not compromised. Also, the # of vulnerabilities is a bullshit metric that Microsoft likes to tout because it's the ONLY metric that makes them look good, the thing is the vast majority of Linux kernel bugs are actually escalation of privilege attacks that require a local account and even then they are mostly theoretical, now compare that to Windows where the patched vulnerabilities are serious remote exploit bugs that represent real threats. Not to mention that Linux, being OPEN, actually accurately reports it's vulnerabilities, whereas Microsoft does not.NOt to mention that huge security vulnerability that Microsoft calls a feature called Genuine Advantage.
But yeah, continue to use that toy called Windows and consider yourself secure, I'm sure the hackers will enjoy just how easy you are making it to hack you.
Monstar L
The summary talks about 'command and control, air defense and intelligence networks', but what about plain old infrastructure networks such as electricity grids, hospitals, power utilities, etc, not to mention defense contractors and others. Just because they might not be able to hack the CIA doesn't mean they haven't been hacking the Boeings, Lockheed-Martins, Rayethons, etc, for the past decade or so.
All I had to do was read the first line of your post to realize that you have 0 clue about anything, so there was no reason to even bother with the rest, you are just some MSCE who is worried because your platform is becoming irrelevant. Android uses the Linux kernel yes, but that doesn't make it some sort of "Linux variant", at least not in the same way that you seem to think it is. Unlike Windows, anyone is free to modify Linux, and the overwhelming majority of the "flaws" you point out are with things that Google or other parties have added on to the Linux kernel, Android and the OS that runs on web servers are very different beasts. But yeah, I'm sure with that MSCE cert you will go far in a world that is ditching Windows as fast as it can because it's such flaming pile of insecure shit.
Monstar L
Time to dismantle you, point-by-point, as is my "usual style":
"and the overwhelming majority of the "flaws" you point out are with things that Google or other parties have added on to the Linux kernel" - by antifoidulus (807088) on Tuesday November 01, @07:47PM (#37914304) Homepage
WTF? I pointed out FLAWS IN THE LINUX KERNEL ITSELF - THE CURRENT MAINSTREAM ONE NO LESS!
(With 3 remotely vulnerable unpatched ones as well, the WORST TYPE, & 4x++ the # of unpatched security vulnerabilities in Windows Server 2008 too, mind you)
See again, here:
http://secunia.com/advisories/product/2719/?task=advisories
vs. this:
http://secunia.com/advisories/product/18255/?task=advisories
Now, you may not LIKE that, but it's documented fact!
---
"Android uses the Linux kernel yes, but that doesn't make it some sort of "Linux variant", at least not in the same way that you seem to think it is." - by antifoidulus (807088) on Tuesday November 01, @07:47PM (#37914304) Homepage
LOL, that's the DUMBEST THING you've said here so you know... it uses the LINUX KERNEL - it is THUS, a Linux!
---
"Android and the OS that runs on web servers are very different beasts." - by antifoidulus (807088) on Tuesday November 01, @07:47PM (#37914304) Homepage
That use the same core/kernel... lol, both Linux kernel, mind you, and apparently LATELY, per my 1st post to you here:
http://it.slashdot.org/comments.pl?sid=2504516&cid=37914046
NEITHER ARE DOING VERY WELL ON THE SECURITY FRONT LATELY, since that information is VERY RECENT TOO, no less!
"Read 'em, & weep"...
---
"All I had to do was read the first line of your post to realize that you have 0 clue about anything, so there was no reason to even bother with the rest, you are just some MSCE who is worried because your platform is becoming irrelevant." - by antifoidulus (807088) on Tuesday November 01, @07:47PM (#37914304) Homepage
Linux already IS "irrelevant" in the eyes of the majority of users out there. See here on that note (marketshare):
http://www.netmarketshare.com/
So much for Linux eh? Damn near last place... it IS irrelevant in the eyes of the majority of the users on the planet.
---
"Unlike Windows, anyone is free to modify Linux" - by antifoidulus (807088) on Tuesday November 01, @07:47PM (#37914304) Homepage
Anyone is free to step trace said code to find flaws, which is far, Far, FAR EASIER than using debuggers/disassemblers on closed source code (or using fuzzers) to find flaws that way, mind you...
