Slashdot Mirror
The Undeclared "Cyber Cold War" With China
First time accepted submitter lacaprup writes "Chinese-based hacking of 760 different corporations reflects a growing, undeclared cyber war. From giants like Intel and Google to unknowns like iBahn, the Chinese hackers are accused of stealing everything isn't nailed down. Simply put, it is easier and cheaper to steal rather than develop the legal way. China has consistently denied it has any responsibility for hacking that originated from servers on its soil, but — based on what is known of attacks from China, Russia and other countries — a declassified estimate of the value of the blueprints, chemical formulas and other material stolen from U.S. corporate computers in the last year reached almost $500 billion"
Yep pretty sure us Yankees invented the concept, along w the personal computer and the internet, shame some of us are getting schooled on it, a glimpse into American decay? Or the start of a security renaissance?
It's a hot trade war, with one side believing the rules don't apply to them, and the other side letting them get away with it.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
I'm sure the Chinese government has their crack team of hackers, just like we do. Having said that...
I run a honeypot at work. 70% of the attacks do come from Chinese machines, but I suspect that's because the Chinese buy those $2 pre-hacked warez'd Windows CD's at the market and don't install security updates.
Of the actual living, breathing hackers that log into my honeypot, 1/3 of them come from Romanian IP's, and another 1/3 come from other eastern European countries, but the text files/strings in their utilities are Romanian. Wired has a good article which partly corroborates this.
http://www.wired.com/magazine/2011/01/ff_hackerville_romania/all/1
I see two modes of attack. 98% are single machines launching 100's of attacks. 70% of those are in China. The other 2% are distributed attacks. These are more likely to be major power intelligence agencies, and don't have anywhere near the geographic concentration as the single-machine attacks (Chinese IP's are 15% of distributed attacks, same as Brazil).
Every black hat is probably running their operations through proxies in China these days so that the Western companies they break into will just say "damn dirty Chinese!" and never suspect someone in Europe or maybe just a few blocks away. China is a jurisdictional black hole.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Undeclared my ass. It's in the media, it's widely known, and pretty much the only rule is not to do something to the other side's infrastructure that kills people directly or gets too much of the population upset. That's like calling the intelligence war undeclared because the sides don't admit that they try to get plans of the other side's military hardware--only more so. We don't declare war, and this isn't a physical war, and there are certain proportionality requirements--and we argue for a pretension of deniability, but not plausible deniability.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
This is probably going to sound racist, when I don't really intend it to. It's more "culturist" than anything else.
I work for a post-secondary institution with a large international student program. Most of our international students come from China, and when we break down the stats, the Chinese students are the most likely students to plagiarize others work, both in our online learning management system and in our face to face classroom environments.
What's more, they make no effort to hide their "enhanced group work" skills from their instructors. We've asked several of the students about this behaviour and have been told "that's how things work in China. It's commonplace there."
So it doesn't surprise me that Chinese hackers are trying to steal information from western companies.
Stole informational assets worth $500 billion over the past year? Um, does anyone bother to do basic reality checks?
$500 billion is about 1/3 of the US's GDP for all of 2010.
So ... no, just ... just no.
Information theory is life. The rest is just the KL divergence.
You're an order of magnitude off. US GDP is $15 trillion so that's only 3.3%. Learn2maths.
It's RIAA/MPAA math.
retrorocket.o not found, launch anyway?
Also, patent violations were an American concept back in the day (see Hollywood). Countries (and companies) on the way up view patents as a hindrance, shackling their energy and creativity. Countries on the way down view them as a benefit, holding on to their accumulated wealth and power even once they're no longer earning it.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
We wanted the "information economy", we got it. We ignored material progress and persisted in keeping an antiquated notion of "work" going for what? The work week was about 100 hours in the 19th century and was closer to 50 by the beginning of the 20th century. Despite all the "progress" I keep hearing about and how "productive" we all are sitting at our computers, the work week hasn't reduced, and it still takes 25 years to pay for a house built out of standard parts in six weeks.
We insist on performing theater for each other while farmers feed us, instead of really analyzing what gets done by who and FOR who.
Digital security only reached great public consciousness in the past decade and a half, after much infrastructure was already built up in the US. China is modernizing in a much more security conscious time, so they have a bit of an advantage there. The US is also further along in digitizing things (whether they should be or not), which puts them at a disadvantage.
Also, and this is probably the biggest one imho, the government has privatized everything. All other considerations aside, if you have digital and classified documents in a lot of third parties' hands, you're going to open yourself up to a lot of attack vectors. All in all, it's a nightmare thinking about keeping a network that includes every military contractor secure.
And it's perpetrated by every nation on the planet.
It's no secret that the Industrial Revolution got a kickstart in the US via "stolen IP." The legend is that Samuel Slater memorized drawings across the pond in Blighty and came here with them in his head.
Another example would be dumpster diving at your competitor's company. Cutting up start strips from stamping operations is not because you want them to fit in the recycling dumpster better. The same for shredding code printouts and printed spreadsheets.
To suddenly be surprised that this is being done electronically on a systematic scale is to be utterly ignorant of history. And frankly, singling out China smells of hypocrisy, especially after two decades of US manufacturing companies willingly transferring their core manufacturing to China completely oblivious to the long term effects.
Why reinvent the wheel from scratch when you can simply snag the wheel.dwg from your competitor's computer?
