Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms

An anonymous reader writes "A former Pentagon analyst reports the Chinese government has 'pervasive access' to about 80 percent of the world's communications, and it is looking currently to nail down the remaining 20 percent. Chinese companies Huawei and ZTE Corporation are reportedly to blame for the industrial espionage. 'Not only do Huawei and ZTE power telecom infrastructure all around the world, but they're still growing. The two firms are the main beneficiaries for telecommunication projects taking place in Malaysia with DiGi, Globe in the Philippines, Megafon in Russia, Etisalat in the United Arab Emirates, America Movil in a number of countries, Tele Norte in Brazil, and Reliance in India.'"

Wait, what?

[girlintraining]

This "former pentagon analyst"... Did he have access to intelligence reports of this nature? If so, and he's disclosing this now, I'm assuming the relevant documentation would be available via a Freedom of Information Act request? Since disclosing classified intelligence would be an act of treason, you know.

Just out of curiousity, this "former pentagon analyst" wouldn't happen to be employed with a defense firm now that would stand to profit from any products the company offers to combat this threat, would it? As many a scientist has uttered before, "Extraordinary claims require extraordinary proof." That doesn't change because we're discussing a matter of national security: You still have to put up, or shut up.

Re:Wait, what?

I'm sure there is someone profiting off this. I'm also sure it's true. The problem is we don't require the source code to be free and readily available. THIS STUFF SHOULD BE PUBLIC INFORMATION!

It might not stop hackers although it would give us the opportunity to lock down infrastructure. The code should be reviewed by security experts.

Re:Wait, what?

[stanlyb]

You are both right. He wants the piece of cake. The China already has it.

Re:Wait, what?

[k(wi)r(kipedia)]

Right. The not so Fine Article is low on details. It makes a grand connection between two rather uncontroversial facts: (1) Chinese net equipment can be found in an overwhelming majority of countries around the world and (2) the Chinese engage in cyberwarfare (as does the US and a few other advanced countries). Conclusion:

The Chinese government and the People's Liberation Army are so much into cyberwarfare now that they have looked at not just Huawei but also ZTE Corporation as providing through the equipment that they install in about 145 countries around in the world, and in 45 of the top 50 telecom centers around the world, the potential for backdooring into data.

Emphasis added on the word potential. Now where's the proof (preferably from a chip teardown by a reputable hardware hacker or hacking group)?

Re:Wait, what?

[gtall]

Apparently, he writes stuff for www.wnd.com...kind of hard to tell what they are but they seem to be a net media company. Anyhow, the fellow saying these things, Michael Maloof, seems to be saying a lot of things on WND. It is hard to believe that he'd be revealing secret information because he'd be arrested for that sort of thing. So maybe he's just running off at that mouth? It wouldn't surprise me that Huawei (I think's that's pronounced Way-Way) has back doors in their equipment given their relationships with the PLA.

So at least on the surface your knee-jerk reaction appears to be unsubstantiated, he's not overtly working for a defense contractor.

Re:Wait, what?

[girlintraining]

Emphasis added on the word potential. Now where's the proof (preferably from a chip teardown by a reputable hardware hacker or hacking group)?

There won't be any. Anyone with the capability of analyzing and reverse-engineering thousands of ICs would need deep pockets -- Either a large corporation or a government. A hacking group won't have the resources, even a well-funded one. You're talking about several hundred highly trained engineers from a dozen different disciplines working for years on the project, with no return on investment. There's no reason for a large corporation to conduct such business domestically -- they already have comparable products, and the Chinese equipment doesn't have any capabilities that aren't commonly available elsewhere. That leaves governments with a GDP in excess of a hundred billion USD per year. Short list. Said governments wouldn't disclose the results of such a search either, as it's a legitimate intelligence asset that would need to remain classified -- you don't want your enemy to know what you know, especially not before you come up with a way to defend against the attack or co-opt the infrastructure for your own purposes.

Second, forensically analyzing tens of thousands of chips and microprocessors would be pointless anyway: There still has to be some method of communicating the information back, and they can't compromise the entire communications chain, which is what would be required. Telecommunications equipment is designed to be evesdropping-friendly; Complete with port mirroring, trace and audit logs, selective forwarding based on rules... it's all standard. We're not even talking about the law enforcement black boxes, this is just stuff used for legitimate business purposes. The moment any such 'bug' went active, it would set off alarms -- by necessity, the communications would have to occur over the provider's own network. Unless their network admins are idiots they should notice the abberant traffic.

China would have to be very stupid to leverage such an intelligence asset for peanuts; It's basically a one-shot, and it would cost them billions in telecommunications contracts domestically. So if they do have such a capability, they're not going to use it until the value of the intelligence they would gain from it equals or exceeds that amount.

So there's two arguments right there based just on the economics of the situation. I strongly suspect that this unnamed pentagon analyst is being paid to spread disinformation. Such disinformation would serve the purpose of keeping the american public sucking the tit of the Department of Homeland Security's fear juice, and exaggerating our actual intelligence capabilities -- rather than waste hundreds of millions on a reverse engineering project that could never be made public, we'll just insinuate that "We know. We're on to you," and rattle our sabre a little. Maybe it deters them, maybe it forces them to expend resources to find out whether we're telling the truth or not, but it costs us nothing to make such a statement.

Re:Wait, what?

Hello Miss South Carolina Teen USA!

Re:Wait, what?

[number11]

This "former pentagon analyst" is a writer for WND, a rightwing web news site with all the credibility of the National Enquirer.

Not to say that China wouldn't build backdoors into telco gear, of course they would. The US requires telcos to provide access for it to spy on calls, it wouldn't particularly surprise me if the Chinese just built it in without talking publicly about it. After WWII, many countries purchased Swiss encryption gear, and many years later it was divulged that the US had inserted a backdoor into that gear. Why would China, or telco gear, be any different?

The fact is, around the world everyone should assume that anything done over a telephone is shared with unknown parties. Unless they've got trustworthy gear to encrypt calls end-to-end.

Re:Wait, what?

[k(wi)r(kipedia)]

So if they do have such a capability, they're not going to use it until the value of the intelligence they would gain from it equals or exceeds that amount.

Too many backdoors and the house is wide open to the public. So basically we shouldn't be terrified of backdoors being installed in off-the-shelf products but of backdoors being installed in some custom-built equipment that manages to sneak into the office. Security-wise, this makes it more important to do a background check on people installing and administering critical hardware than doing random hardware audits. Hardware would still need to be checked, of course, for bugs and defects that would affect performance.

Re:Wait, what?

[LordLimecat]

Article read like FUD.

As a consequence, sources say that any information traversing "any" Huawei equipped network isn't safe unless it has military encryption.

Wow, military grade encryption? Would that be, like, AES, one of the most widely deployed, tested, and recognized encryption schemes out there? Wow man, that stuff is hard to come by.

I also like the implication that unless you have a VPN, it will still magically find its way out to Huawei regardless of what other network controls you have in place. Having backdoors is one thing, getting thru a firewall is something completely different.

Sources add that most corporate telecommunications networks use "pretty light encryption" on their virtual private networks, or VPNs.

Proprietary information could be not only spied upon but also could be altered and in some cases could be sabotaged.

Someone want to explain to me the difference between "altered in transit" and "sabotaged"?

Im sorry, when so many of the assertions in the article read like uninformed drivel, its kind of hard to take the headline seriously. I have a strong feeling that the person who wrote this doesnt understand any of the terms hes going on about.

Re:Wait, what?

[Luckyo]

He's just ignoring the convenient fact that US has access to 100% by the same measuring stick.

Re:Wait, what?

There are a few companies that are specialized in reverse engineering chips and does not require hundreds of engineers. e.g. Chipworks

Re:Wait, what?

If I were China, I would put spying devices into hardware we build for well known American Telecom companies. Everything is made in China these days, with all the CAD files, firmware binaries, hardware schematics etc. all handed over to the factories in China.

Why ruin your own brands when the American brands can get into more places.

Re:Wait, what?

National Enquirer, the "non-credible" news source that first ran the story on John Edward's affair and child out of his marriage while on the campaign trail. The same news source that broke the story on Jessie Jackson's illegitimate child that he was funnelling hundreds of thousands from his organization to keep the mother quiet.

While 10 years ago I would have agreed with that comment of yours, they are now more accurate and truthful than NBC has been over the last few years. NBC had both of those stories I listed, but decided to bury them leaving the Enquirer the only news outlet that would run them, and both turned out completely accurate.

Re:Wait, what?

[mysidia]

If the source code were free and publicly available.... still... how do you verify the code on the device was compiled from the source you were given, and there's not a hardware component that changes the code after it's in memory?

Re:Wait, what?

[jcr]

Since disclosing classified intelligence would be an act of treason, you know.

Espionage, not treason. Under American law, there's a very specific definition of treason.

-jcr

Re:Wait, what?

...sucking the tit of the Department of Homeland Security's fear juice

Now there's an image I could have happily made it through the day without.

Re:Wait, what?

Not to mention some of the best OJ Simpson coverage out of all the media....

Re:Wait, what?

Now all we need is a "former sports analyst" to say that China has access to 80% of the world's athletes as they have implanted nano-technology in the clothing. :)

Re:Wait, what?

[erp_consultant]

Exactly. More DHS scaremongering in yet another lame attempt to justify their existence. Started nine years ago it is now one of the largest departments in the entire federal government with 260,000 employees. Under the guise of combating "terrorism" - a very broad term that can mean whatever they want it to - and bolstered by the Patriot Act, this agency violates the rights of American citizens on a daily basis. And just like every other federal agency, it's never going away. It will only get larger.

Re:Wait, what?

He's working for WND which is a known wingnut publication. A healthy grain of salt is warranted.

Re:Wait, what?

[dbIII]

What is it again - playing chess against Russians :)
I know selling weapons via Iran to a terrorist group that has just killed 220 US marines doesn't count, North was still calling himself a patriot after that.

Re:Wait, what?

True enough.

Admittedly, the image that came to mind was getting fear juice direct from Janet Napolitano.... and then wondering what might be on the nutritional label.

Re:Wait, what?

[sg_oneill]

I wouldnt actually be surprised if there was some substance. A while back, when Australia was doing its tendering for constructing the national broadband network (fibre to the home + backbone upgrade), it excluded these companies on the grounds of "security concerns" but declined to state why. It was puzzling as australia is as close to china as we are to the united states, and perhaps more so economically.

Perhaps the US Pentagon had a word to Australian intelligence about the concerns, and this guy has heard those concerns too.

Re:Wait, what?

There is a slight conflict of interest here.
This is like Microsoft slagging linux.
This guy is as believable as Microsoft unless he can show "citations".

Re:Wait, what?

Said governments wouldn't disclose the results of such a search either, as it's a legitimate intelligence asset that would need to remain classified -- you don't want your enemy to know what you know, especially not before you come up with a way to defend against the attack or co-opt the infrastructure for your own purposes.

Well, since a government is ultimately responsible for and dependent from a functioning basic infrastructure the disclosure would be quite fast anyway if the risk of abuse is sufficiently high. Such a research produces the countermeasures as a side product, usually.

Re:Wait, what?

[Fjandr]

There wouldn't necessarily be alarms. After all, the use of Cisco's IOS backdoors, last I saw, had the problem of being so quiet that surreptitious use by black hats could not be detected easily. If the people who actually constructed the backdoors were using them appropriately and designed them for completel transparency, I wouldn't make a bet against them being able to use them unnoticed. It's been done before, as recently as 2010 (the last time I read an updated report of IOS LEA intercept problems).

Re:Wait, what?

[cold+fjord]

Strange Loops: Ken Thompson and the Self-referencing C Compiler
Reflections on Trusting Trust - Ken Thompson

Re:Wait, what?

A team over at Cambridge definitely found a backdoor in an Actel chipset, but they didn't claim it was put there by the Chinese government:

http://it.slashdot.org/story/12/05/28/1454222/backdoor-found-in-china-made-us-military-chip
http://www.cl.cam.ac.uk/~sps32/sec_news.html#Assurance

Re:Wait, what?

[erp_consultant]

Good grief...that's a frightening thought.

Re:Wait, what?