---
"But yeah, I'm sure with that MSCE cert you will go far in a world that is ditching Windows as fast as it can because it's such flaming pile of insecure shit." - by antifoidulus (807088) on Tuesday November 01, @07:47PM (#37914304) Homepage
I used to have MCSE (Windows NT 3.51 days) but have since moved onto coding solely (rather mostly), since 1996 onwards to presently.
APK
P.S.=> You can use all the "frustrated profanity" & name calling adhominem attack b.s. you like, but it only shows that TRUTH HURTS & you? You can't HANDLE THE TRUTH!
... apk
I mean, since they (Corporate America) have offshored the majority of the production assets there, and the capital assets there, and along with offshoring all those jobs, they've offshored that technology many of us were involved in creating, and both the Clinton and the Bush administrations gave them free military technology (pretty much), why would anyone really care now that those scumbags and their shills want to create fear about them. They shipped them all the weaponry, let them go fight them or stew about them, but leave us sane and poor people out of their moronic scripts.
You should read the shill, David Wise's book, Tiger Trap, where he inverts everything and when one views the situation without Wise's assumptions, it becomes evident that it supports what Sibel Edmonds said about a secret weapons-selling network within the government (not to mention that his book was rife with errors: pay close attention to pp. 101, 106, 107, and p. 88). Although it's been long obvious to many that the FBI has been completely compromised, both the Wall Street and the Chinese Ministry of State Security.
I get your point but I'd prefer to compare it to the overestimation of the Mig-25's capabilities. This seems more appropriate since it offers a comparable state vs state situation. So the Mig-25 is overestimated, the F-15 is designed to handle this "threat", and the F-15 go on to have a kill/loss ratio of 104:0. It seems there is something to be said for overestimating a potential foe.
However, if you are going to accuse China otherwise, you had better be ready for an all out global nuclear war with them and their puppet countries who already hate the US and their allies.
I'd put the US and Israeli hackers up against anyone. But the fact is that most security in the US is non-existent to pathetic, and it would not be difficult to create enough havoc to disrupt military operations while a sneak attack was launched.
Some people tend to worry more about fires, floods, hurricanes, tornadoes, etc, than they likely need to. But they still happen, and you don't want to be the unlucky individual hit by one and be unprepared for it.
I got drunk with a Chinese national in college once, he started going on about how China will be great in the future the way the US is great now, maybe greater.... real national pride coming through in a way I have never seen in any American, even the NASA heads in Houston weren't that fervently patriotic.
They outnumber the US in population by more than 3-1, they have at least as many children educated to a level where they can didactically learn h4x0r 5x1llz like our kids do. And, if they give these kids enough free time, they'll be growing cyberwarriors the same way we do, but I think they'll have an easier time inducting them into the military and giving them direction.
According to Richard Clarke, a former National Security advisor, and Special Advisor to the President on cybersecurity and cyberterrorism, it's not that China has extraordinary capabilities for cyber attack. It's the US that has essentially no defense. The US is the country with the highest penetration of the Internet in infrastructure (power grid, defense contractors, etc), often run with systems not designed to be exposed to the Internet itself. There is currently no government plan to defend against any attack. Contrary to that China has strong defenses and it can shut itself down from the rest of the internet, to prevent major infrastractural disruption. It's all in here:
http://www.amazon.com/Cyber-War-Threat-National-Security/dp/0061962244/
Just sayin' the worlds largest "Software Security" firm is on the underside of a joint venture with a Chinese network hardware manufacturer....and by the way, all government run computers are required to run said security software....
http://en.wikipedia.org/wiki/Huawei_Symantec
The article's main point is pure conjecture and speculation by the author... and some statements are provably false:
There is no evidence that China's cyber-warriors can penetrate highly secure networks or covertly steal or falsify critical data,'
Titan Rain
Moonlight Maze
Operation Aurora
GhostNet
GreenDam
And that is just the publicly documented cases. How many have been hidden under the seal of "National Security" or were never detected in the first place?
I'd say that it involved pretty meaningful stuff, suggesting China's capability. Unless it wasn't China that did it.
