Slashdot Mirror
The Undeclared "Cyber Cold War" With China
First time accepted submitter lacaprup writes "Chinese-based hacking of 760 different corporations reflects a growing, undeclared cyber war. From giants like Intel and Google to unknowns like iBahn, the Chinese hackers are accused of stealing everything isn't nailed down. Simply put, it is easier and cheaper to steal rather than develop the legal way. China has consistently denied it has any responsibility for hacking that originated from servers on its soil, but — based on what is known of attacks from China, Russia and other countries — a declassified estimate of the value of the blueprints, chemical formulas and other material stolen from U.S. corporate computers in the last year reached almost $500 billion"
Yep pretty sure us Yankees invented the concept, along w the personal computer and the internet, shame some of us are getting schooled on it, a glimpse into American decay? Or the start of a security renaissance?
It's a hot trade war, with one side believing the rules don't apply to them, and the other side letting them get away with it.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
I'm sure the Chinese government has their crack team of hackers, just like we do. Having said that...
I run a honeypot at work. 70% of the attacks do come from Chinese machines, but I suspect that's because the Chinese buy those $2 pre-hacked warez'd Windows CD's at the market and don't install security updates.
Of the actual living, breathing hackers that log into my honeypot, 1/3 of them come from Romanian IP's, and another 1/3 come from other eastern European countries, but the text files/strings in their utilities are Romanian. Wired has a good article which partly corroborates this.
http://www.wired.com/magazine/2011/01/ff_hackerville_romania/all/1
I see two modes of attack. 98% are single machines launching 100's of attacks. 70% of those are in China. The other 2% are distributed attacks. These are more likely to be major power intelligence agencies, and don't have anywhere near the geographic concentration as the single-machine attacks (Chinese IP's are 15% of distributed attacks, same as Brazil).
Every black hat is probably running their operations through proxies in China these days so that the Western companies they break into will just say "damn dirty Chinese!" and never suspect someone in Europe or maybe just a few blocks away. China is a jurisdictional black hole.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Undeclared my ass. It's in the media, it's widely known, and pretty much the only rule is not to do something to the other side's infrastructure that kills people directly or gets too much of the population upset. That's like calling the intelligence war undeclared because the sides don't admit that they try to get plans of the other side's military hardware--only more so. We don't declare war, and this isn't a physical war, and there are certain proportionality requirements--and we argue for a pretension of deniability, but not plausible deniability.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
This is probably going to sound racist, when I don't really intend it to. It's more "culturist" than anything else.
I work for a post-secondary institution with a large international student program. Most of our international students come from China, and when we break down the stats, the Chinese students are the most likely students to plagiarize others work, both in our online learning management system and in our face to face classroom environments.
What's more, they make no effort to hide their "enhanced group work" skills from their instructors. We've asked several of the students about this behaviour and have been told "that's how things work in China. It's commonplace there."
So it doesn't surprise me that Chinese hackers are trying to steal information from western companies.
Stole informational assets worth $500 billion over the past year? Um, does anyone bother to do basic reality checks?
$500 billion is about 1/3 of the US's GDP for all of 2010.
So ... no, just ... just no.
Information theory is life. The rest is just the KL divergence.
Did you read TFA?
Check your premises.
We're seen this same shit since the 90's. Main function of it is to gain further laws in the US that makes it easier to abuse US nationals. Apart from the technical ignorance (if you were hacker, would you think of doing the connection yourself or using Chinese proxy!), US and Israel are the only countries in the world that want to use internet for sabotage. There have been numerous news about how hardly cybersabotage would hit US infrastucture, but it doesn't. It's a play to get acceptance towards U.S. doing that exact thing for nations they don't like, like Iran.
U.S. has every time shown that they ignore any good practices and just abuse when they can. I do not trust Iran any more, but since U.S. lies about their tactics too, why should I trust them either? Lieing to me makes you an asshole.
It's more than time for the poor little American-based multi-nationals to think about seriously investing in real security. If your stuff is so valuable (don't believe that figure for an instant) how come it's so easily snatched?
You're an order of magnitude off. US GDP is $15 trillion so that's only 3.3%. Learn2maths.
It's RIAA/MPAA math.
retrorocket.o not found, launch anyway?
If I made a dollar 3 years ago and had it stolen this year how much did I have stolen this year? $0 because I didn't make that dollar this year?
