Slashdot Mirror
China's Cyber-Warfare Capabilities Overstated
An anonymous reader writes "A new paper argues that China's cyber-warfare capability is actually pretty poor. '[China has] evinced little proficiency with more sophisticated hacking techniques. The viruses and Trojan Horses they have used have been fairly easy to detect and remove before any damage has been done or data stolen. There is no evidence that China's cyber-warriors can penetrate highly secure networks or covertly steal or falsify critical data,' the paper reads (PDF). 'They would be unable to systematically cripple selected command and control, air defense and intelligence networks and databases of advanced adversaries, or to conduct deception operations by secretly manipulating the data in these networks.'"
Thats what they want you to think.
Sig? Heil
Can we all just agree not to use the word "Cyber" anymore? It sound like some sort of silly late 80s early 90s grade B film.
Personally, I'd rather we far overstated China's abilities and designed our systems to counter such a threat.
Would you rather overestimate their abilities or underestimate them?
An anonymous cocksmoker writes
"A new paper argues that AC's cyber-first posting capability is actually pretty fucking solid. '[AC has] evinced major proficiency with more sophisticated hacking techniques. The lubrication and Trojan condoms they have used have been fairly easy to detect and remove before any jacking has been done or fluids swapped. There is ample evidence that AC's cyber-frosters can penetrate highly secure networks and covertly obtain Frostius Postius,' the paper reads (PDF). 'They would be able to systematically cripple selected command and control, air defense and intelligence networks and databases of advanced adversaries by continually first posting them into oblivion."
Because governments love to publicize when someone breaks into their highly secure networks. Every day, the spokespeople for various government agencies get to work and say to themselves, "Boy, I really wish I could announce that our networks have been hacked! That would really make my day!!". The leaders of said agencies go to sleep every night wishing that they could spend tomorrow being grilled by a legislative body over their swiss-cheese network defenses. But alas, tomorrow just brings another boring day of budget meetings.
Or just maybe they don't talk about it.
truisms are true.
slashdot = stagnated.
Look at their stealth bomber and their stealth fighter.. look familiar? You might think to yourself "hmm.. their stealth bomber looks nearly identical to ours.. and hey!! so does their stealth fighter!" And they just magic'd them out of nowhere. No decades of research.. no skunk-works or area 51 for testing.. just POOF.. a few years after we come up with them and BAM.. China has nearly identical copies. Just a coincidence i'm sure.
Does the summary strike anyone else as a bit xenophobic? Or perhaps a bit skewed toward occidental cultures?
looks like top gun! buzz the tower!!
Maybe the low level attacks are noise to mask something higher, I find it hard to believe China can't muster a sophisticated attack, very hard to believe.
It's even amusing that the report is in PDF form, not like there's any danger there ::eyeball roll::
Did we really need this paper to tell us that China's pathetic, underpaid skeleton of a software industry was no match for the NSA?
The Imperial mindset is this - if a potential rival or adversary is capable of even token resistance, then this is a major emergency and they are a threat to our entire way of life! See also, Sandanistas three days drive from Texas, the peril posed by Sioux and Mexicans, Saddam and his mushroom cloud, and of course the Yellow Peril.
I don't doubt that the Chinese would love to develop some kind of "cyberwarfare" capability as a deterrent to a potential attack we might launch. You may get an occasional Chinese loose cannon who'll hack into something state-side, but they'd have to be insane to actually start anything. Meanwhile, our massive "cyberwarfare" capability would let us take their entire grid dark, if they had the poor taste to introduce modern computer control to their infrastructure, which they'll probably do anyway, counting on the continued alliance between the CPC and the 0.1% of Americans getting rich off of exploiting the slave labor the CPC sells them.
They were good enough to compromise the RSA token database and then use that information to compromise lockheed martin. I suppose it would be more impressive if neither company had noticed it, but of course it is very likely they have compromised other companies who have no idea it happened.
They certainly aren't world leaders in this space, but they get the job done pretty regularly.
A few years ago, in Ramadi Iraq I got shot by a sniper (twice!). It was pretty bad, but not nearly as horrific as if a foreign nation had totally crashed my web domain and/or email server. God help me if those bastard wrecked my telnet... I probably wouldn't be here today to tell the tale.
Surely if Desmond Ball says it was not the Chinese military which took over control of U.S. Weather Satellites, potentially rendering them into anti-satellite weapons, then I guess we can stop worrying about it.
I don't know who this Desmond Ball person is, but... he published a paper! Wow.