[Galactic+Dominator]

NBC had both of those stories I listed, but decided to bury them leaving the Enquirer the only news outlet that would run them, and both turned out completely accurate.

I assume you mean NBC had the ability to break the story, not cover it because they certainly did. So they didn't break the story...do you have evidence for this? Do you have evidence NBC wasn't simply practicing journalistic integrity and was seeking a second source? In general, how much credulity do you posses on conspiracy theories? In your opinion, is a quality news organization one that breaks news first regardless of source?

Have you looked www.nationalenquirer.com recently? Can you give more a detailed reasoning on why anyone should take your statements seriously?

Re:Wait, what?

[Solandri]

Even if you verify the source code is clean and compile it yourself, you're still vulnerable. The compiler could have a trojan hidden in it which inserts a backdoor when it detects certain functions are being compiled. And if you compile your compiler yourself? Well what's to say the compiler you use to do that doesn't have a trojan which inserts the trojan I just mentioned into your new compiler? And so on.

Basically, if you want to be 100% sure your code is clean, you have to write it (including any compilers you use) from scratch. Perhaps the most pertinent quote from that paper: "As the level of program gets lower, these [deliberately inserted] bugs will be harder and harder to detect. A well installed [hardware] microcode bug will be almost impossible to detect."

Re:Wait, what?

[Solandri]

Sorry for the broken link. Here is the correct link. It should be required reading for anyone involved in computer security.

Re:Wait, what?

Does the "former pentagon analyst" now work for Cisco?

Re:Wait, what?

[jcr]

Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort.

It's pretty hard to make a case for treason without a declared war in progress. Julius and Ethel Rosenberg, for example, were convicted of espionage, not treason, because the USA wasn't technically at war with the Soviet Union.

-jcr

Re:Wait, what?

[Alex+Belits]

Right, and "everyone involved in computer security" knows that this is completely unrealistic because modern compilers do not share common origin.

Re:Wait, what?

[repvik]

Bogus backdoor: http://erratasec.blogspot.no/2012/05/bogus-story-no-chinese-backdoor-in.html

Re:Wait, what?

Huawei (I think's that's pronounced Way-Way)

It's more like "hwah way".

Re:Wait, what?

[kasperd]

Anyone with the capability of analyzing and reverse-engineering thousands of ICs would need deep pockets

No need to look at thousands of ICs. Looking at a few of the most interesting targets is still going to be valuable.

A hacking group won't have the resources, even a well-funded one. You're talking about several hundred highly trained engineers from a dozen different disciplines working for years on the project

I know one person who using just off the shelf equipment was able to read the ROM from a microcontroller in his sparetime. All it took was a cheap microscope and a webcam.

There still has to be some method of communicating the information back, and they can't compromise the entire communications chain, which is what would be required.

Covert channels can be very hard to detect. You don't need to compromise the entire chain. You just need to piggyback on a legitimate communication for hops between compromised equipment. For example VPN hardware could piggyback on legitimate connections by using some encrypted data instead of random values for sending packets over the Internet. A compromised router anywhere on the path the VPN connection takes could pick out the data. Now the data is on a router on the public Internet. There are plenty of ways to get the data from there. First of all the attacker could very well have a legitimate connection going through that router, now it just needs a covert channel to send data from that router.

Sending data from the router without risk of being noticed is slightly more tricky. The question is, would you take the risk of modifying packets in the hope that nobody is actually comparing the packets going into the router and out of the router? If you modified the IPID field of every packet going through the router, that would produce a feasible covert channel. It would not be immediately detected, but would be visible if you carefully inspected the traffic. Notice that it would not be sufficient to look at the traffic through the router in a lab before deployment, because the router wouldn't be sending any covert data until instructed to do so.

A more stealth method would be to just use the IPID field of packets generated by the router. There is no incoming packet to compare against. But extracting data that way without being visible takes time. You can run a traceroute that happen to pass through the router, then it will need to send three response packets (with the common settings). Each time you run a traceroute passing through that router, you could extract 6 bytes of data.

China would have to be very stupid to leverage such an intelligence asset for peanuts; It's basically a one-shot, and it would cost them billions in telecommunications contracts domestically.

Valid point, however even if it was noticed, it would be hard to prove who was behind.

Re:Wait, what?

One thing is programming a compiler to insert a trojan when it compiles itself, another completely different thing is to program a compiler to recognize it is compiling a newly programmed compiler, devise how to morph the trojan so it plugs into the unpreviously known compiler and insert it. That's far harder.

Re:Wait, what?

[sociocapitalist]

In security, you have to make assumptions based on what is possible or likely, not what is proven. You don't have to prove that your first layer of firewalls can be breached - you assume that they might be and you put another layer of security behind it.

With regard to security of information that China would like very much to have access to, such resource location information (oil, minerals, etc) and industrial designs, military and otherwise, you have to assume that they will do what they can to get at such information.

Buying equipment and/or software from manufacturers/developers that are more or less owned by the country in question, in this case China, you should assume that such equipment is compromised from the get go even if such hasn't been proven, because the possibility and the motivation both strongly exist.

Re:Wait, what?

[sociocapitalist]

treason/trzn/
Noun:
1) The crime of betraying one's country, esp. by attempting to kill the sovereign or overthrow the government.
2) The action of betraying someone or something.

Disclosing classified intelligence can certainly fall under the definition of treason.

Re:Wait, what?

Anyone with the capability of analyzing and reverse-engineering thousands of ICs would need deep pockets

If there really are backdoors to 80%, why would you need to reverse engineer thousands? If you don't find any after a few random samples of the popular ones then either the Chinese are really very sneaky at hiding it, or this is all bogeyman bullshit.

Re:Wait, what?

Damn, why do you still get modded up for some of the inane comments you make?

IC-scanning is stupidly simple and can be done by a casual hacker in his basement. Several-hundred? Do you think chip-creation is some wizardry process where they sacrifice gold on the tops of thousands of mountains to the Gods for processors or some nonsense?
YOU could make a processor in your own home with off-the-shelf crap. You could even make something that could run Windows XP. (running Vis7a, now THAT is wizardry!)
You only need to do a few select major versions to be sure. The meat and bone of networks, not the child nodes that are likely going to have nothing. (but do a couple anyway)

Hell, how do you think some handhelds were hacked? Consoles and so on.
Such things were even done in order to make some 3rd party hardware because console-makers never provided the information for certain uses.

Re:Wait, what?

(Chinese) turtles all the way down...

Re:Wait, what?

yeah, it really sounds like BS

Re:Wait, what?

[rainer_d]

Telecommunications equipment is designed to be evesdropping-friendly; Complete with port mirroring, trace and audit logs, selective forwarding based on rules... it's all standard. We're not even talking about the law enforcement black boxes, this is just stuff used for legitimate business purposes. The moment any such 'bug' went active, it would set off alarms -- by necessity, the communications would have to occur over the provider's own network. Unless their network admins are idiots they should notice the abberant traffic.

I thought, ETSI LI regulations require that the LI (lawful interception) can occur even without the Telco knowing it happens.

That said, concerning the notion brought forward in the article: it just means that there's another nation spying on the telco-infrastructure.
AFAIK, most LI-equipment is developed by companies that are more or less obvious front companies for the nations' intelligence agencies, often run by former intelligence-agency staff.
To truly believe that there's no system behind this is, is akin to believing in the tooth-fairy.

Re:Wait, what?

[gabrieltss]

The National Enquirer - entertainment for people who don't understand Hee-Haw.

Re:Wait, what?

Well, that raises an interesting question. I suspect (without doing any research, this being /.) it would be hard to find a compiler that wasn't descended directly from the original C compiler and/or used some descendant of the original tool chain, IOW where the initial mini-C code generator had been written from scratch, by hand, rather than built using one or more of the existing tools like the parser-generator - any of which might have provided backdoors. And then (OTOH), whether such a back door, having been built into one of the earliest tools could have survived the multiple generations of code generators, parser generators, etc. that followed. (I haven't had to talk compiler tech for a long time, so apologies for terminological breakdown.)

Re:Wait, what?

I would argue that the money for this sort of thing (both installing the spying tech and discovering and working around it) is always available for sufficiently large and powerful nations. It's a silent war that has been going on for centuries, preceding the existence of the US.

I recall (from the early 1980s IIRC) a situation that happened in Silicon Valley. Back then all of the phone calls to or from Sili Valley went through a microwave tower situated on Telegraph Hill in San Francisco. The USSR had a consulate in one of the mansions on the hill. I forget how it was discovered but someone figured out that the mansion was in one of the side lobes of the microwave transmission field where it could pick up at least one side of every transmission. The consulate had a basement full of equipment that looked at the phone numbers of every call going through that tower, and recorded calls to or from companies of interest. Then those calls were sent via satellite back to USSR for translation, usually the same day. So for some time (years?) every long distance call to major tech companies was being listened to by the sneaky Roossians. As I recall, upon discovery the consul and all of the staff were invited to return to USSR and the consulate was shut down or moved. No stink, just quietly cleaning up the situation.

I don't recall how or where I learned this but it was not long after it supposedly happened. And certainly similar things have happened. One that did make the news was the brand spanking new US Embassy in USSR, which was discovered to have been filled with bugs of various sorts during construction, so was essentially useless. I think we never even moved into it. And I think that from then on we always used US construction firms and labor for building embassies.

Then there's the story that broke not too long ago about the US submarines that had special equipment that allowed them to listen in on the fiber optic cables running under the Baltic Sea, so we could snoop on Soviet/russian military and tech data and voice transmissions. (I think that might have been using the fact that when one bends a fiber optic, some of the signal leaks out and can be picked up.) That was probably a few hundred million dollars.

Re:Wait, what?

[ultranova]

A well installed [hardware] microcode bug will be almost impossible to detect.

It's also almost impossible to write. A simple one will be found, since it'll end up inserting weird bugs to programs (or be so conservative that a change in compiler options will defeat it), and a complex one would need to perform high-level code function analysis and adaptive rewriting - and if you can write that in microcode, why are you wasting your time with cloak-and-dagger business? You'd do much better for yourself and your country by running a legit business.

Re:Wait, what?

[dbIII]

Sorry, I was just being an annoying prick and reacting more to other people that scream "treason" at the drop of a hat by giving them an example of something extreme which still isn't considered extreme enough. I know that even Hezbolla and Iran were not declared enemies so North wouldn't have been convicted of that either, and I cannot remember what charges he was pardoned for.

Re:Wait, what?

[Compaqt]

Well, the source is actually not ZDNet, but rather an article on WND, which is as reliable as Socialist Workers newspapers are (meaning it's quite eager to publish stuff agreeing with its worldview).

Re:Wait, what?

[girlintraining]

No need to look at thousands of ICs. Looking at a few of the most interesting targets is still going to be valuable.

Analyzing only the elephant's trunk tells us very little about the elephant.

I know one person who using just off the shelf equipment was able to read the ROM from a microcontroller in his sparetime. All it took was a cheap microscope and a webcam.

So a cheap microscope and a webcam is capable of resolution down to 18 nanometers, and can see through multiple layers of silicon etchings. How come everyone isn't doing it then? Oh right: Because a cheap ROM tacked onto a low power microcontroller is a very different beast from a modern SOC chip.

You don't need to compromise the entire chain. You just need to piggyback on a legitimate communication for hops between compromised equipment.

You just failed basic network engineering. The packets have to leave the network somewhere. If you don't control that border router, then even if everything else is compromised, the data can't leave undetected.

A compromised router anywhere on the path the VPN connection takes could pick out the data.

Most telecommunications equipment doesn't talk to the public internet or access the public internet; Those access points are carefully controlled at what are called Network Access Points, or NAPs. Most of the telecommunications network is controlled only by the company. Just because you hook something up to the internet doesn't mean it borgifies and cross-connects every node on your network. Again, engineering fail.

Sending data from the router without risk of being noticed is slightly more tricky.

By slightly, you mean impossibly more tricky if the router isn't compromised.

Bottom line here is, it's a digital communications medium. The bit is either there, or it isn't there. You can't hide that fact if you have properly setup your equipment and laid out your network with that in mind.

Re:Wait, what?