I don't believe the $500 billion estimate either but refuting it based upon how much money was made in the US in 2010 doesn't sound right to me.
Like say Google's source code for their search index was stolen how much is that valued at? Does the value only count for parts that were developed in the past year or could it have just been made MORE valuable in the last year.
If my anthropology textbook is correct, "Chinese" is a specific subgroup of the "mongoloid" or "yellow" race, actually.
I'll need to verify at the library, though; I'm a bit poor so I haven't been able to update my textbook since the 1883 edition.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Also, patent violations were an American concept back in the day (see Hollywood). Countries (and companies) on the way up view patents as a hindrance, shackling their energy and creativity. Countries on the way down view them as a benefit, holding on to their accumulated wealth and power even once they're no longer earning it.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
We wanted the "information economy", we got it. We ignored material progress and persisted in keeping an antiquated notion of "work" going for what? The work week was about 100 hours in the 19th century and was closer to 50 by the beginning of the 20th century. Despite all the "progress" I keep hearing about and how "productive" we all are sitting at our computers, the work week hasn't reduced, and it still takes 25 years to pay for a house built out of standard parts in six weeks.
We insist on performing theater for each other while farmers feed us, instead of really analyzing what gets done by who and FOR who.
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A5-2001-0264+0+DOC+PDF+V0//EN&language=EN
TLDR: English-speaking nations around the world have conspired to use their signals intelligence capability (ECHELON) to engage in industrial espionage and pass trade secrets on to their own corporations.
Palm trees and 8
Digital security only reached great public consciousness in the past decade and a half, after much infrastructure was already built up in the US. China is modernizing in a much more security conscious time, so they have a bit of an advantage there. The US is also further along in digitizing things (whether they should be or not), which puts them at a disadvantage.
Also, and this is probably the biggest one imho, the government has privatized everything. All other considerations aside, if you have digital and classified documents in a lot of third parties' hands, you're going to open yourself up to a lot of attack vectors. All in all, it's a nightmare thinking about keeping a network that includes every military contractor secure.
Stole informational assets worth $500 billion over the past year? Um, does anyone bother to do basic reality checks?
The reality check is it's impossible to put a monetary value on "stolen" data, because data only has value if it contains useful information. If I stole the production plans for the Boeing 747, it wouldn't be of value because I do not have the means to build 747s. Or in the '90s, the RIAA claiming that everyone who illegally downloaded an mp3 would have bought the album it it weren't available on Napster.
Good thing the money was "lost" the same way that the RIAA "lost" money from copyright infringement.
Palm trees and 8
A little consistency, please. Making a copy doesn't deprive anyone of anything, right? It's all just math anyway, 1s and 0s. Corporations bad, tree pretty.
If you were blocking sigs, you wouldn't have to read this.
And it's perpetrated by every nation on the planet.
It's no secret that the Industrial Revolution got a kickstart in the US via "stolen IP." The legend is that Samuel Slater memorized drawings across the pond in Blighty and came here with them in his head.
Another example would be dumpster diving at your competitor's company. Cutting up start strips from stamping operations is not because you want them to fit in the recycling dumpster better. The same for shredding code printouts and printed spreadsheets.
To suddenly be surprised that this is being done electronically on a systematic scale is to be utterly ignorant of history. And frankly, singling out China smells of hypocrisy, especially after two decades of US manufacturing companies willingly transferring their core manufacturing to China completely oblivious to the long term effects.
Why reinvent the wheel from scratch when you can simply snag the wheel.dwg from your competitor's computer?
--
BMO
What exactly did you expect? It's not just China, of course. We outsource to India, China, the Middle East and even Pakistan. We also educate foreigners here, and not in ethnomusicology or interpretive dance either. Do you think no theft will occur? No backdoors in hardware or software? No designs, models or code will be resold to competitors for a profit without your knowledge?
First we sold our security to the Arabs for cheap oil. Then we sold our minds to China and India for some cost savings. Our children will be selling their bodies, I expect.
Please do not read this sig. Thank you.
You are failing to take into account the simple fact that a single piece of paper, digital or real, can contain information that cost billions to obtain.
There is no reason to assume what is being stolen was created within a single calendar year.
