Slashdot Mirror
U.S. Calls On China To End Hacking; Start Cyberspace Dialogue
New submitter trickymyth writes "For the first time, the United States has mentioned the People's Republic of China in relation to cyber crime, officially acknowledging what has been long suspected by private security experts and the U.S. business community. The Obama Administration seeks to get the Chinese government to acknowledge the problem, to cease any state-sponsored hacker activity, and to start a dialogue on normative behavior on the internet. This announcement follows the recent 60-page report from the American cybersecurity firm Mandiant, who spent two years compiling evidence against the so-called 'Comment Crew.' They traced IP addresses, common behavior, and tools to track the group's activity, which led to a Shanghai neighborhood home to the People's Liberation Army (PLA's) Unit 61398. This tracking came at the behest of the Times, who has experienced some trouble with hacking in the past. The Chinese government rejected the report as 'unprofessional' and 'lacking technical evidence.' This announcement also comes amid a delicate leadership transition in China and numerous new reports on the vulnerability of U.S. business and government networks to attack."
"Seriously guys, stop hacking us! It makes us look bad when we can't do the same to you, because you happen to have a firewall around your entire country!"
Only complain when you lose.
This is the same country they has a national firewall infrastructure to use against its own citzens. I'm sure their morals will guide them right when it comes to using hacking as a weapon of war.
I hope this ends well, but I have a feeling that either nothing will come out of this, or the Chinese will ramp up efforts since they don't have to worry about hiding their efforts.
We can not allow a cyberspace gap!
the desire to ship a product to maximize revenue rather than quality is the objective of many companies. The license agreements are better coded than most software.
USA: Syn(100) -------> China
Your move China.
Surely the U.S is hacking back? My best memory of "China hacking" is Operation Aurora. I find it difficult to believe the U.S has been on the purely defensive side since then (if not before).
It's ok for the US but no one else?
Guess some left hand isn't talking to the right hand.
Infuriate left and right
Surely the U.S is hacking back?
Yeah sure! Now where did i put my netbus...
Silly Times, if you are scared of the Chinese hackers, you can just insert this code at the top of your site:
< h1 > tiananmen square < /h1 >
Next step is send in the drones and turn that cyber war into a real one. Hey China, if you aren't sanctioning it and aren't stopping it, the U.S. WILL go in and do what is in their best interest.
China is about to have an epic crash when their real estate bubble bursts:
60 minutes on China Real Estate Bubble
When that happens, their economy will tank... similar to what happened in U.S. in 2008. And that will bring out people demonstrating in the streets. The Chinese security apparatus will have its hands full trying to stifle online dissent and stop people from plotting against the government. Cyber attacks on external targets will fade.
China: You go now!
Solving Unix problems since 1989...
The military complex wants there to be more hacking, not less, so that they can justify grabbing more tax dollars for national "protection".
So-called cyberwarefare is a dream come true. Producing defense hardware costs the defense contractors a fair bit of money as a per-unit cost, whereas cyber "armaments" cost nothing to replicate yet they'll still charge the government on a per-unit basis. All that lovely tax moola, yummy.
These Americans...
I believe we possess all the resources and talents necessary. But the facts of the matter are that we have never made the national decisions or marshaled the national resources required for such leadership. We have never specified long-range goals on an urgent time schedule, or managed our resources and our time so as to insure their fulfillment. JFK 1961 ppl who who don't know history are doomed to repeat it
Call me hypocritical, but preventing Iran from having a nuclear bomb for the safety of the middle eastern region (and global security) is definitely worthwhile.
What is the purpose of China's hacks? Mostly economical, not exactly an apples to apples comparison here.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
stuxnet what?
pot meet kettle....
Imagine it's 2003, and Slashdot has an article about the widely criticized Iraqi invasion. An American makes a post just like yours:
"But invading Kuwait was ok, huh?"
Would you have embraced that sentiment? Would the moderators have modded it up?
I imagine that poster would be flooded with indignant replies containing variations of "two wrongs don't make a right"
You know, the US could just turn off their overseas Internet connectivity and isolate itself. Or you know, be part of the international community and accept they are no more special than any other netizen with attempted hacks on their IP addresses.
C'mon @soulskill, you had the opportunity to legitimately put the phrase "Spacewar" in your headline and you didn't. I don't think you can correct headlines, but it may be worth it.
Any headline where the US is demanding that some other country stop doing something can be simply answered with "You First Sparky!".
How could any government control the actions of 1 billion people....oh wait a minute.
I haven't thought of anything clever to put here, but then again most of you haven't either.