Slashdot = Disinformative
title says it all
..whistling past the graveyard. It sounds a /lot/ like what US automobile manufacturers said about the Japanese in the 60s and 70s. And then the Japanese whipped Ford, Chrysler, and GM's collective asses.
Go ahead, dismiss your opponent as incompetent. Down that road lies complacency and defeat.
--
BMO
Have they learned from the Japanese!
http://www.southparkstudios.com/clips/103420/japanese-charm
Who or what entity has been hacking into major US companies if it's not China? North Korea, nope. Russia? Not their style.
Politicians and journalists from English speaking countries ALWAYS overstate the potential of national threats. And boy do they love their security theatre. The best one: The American president giving a speech abroad. Hilarious!
the principles behind how geometric shapes deflect, refract or break the radio waves have been known since 1950s. any object made to do that, would resemble another object built to do that.
Read radical news here
They would be unable to systematically cripple selected command and control, air defense and intelligence networks and databases of advanced adversaries, or to conduct deception operations by secretly manipulating the data in these networks.
But, could we (as in the US) do those things? Because that would be super.
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery?" - Patrick Henry
Just a PsyOp article to get China to show their full strength. Trollin the Chinese.
What difference does it make whether the attacks are detectable? DDoS for example is detectable, but that doesn't make it any less potent of a weapon. As someone who has dealt with blocking Chinese break-in attempts for years, and at one point blacklisted IP blocks from the entire region, I can tell you that China is a scourge on the internet at best, and a damaging force against major targets at worst. There's more than enough evidence of that.
Came as a complete Don't be a sling LIKE I SHOULD BE Raymond in his the chaanel to sign WASTE OF BITS AND has brought upon Awesome and committees knows that ever
with out the safety
In the japan system there is a 45-year, nearly 7 billion-passenger history, there have been no passenger fatalities due to derailments or collisions,
China system is no where near that.
it there. Bring and sold in the want them there. Though, I have to lagged behind, Prima d0Nnas, and Argued by Eric as possible? How
To dismiss all of the attacks from China is a little naive.
There is a lot of spyware that comes out of China, and most of it is crap. They have different levels however, much like in the army you have lots of grunts who can perform simple attacks, and a small number of highly trained specialists who can perform very sophisticated attacks (and multiple levels in-between).
I've worked with a lot of companies that have gotten themselves caught out by the simple (grunt level) attacks because they haven't invested in security (or have does so poorly). I've also seen some very sophisticated attacks that have taken considerable effort and were entirely targeted at that organisation.
Getting the basics right is something that everyone should be doing in terms of IT security, but there's a lot more that should be done beyond that for large companies and critical infrastructure.
Making nearly identically looking copies of American products is an art the Chinese have perfected in generations.
are the ones that don't get caught. Americans only detect the lousy attempts.
They don't need particularly sophisticated techniques when their favored targets insist on using that steaming pile of insecure shit known as Windows. Using Windows for anything critical is sort of like being a gazelle and bathing in meat tenderizer, you are just making it too easy and too tempting for the lion to come and eat you.
Monstar L
That ran Linux?? 3/4 of them were that, see here:
http://uptime.netcraft.com/up/graph?site=StartCom.com
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
http://uptime.netcraft.com/up/graph?site=Comodo.com
Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/
(The only one that doesn't was diginotar.nl, & they either didn't update properly, and ought to use Windows Server 2008 + IIS7 (vs. Windows Server 2003 + IIS6)).
However, antifoidulus, since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not) as you seem to insinuate:
---
KERNEL.ORG COMPROMISED:
http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised
---
Linux.com pwned in fresh round of cyber break-ins:
http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/
---
Breaching Fort Apache.org - What went wrong?
http://www.theregister.co.uk/2009/09/03/apache_website_breach_postmortem/
---
Mysql.com Hacked, Made To Serve Malware:
http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware
---
*That's ALL pretty current information... very recent too!
APK
P.S.=> And, lastly of course? There's ANDROID (a Linux variant) so please, tell us - how's THAT doing on the security front?? Not very well...
This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...
Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this)
There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.
Guys, listen - they ALL need work on the security front, every OS there is!
Even though Windows Server 2008 shows less unpatched security vulnerabilities http://secunia.com/advisories/product/18255/?task=advisories than the Linux CURRENT KERNEL ALONE http://secunia.com/advisories/product/2719/?task=advisories
(Mind you, it would be more unpatched security bugs present on a full linux distro most likely due to app bugs that come in said distro beyond the kernel, unless vendors fixed them OR omitted putting those buggy programs into said distro)
4x++ less unpatched security vulnerabilities in Windows Server 2008 vs. Linux current mainstream kernel only, in fact - see for yourself!