It's not that hard to find a balance between security and usability. At least try. When I read about:
* un-encrypted data on portable devices getting lost[1]
* tapes being swiped in people's cars[2]
* servers with egregiously unsecured login portals[3]
I'm not sure why people aren't just allowing google to index their entire infrastructure. Really. It would be cheap backup and really easy to find your stuff. Sure, 0-days happen, mistakes are made, admins are not infallible but I can't blame the Chinese (or whoever) for picking the low-hanging fruit when it's been places so close to the ground.
[1] - http://www.phiprivacy.net/?p=6572
[2] - http://www.mysanantonio.com/news/military/article/Tricare-patient-data-lost-in-car-burglary-2195822.php
[3] - www.dataprotectioncenter.com/antivirus/sophos/second-dutch-security-firm-hacked-unsecured-phpmyadmin-implicated/
Join the Slashcott! Feb 10 thru Feb 17!
"it is easier and cheaper to steal rather than develop the legal way."
this sentiment is emanating from a nation that has no credibility on 'the legal way' to develop anything in the 21st century. A nation comprised of just a few megacorporations that hover over an infinite sea of frivolous patents, casting them forth like pokemon at the slightest sight of national or international competition that cannot be bought, licensed, bribed, or outlawed by their pre-pay capitalist representatives in government.
information assets amount to the brainfarts of talented engineers and scientists who are in many cases ostracized entirely from the most meaningful components of their work such as the revenue stream and general application.
yeah, its an ideological battle that americans immediately jump around and compare to the cold war, but its the ideology of
ideas come from people, and they must be nurtured and encouraged for the good of all humankind
versus
ideas come from people, and they must be incarcerated, exploited, litigated and profiteered until a group of old white men get another yacht.
Good people go to bed earlier.
I just wish giving up your citizenship meant giving up the right to sell anything to the American citizens that are left.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
Not to be picky, but there are a number of places other than Europe right now that aren't really suffering during this global depression.
I am John Hurt.
I mean come on guys, how hard is it to proof-read a submission before you post it to the front page?
Is it really that hard to read it and see that the grammar needs fixing? Is it that hard to insert the missing word "that" in the second sentence?
This reflects poorly on the quality of the people who work for Slashdot. This is 2011, basic spelling and grammar checks are just a few mouse clicks away.
Probably better than mining for fish.
Yeah! Damn those evil corporations that invest billions into developing technology, and hoping to recoup that cost.
Me, representing China, one of the most totalitarian regimes around with its Great Firewall, should totally go steal that information because it's, like, totally for the goodness of the people, dude.
Grow up and get a clue. China could have licensed or bought the non-defense technology that they are stealing. They are not going to help the "little guy" in any country--not even their own--with this technology. Instead, they are going to make cheap knock-offs of the tech that they probably do not fully understand that will inevitably result in a lot of failures and death, [non-exclusive] or war with Taiwan.
And the Han social construct has spent the last few thousand years killing off all other social constructs in china. China is a racist mono cultural xenophobic nation that would nazi germany a run for its money.
I don't know how the mix-up of patents with copyright in the first sentence didn't trigger mods' troll alarms. Add to that the fact that Chinese patents applications have grown massively in recent years to nearly equal US patent filing rates, making parent's premise entirely wrong.
No, countries on the way up don't view patents as hindrance -- they view patents by established competitors as a hindrance, while patents by them are advantageous and pursued emphatically.
Only responding because 1) conflating Hollywood (copyright) with patents, and 2) disgusting +5 insightful for a post that's pretty much wishful thinking.
your thin skin doesn't make me a troll
Those who create new things have no fear of copying, because they have confidence in their ability to do better than people who can do nothing but copy.
Those who continue to profit from innnovation long-since departed fear copying, because they know that's all they've got.
Perhaps you missed the reference, but Hollywood became the mecca of film precisely because they were ignoring the draconian restrictions imposed on them by Edison's patent enforcement group. In fact, the very reason film-makers congregated in Hollywood was because it was out of the reach of those patents.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
I'm sure US businesses would be just as happy to substitute melamine to make an extra buck too. They've been substituting trans fats in our foods for ages, after all, even though those are proven to cause all kinds of health problems, but hydrolyzed vegetable oil is much cheaper than butter so corporations can improve their profits by using it.
The only way you're not going to have companies feeding you poison to make a buck is if there's a strong government that prohibits the practice and hold offenders accountable when caught. Pretty soon, when the Republicans take over the government, they'll eliminate the FDA (they're talking a lot about it already), so we'll get to enjoy melamine in our food too before long. (Of course, if the Democrats could help in the process and spin it somehow to blame the Republicans, the Dems will happily go right along with them.)
