Pentagon Ups Hacking Accusations Against China

wiredmikey writes "A new report from the Pentagon marked the most explicit statement yet from the United States that it believes China's cyber espionage is focused on the U.S. government, as well as American corporations. China kept up a steady campaign of hacking in 2012 that included attempts to target U.S. government computer networks, which could provide Beijing a better insight into America's policy deliberations and military capabilities, according to the Pentagon's annual assessment of China's military. 'China is using its computer network exploitation capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs,' said the report to Congress (PDF). The digital espionage was part of a broader industrial espionage effort that seeks to secure military-related U.S. and Western technology, allowing Beijing to scale back its reliance on foreign arms manufacturers, the report said. One day later, Beijing dismissed the Pentagon's report that accused it of widespread cyberspying on the U.S. government, rejecting it as an 'irresponsible' attempt to drum up fear of China as a military threat."

Surprising?

[venom85]

Is this supposed to surprise anyone? And, more importantly, does anyone out there actually believe that the US isn't doing the same thing toward [insert long list of nations here]? I, for one, certainly believe they are.

Re:Surprising?

[Austerity+Empowers]

Compared to a communist dictatorship, yes we are. I am free to talk about how much my government sucks, loudly and with great fanfare. It's not that we don't suck, it's that they suck much, much more.

The question is whether we should continue to prop up their mfg industry which seems to be a major attack vector for their espionage activities. Pre-owned cars have a market, pre-ripped jeans have a market, I'm not sure who the market is for pre-rooted machines.

Polite pretense

[onyxruby]

How long do we uphold the polite pretense that China isn't behind the overwhelming majority of real world hacking? How long are we supposed to avoid to avoid offending them and continue to allow them to steal all of our intellectual property that we supposedly value? At least the Chinese government actually bothers to protect Chinese businesses from foreigners unlike the US government which only protects big business. Turn the other cheek, what if your out of cheeks?

Re:Polite pretense

[chill]

Intellectual Property? Like we give a shit. Here's one fine example from U.S. history.

http://www.bigsiteofamazingfacts.com/why-did-president-thomas-jefferson-smuggle-rice-out-of-italy

During their early years, the United States freely ignored existing European patents and copyrights as we saw fit. Developing our economy took precedence over some Old World kvetching about theft of ideas.

If you have knowledge, let others light their candles with it. - Margaret Fuller

To press China on theft of IP would require a truthful accounting of the cost. Look no further than the BSA for the depth of deception on the "cost of software piracy". There is no way China would accept valuation numbers like $200 per pirated copy of Windows 7.

It is my fervent wish that the BSA get just what they ask for -- the ability to absolutely prevent people from using their client's software without payment. Think of how many copies of Windows would be installed in China if it was *IMPOSSIBLE* to pirate. Think of a number close to zero.

There would be an utter explosion of growth in FOSS software. If Microsoft wanted to sell Windows and Office they'd have to lower the price to what the market would actually bear -- somewhere most likely around 10% of current prices.

Congress uses those inflated numbers every year to justify all sorts of bullshit. They value of bogus "IP" valuations far outweigh Chinese IP theft.

Re:Polite pretense

[onyxruby]

I'm not defending the BSA or the like here so stop putting words in my mouth already. By Intellectual Property I'm talking about things like formulas, trade secrets, manufacturing processes and so on. I'm not defending Congresses BSA based math from the **aa's and never would or will.

My point was that the US has been putting it's eggs into the IP basket and then refusing to guard it. After abandoning a manufacturing economy to switch to an IP based economy our leadership is being incredibly foolish. An IP based economy is incredibly fragile and susceptible to being taken over with entirely too much ease.

Re:Polite pretense

[chill]

Trade secrets, such as formulas and manufacturing processes are the responsibility of the individual companies to protect, not government. Copyrights and Patents are given governmental protection thru legal prosecution because they are, by nature, disclosed to the public. They are published and the protection of secrecy is not available.

We didn't abandon a manufacturing based economy. The United States is the number one manufacturing country in the world, measured by production. What has gone away is the manufacturing JOBS. This is a result of automation as much as outsourcing, and there isn't a damn thing you can do about it. Brush up on the history of the Luddite Movement and the Industrial Revolution to understand how futile an attempt at stopping progress and efficiency by refusing to automate is.

If you aren't talking about copyright and patents, then the answer becomes -- do we value the quality process improvements in Chinese manufacturing more than the supposed "theft" of trade secrets? I'd argue the answer is "no". We gain more from the stuff we're buying from China being better quality than we lose in any lost competitiveness.

I'd also argue that the competitive companies in the U.S. are not sitting still. IP that is "stolen" is ever evolving. If a Chinese company takes Process v1.0 and uses it to improve their manufacturing, they're still behind the company who is constantly upgrading their processes and already on Process v3.0. Copying isn't innovation, and innovation is much more important economically than mass production.