... apk
Sounds kind of like the Bomber Gap.
Regarding Linux & it's "fine security" (not - ESPECIALLY ANDROID (a linux variant)), here http://it.slashdot.org/comments.pl?sid=2504516&cid=37914046 that's VERY CURRENT on all points I posted (of sites running linux being cracked into, including ironically enough LINUX.COM &/or KERNEL.ORG as well, amongst others... including the extremely recently breached CA's too!)
Now, on this note from you? Hehe, ok:
"But yeah, continue to use that toy called Windows and consider yourself secure, I'm sure the hackers will enjoy just how easy you are making it to hack you" - by antifoidulus (807088) on Tuesday November 01, @07:28PM (#37914134) Homepage
You're talking to "the guy that wrote the book" practically, on how to secure Windows, per this evidence thereof, & yes, it really works and CAN be done (patching, security hardening, & 'smart/judicious' websurfing - user education etc. + more):
To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE
I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:
http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text
& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.
That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...
Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:
---
1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))
---
Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:
---
SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2
"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral
AND
"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral
AND
The summary talks about 'command and control, air defense and intelligence networks', but what about plain old infrastructure networks such as electricity grids, hospitals, power utilities, etc, not to mention defense contractors and others. Just because they might not be able to hack the CIA doesn't mean they haven't been hacking the Boeings, Lockheed-Martins, Rayethons, etc, for the past decade or so.
I mean, since they (Corporate America) have offshored the majority of the production assets there, and the capital assets there, and along with offshoring all those jobs, they've offshored that technology many of us were involved in creating, and both the Clinton and the Bush administrations gave them free military technology (pretty much), why would anyone really care now that those scumbags and their shills want to create fear about them. They shipped them all the weaponry, let them go fight them or stew about them, but leave us sane and poor people out of their moronic scripts.
You should read the shill, David Wise's book, Tiger Trap, where he inverts everything and when one views the situation without Wise's assumptions, it becomes evident that it supports what Sibel Edmonds said about a secret weapons-selling network within the government (not to mention that his book was rife with errors: pay close attention to pp. 101, 106, 107, and p. 88). Although it's been long obvious to many that the FBI has been completely compromised, both the Wall Street and the Chinese Ministry of State Security.
I get your point but I'd prefer to compare it to the overestimation of the Mig-25's capabilities. This seems more appropriate since it offers a comparable state vs state situation. So the Mig-25 is overestimated, the F-15 is designed to handle this "threat", and the F-15 go on to have a kill/loss ratio of 104:0. It seems there is something to be said for overestimating a potential foe.
However, if you are going to accuse China otherwise, you had better be ready for an all out global nuclear war with them and their puppet countries who already hate the US and their allies.
I'd put the US and Israeli hackers up against anyone. But the fact is that most security in the US is non-existent to pathetic, and it would not be difficult to create enough havoc to disrupt military operations while a sneak attack was launched.
Some people tend to worry more about fires, floods, hurricanes, tornadoes, etc, than they likely need to. But they still happen, and you don't want to be the unlucky individual hit by one and be unprepared for it.
I got drunk with a Chinese national in college once, he started going on about how China will be great in the future the way the US is great now, maybe greater.... real national pride coming through in a way I have never seen in any American, even the NASA heads in Houston weren't that fervently patriotic.
They outnumber the US in population by more than 3-1, they have at least as many children educated to a level where they can didactically learn h4x0r 5x1llz like our kids do. And, if they give these kids enough free time, they'll be growing cyberwarriors the same way we do, but I think they'll have an easier time inducting them into the military and giving them direction.
According to Richard Clarke, a former National Security advisor, and Special Advisor to the President on cybersecurity and cyberterrorism, it's not that China has extraordinary capabilities for cyber attack. It's the US that has essentially no defense. The US is the country with the highest penetration of the Internet in infrastructure (power grid, defense contractors, etc), often run with systems not designed to be exposed to the Internet itself. There is currently no government plan to defend against any attack. Contrary to that China has strong defenses and it can shut itself down from the rest of the internet, to prevent major infrastractural disruption. It's all in here:
http://www.amazon.com/Cyber-War-Threat-National-Security/dp/0061962244/
Just sayin' the worlds largest "Software Security" firm is on the underside of a joint venture with a Chinese network hardware manufacturer....and by the way, all government run computers are required to run said security software....
http://en.wikipedia.org/wiki/Huawei_Symantec
The article's main point is pure conjecture and speculation by the author... and some statements are provably false:
There is no evidence that China's cyber-warriors can penetrate highly secure networks or covertly steal or falsify critical data,'
Titan Rain
Moonlight Maze
Operation Aurora
GhostNet
GreenDam
And that is just the publicly documented cases. How many have been hidden under the seal of "National Security" or were never detected in the first place?