Are you seriously comparing USSR to what China was 30 years ago? I'm asking because it's like comparing South and North Korea.
USSR couldn't develop... bombers on its own?
Dear God, how did they fight in WWII, may I ask?
Why did they say no to the glorious "Shermans" and used their own T-34 instead (34 stands for year, mind you).
How come they were the first to send Sputnik then Gagarin into space, despite US having German rocket genie, von Braun?
Where did they get "Mig"s that caused so much trouble in Vietnam war?
Where did they get missile technology to down U2?
Maybe they couldn't develop computers? Oh, what was BESM-6 (1965) based on?
Most of what western world "knows" about "commies" are myths.
USSR collapsed after 30 years of stalemate under Brezhnev's rule, followed by sharp reduction of oil prices. Under his rule, by the end of 70th USSR was in regression even according to the official statistics (with double digit growth under previous rulers). But it was still capable of creating pretty much anything on its own.
Germany is indeed a thriving example of greatness right now; their economy is strong and they export all kinds of high-value, high quality stuff. If it weren't for Greece and Portugal, the place would make us look pathetic (which isn't hard, honestly). The way it's looking now, they might just kick Greece out of the EU (or Greece might leave on its own), which will probably be a lot better for Germany.
Don't forget the paranoid.
"we are all atheists about most of the gods that societies have ever believed in. Some of us just go one god further."
"Race" is just a convenient term to try to place people into one of these various groups, although obviously it doesn't work for everyone (like someone who has parents from very different places), but then again the scientific concept of "species" isn't really black-and-white either and there's a lot of controversy about that too.
In other words, race is more or less a social construct, as opposed to one with a great deal of accuracy or usefulness in science. The genetic variation within African blacks is greater than the genetic variation of all other people combined, which means that people of the "black race" are actually in many cases far less closely related to one another than, say, European whites and south Asians. To say that differently, people of different races are often more similar genetically than people of the same race. Which makes race a very rough descriptor, an imprecise and a proxy of limited usefulness for the actual differences among people. It isn't a completely silly term, as it is useful to be able to distinguish among groups of people with different visual characteristics and different regional ancestry, but it is foolish to think it is more than a vague term, scientifically speaking.
Dividing people by color is therefore kind of like dividing foods by color. There are some generalities that one can find, like green ones are made of plant matter, and a chef concerned with artistic presentation of the food on the plate may well find color a useful concept, but nutritionally, biologically, or compositionally, is a green bell pepper more like an asparagus or a watermelon than it is like a yellow bell pepper? Is it reasonable to put turnips and fish in the same food group and call that a meaningful category? Obviously not.
The way it's looking now, they might just kick Greece out of the EU (or Greece might leave on its own), which will probably be a lot better for Germany.
They won't leave the European Union. At most they would leave the European Currency Union.
According to this article that might not even be that bad for them:
http://www.faz.net/aktuell/feuilleton/oligarchie-der-finanz-der-krieg-der-banken-gegen-das-volk-11549829.html (in german)
Though the strange thing with "financial experts" seems to be that you will allways find another "expert" who tells you the exact opposite of what the previous guy said.
I have the feeling those finance gurus are more close to fortune-tellers than to scientists.
"we are all atheists about most of the gods that societies have ever believed in. Some of us just go one god further."
The US started the industrial revolution by blatantly ripping off European patents in the late 1800s. It wasn't until they discovered some value when they retroactively started enforcing them worse than everyone else.
Learn to love Alaska
Though the strange thing with "financial experts" seems to be that you will allways find another "expert" who tells you the exact opposite of what the previous guy said.
I have the feeling those finance gurus are more close to fortune-tellers than to scientists.
I'm sure you're correct about that feeling. "Economics" simply isn't a real science, it's pseudoscience as it doesn't produce any theories that can actually be tested. Unfortunately, our societies depend greatly on economics, so even though it's really not much different than shamans trying to cure diseases with chants and incantations and potions, it's the best we've got.
I would consider it a fairly surprising accusation to say that most world governments are engaging in corporate espionage. They are certainly engaging in espionage, but CIA spying on Toyota to give trade secrets to Ford? I'd call that unlikely. China is a different matter. Chinese business is war, and all's fair in war. No ethics, no morals, everything to win and cut-throat. It's that way in most countries, but in China, winning is a religion, and state-backed corporate espionage and monopolies are the way the game is played.