[kasperd]

If you don't control that border router, then even if everything else is compromised, the data can't leave undetected.

You should research how covert channels work, before you pretend to know about it.

By slightly, you mean impossibly more tricky if the router isn't compromised.

No, you are wrong. That is not what I mean. I already explained how it could be done, I don't understand how you can misread that as it being impossible.

The bit is either there, or it isn't there. You can't hide that fact if you have properly setup your equipment and laid out your network with that in mind.

You are making the assumption that the receiving end at some hop of the communication know what value that bit is supposed to have. If you assume, this hop know what every bit it receives should have been, then there is no point in sending the bits in the first place, because the receiver already knows, and can pass it on without receiving it first. So your assumption is clearly wrong.

Communication protocols have lots of fields that the sender can initialize however it please. Some of those fields are specifically supposed to be random. No amount of inspecting such packets can reveal if the bits are actually random.

Re:Wait, what?

[rtfa-troll]

Strange Loops: Ken Thompson and the Self-referencing C Compiler Reflections on Trusting Trust - Ken Thompson

Those are old and outdated papers from before diverse double compilation techniques were described. Source code is the fundamental requiement for both auditing and efficient discovery of exploits. This is the reason why the Chinese government insists on and gets access to Microsoft Windows source.

Re:Wait, what?

[girlintraining]

You should research how covert channels work, before you pretend to know about it.

I know how covert channels worked. I have done work for the government where they were used. Communication between two devices sharing the same physical medium can be covert. Transmitting data over links that have been secured by a third party that doesn't have your channel-enabling technology will not. It's digital. It encodes and decodes, and forwards, based on what it can read. If the device can't see it, it cannot forward it. So compromise every device in the network, but if your device at the contact point to the outside work hasn't been, your covert channel does you exactly dick.

Communication protocols have lots of fields that the sender can initialize however it please. Some of those fields are specifically supposed to be random. No amount of inspecting such packets can reveal if the bits are actually random.

Yes, and most of those fields can be zeroed or hard-coded by your border router, eliminating said 'randomness'. Everything about the packet's header can be rewritten dynamically in an IP-based network (which is what most telecom equipment is). In fact, when setting up secured communication facilities, the default configuration strips most of this data out or rewrites it so that it is consistent to prevent such sidechannel attacks. It's standard operating procedure. The only thing you can't modify in a packet without causing problems is the payload (if it's encrypted). If it's not encrypted, then you can diddle the bits all you want. Take voice codecs; the LSB is often targetted for stego attack, but it's just as easily defeated by randomizing that data. The original payload goes through... your 'covert channel' is overwritten with noise.

Look, I know you've read a few wiki pages on this, and you'd like to think you're an expert, but you're not. You haven't been paid to do this kind of testing, and had it vetted by a team of people who's job depends on making sure it was done right. I have. If you do it right, there's no way for covert communication to leave your network. Now if you're allowing 3rd party traffic through, and it's encrypted (like a VPN), then it's no longer a covert channel. If a channel can be modified in situ undetected, then you have bigger problems.

This isn't a question of whether or not it can be secured. It's a question of whether or not it's cost-effective. And yes, a lot of times, amateurs like yourself can be tapped to setup such equipment, and it'll work well enough for its intended purpose, but it can also provide exactly the channels you're describing. But if it's designed by a professional, then no. You can put a thousand compromised devices on a network I've setup. Not a one of them will go undetected once activated.

Re:Wait, what?

[sticky.pirate]

Whoa, not so fast... there may be a way around that, see http://www.acsa-admin.org/2005/abstracts/47.html

Re:Wait, what?

[k(wi)r(kipedia)]

Buying equipment and/or software from manufacturers/developers that are more or less owned by the country in question, in this case China, you should assume that such equipment is compromised from the get go even if such hasn't been proven, because the possibility and the motivation both strongly exist.

Where security budgets are unlimited, that would be the best approach. But where the budget is limited and even going down, the better approach is to focus on critical hardware (again, what is critical depends on the budget) and the people who install and administer the hardware/software. The most secure hardware still usable by a human being is easily compromised by a person given the right privileges (passwords, etc.). So why not focus on the people given access privileges, and leave that router in the lobby alone until it starts emitting a flood of suspicous data?

An exaggerated analogy. We all know that a large asteroid impacting the Earth is thousands of times more lethal than any known weapon of mass destruction. So why aren't countries alloting the whale's share of their military or homeland security budget toward the elimination of such threat? Because the probability of such fatal impact is low in human or historical terms (even if high in geological or prehistoric terms).

Re:Wait, what?

Is there any proof of this ?
is this because US afraid of China ? and do black campaign ?
is there anything US can do with the situations ? instead of spreading in media like this ?

Re:Wait, what?

[gmanterry]

Strange Loops: Ken Thompson and the Self-referencing C Compiler
Reflections on Trusting Trust - Ken Thompson

Wish I had points because I found these links really interesting. Thanks.

Re:Wait, what?

You can limit the bandwidth of side channels, which in turn can limit the type, frequency, and/or quantity of data that can be smuggled out. But the only way to eliminate them side channels to prevent all communication. If any signal is allowed out, it can be used for a side channel attack.

For example, given the voice codec system you suggest, what's to prevent an attacker from modifying one of the middle bits on one sample every 30 seconds or so? Sure, it will introduce some audible noise, but a tiny bit of static from time to time is unlikely to be readily detected as a side channel attack by humans listening to the call (or even by machines tasked to do the same).

Or let's take it one step further. Let's say you decode and re-encode all voice traffic before it's emitted from the network, so an attacker would not have direct control over the output bits. That would drastically reduce the available bandwidth and all but forbid any sort of noise-based attack. However, an attacker could still manipulate some aspect of the signal that would be preserved -- say the rate of change of the peak frequency of a sample -- without significantly impeding voice quality. The Cinavia system does exactly this for Blu-ray media, and that's hardly the work of top-tier experts.

Re:Wait, what?

your covert channel does you exactly dick.

It seems your choice of words was affected by your subconsciousness knowing you are being one yourself.

Re:Wait, what?

[sociocapitalist]

Buying equipment and/or software from manufacturers/developers that are more or less owned by the country in question, in this case China, you should assume that such equipment is compromised from the get go even if such hasn't been proven, because the possibility and the motivation both strongly exist.

Where security budgets are unlimited, that would be the best approach. But where the budget is limited and even going down, the better approach is to focus on critical hardware (again, what is critical depends on the budget) and the people who install and administer the hardware/software. The most secure hardware still usable by a human being is easily compromised by a person given the right privileges (passwords, etc.). So why not focus on the people given access privileges, and leave that router in the lobby alone until it starts emitting a flood of suspicous data?

An exaggerated analogy. We all know that a large asteroid impacting the Earth is thousands of times more lethal than any known weapon of mass destruction. So why aren't countries alloting the whale's share of their military or homeland security budget toward the elimination of such threat? Because the probability of such fatal impact is low in human or historical terms (even if high in geological or prehistoric terms).

Budgets have to be driven by requirements, not the other way around. I suggest turning it around, then, and looking at it from the perspective that the budget for security (or in this case network equipment from the aspect of security) must depend on the risk and impact analysis. Has it been proven that the holes are there? No. Is the risk there that such holes exist? Yes. Is the impact considerable in the event that the holes exist and are taken advantage of? Yes.

Companies are no longer on a level playing field for security. There is no real separation between business and government in China (for example) and so western business and government agencies that aren't paying enough attention are finding themselves constantly compromised at many levels in no small part due to Chinese military resource and government 'blind eye'.

The other way around - could Iran have proven that their software was infected with Stuxnet? No, probably not. Should they have assumed that it was compromised? Arguably yes. If you get your resources from a real or potential enemy, be it physical or economic war, you have to assume that what you get has holes in it even if you can't prove that they're there.

I understand the point that you're making, but arguably the probability of there being holes in Chinese provided network equipment is probably higher than the probability of a significant asteroid hitting the earth.

Re:Wait, what?

Wheres the proof?
Any .gov dept that finds this, should blow the whistle loud and hard. Any unsafe or defective import for that matter.
OTOH, maybe it is because the Chinese stuff lacks backdoors - and that so many 3rd world countries buy the cheapest, that the USA does not want to offside these companies just yet.

Besides , since the Clipper Chip TM debacle, maybe the US is spreading lies/disinformation because the Chinese products lack a reliable backdoor, or allow firmware upgrades, that may in future close back-doors, leading to inconsistency, or don't have a English language law enforcement 'kit' for sale.
All this home brew hacker / modder firmware means a good chance intercepts don't work, and they have to pay the telcos big bucks for extracting tower records.

Why burden a phone with useless protocols, when the primary goal is to squeeze in Angry Birds , better ringtones and more Facebook stuff and make your product sell better than the rest. How can they install spyware, when the same model number, but a different revision, has a different cpu revision and firmware? That changes weekly and become obsolete yearly.

I think the pace and speed of change (and infinite number of variants) has them defeated. Used to be put a tap on that guys phone. Now it is oh, he uses a long-suck-dong brand mobile phone Version 23.06.82 and we don't have the software for that one. Perhaps it is a rear guard action to delay things.

But claims without proof are just noise. And it serves them right for harping on about Ip licence fees and the like,
now the have linux variants and Android variants, on may ARM copycat plants, simply the business model
that they will but Microsoft or whatever - went out the window. Open source, DIY firmware. This model is here to stay.

Re:Wait, what?

You can put a thousand compromised devices on a network I've setup. Not a one of them will go undetected once activated.

http://rationalwiki.org/wiki/Dunning-Kruger_effect There is only 1 law of network security: there is no such thing.

Re:Wait, what?

"Extraordinary claims require extraordinary proof"

im rather fine with any flavor of proof.

Re:Wait, what?

[Alex+Belits]

This is not true, however even if it was the case, there still was no way to predict how the future compilers are going to be implemented and how the backdoor is supposed to work in all those implementations. The chain would be broken once a compiler will fail to recognize that it is supposed to modify the code that is a part of a compiler it is building.

Re:Wait, what?

[RockDoctor]

The unstated sub-text is that the CIA / GCHQ etc are most pissed off about someone else approaching their level of penetration of other people's communications.

Re:Wait, what?

I also like the implication that unless you have a VPN, it will still magically find its way out to Huawei regardless of what other network controls you have in place. Having backdoors is one thing, getting thru a firewall is something completely different.

That is one of the more feasible claims. A lot of companies have VPN servers for workers who are traveling. It is hard to whitelist every possible location an employee might want to VPN in from. Hence, the firewall will typically have a rule allowing VPN traffic from (almost) anywhere. If the VPN server itself has a back door, then you are probably screwed.

"Don't ever invade China"

Seriously, I think that in the next war someone will have with China, it will be breathtaking how powerful and effective China's cyberattacks will be at breaking that country's will or ability to fight.

Re:"Don't ever invade China"

Never fight a LAN war in Asia.

Re:"Don't ever invade China"

[Teresita]

All Your Base Are Belong To Us!

Re:"Don't ever invade China"

[Cute+Fuzzy+Bunny]

The 1.5B screaming Chinese charging at the lines will be a bit effective as well.

Re:"Don't ever invade China"

[ChunderDownunder]

Do LAN even fly to Asia?

I know they fly all over South America, to Europe and AUS/NZ...

Re:"Don't ever invade China"

[sconeu]

That's INCONCEIVABLE!!!

Re:"Don't ever invade China"

[WindBourne]

Actually, it is far more likely for China to launch an attack. In addition, their wonderful Chinese great network wall is designed for TWO ways. IOW, it will also serve to protect their own infrastructure. Sadly, the west is going to allow it because the GD neo-cons want cheap goods as well as more money from Chinese gov. in their slimy pockets.

Re:"Don't ever invade China"

[jamstar7]

Correlary: Nobody ever won a LAN war in Asia without controlling the opium trade.

Reach me over my heroin, please. The Kardashians are coming on...

Re:"Don't ever invade China"

Just remember, absence of evidence is not evidence of absence, and just because you're paranoid, doesn't mean they're not out to getcha!