Why is it that every company insists on connecting to the internet? Government and weapons tech companies should have isolated networks. Any outside communications only to be allowed by some computers or devices connected to another network alltogether. If they absolutely must, set up a firewall between the 2 LAN's only allowing very specific required forms of inbound and outbound traffic. No Web Browsers or email on the secure side.
Chinese hackers were trying to hack Pentagon's server, after billionth try server agreed that it's password is "Mao".
Did you go read that article about Turbo Pascal? Isn't that the precursor to Delphi?
Jesus was all right but his disciples were thick and ordinary. -John Lennon
In other news, Chinese scientists-make blood from rice!
http://www.cbsnews.com/8301-504763_162-20128572-10391704/scientists-get-blood-protein-from-rice-whats-it-for/
"Scientists have found a way to use rice to "grow" the critical human blood protein albumin, which is used to make vaccines and to treat cirrhosis of the liver and other medical problems. "It looks like an interesting technological step forward," Dr. Richard J. Benjamin, chief medical officer for the American National Red Cross, told Fox News. "It could potentially produce large quantities in a reasonable time." How did scientists pull off something that sounds like make-believe? It all started in China, where the protein is in short supply and blood samples are often contaminated. "That's what prompted me to do something like this," lead researcher Daichang Yang, a plant biotechnologist at China's Wuhan University, told Nature News."
So, the scientific and technical capacities of China continues to make the headlines in all scientific and technical fields, except, yes except that the Chinese just cannot seem to grasp the intricacies of cyber warfare, or?
Only detecting a handful sophisticated attacks is surely a massive cause for concern not vague complacency?
Even if the opponents are completely unsophisticated you shouldn't assume that most western agencies have any degree of security sophistication.
I find it very ironic that someone posts a story about Chinese ability to hack, and it is a PDF. No way in hell I am clicking on that sucker.
"If you only knew the POWER of the DARK SIDE!"
This really reads like a challenge: "They would be unable to systematically cripple selected command and control, air defense and intelligence networks and databases of advanced adversaries, or to conduct deception operations by secretly manipulating the data in these networks." Just like the time it was announced that the power grid is vulnerable to hacking from the Internet. Are we calling them out?
"Appear weak when you are strong, and strong when you are weak.”
blindly antisocialist = antisocial
Did you read this article? You're off topic, troll.
I would have to respectfully disagree that China is not a threat. China is a very legitimate cyber-warfare threat. The difference between China and other countries is they don't try to hide it. But they are definitely the 800lb gorilla. Need proof? Take a look at some of the ships and planes they've been coming out with lately. Look at the technology they have been producing lately. Look familiar? Ever wonder how they got the idea? Just sayin'.
I die a little inside when people talk about "cyberwar" and then use terms like "logic bombs." They try to dress up technical activities in military vernacular and it just sounds like bad scifi.
This is how you tell that the author has no real clue on the subject matter.
The main threat from China on the internet is the size of it's population.
"...ten cyber-warfare missions were rehearsed, including planting (dis)information mines; conducting information reconnaissance; changing network data; releasing information bombs; dumping information garbage; releasing clone information; organising information defence; and establishing âznetwork spy stationsâY.
We have been in a "cyber" cold war with the Chinese (and others) for years. The recent theft of IP at RSA and many other companies is due to reasonably sophisticated persistent malware (advanced persistent threat in marketing terms) that can take a medium size business months to eradicate with outside professional help. Basically, there is a lot of information gathering going on and a lot of theft of things the US tries to restrict the Chinese from acquiring. To underestimate their abilities, goals, and motivation is foolish. To think we are being any nicer to them is absurd.
Do really dense people warp space more than others?
Anyone else smell a decoy? Wouldn't that be an obvious move for China? Use weak and ineffective trojans and malware side by side with undetectable powerful ones to give the illusion of a weak cyber attacking ability and make the victim(s) feel like the threat has been detected and removed.
American counter-cyber-warfare capabilities overstated?
Chinese chip manufacturers hack the VHDL source to install back-doors in all chips. The Chinese military then uses these back doors to install key-logging software on any computer controlled by these chips, then use the key-loggers to steal passwords from people who have control over very dangerous things. They then forge identities and start taking control of stuff that needs more than just a password to access.
Really, this is beyond their capabilities? A bit optimistic, aren't we?