Slashdot Mirror
Retaliatory Cyber Attacks Are Only Way To Stop China, Says Former FBI Director (afr.com)
Targeted cyber attacks and a strong deterrence capability are the most effective way of preventing China and other countries continuing to steal Australian commercial secrets, according to a former director of the Federal Bureau of Investigation. From a report: Louis Freeh, who ran the FBI for almost eight years until 2001, said the threat of criminal charges or jail time would do little to prevent state-sponsored hackers from continuing to steal valuable intellectual property. "It's like trying to serve a subpoena on [Osama] Bin Laden -- it's not very effective," Mr Freeh said on the sidelines of a speech in Sydney on Monday night. His comments come as the federal government considers how best to respond to a surge in cyber attacks directed by China's peak security agency over the past year. An investigation by The Australian Financial Review and Nine News confirmed China's Ministry of State Security (MSS), was responsible for the recent wave of attacks on Australian companies. These formed part of what is known in cyber circles as "Operation Cloud Hopper", which was detected by Australia and its partners in the Five Eyes intelligence sharing alliance.
You Stuxnet their manufacturing SCADA systems you know the ones that are still run on pirated versions of Windows XP...
It's a good thing it's not possible for hackers to spoof their origin to make it look like it's their competitors doing the hacking.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
China is not really our friend in any sense.
They steal intellectual property
They use state subsidies and subpar working conditions to undercut our products
Their, "students" are usually tools of the Government.
While it is doubtful the US and China will ever engage in some kind of ground war, it is probably inevitable that some kind of air/sea conflict occurs. Given the tremendous economic entanglements, it will be a very bizarre conflict.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Instead of starting some kind of cyber war, why not have our guys act as white hats and target Anerican firms and government organizations. Find breaches and alert the concerned parties so they can get filled in.
It gives our guys practical experience and helps protect American citizens and businesses. It even affords a good job opportunity for the kind of mischievous minds that might otherwise cause some of that trouble.
Maybe have IT security that is not cheapest possible, but actually works? That would also have the advantage that China may actually be stopped. "Hacking back" is still the most stupid idea possible in this space. But especially for China, has this person forgotten that the Chinese have their whole country behind a big firewall?
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Right now, I'm patenting a google cam in every pigeons ass. They'll take away my surveillance over my dead body.
How about the tech companies fixing their shit so this doesn't happen.
http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
Starting a cyber war with China will provide a justification for previous Chinese actions.We should try and work out something with the Chinese. The interests of China and the US and for that matter the rest of the world will be better served by dialog. If there is cyber war we will still need in the end to work out an agreement. So first dialog then if that is a failure move on to stronger measures.
China has been working to make Chinese immigrant communities, particularly in the US, a fifth column. Chinese migrants/immigrants have also been problematic all across parts of East Asia and Indonesia as well from other things I've read. Then there is the whole problem of China colonizing Africa with millions of "workers."
First world liberals will continue to ignore the problem, and do things like say "but the King of Belgium was a real bastard in the Congo, so who are we to judge***" as the situation gets worse.
*** Gotta love how liberalism functions as a Christian heresy where you have all of the guilt and shame, but unlike Christianity you have no path of repentance and are collectively responsible for the actions of ever asshole before you (Ez 18 explicitly condemns that for Jews and Christians).
Game Theory 101. They need to suffer enough pain that it's in their interest to go along with a phased drawdown to some mutually acceptable level of cyber-espionage.
What do you want to attack? Want to steal back the trade secrets they got from us? How do you steal from someone who has nothing that you could possibly want? What kind of deterrent is it when you throw a nuke into a mostly void desert? It costs you a nuke and doesn't bother your enemy at all.
Instead get your defense up to speed! The itsec situation in most companies is atrocious. And I'm not talking about irrelevant mom'n'pop shops, we're talking large and very juicy targets for international criminal actors. If anything, the FBI should start treating sloppy IT security as what it is: A criminal offense.
But no, wait, we can't do that! Then our corporations would have to do something about their IT security! That could cut into their bottom line! No, let's instead wage a silly "cyber" war we can't win on taxpayer money. One silly, useless and unwinnable war that we get to foot the bill for more or less, who cares?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So the former FBI director thinks we should act like assholes.