  -- D. Rumsfeld, Professor of Political Science, School of Hard Knox --

Even if it's not true, it's a compelling argument that won't be overlooked or overworked to the benefit of 'our' industry, intelligence or law enforcement 'communities'. Except, of course when the investors need a pay-off and want to sell an asset like IBM's Thinkpad division to Lenovo. Or someone with mission critical IC chips wants the job(s) to go to a foreign competitor in order to enjoy the fruits of union free pricing.

Re:"Don't ever invade China"

All Your Base Are Belong To Us!

What you say?

Re:"Don't ever invade China"

Correlary: Nobody ever won a LAN war in Asia without controlling the opium trade.

Reach me over my heroin, please. The Kardashians are coming on...

I thought it was the Jem'Hadar who were addicted by their masters...?

Re:"Don't ever invade China"

[tqk]

The 1.5B screaming Chinese charging at the lines will be a bit effective as well.

That didn't work out all that well in Korea ca. sixty years ago, and weaponry has advanced quite a bit since then. That tactic is as obsolete now as those used in the US' War For Independence (static lines of infantrymen advancing on each other with single shot muskets and fixed bayonets).

The Spartans at Thermopylae were a heck of a lot more clued in than all those involved in the above.

New Legislation in the works

[the+eric+conspiracy]

CISPA for telephony.

A bit hypocritical...

Isn't this a case of the pot calling the kettle black?
The US has echelon, spy satellites, and other ways to intercept communication and they're upset that China does it?
 

Australian govt bans huawei from national network

[bug1]

There was a story a few months ago about how Australia banned Huawei from involvment in a big project, they didnt say why.

http://tech.slashdot.org/story/12/03/24/0424215/australian-govt-bans-huawei-from-national-network-bids

espionage?

How is this espionage v NSA intercepting telecoms in US?
China is like every other sovereign nation with sufficient resources to spy on global citizens. If they can they are and will continue to do so. Not really news.

Re:espionage?

[tomhath]

Last I checked the NSA wasn't bidding on contracts to build telecommunication infrastructure. Of course they might have shell companies that do, kind of like China has Huawei and ZTE

Re:espionage?

[WindBourne]

Sigh. How much global telecom info does NSA look at?

Personally, I would be more upset about the ability of China to shut down our infrastructure just prior to an attack, then their ability to listen. Listening is about 'Trust, but Verify'. Shutting down infrastructure is what you do to your enemies that are stupid enough to trust your word (esp. when you have been breaking it all along).

Re:espionage?

[jvillain]

No but if they can keep Cisco from becomming irrelevant they have done their part.

What the report did not say...

[Teresita]

...is that we have access to 100% of Chi-com comms, including 100% military. We tend to be ahead of the curve. We just do not brag about it.

Re:What the report did not say...

[gtall]

Why would you say this?

Re:What the report did not say...

[WindBourne]

And you can confirm this how? My guess is that you are making a BIG assumption that you should not.

The U.S. has like 99% listening coverage.

[cpu6502]

We even have the power to shutdown foreign companies like Megaupload w/o needing to prove they did anything wrong. But we're the "good" guys. So that makes it okay. After all we only killed 300,000 people this last decade, versus China who killed..... ummm..... wait there's something wrong with my theorem.

Re:The U.S. has like 99% listening coverage.

China has killed tens of millions of their own people under communism in the last 60-70 years. Huh? You think China's the nice or good guys??? Sarcasm doesn't bold well here.

Re:The U.S. has like 99% listening coverage.

[girlintraining]

We even have the power to shutdown foreign companies like Megaupload w/o needing to prove they did anything wrong. But we're the "good" guys. So that makes it okay. After all we only killed 300,000 people this last decade, versus China who killed..... ummm..... wait there's something wrong with my theorem.

Yeah. We own up to the people we kill. We rationalize their deaths, minimize them, call them collateral damage, but we do say "Yup. That was our bomb." The Chinese are not so transparent: There is no way to know how many die in their country each year. And yes, we can shutdown foreign companies, but that's because foreign companies were stupid enough to put their assets in this country to begin with. There's plenty of other countries and businesses to choose from that don't feel the laws of their country extend worldwide. And other sovereign powers are starting to notice the US' aggressive use of extradition treaties. The UK won't extradite anyone facing charges in Minnesota, for example, due to laws about indefinite detainment (which is against their human rights policy) -- in fact, that may well be EU law as well, meaning that in cases where indefinite detainment is sought, they won't extradite. Several EU countries also won't extradite anyone to Texas due to their love of the death penalty (also against human rights legislation). The list continues to grow daily of treaty obligations other countries will no longer honor because of our broken judiciary.

It's a slow process... but feather by feather, the goose is plucked.

Re:The U.S. has like 99% listening coverage.

And the USA are, of course, innocent of any atrocity and would never kill their own citizen too.

INB4 "Your numbers are smaller then my claim, therefore are not applicable!" The number scale with the population, China is a much bigger nation. Ignoring the scale, both country are equally evil.

Re:The U.S. has like 99% listening coverage.

[WindBourne]

Yes, things from 200-400 years ago, is certainly relevant to the conversation. And I hate to say this, esp. to another AC troll, but the slaves were captured by Africans, brought and instituted here by the europeans, and it was our war to say NO to it that costs us.

OTOH, a civil war, is not the same thing as going after your citizens to make them support you 100% or die.

Re:The U.S. has like 99% listening coverage.

[fredprado]

The problem is, once the guy is extradited to anywhere else within US he can end in Minnesota or Texas, or whatever place they decide to send him in.

US may not be as bad as North Korea, but it is every bit as bad as China these days. Both are countries were justice is unreachable for common people, and where dominant groups do basically whatever they want. China censures information, US floods it in an ocean of propaganda and disinformation. In the end all is the same.

Re:The U.S. has like 99% listening coverage.

But we're the "good" guys. So that makes it okay.

Interesting question: How much of China's ability to compromise our telecom systems is based on leveraging the CALEA-mandated backdoors we built into it, naively believing that only the "good" guys would use it.

If we'd built our communications systems to be secure, they'd have to actually do work to break them; depending on how good our mathematicians are, possibly intractable amounts of work. Instead, all our adversaries have to do is implant a mole (using the sorts of routine espionage techniques that have been around since before there were computers) and use the backdoors we built into the system.

Moral of the story: If you're pass a law that mandates all communications systems are to be insecure by design, you've given up any right to act surprised when it gets pwn3d.

Re:The U.S. has like 99% listening coverage.

[Sarten-X]

China executes roughly 5000-8000 people each year for various crimes. The United States has been declining since 1999, and is currently somewhere around 40 per year. Accounting for (rather than ignoring) scale, China executes about 30 to 40 times as much of its own population as the United States. Of course, that's just one metric, but it's pretty illustrative.

China is big, but it's not big enough to dilute its atrocities.

Re:The U.S. has like 99% listening coverage.

Yes, things from 200-400 years ago, is certainly relevant to the conversation.

So? "Too early" to forgive china yet?

OTOH, a civil war, is not the same thing as going after your citizens to make them support you 100% or die.

It was exactly like that.

Re:The U.S. has like 99% listening coverage.

you are missing the executions by drones...

Re:The U.S. has like 99% listening coverage.

How many prisoners does the US detain for medical testing? I know there were experiments that have lasted quite long (up until the 1960s, roughly) experimenting with the joys of syphilis and other ailments. I also know that rural sanitariums still exist that perform lobotomies on patients without known relatives, just because it is cheaper than supplying medication for sedation. Then you might include the cities which are known cancer clusters, with no EPA effort or government recognition to prevent the numerous cases of cancer that affect the local people which are often rural and poor. These are just the walking dead which you may not acknowledge.

Prisoners in the US are better kept alive, since they provide a way to compete globally as slave labor. The US is known for having the most prisoners, and their slave labor is very beneficial when competing with foreign manufacturing. I don't believe we could afford to kill more prisoners, since we would lose an economic advantage. Please don't try to suggest that somehow we are morally superior to the Chinese with simply a prisoner death toll. I am sure we make up for this difference with the foreign deaths we help generate in wars to keep our economy prosperous. The only thing we need to know right now, is what the next war is, and why we might fight it. Carry on, nothing to see here.

Re:The U.S. has like 99% listening coverage.

[WindBourne]

No. The communist invasion and takeover of China did not last that long. In fact, it was over in 1949. From 1949 until about 1979, the Chinese were gutted by the communist party. In many ways, it was worse than stalinism. To this day, the Chinese communist party still runs with a constitution that says what rights the citizen has (which are VERY limited) and that all else, belongs to the state. More importantly, China runs roughshod over those rights unless it becomes an issue in the LOCAL papers or businesses.

To try and compare this to slavery from over 250 years ago, or to a 4 year civil war, is ridiculous.

Re:The U.S. has like 99% listening coverage.

[cold+fjord]

The problem is, once the guy is extradited to anywhere else within US he can end in Minnesota or Texas, or whatever place they decide to send him in.

That is nonsense - absolute rubbish. American states are sovereign, each with their own laws and legal system. If you commit a crime under Minnesota law you can't and won't be handed over to Texas for trial for the crime in Minnesota. If the prosecution is for a federal crime, then the location doesn't matter - the law is the same.

US may not be as bad as North Korea, but it is every bit as bad as China these days.

And yet, for some odd reason, Chinese people keep moving to the United States.

Both are countries were justice is unreachable for common people, and where dominant groups do basically whatever they want.

At a trivial level that is trite. At a more profound level it is nonsense.

China censures information, US floods it in an ocean of propaganda and disinformation. In the end all is the same

So, the Chinese government jailing or oppressing people for expressing themselves on common topics, such as politics, is the same as Americans expressing themselves freely?

 

Re:The U.S. has like 99% listening coverage.

[fredprado]

There is federal law, and as soon as you are accused of anything in any state the federal government can make further accusations. It is remarkably easy to find something that you may have done that may be considered a federal crime. If you don't believe me I suggest that you watch this:

http://www.youtube.com/watch?v=6wXkI4t7nuc

US law is made to allow the government to manipulate it to its own ends and it can easily ruin innocent people's lives if it really wants to.

Chinese people keep moving to US because US economy is still better. The same motive why Mexican people do the same. It has very little to do with politics or governments.

So, the Chinese government jailing or oppressing people for expressing themselves on common topics, such as politics, is the same as Americans expressing themselves freely?

US incarceration rate is the highest in the world. It far surpasses China's:

http://en.wikipedia.org/wiki/United_States_incarceration_rate

A little excerpt from the article above:

"While Americans only represent about 5 percent of the world's population, nearly one-quarter of the entire world's inmates have been incarcerated in the United States in recent years"

As I said you have been fed propaganda and disinformation. Your country does basically the same things China do, but in more subtle ways.

Re:The U.S. has like 99% listening coverage.

It is much more profitable to the friends of US politicians and politicians themselves to keep people incarcerated rather than execute them. That is the only reason why the US is scaling back on executions. It sure the fuck isn't about respect for life.

Re:The U.S. has like 99% listening coverage.

[cold+fjord]

Well said. To which I will add this reference:

The Black Book of Communism - translated by Jonathan Murphy and Mark Kramer - available at Barnes & Nobel and Amazon.

Review by Daniel J. Mahoney, American Enterprise, of: The Black Book of Communism

The six contributors to this book are all French, and all hail from the Left. The book's original publication in France created a sensation, because its cumulative effect is to establish that Communism is the twentieth century's fiercest practitioner of state violence and "crimes against humanity." It forthrightly challenges the claim that Nazism has a monopoly on "absolute political evil" in our time.

The chapters on the Soviet Union and China are as powerful as they are in large part because their authors, Nicolas Werth and Jean-Louis Margolin, avoid excessive polemics and allow the evidence to simply speak for itself. If anything, Werth is excessively conservative in his estimates, drawing almost exclusively from not always reliable "official" party and state archival materials to verify politically--inspired deaths and incarcerations in the Soviet Union. Despite the limits of this method, Werth concludes that the Bolshevik regime was responsible, directly or indirectly, for the deaths of 20 million people between 1918 and 1956, and for the imprisonment in camps of millions more. He demolishes the notion of a good Lenin and a bad Stalin by showing that terror defined the Soviet regime from its inception. And he concludes that there is no basis for the claim that the terror of the 1930s was driven by overzealous Party and police officials acting independently of orders.

