Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How a Chinese Hacker Tried To Blackmail Me

timothy posted about a year and a half ago | from the shame-if-anything-was-t'-happen dept.

China 146

An anonymous reader writes "Slate provides the first-person account of a CEO who received an e-mail with several business documents attached threatening to distribute them to competitors and business partners unless the CEO paid $150,000. 'Experts I consulted told me that the hacking probably came from government monitors who wanted extra cash,' writes the CEO, who successfully ended the extortion with an e-mail from the law firm from the bank of his financial partner, refusing payment and adding that the authorities had been notified. According to the article, IT providers routinely receive phone calls from their service providers if they detect any downtime on the monitors of network traffic installed by the Chinese government, similar to the alerts provided to telecom providers about VoIP fraud on their IP-PBX switches. 'Hundreds of millions of Chinese operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move...' writes the CEO. 'With China's world and ours intersecting online, I expect we'll eventually wonder how we could have been so naive to have assumed that privacy was normal- or that breaches of it were news.'"

cancel ×

146 comments

Sorry! There are no comments related to the filter you selected.

Words mean things (5, Insightful)

chicago_scott (458445) | about a year and a half ago | (#42847309)

That's a criminal, not a hacker.

Re:Words mean things (5, Insightful)

ireallyhateslashdot (2297290) | about a year and a half ago | (#42847313)

You're half right. Criminals can be hackers, and hackers can be criminals. They aren't mutually exclusive.

Re:Words mean things (1)

h00manist (800926) | about a year and a half ago | (#42847487)

Perhaps words don't always mean things. Given how much of social life is dominated by lies and falsehood.

Re:Words mean things (-1)

Anonymous Coward | about a year and a half ago | (#42847649)

Awwww do you need a hug? Maybe a lollipop?

Re:Words mean things (4, Insightful)

Pf0tzenpfritz (1402005) | about a year and a half ago | (#42847939)

He's completely right. As a gov monitor the guy did not have to hack into anything. Everything was already there. Technically, he did not even have to use equipment in a different way as he was expected to - and blackmail hardly qualifies as "social engineering".

No hack found here. Just a cheap and nasty case of corruption - but what else would you expect from a professional denouncer?

Re:Words mean things (1, Informative)

Anonymous Coward | about a year and a half ago | (#42847341)

The hacker vs. cracker war was lost a decade ago. Let it go. It is too ingrained now. The best you can do now is talk about the color of their hats.

Re:Words mean things (3, Insightful)

SJHillman (1966756) | about a year and a half ago | (#42847373)

I don't think he was referring to hacker vs cracker in the sense that "hackers are good, crackers are bad". He was saying "No hacking, good or bad, occurred here. Just good, old-fashioned criminal activity that just happens to involve a computer." This is mostly obvious by the fact he never mentioned the term "cracker".

Re:Words mean things (0)

chicago_scott (458445) | about a year and a half ago | (#42847579)

Exactly. Blackmail is a crime not a hack.

Re:Words mean things (0)

Anonymous Coward | about a year and a half ago | (#42847617)

's/h/cr/'

It's blackmail by a government censor&spy agen (1)

h00manist (800926) | about a year and a half ago | (#42847751)

In China it is very heavy handed and abusive. In others, very subtle and well disguised. But. Every country has numerous entities monitoring what everyone does online. And there's usually nobody monitoring the monitors.

Re:It's blackmail by a government censor&spy a (4, Interesting)

wisty (1335733) | about a year and a half ago | (#42848281)

Try getting a job at the NSA. You'll be security-screened up the wozoo, and then face 10 years in the slammer if you leak. Ask Manning.

There's also a lot of security - no USB drives, no internet (they'll have 2 computers, one of which can only access a LAN where the confidential information is kept), audits, lots of rules, etc. Manning used a CD burner. I'm betting that's going to be a bit harder to do now.

Re:It's blackmail by a government censor&spy a (-1)

Anonymous Coward | about a year and a half ago | (#42848577)

The attempted assassination of Dick Cheney was definitely staged-- probably to distract us from the NSA's embarrassing failures in Iraq.

You may think that no one in your family will ever suffer from ADHD, but if you live within 25 miles of one of the NSA's bases, your chances of contracting ADHD within your lifetime are 300% higher.