No, thank you.
1. Use our talent to "attack" ourselves in order to fix our defenses.
2. Reduce trade by 1% for 1 year (cumulative) for each cyber attack.
(100 cyber attacks = 100% reduction in trade for 100 years; your move, China)
Also, Might We Add, there is not enough emphasis on Russia and it's mighty hackers. We need to go ahead and get a Cyber Army going to be able to hack into Russia's voters and make them vote against Putin next cycle and make the country collapse.
If Putin is out of the way that gets TRUMP out of the way so we can have great things like prosperity and Hillary leading the world back into the hot flames of Progress to be forged into something good.
The FBI has no chance because all of China is running APK's impenetrable hosts file. They are 100% protected from any attack the FBI could conceive of.
Finding vulnerabilities and warning the vulnerable companies is what I do for a living. What we do is in no way a substitute for deterrence.
Instead of putting muggers in jail, why don't our good guys try mugging people and alert victims that they're vulnerable?
Instead of killing bin Laden, why don't our good guys just ram planes into all the buildings and then we'll know which buildings are vulnerable?
Having cops break into the people's houses won't make burglary stop.
The main benefit of vulnerability assessment, what I do for a living, is that when we make Lockheed Martin a more difficult target, the attackers focus more on Northrop Grumman, because it's an easier target. That's an advantage to Lockheed.
We will never come anywhere close to making our county impenetrable. If we magically did, which would require a police state, two days Microsoft would release a new version of some software and we'd all be vulnerable again. Every time somebody installs anything connected to a network, there are opportunities for it to be configured poorly, and that happens a million times a day. We will never be secure. We can only make YOU a harder target than your neighbor.
"Instead of starting a cyber war" - LOL! We're *in" a cyber war. Pur adversaries spend billions of dollars every year attacking us, and we're losing. Ignoring it and pretending it's not happening won't make it go away. The way to make a country (or a person) stop attacking you is to make it hurt them to continue, to exact a high price. If someone is swinging a knife at me, knowing I'm vulnerable doesn't solve the problem. You stop their attack by shooting them. That's what solar the problem.
GayPK's host file can chortle my balls.
what the usa should do is hack china's supply chain so their exports are crippled and their economy suffers - if foxconn can't export electronics, tool factories can't export cheap tools, trinket factories can't export christmas decorations, clothing factories can't export cheap, thin, shoddy clothing, and so on, china would be crippled economically and unable to survive very long - we could hit them hard in trade! no trade, no prosperity - their government could collapse in months, and the usa would be going strong because we don't have any direct dependencies on foreign countries
... be the smartest kid on the block and provide hardened entry points.
Sounds like an excuse to fight fire with fire and then the US declares open season.
I do not know why China doesn't get a branded credit card from Facebook, Apple, Google and Microsoft each.
That way they could get points while buying all that stuff right off the shelves of the big box data stores.
It little behooves the best of us to comment on the rest of us.
The Five Eyes have already attacked China. Now, can the Five Eyes just tell us where the Weapons of Mass Destruction are in Iraq?
[Our] adversaries spend billions of dollars every year attacking us
Evidence? Citation? Or is that just a wild paranoid guess?
The US government spends about $1 trillion every year on its armed forces, weapons, ammunition, the many secret police "agencies", and paying vast numbers of head-chopping, heart-eating terrorists to attack everyone the US government doesn't like.
The USA is far and away the world's biggest spender on "defence" - which of course, in true Orwellian fashion, really means "aggression".
Because everything in the world belongs to Americans, but some damned foreigners just refuse to accept that.
I am sure that there are many other solipsists out there.
Mutually Assured Distributed Denial of Service
about technical things.
Attacking china will only shore up their defenses and give them better ideas on how to attack us.
The ONLY way to stop China from attacking others is to stop hording zero days for the TLAs, and help companies secure their networks and also promote security first development. Unfortunately when all you have is a hammer then everything looks like a nail. The FBI has so many exploits that it always will look like the best way forward is to attack them and try and cripple their infrastructure. This is a horrible idea as it is based off the assumption that the Chinese are dumb and unable to react to the attacks. They will learn and adapt and then they will come back twice as strong using new evolutions of our own attacks against them.
But hey, lets listen to a politician about how to secure computational resources instead of someone with real technical expertise.