Likewise, Margolin's chapter on China shows that the crimes of Maoism are rooted in ideological hubris and a denial of the humanity of political or class "enemies." Margolin demonstrates that Mao committed crimes unprecedented in Chinese history, and damaged the nation in everything from economics to ethics. The devastating consequences of Mao's rule: 65 million lost lives. Perhaps the deepest reason The Black Book has sparked controversy is that it argues Communism is as intrinsically perverse as Nazism. Editor Stephane Courtois argues that Communist crimes, like Nazi ones, partake of the desire to eliminate groups of people on the basis of their origins, not because of any individual culpability or responsibility. He denies that Communism's crimes have any right to be excused or qualified because they were committed in the name of egalitarian principles. Courtois shows that Communism is an exterminationist ideology which selects its enemies on the basis of class. Aleksandr Solzhenitsyn suggested in The Gulag Archipelago that the USSR's war against the independent peasantry--the so-called "de-kulakization" campaign --was the first systematic effort to eliminate an entire class of people for ideological reasons. In this sense, Hitler was Lenin's and Stalin's faithful pupil.

Why Doesn't Communism Have as Bad a Name as Nazism?

Re:The U.S. has like 99% listening coverage.

Seems to me like we have a cultural problem where people think that they can do whatever they want without consequences, its not like they didn't do something to get put in jail. I blame the inmates.

Re:The U.S. has like 99% listening coverage.

[fredprado]

A lot of them didn't do anything wrong, or at least nothing that would incarcerate them in other saner countries. If you watch the video I linked above you will see that there are around 10K federal laws alone they can use against you. Add that to state laws and you double that. You will be hard pressed to find a single person that is innocent of all of them, especially if there is interest to make it stick to you.

Re:The U.S. has like 99% listening coverage.

Well.. there is a nice system in the USA for fixing that without killing, that many, people.....

1. Create a police-state where everyone is afraid of the police. Especially the 'non-wanted groups'.

2. Erode the Judicial system and allow even more corrupt people to control it.
http://boingboing.net/2009/02/02/judges-jailed-for-ta.html
http://www.judicialwatch.org/blog/2010/03/house-impeaches-bribed-fed-judge/
http://medicolegal.tripod.com/govtcrime.htm
http://www.judiciaryreport.com/bribing_a_judge.htm

3. Convince people that taking a plea is in their best interest since otherwise they might face much harder punishments.. Even if they are innocent.. Thereby reducing the number of votes from non-wanted groups.
http://www.brennancenter.org/content/section/category/voting_after_criminal_conviction/ (~5 million not allowed to vote!)

With a voter turnout of only 57% during presidential election years and 38% rest of the years it's quite easy to start influencing where it all will go.... Especially since lower-income families usually have a much higher rate of crime, and also a higher rate of taking pleas since they cannot afford lawyers..

Ie what's been happening is that the power to influence the country is shifting upwards towards where the money is...

There are a few things a country never should be able to remove from a person.
- The right to vote.
- The right to privacy.
- The rights to a fair trial. Without the need of having money for a lawyer.
- The right to education for all children.

Re:The U.S. has like 99% listening coverage.

That is nonsense - absolute rubbish. American states are sovereign, each with their own laws and legal system. If you commit a crime under Minnesota law you can't and won't be handed over to Texas for trial for the crime in Minnesota. If the prosecution is for a federal crime, then the location doesn't matter - the law is the same.

Yep, but if someone goes to Minnesota he can be extradited to Texas. It's enough just to get to the border of the USA independent of what state you might go to... Ie you are summoned for some small thing in one state and then that state extradites you to the other state after you where cleared of the first 'offence'.

And yet, for some odd reason, Chinese people keep moving to the United States.

Well, that might be due to political refugees and/or cheap labor for the US.
But the trend is also that more and more people keep moving away from the United States, not to China but to Europe etc. Must mean that Europe is better than the US from your way of thinking?

Both are countries were justice is unreachable for common people, and where dominant groups do basically whatever they want.

At a trivial level that is trite. At a more profound level it is nonsense.

That fits the US also... Even if you are poor you are expected to pay for a lawyer, it's just for the poor that lawyers are subsidized.. Ie, most people will have to pay for their own lawyer if they get charged with a crime... And that is something most people cannot afford so they go "I'll plee guilty just because it's cheaper". And then they lost their right to vote... Say $15000 for a criminal case that would result in 6 month's incarceration.. What's cheaper...
- $15000 with a chance of still going to jail
- $0 + your monthly salary * 6..
Anyone that will loose more than $2500 per month will have a possible chance of reducing financial loss by hiring a lawyer.
And remember... Those $2500 is the real loss, not the salary.. It's only the amount you have left after paying the normal monthly bills..... Since in jail everything will be provided for you...

Keeping people down via financial means is no better than using politics and creating new laws to keep people down.

So, the Chinese government jailing or oppressing people for expressing themselves on common topics, such as politics, is the same as Americans expressing themselves freely?

I have been there a few times, and they actually like talking politics quite a bit... The thing is that they are extremely censored so main population have very small knowledge about how the rest of the world works..... I remember the look i got when i replied on how the government here in Sweden works... priceless...

From what i have read, discussed with different people from both China and other countries the main things, in my opinion:
- It's safe to discuss whatever you like with whomever you like...
- It's safe to protest against things...
- It's even safe to publicly vent your ideas...
But there is some big drawback... You can only do those things as long as you follow:
- If the government speaks out against something you better fall in line.. (Free Tibet etc)
- Don't trash China... Ever... Unless we say so..
- Do not ever become a threat to any government official..

From wikipedia:

Article 35 of the Constitution of the People's Republic of China claims that:
Citizens of the People's Republic of China enjoy freedom of speech, of the press, of assembly, of association, of procession and of demonstration.[22]
Nonetheless strict censorship is widespread in mainland China. There is heavy government involvement in the media, with many of the largest media organizations being run by the Communist government. References to democracy, the free Tibet movement, Taiwan as an independent country, the Tiananmen Square Massacre, the Arab S

Re:The U.S. has like 99% listening coverage.

[cpu6502]

>>>>China has killed tens of millions of their own people under communism in the last 60-70 years. Huh? You think China's the nice or good guys???

I very clearly said IN THE LAST DECADE. The American Empire has killed 300,000 innocent men, women, and children through its wars of aggression (and about 50,000 actual soldiers/combatants). The Chinese government has not killed anywhere near that number since 2002. As of the last ten years China is actually "nicer" than the hostile U.S.

Re:The U.S. has like 99% listening coverage.

Well... If you are not extremely poor then you will have to pay for your own layer... and it might be cheaper to spend 6-12 months in prison than to pay the lawyers fees to defend you against something you did not do.... Ie reason why taking a plea-deal is so common...

Average time waiting for a trial was 55 days in 2009. If sentenced this time will be counted off from the total prison-time.
If cleared of charges you just lost 55 days without any type of reimbursement.

So basically... Anything that will result in 2 months or less prison-time will be a straight gain for everyone...
Then we have the attorney fees that can go up to $10-15k without much problem.. if you manage to avoid 12 month's prison-time you must at least gain $1250 per month (ie money left after rent, foot etc has been paid)

Ie there are and will be allot of people that will take the plea for things that they have not even done...

According to a few studies between 2-5% of all inmates in the US are Innocent but where convicted. This is *not* counting people that has taken a plea-deal.

Re:The U.S. has like 99% listening coverage.

[WindBourne]

Communism SHOULD NOT have a bad name.
The fact is, that other than Israels little communes, and perhaps some hippy packs, Communism has never occurred.

What SHOULD have a bad name is the totalitarianism as practiced by USSR and what is STILL practiced by China.
Even now, ppl like to claim that China is capitalist. Nothing could be further from the truth. Unless you are involved in exporting, then Chinese gov. still controls the economy. For example, they control the bulk of the coal mines (though it is via a 'corporation'). The laws say what is the MAX pay for gov. owned corps, while there is a MINIMUM wage for foreign partial owned, and the minimum is > the max.

China is nothing but a totalitarian nation who is in a cold war with the west. Sadly, the American leaders, esp. the neo-cons, have done more to help Chinese leaders than they have for Chinese ppl.

Re:The U.S. has like 99% listening coverage.

[WindBourne]

I hate to point this out, but we have all of those rights. There are free lawyers for criminal issues.

Re:The U.S. has like 99% listening coverage.

So why don't we shrink that time frame down further to, say, THE LAST WEEK? Now, the US comes on top again.

Re:The U.S. has like 99% listening coverage.

[poity]

Both are countries were justice is unreachable for common people, and where dominant groups do basically whatever they want.

I can tell you've never spoken with Chinese people.

Re:The U.S. has like 99% listening coverage.

[Zontar+The+Mindless]

No. The communist invasion and takeover of China did not last that long. In fact, it was over in 1949.

Which says absolutely nothing about how long it lasted, does it?

The Chinese Civil War lasted for nearly 25 years, having begun in 1927.

What else do you not know about history?

Re:The U.S. has like 99% listening coverage.

[couchslug]

>>>>>>>> China is no longer Maoist.

China is assertive as befits any large, developed country. ALL countries have a duty to spy on all potential competitors and opponents.

Note that:

The US, for ZERO benefit to its own citizens, spends trillions of dollars on military forces in Asia which exist for the sole purpose of coercing China to do what American politicians want of it. We go into debt to "defend" Asian countries who are rich and could more than defend themselves, all in return for....nothing except looting our taxpayers.

There are no "good" or "nice" guys.

Re:The U.S. has like 99% listening coverage.

I'm inclined to be a bit skeptical about that 65 million figure.in China.
Most casual observers of the world like myself have heard about the 20 million figure under Stalin. But it's only recently (in the ascent of China) that suddenly we have these historians cum accountants crawling out of the woodwork with 65 million here and there.
The number is just too large. You pretty much have to have 2 million incremental deaths every year up to 1980, that or the Chicoms are REAL good at suppressing information.
If you talk to people even through the Cultural Revolution, they are more riled at careers put on furlough than are any mention of deaths and destructions.
More telling perhaps is that the west is not playing up 65 million in any way, and you know the Americans will be all over this if they thought they can propagandize in the current political climes.

Re:The U.S. has like 99% listening coverage.

[fredprado]

I did, but I can tell you haven't.

Re:The U.S. has like 99% listening coverage.

We even have the power to shutdown foreign companies like Megaupload w/o needing to prove they did anything wrong. But we're the "good" guys. So that makes it okay. After all we only killed 300,000 people this last decade, versus China who killed..... ummm..... wait there's something wrong with my theorem.

It's not like China is at the top of the list of the worst genocides in history or something.... oh wait: http://www.scaruffi.com/politics/dictat.html

Dont do anything I wouldnt do...

Not good, but what a bunch of kettle callers.

Freedom

It seems like the chinese have all the freedom.

Can You See The FNORDs?

[Crypto+Gnome]

So some random guy who used to work in Place With A BIG Name mouths off about "phaer teh commies".

And then proceeds to cite absolutely ZERO evidence to back up his claims.

In most circles this would be considered libel of the worst kind (libel because it was written, slander is the same thing when applied orally), he deserves to be sued out of existence.

NOT that I have any reason to disagree with the core of his argument "Don't trust them, they're backed by the government of someone we used to hate vehemently". But only because I mostly agree with the primary tenet of The X-Files (ie Trust No-One. at least not where the issue of trust *really really* matters).

Re:Can You See The FNORDs?

We need more American backdoors!

I guess the best example of this thought process is in the wonderful film "Cannibal Women in the Avocado Jungle of Death": (Ford Maddox) Dr. Hunt, 98 percent of the avocadoes produced in the United States come from the state of California. Most of these come from a jungle area that spreads from Bakersfield to the Mexican border: the Avocado Belt. (Margo Hunt) I'm aware of that. What does it have to do with me? (Col. Mattel) Miss Hunt, maybe you don't get the point. Avocadoes are vital to this nation's security interests. The Communists are already in control of Nicaragua and Guatemala and El Salvador, strife with revolution. California is the last secure supply of avocadoes in the free world! We're on the verge of a major Avocado Gap with the Soviet Union.