Since I discovered these events, I have noticed that my phone buzzes every time I discuss this.

Did you know that people with ADHD are admitted to Harvard at half the rate that other people are, even when they have similar applications? Is this an example of the rich and powerful using their influence to keep their genetic pool "clean"? (The answer is yes.)

IBM's global tentacles stretch throughout the cocaine industry, even in Iraq.

Wipe the fog of government brainwashing from your eyes and see the truth!

Re:It's blackmail by a government censor&spy a (2)

JWSmythe (446288) | about a year and a half ago | (#42848585)

I suspect the buzzing on your phone isn't coming from your phone. It's coming from the implant in your head. Have you checked for signs of alien abduction? I suspect that you may fit nicely in another demographic.

Re:It's blackmail by a government censor&spy a (0)

Anonymous Coward | about a year and a half ago | (#42849133)

It sounds like you don't have ADHD, but just had a bit too much of that cocaine.
Paranoia and irrational thinking are two good signs you're just having a bad trip man.
Just try to chill, it'll all be better when you get your next hit.

Re: Words mean things (1)

bluness (534396) | about a year and a half ago | (#42848673)

If he said some Chinese car salesman was trying to blackmail him....would that change the fact that he is a car salesman or would I have to say "criminal". Some would argue that some car salesman are criminals too, but the use of the word just sounds ridiculous. I want to protect the word 'hacker' from exclusive association with the world of crime as the next guy but it sounds to me like some 'hacker' tried to blackmail him.

Re:Words mean things (1)

Guignol (159087) | about a year and a half ago | (#42848947)

cracker was implied by the term blackmail instead of whitemail

Re:Words mean things (1)

rizole (666389) | about a year and a half ago | (#42849065)

On a computer? He should patent that.

Re:Words mean things (0)

Anonymous Coward | about a year and a half ago | (#42847481)

If the attacker gained access to the system by non-trivial means he was a hacker. Hacker doesn't mean he's on your side, just that he knows what he's doing. Cracker is a specific type of hacker.

Re:Words mean things (1)

Lisias (447563) | about a year and a half ago | (#42847577)

If the attacker gained access to the system by non-trivial means, derived from his/her own efforts, then he/she is a hacker.

If the attacked gained access to the system by non-trivial means implemented by a government, and by lucky (or by incompetence of someone else) he/she happened to operate that non-trivial means, then he/she is just another opportunistic fellon.

Re:Words mean things (0)

Lisias (447563) | about a year and a half ago | (#42847583)

God damned dictionaries. "Fix" what is not broken, and doesn't correct me where I really need.

Where I wrote "If the attacked", please read "If the attacker". =/

Re:Words mean things (1)

Zontar The Mindless (9002) | about a year and a half ago | (#42848537)

*waits to hear explanation for "fellon"...* :D

Re:Words mean things (1)

ireallyhateslashdot (2297290) | about a year and a half ago | (#42847959)

I'm not sure luck and government support == not a hacker. Hacks can rely (and succeed) or luck. Hacks can rely on incompetence (social engineering relies on the incompetence of others). And I'm not so sure that being paid by a government means that someone is not a hacker.

Re:Words mean things (1)

ireallyhateslashdot (2297290) | about a year and a half ago | (#42847961)

Damnit. s/or/on/.

Re:Words mean things (0)

Anonymous Coward | about a year and a half ago | (#42849015)

What is "government suppont"?

Re:Words mean things (3, Insightful)

eksith (2776419) | about a year and a half ago | (#42847561)

And if you mention The Gay Science, how many people do you know that think of Nietzsche? Terms change with the times. Not always for the better, but they do.

Re:Words mean things (1)

Anonymous Coward | about a year and a half ago | (#42847921)

Is slashdot a National Enquirer wannabe?

"a CEO" story from some obscure website twice over is the source of slashdot scoops?

I'm "a nobody" who banged Jodi Foster and Ellen Degeneres in a menage a trois. Scoop this slashdot?

Hundreds of millions of Chinese(American too?) operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move

Kettle calling the pot black much?