Here's a story I read just today on Taipei Times. Yes, they're Taiwanese and going to have a bias against China, but the point here is that these kinds of stories are so common in China that I read one just today.
Do you inhabit the minds of all those who create new things thus that you can declare, for all of them, that they have no fear of copying? I have heard plenty of creative people express concern about whether they will be able to get the rewards for their work or whether someone else will. Where unfettered, free copying is allowed, it is not the most creative people who will succeed, it is the people with the biggest marketing budgets. A few rare individuals will come up with brand new things and hit the jackpot before better-funded competitors can duplicate their work, but most creators will be outdone in profits by someone who has a fully funded team, an existing factory, and a standing army of salesmen ready to hit the market worldwide before the original inventor can get known by anyone or build a relationship with more than a handful of retailers.
Also, you seem to have a strange notion that the world is divided into "people who can create" and "people who can only copy," where people who can create have some infinite store of inventions or writings and an unending, Godlike power of creation, that at a moment's notice they can spit out a new, improved version of whatever someone else just copied, thereby holding some kind of perpetual lead based on a pure and complete mental superiority over all competitors. It is more accurate to say that many people have occasional points where they come up with a really good idea, and that working out the way these ideas can be put into practice is a difficult process. To imagine that someone who once innovates successfully is guaranteed to be able to generate an infinite stream of successfully implemented new ideas, each abandoned to competitors as quickly as those competitors can implement the same, is to dream of people having a different sort of nature than they really do. (Ayn Rand happened to have much the same misunderstanding, but it is nevertheless a misunderstanding.)
Countries and companies who have no intellectual property protections are "on the way up" in the same sense that, in a complete free-for-all, dog-eat-dog system, the dogs on the eating end are benefiting. Nobody can claim that it is not at the expense of other dogs or that those on the rise are doing anything whatsoever to introduce new calories into the food chain.
China is the Han race.
The Han shot first!
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
Recently they blocked ports from shipping in goods on the US West Coast. Most of those imports probably originated in China. So their actions were a blow against China, a repressive Communist regime.
This is weird. The Republicans are supporting a Communist regime in China while left wingers are taking part in protests protecting the US from Chinese imports. We're through the looking glass people....
putting the 'B' in LGBTQ+
Salma Hayek is hot, but what does she have to do with economics, aside from marrying a billionaire?
Am usually right there with y'all in demanding a complete redo on IP law, but not here.
Take anything we do well in America. Trace it down to materials science or some other obscure technological detail.
Now, *GIVE* that info to another country. Whoosh, there go a billion dollars of competitive advantage, or whatever the equivalent engineering/prototyping cost is.
In the cases of media, biology and pharm, it's a cost that some corp won't recoup. Bad juju. But in the case of weapons, armor and nuclear reactor designs, it's a cost that keeps china from marching on another nation. It doesn't take a huge amount of paranoia to suspect that Taiwan, South Korea, the Philippines, Indonesia, India and Japan remain sovereign partly because China isn't capable of our level of weaponry, submarine reactor longevity, space-based intelligence, etc.
There's no easy answer, and I'm not buying the cyberwarfare jingoism rants, but taking cybersecurity more seriously is important.
Yep pretty sure us Yankees invented the concept, along w the personal computer and the internet, shame some of us are getting schooled on it, a glimpse into American decay? Or the start of a security renaissance?
"Security renaissance?" How about a death-blow to the concept of information property. So you can tie down you product with patents, spend billions on litigation, legally destroy all competition, and donate money to your priest who wants to teach that intelligent design is science... and in the end, some enormous state with billions of people (a good number of them better-educated in science than the average Joe in your country) who don't play by your rules just steals your intellectual property and uses it for themselves anyway.
So what was the point of all those patents, litigation, anti-competitive maneuvering, and anti-science-education lobbying? All it did in the end was stifle innovation in your own country and let the renegade Chinese and Russians win the day in science and technology.
But the king of the United States (the top 1%) will never learn that lesson in time to save us. The only remaining question is: is the US just dying, or it's already completely dead?
Time to start honey-potting a great deal more. Worked for the Japanese in the late 90's for capacitor electrolyte formulas.
Only caveat might be to actually make the honey pots look harder to get to than the real stuff (double honey pots? one easy, one hard - thank you virtualization).
p