Re:Polite pretense

[localman57]

Trade secrets, such as formulas and manufacturing processes are the responsibility of the individual companies to protect, not government.

I would agree that it's up to them to protect themselves from other companies. But individual companies don't stand a chance of protecting against attacks from the resources available to a nation-state. It is reasonable to expect our government to take action to prevent hacking by the Chinese military and other government sponsored efforts, in the same way that we would it expect it to protect some office building in Hawaii from being burglurized by Chinese special forces.

Re:Polite pretense

[saarbruck]

Because Cheap Labor.

There, I fixed that for you.

Re:Polite pretense

[girlinatrainingbra]

Right, like the Iran centrifuge blow-ups weren't caused by the USA and by Israel? Anyone who claims to know who's been doing what on the world stage is blowing smokes. Even our own country-men-and-women probably don't realize the extent of our own country's cyberwarriors and how the USA admitted to state-sponsored hacking of Iran's centrifuges, (srsly, Obama sed we didz it, lookitup) and how many other things are being done in our name or upon us. Bush admitted to the NSA hacking our own telcoms and spying on ALL usa-internet traffic.
.
So don't say that China's behind the majority of it. It's very likely that they are since they comprise the majority population of this planet, but it's equally likely that the USA and NATO elements are number one. (haha, I sound nationalistic and jingoistic, now, don't I? That wasn't my intent. My intent was to point out that anyone claiming definitive knowledge of the percentage responsibility couldn't possibly know the truth. They can only know about their own personal or own divisional involvement. Diplomacy and secrecy means that we don't ever truly know the capabilities and capacities of the other sides.)

Internet Dispute

[WillgasM]

This is an Internet dispute, so let's settle this in our tried-and-true method. I'll begin:
Dear China,
Do you even lift, bro?

Not sure why this isn't a declaration of war?

[Rougement]

I understand that China is a trading partner but in so many other spheres (human rights, pollution, animal cruelty, IP theft, etc etc ) they're a disgrace and yet they always seem to get a pass, unlike some other countries the US has gone to war with over nothing. If the US blocked all Chinese IP addresses, what would be the worst that could happen? How about raising import tariffs?

Re:Not sure why this isn't a declaration of war?

[aaaaaaargh!]

Why is it not a declaration of war. Hm, let me guess... because signals intelligence is not a declaration of war?

Re:Not sure why this isn't a declaration of war?

[gmuslera]

I understand that China is a trading partner but in so many other spheres (human rights, pollution, animal cruelty, IP theft, etc etc ) they're a disgrace and yet they always seem to get a pass, unlike some other countries the US has gone to war with over nothing.

In most of those spheres US is not far behind, if not ahead. If a foreing country with big oil reserves was doing what US is doing with Guantanamo would had been invaded by now (and thats the "over nothing" they do war lately, don't confuse the excuse for the real motivation). And US came second in pollution recently, and that was partly because most US companies do their pollution elsewhere now. And please, lets not touch real IP theft.

If the US blocked all Chinese IP addresses, what would be the worst that could happen?

US would not be able to monitor social activity of all china citizens, nor manage their botnets inside china borders/firewalls. How you expect to gather intelligence with all the doors closed?

Government morons - just fix the problem

[Indy1]

Null route all the Chinese networks, problem solved. Worked great on my mail server, amount of spam I got dropped massively.

guess those

[nimbius]

sequestration cuts are getting a little close.
Seriously, terrorism or communism. I only have enough patience for one government-sponsored boogey man at a time.
Schedule it between the mandatory monthly fiscal cliff panic and the gay marriage thing if you could...or if you can roll it into some weird freedom war that works too.

Re:guess those

[VortexCortex]

The Terrorists are Funding Free and Open Source Software made by Cheap Chinese Labor in order to Devalue the sacred Intellectual Property made by American Industry! If we fall off the Fiscal Cliff there will be no Funds to Save us from the Armies of the Pot Smoking Freetardians and their legions of Homosexual Concubines! Do you want your children to live in a world where Child Porn is distributed by Slant-Eyed Ladyboys with Neckbeards to further the Terrorist agenda?!

Act now! Vote Yes, on the LIBERTY Act to safe our great nation:
Legislation to Insulate Babies Eyes and Reduce Terrorist Yiffing.

why did sensitive networks get connected at all?

[swschrad]

answer: dumb bastards who have the sense of a paper clip. if you don't want to have your hard drives in the morning paper, you don't put them on the Wacky Wacky Webbiepoo. the old joke was you disconnected all cables to the computer, buried it 50 feet deep in concrete, and put crew-served weapons over it if you wanted security.

turns out it isn't a joke, folks. total separation. anything you want scrubbed and publicly availiable, you sneakernet it over to the other machine room on the other side of the Pentagon.

Let's Troll 'em!

[caspy7]

I say we request that businesses and government agencies (especially ones we know they've gone after) set up poorly secured areas with misinformation about "important" projects and such.
Not only do we get them with misinformation, but try to bury them with gobs of data in the form of poorly scanned (un-OCRable) image files.