Re:Words mean things (-1)

Anonymous Coward | about a year and a half ago | (#42848163)

You're black :(

Re:Words mean things (2)

JWSmythe (446288) | about a year and a half ago | (#42848595)

I'm "a nobody" who banged Jodi Foster and Ellen Degeneres in a menage a trois. Scoop this slashdot?

Who hasn't? I even submitted pictures. All I got was just got an email asking me for more.

Re:Words mean things (-1)

Anonymous Coward | about a year and a half ago | (#42848979)

Exactly. But since the Chinese are spying on the chinese,
and dont be so concerned about scams...

Why dont we spy on the frakcing chinese too!

Lets beat them at their own game,
just sample ALL incoming packets from china, or routed through Canada, USSR,
and grab all the stuff that looks bad,
and file extradition against the f*ckers.
HELLO CIA! ARE YOU LISTENING TO THIS?
CAN YOU HEAR ME NOW?

Re:Words mean things (1)

m00sh (2538182) | about a year and a half ago | (#42849061)

At the time, I was the chairman of a company that was building shopping centers in China. The company was a partnership of three entities: a major U.S. bank, a Chinese state-owned enterprise, and my firm. We were building centers in third- and fourth-tier cities. The anchor tenant was a multinational hypermarket. Nearly all the employees were Chinese. It was an exhilarating adventure for me, but it was of little consequence politically. The enterprise was building Chinese shopping centers in Chinese cities for Chinese consumers.

A guy in China, with a company in China full of Chinese employees gets blackmailed in China through e-mail by an unidentified person.

Headline reads "Chinese hacker ..."

There is absolutely nothing in the story that says the nationality of the blackmailer was Chinese. It could have been anyone in the whole world. Just because the incident happened in China does not mean "Chinese hackers".

Even in the US, nobody has any real expectation of privacy from unencrypted emails and website visits. Everyone knows that every e-mail you send can be read by an admin the IT department easily. Even websearch is recorded by google, every visit to a webpage tracked through advertising.

Many attacks come from China because it is the best place to end traces. Attacks from US, Europe, Russia could easily be tracked back because of government monitoring and inter-government co-operations on monitoring whereas an attack source from China is a dead end. If I were to "hack" anything, the first thing I would do is find a Chinese "proxy" to do it through.

Titles (1)

AG the other (1169501) | about a year and a half ago | (#42847367)

I think the person that started this should be called what they were, a government censor and the Chinese government should realize corruption is an inevitable result of censorship.
 

Re:Titles (2, Insightful)

Anonymous Coward | about a year and a half ago | (#42847439)

a government censor and the Chinese government should realize corruption is an inevitable result of censorship.

The inevitable result of government itself is corruption.

Arguing over minor facets is pretty pointless in the long run.

Re:Titles (2)

jhoegl (638955) | about a year and a half ago | (#42847459)

Actually... you should refine that to The inevitable result of financial incentive and/or monetary status is itself corruption.
What are we; but slaves to finances?

Re:Titles (1)

Billly Gates (198444) | about a year and a half ago | (#42847479)

The issue is the stupid shareholders and investors. The CEO will loose his or her job if they want to hire Americans who wont steal instead.

Have you ever watched Shark Tank? Mark Cuban is on that show and basically unless you are willing to move to China they wont even talk to you! One lady went on and said she did just that and her supply copied her design and went around her and sold it at the major retailers for less cost and practically put her under. The investors with the exception of Cuban still didn't get it and just blamed her for not being innovative enough.

Not hey perhaps giving away IP to China is not smart unless you can hire an army of patent lawyers first and grease the palms of government officials first. Idiots.

Indeed, you follow the money, you find the crime. (3, Insightful)

h00manist (800926) | about a year and a half ago | (#42847543)

Go to a financial power center, find the center of crime. Well dressed, groomed, prepared, by an army specialists in PR, marketing, design, security, privacy, and secrecy. But it is laying around there, somewhere. Most surely, the evidence and main coverup is in the security, legal, and accounting divisions. Enron was never alone.

Re:Indeed, you follow the money, you find the crim (1)

foobsr (693224) | about a year and a half ago | (#42847733)

Go to a financial power center, find the center of crime. Well dressed, groomed, prepared, by an army specialists in PR, marketing, design, security, privacy, and secrecy. But it is laying around there, somewhere. Most surely, the evidence and main coverup is in the security, legal, and accounting divisions. Enron was never alone.