FNORDs are rather silly when you start realizing they are there.

He's right.

I can assure you that China has access to America's back door.

We sure have been getting it up the ass.

Re:He's right.

[jcr]

Yeah, it's so evil the way they sell us stuff we want for far better prices than anyone else would charge. The nerve of some people.

-jcr

Re:He's right.

[cold+fjord]

Penny wise, pound foolish.

Re:He's right.

"comparative advantage": Google it, you economic ignoramus.

Re:He's right.

We sure have been getting it up the ass.

No, THEY have. We keep getting the stuff they make, and they get US dollars. Once they figure out what dollars are really worth, it's game over.

Re:He's right.

[arth1]

No, THEY have. We keep getting the stuff they make, and they get US dollars.

They don't always get dollars - due to the trade imbalance, they get IOUs. Our debt to China increases every year, and China can't cash in on it, because that would crash our economy completely, and they would get even less.

We're like an old exiled royal who lives on debt - nobody dares to call him out on being insolvent and having a snowball's chance in hell of ever getting to his former riches, because that would make the chits and IOUs people hold (much of it from when he was solvent) worthless. So everyone continues to lend him money to keep the pretence of solvency and prevent him from defaulting, yet will quietly sell off the debt to new players if given a chance.

Re:He's right.

[pdabbadabba]

What, according to this theory, accounts for the fact that everyone in the world, including China, continue to buy newly issued U.S. debt at historically low interest rates?

Re:He's right.

[cold+fjord]

Pervasive espionage.

Chinese step up computer espionage against United States
FBI estimates there are currently more than 3,000 corporations operating in the United States that have ties to the PRC and its government technology collection program.
Chinese telecom firm tied to spy ministry

The report by the CIA-based Open Source Center states that Huawei’s chairwoman, Sun Yafang, worked for the Ministry of State Security (MSS) Communications Department before joining the company.

The report on Huawei’s board members states that Ms. Sun used her connections at MSS to help Huawei through “financial difficulties” when the company was founded in 1987.

Based in part on Chinese media reports and Huawei’s website, the report reveals that the Beijing government paid Huawei $228.2 million for research and development during the past three years.

I'm sure you can figure out why this might be important. . . well, maybe not.

Re:He's right.

[cold+fjord]

Chine has been buying up hard assets.

Re:He's right.

Pervasive espionage.

and that's bad, because the USA would never spy on China, right?

Re:He's right.

Well... 10% of USA's debt is china's...
Total debt is ~$15.6Trillion. So USA has a debt to China at about $1.56Trillion..

USA also imports goods from china at about $399.3Billion per year.. US exports to china for about $103.9Billion per year... Ie more and more money are flooding over to china, so it's just from debts but from normal flow of money also..

The next thing that's happening is that china's exchange-rates are kept artificially low to to increase the amount of jobs that are outsourced and also to improve export...

USA on the other hand just keeps printing more and more money... Since 2000 the US dollar has dropped 33% in value due to inflation. This not only affects the prices on good's, but also on the existing debts since much of that is taken out in foreign currency or locked at gold etc.. So when your inflation goes up, ie by printing more money, it will also raise the amount of dollars your debts to other countries is.

The funny thing about all of this is... The total GDP of USA was at 2000 around $10Trillion and now at around $15Trillion... Ie just about what USA owes... GDP Expenditure of USA has been between 103-106% of the GDP during the timeperiod 2000-2012. So... Each year the debt just increases and no one wants to pay any tax or accept lowering costs for things to be able to pay off anything...

Well... lets see what happens the next 30 years... But i do think that China will probably step in soon and screw you in the ass.. Would actually be so funny to see the most extreme capitalistic country be screwed over by the last big communistic country...

Re:He's right.

[arth1]

What, according to this theory, accounts for the fact that everyone in the world, including China, continue to buy newly issued U.S. debt at historically low interest rates?

It's already answered in the very post you reply to.
But, in smaller spoonfuls, consider this:

You lend $100,000 to John, an upstanding fellow. Then John loses his job and starts drinking. He then comes to you and says "I fear I'm going to default on my loans and have to file for bankruptcy unless someone can lend me $5,000 at low interest".
You now have the choice of:
(a) lending him the money and hope that either
    (a1) you get to sell the debt at a smaller loss before he goes bankrupt, or that
    (a2) John manages to get back in shape enough to pay his interest rates. ... or
(b) refusing his plea, and watch him file for bankruptcy, making it
    (b1) a certainty that you'll lose the entire $100,000, and
    (b2) a distinct possibility that John gets so pissed that he carpet bombs your house.

Your best bet may be to lend him the money and try to convince others that he's solvent.

This isn't a new type of dilemma - it's happened quite a few times in history, often in the final time before bubbles burst.

Re:He's right.

[Zontar+The+Mindless]

Borrow a few thousand dollars, and the bank owns you.

Borrow a billion, and you own the bank.

Re:He's right.

[pdabbadabba]

Well, remember that the interest rates are set at auction, and in the absence of any specific evidence to this effect I don't see how you can claim that we "demand" low interest rates.

So the better analogy is this: I lend John $100,000. He loses his job and starts drinking, hits hard times and comes to me looking for a $5,000 loan. I offer him one at, say, 5% interest. At this point, John is good to go; nobody needs to step in to rescue John. But, nonetheless, you show up and offer to lend him the money at 2.5% interest. Why the hell would you do that if you didn't think John could repay? You wouldn't, of course.

Compare this to a simpler explanation: while our deficit is very large, it is relatively easy for us to pay down if we make it a priority. There are a bunch of specific proposals floating around out there, any one of which would bring us back into the black. We could, for example, repeal Bush's tax cuts. Or, we could privatize social security. Or we could cut defense spending to something less than 16x anyone else's. Either one of those (among many others) would do the trick in pretty much one fell swoop. So the problem isn't that we are in so deep we can't get out -- very far from it. The problem is simply that our leaders can't agree on the right way to do it.

Of course, that might be because many of us think that now isn't the time to prioritize paying down the dept at all. We should come up with a plan to do it, of course, but in the immediate term we should take advantage of the fact that we are able to borrow at much lower rates than most other countries and plow it all into infrastructure investment. That way when the global economy rebounds we're ready to lead for another 50 years (and, yes, pay down the debt) because we've been investing while everyone else has been in austerity mode. Unfortunately, the political climate today means we have to let this golden (and obvious) opportunity pass us by.

Re:He's right.

[pdabbadabba]

Oh, and here's another fun fact: did you know that the U.S. currently gets away with paying negative interest on its short-term sovereign debt? If countries are paying us to borrow take their money...why shouldn't we, exactly?

at least they dont have control over my server!

*humph*

-db

Re:at least they dont have control over my server!

[Farmer+Tim]

Yes, yours is server of highest security, without so-named rear entrance contained within network controller cards. Please continue use with utmost faithin separation between the wise and glorious Communist party and our approved manufacurers.

Yours sincerely,
Ministry of State Security, PRC.

FUD ?

[Kohath]

There's something of a cottage industry in spreading FUD about Huawei and ZTE. Why should anyone believe this stuff? (Or, for that matter, why should we believe much of anything in the news or on web sites?)

Re:FUD ?

[hjf]

So you buy Cisco and are subject to US backdoors.

Re:FUD ?

[mysidia]

I'm not sure it matters whether we believe it or not. Cisco stuff is manufactured in China. Can you prove that every single component is manufactured to American specs, with no 'spurious unknown compromising parts' or hardware microcode patches burned in 'by accident' ?

Re:FUD ?

[dbIII]

And abuses of the legal system. The company that Cisco is today are utter bastards that fit well with the "might makes right" mentality of China.
I'd trust even the more bribable dark corners of US intelligence more than Cisco any day.

Re:FUD ?

Actually, most of the telecom class hardware is made in Malaysia.

Re:Australian govt bans huawei from national netwo

[Crypto+Gnome]

Actually they DID say why: specifically it boiled down to "because we cannot be *absolutely certain* that the Chinese Government does not have such a close relationship with Huawei that deploying their equipment would not (ever) compromise our national security".

Seems to me that someone in The Australian Government has learned a few important life lessons from The X-Files. (ie trust No-One).

Either that (a) or (b) they're just playing The Obvious "Devil You Know / Devil You Don't" card; and/or decisions were influenced by vendor-$ and Huawei could-not/would-not/weren't-given-a-chance-to cough up enough.

Personally Option (b) sounds more typical of government.

I for one will be eternally surprised to see any government making a well researched, informed, well reasoned decision - they're almost always a pack of retarded monkeys interested in looking after themselves and their friends.

Go On Mr Government - PROVE ME WRONG - I Dares Ya!

FUD

His sole reasoning on this is that Chinese companies made it. This goes along with assuming everybody from the middle east is a terrorist and all white people are republicans.

Re:FUD

A Chinese company that is owned by the CPC, and whose leadership is linked to the PLA research department. Imagine Cisco being built entirely with government funding, and run by former military men. See the difference?

paid for publicity

You are going to have to work hard to convince me this is anything more than an article paid for by a lobbying firm working for a US company trying to win a supply contract.

Penetrated 80% of the worlds telecoms? 80% of the worlds telecoms using one or more items of Huawei equipement does not mean 'penetrated'.

Unless you mean market penetration.

Re:paid for publicity

[jamstar7]

You are going to have to work hard to convince me this is anything more than an article paid for by a lobbying firm working for a US company trying to win a supply contract.

Most likely. But the question is begged, where does this unnamed American company buy its gear? Highly unlikely they make their own in the US...

No way eh.

We Canadians got you with our Nortel DMS & Meridian systems.

Don't piss us off or we'll make you use 32 digit dialing you hoseheads!

And what about Israel?

[quantic_oscillation7]

How Israeli Backdoor Technology Penetrated the U.S. Government's Telecom System and Compromised National Security
An Israeli Trojan Horse

http://www.counterpunch.org/2008/09/27/an-israeli-trojan-horse/

almost as much as the US....

[mschaffer]

... or does the US just use the front door?

Common Knowledge for Years!

[GiantRobotMonster]

I'm surprised at all the surprise?!
I thought it was pretty common knowledge that Huawei and ZTE were run and funded by the Chinese Military.
They have been using their financial muscle to undercut and bribe their equipment into as many countries telecoms infrastructure as they possibly can for over five years now.

Re:Common Knowledge for Years!

[Kohath]

That settles it then. "Common knowledge" is always right. Especially when there's an exclamation point !

Re:Common Knowledge for Years!

China has very long term plans. That's probably how they will win the "dark war" that no one knows about. They think, plan, prepare, etc. and do everything with long term goals. This is in contrast to the US and similar countries that only care about next month's profit report.

The day is coming...

Re:Common Knowledge for Years!

They think, plan, prepare, etc. and do everything with long term goals.

How'd that work out for the Cultural Revolution?

Re:Common Knowledge for Years!

[marcosdumay]

The day is coming...

What day? The day the Chinese army will be so busy fighting their own people that they'll have to stop spying overseas? Because that's the war they are currently fighting.

Re:Common Knowledge for Years!

[dbIII]

I thought it was pretty common knowledge that Huawei and ZTE were run and funded by the Chinese Military.

Hopefully it will soon be common knowledge that a lot of industries in China are run and funded by the Chinese Military so this connection really means nothing in isolation. They are probably about as big and diversified in their holdings as coca-cola these days if not bigger, and 99% of the time they are in it for the money. Those childrens toys made by a company owned by the Chinese Military are not there so they can spy on our kids, they are there to help pay for a new aircraft carrier. The separation of state and private companies that we are used to seeing in democracies is instead a tangled web in China, with odd gaps such as entire huge open cut coal mines with thousands of miners that the government has zero involvement with (to the point where they are not even on a map, let alone taxed).

Re:Common Knowledge for Years!

[cold+fjord]

Exactly!

Re:Common Knowledge for Years!

Thin junk!

Wash.Times deals in hyperbole and innuendo!

Re:Common Knowledge for Years!

As long as you improve the life of the majority of the population there will never be a big revolution, just small groups of opposition that can be easily silenced..