(Yes, I know the plan probably has flaws, but a boy can dream.)

proof not speculation

[lkcl]

what's interesting is that these people are claiming that the attacks *originate* from china, and that therefore, logically as well, it MUST be the chinese government that instigated these attacks. noooOoo: unless the U.S. has access to the entire world's internet traffic plus all communications globally including mobile phones, telephone lines and every single server and electronic device, there's absolutely NO WAY that they can prove that accusation - period.

why not? because even if an attack "appears" to originate from within china, all that means is that the traffic is coming from an IP address that's inside the china boundaries. and that's *all* it means. it does *NOT* mean that there is not SOMEONE ELSE who is OUTSIDE of china who has compromised that machine and is using it as a DDOS hacking jump-point in order to deliberately mask their true location [and identity].

the hacking could even be done through servers that are compromised and happen to have access to a telephone or a 3G dongle. dial in, initiate attack: you'd never be able to ascertain the identity of the attacker [unless you had access to china's telephone network records].

for all we know, the hacking is actually being instigated by the CIA as a means to have an excuse to justify yet another war or yet another round of political maneuvring.

even if it's random usage of compromised machines rather than intentional misdirection, the percentage of computers compromised by viruses world-wide is quite likely to have a disproportionate number of IP addresses originating from china simply through sheer numbers of people in china who have computers.

there are plenty of foreign governments who would have an interest in the kind of information being claimed to have been sought. why does it *have* to be china that's doing the attacking?

Re:proof not speculation

[admdrew]

why does it *have* to be china that's doing the attacking?

The type of analysis used to reach this conclusion includes far more information than source IPs. Based on the wealth of attack data available to even some of the smallest security providers, it's not tough to eventually paint a pretty good picture of China (their military, especially) as a core of generally nefarious network activity. A single IP isn't enough to place blame, but billions of packets over years of activity are definitely enough to attribute a significant volume of the world's hacking directly to the Chinese.

Source: I do a significant amount of network traffic analysis specifically for security.

Re:proof not speculation

[interval1066]

unless the U.S. has access to the entire world's internet traffic plus all communications globally including mobile phones...

Stop being an idiot. I set up a simple OpenBSD name server back in the mid 2000's, about 2008 I noticed an unusual amount of acitivity on it. It had been attacked and comprimised, and whomever did the attacking had re-purposed it to do name serving to asian servers. I easily tracked the trail back to China. Its not fucking rocket science, and secured in my mind that if the Chinese were willing to attack a small name server in a dusty corner they'll certainly attack US Gov. servers. Stop being an apologist for the Chinese you shill.

Re:proof not speculation

[ebno-10db]

it does *NOT* mean that there is not SOMEONE ELSE who is OUTSIDE of china who has compromised that machine and is using it as a DDOS hacking jump-point in order to deliberately mask their true location [and identity]

First, what the hell does this have to do w/ DDOS? We're talking about spying.

Second, suppose Dr. Evil is hacking machines in China to hide the true source of the attacks. Why is he only using machines in China. Why not Russia or Canada or Elbonia? It would be much better for Dr. Evil to choose machines around the world so we couldn't just block Chinese IP addresses and be done with it. This is a case of Occam's razor: if the vast majority of the attacks come from China, then they're probably perpetrated by people in China. Given the authoritarian nature of the Chinese government, I find it hard to believe that this is done without their knowledge and approval. The alternative explanation is that people who can't read any news source that refers to Taiwan as an independent country, are at the same time launching massive penetration attacks without government approval.

Re:why did sensitive networks get connected at all

[Loether]

True, the user is always the weakest link.

  "Oh I just found a shiny thumb drive in the parking lot... I know, I'll plug it in to the PC I use to monitor the centrifuges."

It's not hard to envision a government employee/military worker/civilian contractor here doing the same thing.

Re:How dangerous is this spying?

[interval1066]

...China is not trying to actively harm America, but rather to upgrade its technology by cheating...

China mowed down 2000 of its own students during Tienamen Square protests for free speech. They've also occupied Tibet since 1959, claiming a 1000 year-old country is a runaway province. They continually threaten Taiwan with invasion and strong-arm Japanese fishing boats all the time claiming they are fishing in Chinese waters, and are arguing with Japan now about some uninhabited islands Japan has administered for 1500 years. And they aren't trying to harm anyone? Good luck with that.

Re:You better watch your back bro....

[jellomizer]

[sarcasm]Yes, like forcing the United States into a real finical crisis is a good idea for China Self interest.[/sarcasm]

China buys US Dollars to keep their own economy stable. Also the United States is their biggest buyer. Put all Americans in the poor house, you have lost your own economy.

Re:You better watch your back bro....

Now get back to propping up our economy and owning most of our soverign debt.

Care to back that up with a source? They are the largest foreign holder of debt but that is far from owning most of our debt. China owns about 8% of public debt.