We write 0 days just for you assholes, because you think you know 'security'
Why don't companies create millions of fake sites with false tech info and documents to make it impossible to figure out what they are stealing?
When did Slashdot become home to people who are big on defending intellectual property??
Remember when every one was happy when DeCSS came out because nobody was happy with they way movie studios were protecting their intellectual property?
you're thinking like a member of the working class. The Ruling Class is global now, and they get along just fine with China. Sure, there's the occasional bit of back and forth, but it's all in good fun.
Now, as a member of the working class the Chinese government is about the worst thing ever. They massively drive down wages and standards of living across the globe. But good luck doing anything about that. It's hard to say no to a 50" TV for $200 bucks.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
You elected a stupid girl from New York to the US Congress. Not even the Russians could have managed that feat in a US election.
Fighting a hot cyberwar against an entire nation that can be turned into a supersized botnet (and which probably runs half the existing major botnets out there), when your own country has grotesquely incompetent IT managers, virtually no cybersecurity, a bunch of Federally-required backdoors into mission critical systems and a vast number of SCADA-based critical servers on the public Internet, is such a good idea.
I mean, what could possibly go wrong?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
> We write 0 days
How are things at Microsoft these days? If you get bored there, Adobe is hiring zero-day creators.
"Retaliatory Cyber Attacks Are Only Way To Stop China, Says Former FBI Director"
I for one, completely agree!!!
Targeted companies should/must try to improve their computer security?
Absolutely yes! But, isn't that already & always tried, as much as possible?
& is there any computer hardware/software, anywhere in the world, that is hacker/malware-proof?
Absolutely no!
So, this theoretically cannot ever be a complete solution to the problem anyway!!!
(As long as (absolutely) hacker/malware-proof computer hardware/software never invented!)
Are any/all diplomatic/political ways tried & failed?
IMHO, the answer is yes!
Then, what option is really left to do, other than retaliation in kind?
Already, if we look at how countries of the world take care any/all kinds of problems between each other,
it is clear that, equal retaliation in kind, is always the final action (that works),
whenever other diplomatic/political ways tried & failed!
Deterrence is no substitute for nuking it from orbit, and that's basically the only thing that's going to slow down or stop China from attacking other countries. Attacking them in response leads to escalation.
As one of a hundred other bad analogies, you can't stop people being mugged. Nor can you really stop all cyber attacks. But large areas of cyber attacks can be 100% stopped. There is no good real world analogy to normal crime because logic circuits can provide actual limitations on the possible.
gweihir KNOWS u IMPERSONATE me https://it.slashdot.org/commen... c6gunner proves it https://linux.slashdot.org/com... he forgot to SUBMIT as AC & using his registered 'lusrname' instead (because he tried to mock me both BEFORE & after I FAIRLY challenged him to show he's done better work - he had ZERO).
& NO WAY I'd "cry" like you "ne'er-do-wells" on /. (TROLL /.ers, not all) OR post on hosts offtopic.
YOU HELPED ME https://science.slashdot.org/c... (& you quit trying to make me look bad trying to "tell lies" on hosts as "ME" IN YOUR IMPERSONATIONS of me e.g. https://tech.slashdot.org/comm... as regards Intel speculative execution attack? Hosts PREVENT 'EM)
APK
P.S.=> I KNOW the 2nd to last link above's KILLING YOU - YOU ACTUALLY HELPED ME getting me to see if hosts stop more than portsmash (& Meltdown + Spectre too) & "lo & behold" - hosts WORK on 'em - U LOSE (& U STOPPED TRYING IT in your impersonations of me) .... apk
Cool, you used yourself as the authority in the authority fallacy. We can see that it really is a fallacy because in no way the fact that you supposedly are a security worker helps make the argument stronger.
Look up argument from authority, also called an appeal to authority, or argumentum ad verecundiam before you use yhe term again.
Michael Jordan endorsing tires is fallacious appeal to authority. Randomly movie star making statements about vaccines or politics is the same.
Learning physics by reading Stephen Hawking is called *civilization*. The other option is inventing your own physics, which is mysticism.
Nah, they're just kids playing. That's not a cyberattack, this (zhing!) is a cyberattack.
How did net neutrality work out for you?