Do have a look at how the country has evolved just the past 20 years... And people are allowed to make quite a bit of money also...

If China wanted they could screw up most the the world via economics... Just make the Yuan to floating instead of it's currently fixed rate that is artificially kept really low.. Second step, demand payment of the US dept... Third step, send a butt-plugg to every resident in the US cause you are fucked..

The interesting thing here is that most of the production in china is not reliant on the export... Sure it would be a dip, but most of the produced goods are used internally in china so the country as a whole would come out on top after a crash...

Re:Common Knowledge for Years!

This kind of person in China we say has been reading People's Daily too much.

Re:Common Knowledge for Years!

[Zontar+The+Mindless]

They think, plan, prepare, etc. and do everything with long term goals.

How'd that work out for the Cultural Revolution?

It produced a generation of Chinese who've lost touch with much of their cultural heritage and who don't really believe in much of anything other than looking out for themselves and to blazes with anyone else, so I'd say it was largely a success.

Re:Australian govt bans huawei from national netwo

I can tell you from experience that the level of corruption in Huawei rivals that of even American and British companies so I would suspect that was the issue (not the corruption, the getting caught).

In other news

China isn't the only country spying on the US

The US has competition

What he doesn't mention is how much access the US has. Most likely they have even more access.

Oh no, the yellow peril is upon us!

[Jeremy+Erwin]

The second link is to "World Net Daily", a site that has about as much credibility as the John Birch Society.

Re:Oh no, the yellow peril is upon us!

[cold+fjord]

The second link is to "World Net Daily", a site that has about as much credibility as the John Birch Society.

Allow me -

Chinese step up computer espionage against United States
The Evolution of Espionage: Beijing’s Red Spider Web
Chinese telecom firm tied to spy ministry

It is a LIE

[WindBourne]

There are all sorts of ppl that are on this site, and others, saying to look the other way. The Chinese would NEVER spy on the west, or put in backdoors to use for an offensive attack. I mean, these ppl all know that the communist China are the good guys. Likewise, that bunch of Chinese naval ships caught 50 miles off the phillipines coast is a non-issue is well. The fact that they were close to a number of telecom trunks has no bearing on anything.

So, relax. China will not try what they did to India. And the communists are heading towards being capitalists so there is no chance that they are working to kill off the west.

Re:It is a LIE

[dbIII]

And the communists are heading towards being capitalists

They already are quite extreme capitalists without many of the checks and balances on capitalism in the west, but that doesn't stop them from wanting to dominate the west in every way they can.
BTW, what do you mean by "China will not try what they did to India"? Do you mean the hacking of the computers owned by the group supporting the Dalai Lama in India or something a lot bigger I've missed or forgotten about?

To most of the world, China are not the good guys but since they are the ones propping up economies built on exporting raw materials there are plenty of countries lining up to kiss Chinese backside and say they are the good guys. Australia for one is China's bitch, the right in politics (eg. the mining companies that bankroll the right) far more than the left (which many in the USA would consider raw communism even if it's still a million miles from it).
As for the espionage angle, the incident where a lot of Los Alamos nuclear weapons research ended up in China was less than ten years ago wasn't it? How do people forget that so quickly? We can be sure that everything someone like Bradley Manning could get would have been in the hands of China long ago. With so many people with so much access anyone who cared enough to put up a small bribe would have better access than some intelligence staff.

Re:It is a LIE

[WindBourne]

China would be propping up economies only IF it were buying other goods from other nations. Instead, it cheats by fixing their money to western money, subsidizing and dumping on foreign markets thereby destroying western economies, and then blocking everything except for nations that they want to woo, or have raw resources.

China's action are a big part of why we are having a meltdown in the global economy 5 years ago and now again.

Re:It is a LIE

[dbIII]

The money doesn't flow evenly so some places do well even though on average everyone is screwed over. So to some with things to gain they are the "good guys", just like Japan was to some in Australia right up until Pearl Harbour and Singapore.
We really can't blame China for the silly Goldman Sachs games that they were not dumb, shortsighted and greedy enough to take part in. They could see the financial meltdown coming just like every finance column in every newspaper outside the USA was predicting, and they took advantage of it, but I don't think they did anything to cause it. There's a lot of things wrong with China but that's not one of them, and everyone who can has played the currency game right back to Roman times if not before.
The fragility of the US economy created by such things as moving a lot of manufacturing offshore is the fault of IMHO an insane management fad and should be blamed on poor management alone and not Mexico, China, Thailand etc.

Re:It is a LIE

China and US are both evil guys... One oppresses it's own population, the other oppresses the world..

Re:It is a LIE

[WindBourne]

Yes, yes, yes. I know. You live in Europe and we are oppressing you. I am so sorry to hear it.

US government has backdoors to 100% of telecoms.

With CC to Israel, and any paying company, of course.

Re:Australian govt bans huawei from national netwo

[WindBourne]

Or they knew the situation.

Now imagine if the US had this

[future+assassin]

they'd be extraditing people for breaking US laws in their own countires left and right.

So?

[fullback]

And the US has used Echelon for industrial espionage against even its "allies" for 30 years.

U.S. government agencies pass wiretapped and intercepted information to American companies all the time. Trade secrets of non-U.S. energy companies have been passed to American companies, cell phone technology, labor negotiation strategies of non-U.S. companies with factories in the U.S. and intellectual property has been stolen and transferred for decades.

Re:So?

[dbIII]

The allies got thrown a crumb of intelligence every now and again (apparently) and were to an extent complicit. The amusing thing is the existence of Echelon was confirmed by an idiot in Australian politics that complained it didn't give him forewarning of events in nearby PNG despite complete coverage of the telecommunications systems in that country. PNG had the system forced on them as part of an aid deal, so were not complicit, but their government knew it was there and avoided discussing issues of international interest on the telephone.

I may be oversimplifying but...

[1karmik1]

I don't understand how can this subject be brought up without talking about CALEA-compliant hardware?

The compliance to this wiretapping law may be usually implemented at a much-higher and easier-to-circument level but in spirit it very much achieves the same.

All Network hardware *is* backdoored, regardless of the manufacturer's country and that's a FACT. The only thing we can do is improve awareness of this so we system engineers, developers, system integrators can design, code and implement around that, as much as humanly possible.

The related news about cellphones as trackers helps drawing the bigger picture just as well.

My 2c.

Re:Australian govt bans huawei from national netwo

[jamstar7]

Or they didn't get a big enough bribe.

Er. excuse me. 'Campaign contribution'. Yeah, that's the ticket...

Credibility

[manu0601]

One one hand, this is credible. China has shown an extraordinary appetite for industrial espionage. On the other hand, the story seems to come from the same source that descredited itself lying about the existence of weapons of mass destruction in order to justify Irak invasion.

Really?

[InspectorGadget1964]

Coming from a "former" Pentagon analyst, can this information be trusted? Or has the same flavor as the weapons of mass destruction that Iraq had that triggered the invasion?

Nobody Seems To Notice and Nobody Seems To Care

Nobody Seems To Notice and Nobody Seems To Care

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the 'curious' malware I've come across in poisoned binaries, were writte

Re:Nobody Seems To Notice and Nobody Seems To Care

[repvik]

I've found your tinfoil hat.

Re:Nobody Seems To Notice and Nobody Seems To Care

[Maritz]

So basically, any anomaly of any kind is evidence for your theory. Well, that's me won over. Thanks.

Re:Nobody Seems To Notice and Nobody Seems To Care

[Maritz]

If your objective is to convince people to accept this, you shouldn't spam. It's a massive red flag that you're a nut. Just a tip for you.

Too many secrets...

[ckret]

... anyone?

buy American

A former Pentagon analyst

Now with Cisco marketing.

Bollocks

[1u3hr]

The source article is on http://www.wnd.com/, which is a pretty wacky looking right wing "news" site. Its top stories currently are :

Gun shop veto draws legal fight
Traveler says no to U.S. internal checkpoints
Blogger: Why don't blacks behave?
Cross-bearing Texas teen arrives In D.C.
Reviewer: It doesn't look like we're repenting
Poll: Majority favor extending all Bush tax rates

Detecting a trend?
Anyway the article in question simply says that 1) Chinese companies make most of the telecom switching gear. 2) Therefore, China's military has backdoored it all and is spying on every byte anyone transmits.

Of course, this is conceivable, but there isn't a shred of evidence. Spying on such a huge scale would require huge infrastructure and data transmission, basically duplicating the entire Internet. That might be detectable.

Re:Bollocks

[Mashiki]

Detecting a trend?

Note to self, use this post as a reference the next time that someone uses huffpo as a story basis on /. again.

2 words: firmware update

Firmware updates are an amazing thing.

Re:Australian govt bans huawei from national netwo

[WindBourne]

Australia does not have the same issues as the USA. Here in the USA, our politicians are available to ANY foreign nation, as long as they pay in dollars. In all of the rest of the western nations, the politicians are at least somewhat loyal to their nation.

almost as many backdoors as the CIA..!?!?

[johnrpenner]

The CIA owns everyone of any significance in the major media. (Former CIA Director, William Colby)

the chineese can build backdoors into the chips, because they do the manufacturing, but this sort of spying activity is not so much different than the american government / snoops requiring installation of their IP sniffers at google and every major ISP.. :-\\

they are both a form of censorship / control of communication — however, whereas the chineese govt tries to simply block dissenting traffic, the americans allow the traffic to flow, in order to allow it to lead them to the identify of whom they're after..

You're trusting WingNutDaily for news?

The true name is WorldNetDaily, and they're pretty famous paranoid crackpots. They're some of the loudest birthers on the planet. Not exactly a reliable source.

I'm not saying it can't be true just because a paranoid crackpot believes it, but check all the cited sources, and don't trust any statements that aren't backed up with verifiable evidence.

Re:Australian govt bans huawei from national netwo

[TheKidWho]

Rivals? Hah, try exceeds by a significant margin. China as a whole is incredibly corrupt on a level beyond the western world.

Re:Australian govt bans huawei from national netwo

... a close relationship with Huawei that deploying their equipment would not (ever) compromise our national security.

This says Australia won't share its national security data with China. China is an economic partner only. Indonesia was a military partner for a brief time. USA is a military, economic, legal partner and cultural overlord.

Re:Australian govt bans huawei from national netwo

Certainly corruption in the west is just as bad as in China. The Chinese don't go to any great lengths to hide it. Corruption in the west is kept as quiet as possible.

WND credibility

[AliasMarlowe]

This "former pentagon analyst" is a writer for WND, a rightwing web news site with all the credibility of the National Enquirer.

Has WND told us the truth yet about the two-headed slime aliens anal-probing the kidnapped Elvis on the Moon (preferably with grainy photos)? Until then, WND has only a fraction of the credibility of the National Enquirer.

National Enquirer website

[AliasMarlowe]

Have you looked www.nationalenquirer.com recently? Can you give more a detailed reasoning on why anyone should take your statements seriously?

"The content of this website is not available in your area."
I definitely can't take the National Enquirer seriously. In fact, I can't take it at all!

Re:National Enquirer website

[Galactic+Dominator]

I would guess you live somewhere libel laws are quite strict. The kind of country who would rather have censorship than gossip.

Re:National Enquirer website

[AliasMarlowe]

I would guess you live somewhere libel laws are quite strict. The kind of country who would rather have censorship than gossip.

Not really. To be actionable in Finland, a libel or other form of defamation must be known to be false by the person making it in addition to being injurious to its target. Forget megabuck settlements also, as Finnish courts tend to award actual damages (without any wild-eyed interpretation of "actual") rather than exemplary or punitive amounts.

It's far more likely that either (i) some of the content at www.nationalenquirer.com is licensed by its providers only for the US and maybe Canada and some other English-speaking countries, or (ii) Finland is just in a blanket exclusion due to incompetence by the web site developers.

BTW, there are decent translations into English of the primary laws of Finland, but secondary laws (i.e. regulations set by government agencies), case law, and bills of parliament are only in Finnish and Swedish at FinLex. Regulations are sometimes translated by the relevant authority, and are often set quite sensibly - even reasonably - such as for private copying of all copyright materials published in Finland.

Re:National Enquirer website

[Teun]

The same message on a Danish connection.