--
BMO
It's not that hard to find a balance between security and usability. At least try. When I read about:
* un-encrypted data on portable devices getting lost[1]
* tapes being swiped in people's cars[2]
* servers with egregiously unsecured login portals[3]
I'm not sure why people aren't just allowing google to index their entire infrastructure. Really. It would be cheap backup and really easy to find your stuff. Sure, 0-days happen, mistakes are made, admins are not infallible but I can't blame the Chinese (or whoever) for picking the low-hanging fruit when it's been places so close to the ground.
[1] - http://www.phiprivacy.net/?p=6572
[2] - http://www.mysanantonio.com/news/military/article/Tricare-patient-data-lost-in-car-burglary-2195822.php
[3] - www.dataprotectioncenter.com/antivirus/sophos/second-dutch-security-firm-hacked-unsecured-phpmyadmin-implicated/
Join the Slashcott! Feb 10 thru Feb 17!
"it is easier and cheaper to steal rather than develop the legal way."
this sentiment is emanating from a nation that has no credibility on 'the legal way' to develop anything in the 21st century. A nation comprised of just a few megacorporations that hover over an infinite sea of frivolous patents, casting them forth like pokemon at the slightest sight of national or international competition that cannot be bought, licensed, bribed, or outlawed by their pre-pay capitalist representatives in government.
information assets amount to the brainfarts of talented engineers and scientists who are in many cases ostracized entirely from the most meaningful components of their work such as the revenue stream and general application.
yeah, its an ideological battle that americans immediately jump around and compare to the cold war, but its the ideology of
ideas come from people, and they must be nurtured and encouraged for the good of all humankind
versus
ideas come from people, and they must be incarcerated, exploited, litigated and profiteered until a group of old white men get another yacht.
Good people go to bed earlier.
I mean come on guys, how hard is it to proof-read a submission before you post it to the front page?
Is it really that hard to read it and see that the grammar needs fixing? Is it that hard to insert the missing word "that" in the second sentence?
This reflects poorly on the quality of the people who work for Slashdot. This is 2011, basic spelling and grammar checks are just a few mouse clicks away.
And the Han social construct has spent the last few thousand years killing off all other social constructs in china. China is a racist mono cultural xenophobic nation that would nazi germany a run for its money.
I'm sure US businesses would be just as happy to substitute melamine to make an extra buck too. They've been substituting trans fats in our foods for ages, after all, even though those are proven to cause all kinds of health problems, but hydrolyzed vegetable oil is much cheaper than butter so corporations can improve their profits by using it.
The only way you're not going to have companies feeding you poison to make a buck is if there's a strong government that prohibits the practice and hold offenders accountable when caught. Pretty soon, when the Republicans take over the government, they'll eliminate the FDA (they're talking a lot about it already), so we'll get to enjoy melamine in our food too before long. (Of course, if the Democrats could help in the process and spin it somehow to blame the Republicans, the Dems will happily go right along with them.)
That's because of the myth that Communism wasn't able to function at all. It did function but it didn't lead to a lot of happy people, nor a lot of variety or quality in products (I recall seeing an ad for "The Fridge" on Soviet TV, so advertised because it was the only fridge they made and it was in surplus at the time), The USSR managed to rebuild the Soviet Union from its decimated state after WWII back to being an industrial powerhouse, world power, etc. It did so at a massive human cost of course (measured in millions of people), and I am not saying it was a good thing but dismissing them and their version of the communist system casually out of hand is a mistake.
The US basically outspent the USSR and active sought to destroy its economy, leading to the failure of Communism in the end. Some of the economic problems you face today in the US likely stem from that massive overspending in fact as it no doubt contributed heavily to your national debt.
I think its a mistake to dismiss China in the same way. They are huge, they have a growing economy, they have massive manufacturing capabilities, and they are capable of independent research and discovery. The fact that they are playing catchup to the US at the moment, doesn't mean they might not surpass you at some point. Imagine how the US citizenry's morale is going to crash when the leading innovations in science and technology start coming from China instead of the US. What if the first mission to Mars comes from China instead of the US?
Complacency and Hubris come at a cost.
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
Though the strange thing with "financial experts" seems to be that you will allways find another "expert" who tells you the exact opposite of what the previous guy said.
I have the feeling those finance gurus are more close to fortune-tellers than to scientists.
I'm sure you're correct about that feeling. "Economics" simply isn't a real science, it's pseudoscience as it doesn't produce any theories that can actually be tested. Unfortunately, our societies depend greatly on economics, so even though it's really not much different than shamans trying to cure diseases with chants and incantations and potions, it's the best we've got.
China is the Han race.
The Han shot first!
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
Am usually right there with y'all in demanding a complete redo on IP law, but not here.
Take anything we do well in America. Trace it down to materials science or some other obscure technological detail.
Now, *GIVE* that info to another country. Whoosh, there go a billion dollars of competitive advantage, or whatever the equivalent engineering/prototyping cost is.
In the cases of media, biology and pharm, it's a cost that some corp won't recoup. Bad juju. But in the case of weapons, armor and nuclear reactor designs, it's a cost that keeps china from marching on another nation. It doesn't take a huge amount of paranoia to suspect that Taiwan, South Korea, the Philippines, Indonesia, India and Japan remain sovereign partly because China isn't capable of our level of weaponry, submarine reactor longevity, space-based intelligence, etc.
There's no easy answer, and I'm not buying the cyberwarfare jingoism rants, but taking cybersecurity more seriously is important.