I'd say that it involved pretty meaningful stuff, suggesting China's capability. Unless it wasn't China that did it.
Why is it that every company insists on connecting to the internet? Government and weapons tech companies should have isolated networks. Any outside communications only to be allowed by some computers or devices connected to another network alltogether. If they absolutely must, set up a firewall between the 2 LAN's only allowing very specific required forms of inbound and outbound traffic. No Web Browsers or email on the secure side.
Chinese hackers were trying to hack Pentagon's server, after billionth try server agreed that it's password is "Mao".
In other news, Chinese scientists-make blood from rice!
http://www.cbsnews.com/8301-504763_162-20128572-10391704/scientists-get-blood-protein-from-rice-whats-it-for/
"Scientists have found a way to use rice to "grow" the critical human blood protein albumin, which is used to make vaccines and to treat cirrhosis of the liver and other medical problems. "It looks like an interesting technological step forward," Dr. Richard J. Benjamin, chief medical officer for the American National Red Cross, told Fox News. "It could potentially produce large quantities in a reasonable time." How did scientists pull off something that sounds like make-believe? It all started in China, where the protein is in short supply and blood samples are often contaminated. "That's what prompted me to do something like this," lead researcher Daichang Yang, a plant biotechnologist at China's Wuhan University, told Nature News."
So, the scientific and technical capacities of China continues to make the headlines in all scientific and technical fields, except, yes except that the Chinese just cannot seem to grasp the intricacies of cyber warfare, or?
Only detecting a handful sophisticated attacks is surely a massive cause for concern not vague complacency?
Even if the opponents are completely unsophisticated you shouldn't assume that most western agencies have any degree of security sophistication.
I find it very ironic that someone posts a story about Chinese ability to hack, and it is a PDF. No way in hell I am clicking on that sucker.
"If you only knew the POWER of the DARK SIDE!"
This really reads like a challenge: "They would be unable to systematically cripple selected command and control, air defense and intelligence networks and databases of advanced adversaries, or to conduct deception operations by secretly manipulating the data in these networks." Just like the time it was announced that the power grid is vulnerable to hacking from the Internet. Are we calling them out?
"Appear weak when you are strong, and strong when you are weak.”
blindly antisocialist = antisocial
I would have to respectfully disagree that China is not a threat. China is a very legitimate cyber-warfare threat. The difference between China and other countries is they don't try to hide it. But they are definitely the 800lb gorilla. Need proof? Take a look at some of the ships and planes they've been coming out with lately. Look at the technology they have been producing lately. Look familiar? Ever wonder how they got the idea? Just sayin'.
I die a little inside when people talk about "cyberwar" and then use terms like "logic bombs." They try to dress up technical activities in military vernacular and it just sounds like bad scifi.
This is how you tell that the author has no real clue on the subject matter.
The main threat from China on the internet is the size of it's population.
"...ten cyber-warfare missions were rehearsed, including planting (dis)information mines; conducting information reconnaissance; changing network data; releasing information bombs; dumping information garbage; releasing clone information; organising information defence; and establishing âznetwork spy stationsâY.
We have been in a "cyber" cold war with the Chinese (and others) for years. The recent theft of IP at RSA and many other companies is due to reasonably sophisticated persistent malware (advanced persistent threat in marketing terms) that can take a medium size business months to eradicate with outside professional help. Basically, there is a lot of information gathering going on and a lot of theft of things the US tries to restrict the Chinese from acquiring. To underestimate their abilities, goals, and motivation is foolish. To think we are being any nicer to them is absurd.
Do really dense people warp space more than others?
Anyone else smell a decoy? Wouldn't that be an obvious move for China? Use weak and ineffective trojans and malware side by side with undetectable powerful ones to give the illusion of a weak cyber attacking ability and make the victim(s) feel like the threat has been detected and removed.
American counter-cyber-warfare capabilities overstated?
Chinese chip manufacturers hack the VHDL source to install back-doors in all chips. The Chinese military then uses these back doors to install key-logging software on any computer controlled by these chips, then use the key-loggers to steal passwords from people who have control over very dangerous things. They then forge identities and start taking control of stuff that needs more than just a password to access.
Really, this is beyond their capabilities? A bit optimistic, aren't we?