Re:National Enquirer website

[Zontar+The+Mindless]

And on a Swedish one.

Re:National Enquirer website

[koxkoxkox]

And in China ...

Re:National Enquirer website

[Hognoxious]

a libel or other form of defamation must be known to be false by the person making it in addition to being injurious to its target.

So I can put up posters all over your home town accusing you of being a pediodiddlerist as long as I didn't access your police record to actually find out?

Allowing ignorance as a defense is not a good idea; it creates a perverse incentive whereby anyone driving with their eyes shut has a get out of jail free card.

Either your interpretation is wrong or Finns aren't as smart as I thought they were.

Re:National Enquirer website

[AliasMarlowe]

Allowing ignorance as a defense is not a good idea; it creates a perverse incentive whereby anyone driving with their eyes shut has a get out of jail free card.

Unless there is evidence to the contrary, it is assumed that one expresses an opinion only on subjects where one is sufficiently informed. In this case, ignorance is not assumed unless it is plausible to a judge or backed up by evidence. Willfully maintaining the semblance of ignorance in order to preserve deniability is tantamount to an admission of guilt. Your example shows why.

Either your interpretation is wrong or Finns aren't as smart as I thought they were.

Your interpretation is wrong, as it presumes that Finnish law follows the bizarre practices of US law. It does not.

China panic!

[AliasMarlowe]

Now all we need is a "former sports analyst" to say that China has access to 80% of the world's athletes as they have implanted nano-technology in the clothing. :)

Well, they're already supplying the uniforms of the US team...

This just in...

The US government has backdoors into every telecom switch in the USA for CALEA wiretaps on the PSTN. This is not a secret.

Re:Australian govt bans huawei from national netwo

They are actually banned at the NATO level, I believe. Because the Chinese government has got a large stake in Huawei, like in any Chinese company. It's not so much because they are Chinese, but because they are a government. Governments don't like that other governments deploy equipment on their premises.

The same happened in the early days with Check Point. You could see connections going to Israel and they wouldn't explain why. To this day they are still banned in many facilities because of this past history.

Tinfoil Hat

[Drishmung]

That settles it. I'm just going to have to move to the desert and wear a tinfoil hat to protect myself from the orbital mind control lasers.

But, wait. What if the tinfoil was made in China? Or made from metal that was recycled in China? What if all the world's tinfoil contains secret Chinese backdoors to stop the proper functioning of tinfoil hats?

/me whimpers in corner.

Re:Tinfoil Hat

[Mr+Z]

Calm down. There is a way! What you need to do is buy at least three different varieties of aluminum foil: Reynolds, the store's in-house brand, and one other name brand (any name brand will do, so long as it is NOT the store brand and NOT Reynolds). IMPORANT: Make sure you buy the regular thickness aluminum foil, not the heavy duty! For best results, make sure all roles are at least 12" wide. (Standard Reynolds is about 12.5", which is perfect.)

The goal is to trigger cross interference between the different coherent sources that may be affecting you through a single brand of foil. This is why you need three different brands: Like color filters, if you combine magenta and cyan, you get red; if you combine cyan and yellow, you get green; if you combine magenta and yellow you get blue. But, if you combine all three, you get black -- all light absorbed. Mind you, that's not exactly what we're doing here since mind control lasers don't work exactly like that, but it's a useful metaphor.

The most effective method I know is to pull off strips of foil from each roll. Make each strip approximately 8" long, and then fold it in half 3 times, to make a strip approximately wide. You will need at least 8 such strips from each of the three rolls. IMPORTANT: Do not mix up the strips! Ordering is important!

Now, weave the strips together into a mesh, alternating strips from each of the three rolls -- one strip of Reynolds, one strip of store brand, one strip of other brand. There should be 12 horizontal strips and 12 vertical strips in the mesh altogether.

The resulting mesh will have overlap points for all possible combinations of the three mind control signals. This will fractalize the signals, causing them to decohere, rendering them effectively inoperative.

Good luck, my friend. Be strong!

Surprised?

[Vladius]

Lie cheat and most importantly steal. It's the Chinese motto. Of course they likely learned it from us. The irony is that they have probably become better at it that we ever were. It's sad that we maintain trade relations with such an openly dishonest country.

Re:Surprised?

[Bysshe]

If you refused to business with the bad guys, you would never do business.

Re:Surprised?

Hi, you must be new here.
Based on the contents of your post, let me be the first to tell you that you aren't welcome here.
Bye.

This gentleman should be more responsible...

If he says something like that, he has to tell us (ISP workers around the world) how he believes they are doing it so we can monitor for that. Just spreading FUD, with absolutely no content in it. He probably just wants a job somewhere

Replica Watches Sale, Buy Replica Rolex Watch Onli

[litongxi]

Replica Watches of all world brands for sale - Replica Rolex Watches, Breitling, Tag Heuer, Cartier, Hublot Replica Watch at topmywatch.net online store. http://www.topmywatch.net/

And just how much..

.. advertising did CISCO buy for placing that story?

Don't get me wrong, it's eminently possible that there is espionage going on, but I see two immediate problems with those claims:

1 - given the massive spread of kit, simple statistic probability would have already yielded evidence of such backdoors. It's not like there aren't enough security people ou there capable of spotting anomalies.

2 - it builds a rather massive haystack in which to find a needle - I can't really believe the Chinese would repeat the mistakes of the various US attempts to backdoor kit (Clipper chip, anyone?).

So, I view this with some serious skepticism. I know it's popular to make the Chinese once again The Enemy (funny that there is always someone who is enemy du jour once the other ones go quiet - heard of any terrorists lately?), but so far I have seen precious little in hard evidence. I know they're damn good at copying what they get their hands on (sadly they don't improve it like the Japanese used to do), but the current paranoia seems to serve other purposes.

We were told we were melodramatic and paranoid

We were told we were being melodramatic, paranoid and isolationist when a lot of us went up against Dan Griswold and the CATO Institute's mantra of "people, goods and services" as fungible entities to be moved around, swapped out and relocated according to "market" forces.

Seems like people and the suppliers of services they work for aren't really much like cogs at all, but more like intentional actors with conscious , non-monetizable value systems which motivate their individual actions and determine the historic outcome between competing geo-political forces.

Wow, who would have ever saw that crazy curve ball coming at ya?

 

more sinophobia

This is like the chinese press reporting on a former PLA officer saying that the USA has backdoors all over the world thanks to Cisco. And we all know Cisco has tight relationships with the Pentagon...

On the US a lot of people see China as some kind of lawless state, and in fact companies like Huawei and ZTE (as well as the Chinese government that supports them) are mainly motivated by profit, they just want to sell more hardware to more telcos... but this should be obvious.

Next time you find some propagandistic news like this, try reversing the players and see if it sounds stupid or utterly paranoid. And BTW, Cisco routers are backdoored in several ways, look for instance at their features to support "Lawful" Interception.

backdoor in ASICs

If the source code were free and publicly available.... still... how do you verify the code on the device was compiled from the source you were given, and
there's not a hardware component that changes the code after it's in memory?

Unless it's the chips/ASICs that have backdoors, and not the code that runs on the chips.

So what?

[Joey+Vegetables]

The Chinese are not likely to waterboard me, or murder everyone in my neighborhood by an "accidental" drone attack, because of something I said on the Internet. The U.S. government very well might. I fear the U.S. government far more than the Chinese, and I would even if I were a Chinese citizen living in China. Not that the Chinese human rights record is great; it is somewhere between appalling and worse; but it still does not begin to compare with the U.S. government and its 200+ year long history of torturing, enslaving, and murdering innocent people both here and abroad. If by stealing its secrets the Chinese manage to prevent a war against the U.S. government - or to prevail, should they be unable to avoid it - the world, and even the U.S., will be much better off.

Re:So what?

I fear the U.S. government far more than the Chinese, and I would even if I were a Chinese citizen living in China

Depends a bit on your level in society, but I do think it's appalling that Americans don't even feel safe in their own country anymore, and are now treated as pariahs when abroad to the point of even having trouble getting a bank account.

I think the key point about the Chinese is that they do not bother pretending they are democratic, and given the structure of the country this would probably not yet be possible (it takes time). The greatest crime in the US is that war making gives the quickest and least questioned access to tax dollars, irrespective of what it does to the country and its citizens - I guess this is why Clinton had to go, because he actually created good international relations (read: no wars) and a national income that made everyone better off.

Instead, you had several terms of Bush and now everyone is afraid of their own shadow, entering the country could mean body searches you would normally send people to jail for and enough anger in the world to keep that great war machine going for another couple of generations - killing off young Americans in the process. I'd like to know how it is possible that someone lying about a stained dress (which is IMHO rather human) gets indicted, while someone who creatively interprets intelligence to suit his own (and sponsors') agenda is still walking free, despite having a federal agent exposed in the process (Valerie Plame). On the plus side, at least they didn't kill her. A WMD scientist in the UK was less lucky.

This guy is right.

[r00t]

Imagine a chip, made in China, that has a network connection (to China) and can DMA to/from your RAM.

Oh, hey, you have one: your Ethernet chip. Shit. We're fucked.

Also notice the chips in your wireless router, cable modem, cell phone, cell tower, USB stick, USB port, etc.

you aren't thinking like a nation-state attacker

[r00t]

The moment any such 'bug' went active, it would set off alarms -- by necessity, the communications would have to occur over the provider's own network. Unless their network admins are idiots they should notice the abberant traffic.

No way. How exactly are you going to view that traffic? You can't usefully plug an Ethernet cable into your head. You'll need an Ethernet chip, made by GUESS WHO...

Yep, the magic packets will NOT be reported to your OS. Either they get dropped, or they get sent directly (via DMA) to some other Chinese chip. Nothing will show up in Wireshark.

So what would the equivalent percentage be

[walter_f]

for the U.S. government including agencies like NSA, CIA, etc.?

can believe it

posting anon, but Ive seen first hand that huawei have a software tool that can extract all the passwords out of a system in plaintext, that if you call in engineering they will run. So all your passwords will end up back in china.
I also know that another guy first hand, who found a firmware with a attack mode embedded into it, flooding, packet dumping, mangling etc etc, and he allegedly questioned them about it, and was told it was a "experimental lab firmware that accidentally got loaded" and told to stfu by his manager.

Large American corp like Apple endorse

Communism over Americans it is that simple.
you buy use communist goods your a commie.

Google is a crybaby

Google and the US police state are afraid of a little fair competition?

Re:Australian govt bans huawei from national netwo

I visited Huawei on a support trip last year, on behalf of my employer. (Hence, posting anonymously.)

I can honestly say I've never been to a more paranoid company. The team I was helping (the maintenance team for this particular bit of telecoms software) didn't even have the unlock key to unlock the loaded memory image. (The chips involved have a RAM lockdown mechanism that can secure their contents against modification after loading with a 128-bit key.) So, while we could modify the program and upload new images, we couldn't effectively postmortem or probe the system after a crash.

The company was very compartmentalized with information shared on a need-to-know basis. They had to contact another team to get the unlock key, and get management approval, etc. for the transfer. (This, for now 4 years old telecoms equipment.) Our company's representatives were only allowed to directly touch one machine, running a web-browser pointed at our corporate website (for downloading documentation), and our session was monitored remotely via VNC or something like it.

I was warned not to bring a laptop or even a thumb drive. If I had brought a laptop, it would only have been allowed in if all the ports were glued shut.

I would expect that level of paranoia and security at a defense contractor, not the telephone company. But then...

Oddly enough, they were only paranoid about their own IP. They are apparently more than happy to share our competitors' advance information with us (to which we say "No, we don't want that liability!"). Hmmm...

It should be noted

[Casandro]

that virtually all the found backdoors originated in the US. Virtually no Chinese back doors have been found yet.

I've always said it regarding Huawei...

Anyone with a network sniffer can see that Huawei devices are infested with "phone-home" malwares.

I've always been saying (anonymously) on /. that Huawei was a chinese-state-sponsored company whose purpose was espionnage. I don't even understand why their sh*t are still allowed in the U.S.

They're spying on U.S. industries. They're spying on U.S. military. They're spying on U.S. citizens.