We're going to keep doing that shit to you, but please stop doing it to us, because you know, we're the United States and you're not allowed to do to us what we do to you.
Seems to me that this is like asking for a truce when we're losing. They've got no reason to say yes.
Fortunately, this isn't a battle we have to lose. Yeah, I think we have to admit that every grandma-box running Windows 98 is going to be a spam-spewing zombie for the foreseeable future, but the corporations that make the juiciest targets should also be capable of at least some self-defense. If thy IP block offends thee, cut it off. Social engineering is always going to trump user education, but we can at least make it an arms race.
At least it's not nukes, which are harder to walk away from. That means we also don't have Mutually Assured Destruction. They're going to do it even if they sign a treaty saying that they won't, so we're going to have to hunker down and deal. Asking them to call it a draw isn't going to get us anywhere.
U.S. to China:
a/s/l ?
Wanna cyber?
Looks like governments start noticing that 'the terrorists' are no longer an effective bogeyman and need to conjure up a new one.
Nihil in publicum sputa.
All the US needs to do, is sit back and wait for these Chinese hackers to download too much copyrighted material. Just wait, it'll happen soon enough. Then their ISP will cut down China's bandwidth to like, really really slow. They won't be able to really get any hacking done then.
How about stop censoring your political opposition?
"You first, fuckers!"
I think we can all see where this is headed...
Wouldn't you prefer a nice game of chess?
An enigma, wrapped in a riddle, shrouded in bacon and cheese
I for one would rather see the security ignorant persons setting up government and infrastructure IT systems here in the USA constantly checked from the outside and exposed in small chunks than any "secure because we say so" due to unenforceable policies.
Security would never improve, rather it would get very much worse if there wasn't the constant threat posed by hackers. They are doing us all a favor. If and when a real organized and unified hackers attack, hopefully the larger security doors and windows will already have been closed.
Security is NOT a goal, it's a process. Constant hacking is arguably the most important part of that process as it's a reminder of the constant diligence needed to keep systems locked down.
I would think a large 0-day stockpile combined with a couple year moratorium on foreign hacking would be the most effective strategy for wreaking instant remote havoc if that's the goal. Attacks by a million cuts results in very thick armor over time. Maybe China want's our infrastructure to be better and this is their most effective way to make this happen.
I would rather see each government or infrastructure system put in place require the security persons private signature - where they are publicly shamed if and when the signature is collected by hackers and exposed. Hackers could turn in these signatures for anonymous large rewards. Successful 0-Day exploiats could be turned in for even greater rewards as that could be added to our own 0-Day stockpile.
I'm much more worried at the moment about low-level back doors in equipment coming out of China. There's lots of room for un-fixable mischief to be had with ICs with the right microcode, and it's already been proven that they have the technology and know-how to do this.
Pleasant dreams!
China has been hacking US gamers for years. I get notifications from Guild Wars 2 that someone in China tried to access my account, please change my password. Welcome to the world wide web, Mr President and Congress, we need smarter policies, not more neolithic special interests pandering bullshit. Set up a firewall that you can monitor the hits on it, you will find that China is a beehive of hacker activity.
We do have people highly qualified and capable of not only securing our country's systems, but being our scalpel as well. Let's not panic for fuck's sake.
Take the Red Pill.
That's what the US State Dept is crying over in Beijing right now.
The Obama administration really needs to learn some tact. Did they really need to launch this initiative RIGHT now? Could it not have waited 6 months since it has taken them 2+ years so far to gather the evidence? The Chinese government has always used the "it wasn't me" and "As I told you, it would be absolutely, totally, and in all other ways inconceivable" arguments. All this will do is raise their hackles while we deal with a true international crisis that we need and have finally started getting China's help on, a.k.a. illegal North Korea nuclear capabilities.
At least with the hacking problems, that is something we can work on internally to resolve through better security measures. NK going nuclear, that is nothing we can fix by ourselves without severe global consequences.
Issue sanctions? Stop it, it hurts to laugh.
Anytime the US says they want someone else to change their policy, to stop doing something or to talk about a problem usually means they are beating us at something. We do whatever we please and strut around like pretentious dicks but as soon as someone does it better and we cant beat them they we try to act diplomatic or simply go and run to mommy to say someone isnt playing fair.
The whole cyber thing is the next boogeyman anyway. The US always has to conjure up some scheme to direct attention to and "declare war on" to justify blowing trillions of dollars and not actually trying to improve the country. The whole terrorist thing is getting old and no one cares anymore. So now its all about cyber war
None, because invasion violates national sovereignty and it inevitably results in people, innocent and otherwise, being killed or injured without the benefit of due process or equal protection of the laws and is, generally, neither democratic, just nor peaceful. Surely the most powerful nation in the history of the human species can do a little better than indiscriminanatly blowing up property and killing people whenever they don't get what they want for themselves. Do you know the history of US attrocities in Korea and Iraq? Do you really want more of that?
1. Some company gets hacked
2. Some security company (Mandiant) investigates and makes a non-peer-reviewed report (PDF) with very thin evidence that jumps to conclusions
3. Sensational press repeats claims from report without investigating
4. Government uses "evidence" of what now seems a big problem and a certain source to start a war
5. Profit...
I'd like some smart Slashdot reader to read the report and tell us what you think. It contains a lot of random facts and then draws some very unscientific conclusions. I think it was written starting with the conclusions, then finding facts to "support" it.
Blocking overseas network traffic will just mean that the hackers will start using US based places to start hacking from. Just blocking China won't work since the hackers almost exclusively use intermediate (hacked) computers that are not in China to do their stuff from. The fact that China isn't really hiding their economic hacking doesn't mean that other countries aren't doing just that as well. Don't forget that commerce and government are more or less the same in "communist" China. This is nothing but industrial espionage, which takes place everywhere, not just in China-USA. The real difference is that in this case the owners of the industry aren't people claiming to be private citizens in a claimed democracy. You're basically fighting a very powerful economy that happens to be a lot more efficient at their corruption than the the US economy is, with the exception of the arms industry.
I was promised a flying car. Where is my flying car?
And that, in a nutshell, is why the US has lost the moral high ground and is no better than any other tyranical power that has ever existed.
China owns the US
China owns networks in the US
China has complete visibility of everything that happens in the US
We surrender. Please don't hurt us.
And I may have forgotten whatever other structural industrial espionage the USA has done...
Iran hasn't invaded any countries in an aggressive war of choice in 200 years. As opposed to you-know-who.
China ignores all their treaties. For example, they recently joined the UN in condemning NK and promising that they would stop NK's slush fund if found. OK. So, America obviously KNEW where it was and points it out. What does China do? Nothing.
Then you have their treaty with USA and WTO. They were required to drop most of their tariffs (around 90 at the time), no subsidies for exported goods, no dumping of exported goods, and free their money. Instead, they now have over 400 tariffs, subsidize many key items, are constantly dumping in foreign nations, and manipulate their money.
Likewise, they have a treaty with Japan that requires them to have pollution control on all new cement and coal plants. Sadly, the Japanese made a mistake in not requiring them to turn on the controls. As such, China simply turns off the controls most of the time. They only turn it on when Chinese gov. tells that they must and for how long (typically a special event or somebody coming to check the environment).
And now somebody thinks that CHina will keep their word? Not a chance.
I prefer the "u" in honour as it seems to be missing these days.
...get their Most Favored Nation status taken away.
I know China isn't going to stop. You know China isn't going to stop. Obama knows China isn't going to stop. China sure as hell knows it's not going to stop. So most likely this is grandstanding so Obama can say he's "doing something" to his more clueless buddies in business.
The 'China Hackers' discovered Obama's porn stash and the tweeter/facebook/e-mail of his 'mistress.'
Oh Dear ! If the Washington Times or the Daily Mail get this, it is the END of Obama. :)
Ha Ha Ha Ha ! .n|m Obama-kun
While everyone is crying politics... did everyone forget about all of the god damn sshd and email password cracking on random targets by Chinese ip space?
So what incentives exactly does China have to stop hacking? Stop a cyber war? Their hackers are better than yours. Afraid after sanctions? It's unlikely enough countries would be willing to stop trading. Best thing to do imo is to upgrade US's digital infrastructure. Solve the root of the problem.
I bet a long list of security appliance manufacturers are sweating bullets after reading this.
TOP DSLR Cameras Reviews of the top DSLRs
Focusing on China's hacking instead of botnet spamming and malware is like going after graffiti vandals while ignoring the constant ongoing occurrences of murder and rape everywhere you look.
President Obama and his administration has raised the level of urgency in protecting the government and domestic businesses from the increased level of cyber attacks. However, U.S. leaders have avoided calling China out by name in the past. http://www.cuuhomaytinh.info/
http://www.cuuhomaytinh.info/
We can ask till we are blue in the face. Unless we get something on them that is without refute, nothing will change. Even then, if we did have something like that it would be handled in a very hush-hush manner as to not hurt someones feelings in the international community; it will be back-door. We need to upgrade our security, or just outright ban foreign IPs from certain companies. This is one of those problems where there really isn't a good solution.