Bad thing that the criminals are those who are seen as successful. Somehow, values clarification did not work in the past century (so the starting point, strangely, coincides with the establishment of the Federal Reserve System - no, i will not mention the air of the "Elders of Zion" - forgery or not - except in a side note).

CC.

Re:Titles (1)

Lisias (447563) | about a year and a half ago | (#42847591)

What are we; but slaves to finances?

I think you're holding, I mean, taking it wrong.

We aren't slaves to finances. We're slaves to another people, that happened to control this weird thing called finances.

Do not confuse the tool with the hand that wields it!

Re:Titles (0)

Anonymous Coward | about a year and a half ago | (#42847971)

.. tell us more about this "another people, that happened to control this weird thing called finances"

Would these 'other people that control finances' include Rothschilds, Warburg, Schiff, Bernanke, Geithner?

Re:Titles (0)

Anonymous Coward | about a year and a half ago | (#42847599)

Well, we can go even further -- the inevitable result of material desire is corruption (since corruption can occur even in money-less societies).

Re:Titles (1)

arth1 (260657) | about a year and a half ago | (#42848029)

I think that corruption also requires laws and regulations that can be bent, or at the very least contracts.
Material desire in itself doesn't seem enough.

Re:Titles (0)

Anonymous Coward | about a year and a half ago | (#42847895)

Actually... you should refine that to The inevitable result of financial incentive and/or monetary status is itself corruption.
What are we; but slaves to finances?

I realize it's fashionable to denigate financiers on /., but any form of power can (but not must) lead to corruption; financial, political or even who gets to pitch for the local softball league.

Morals are sadly lacking on all levels of society.

Re:Titles (0)

Anonymous Coward | about a year and a half ago | (#42848831)

Yes, but outside of organized crime it's hard to find a place in society where morals are harder to find that in the financial sector.

Re:Titles (2)

RazorSharp (1418697) | about a year and a half ago | (#42847589)

The inevitable result of government itself is corruption.

The inevitable result of humans living socially is corruption. Therefore, people should cease to be social animals because somewhere along the line someone will screw someone else over.

The inevitable result of money is corruption. Therefore, we should abolish all monetary systems and the systems of distribution that depend on them.

The inevitable result of monogamy is corruption. Therefore, we should embrace Brave New World sexual practices and everyone should sleep with everyone so no one will be jealous.

Do you see your fallacy now?

Re:Titles (0)

Zontar The Mindless (9002) | about a year and a half ago | (#42848569)

The inevitable result of monogamy is corruption. Therefore, we should embrace Brave New World sexual practices and everyone should sleep with everyone so no one will be jealous.

This is what I keep telling my fiancée, but she still seems sceptical.

BTW, you should mark that up as <cite>Brave New World</cite>. Most UAs display it as italic, but semantically speaking, using <i> (yecch) or <em> is not the same at all.

TLAs (1)

foobsr (693224) | about a year and a half ago | (#42847469)

I recall that there were rumours that TLAs scanned e-mails for certain keywords which gave birth to sigsalikes containing lists of them. I am too lazy to determine the time this was (can't remember exactly, perhaps a decade ago), but I think the Chinese were not (really) on the net yet, thus did not invent the path to destroy privacy.

CC.

No encryption? (0)

Anonymous Coward | about a year and a half ago | (#42847471)

Surely if you let the chinese government attach a box to your server you encrypt the bajesus out of every single byte of data going in, out or stored on the server. To do otherwise just invites this kind of problem.

Re:No encryption? (0)

Anonymous Coward | about a year and a half ago | (#42849109)

If they can attach a box to your server, they have physical access. From this time, the server is owned by them.

But then, if you encrypt, you'd be guilty of a crime, I'm sure. I'm also sure that if you tried that in the US, you'd find yourself in a little hot water, too.

China is our friend! (-1)

evanism (600676) | about a year and a half ago | (#42847495)

Imagine the scenario, if you will, 30 years ago I go to the President and say that American companies are deliberately manufacturing high tech devices used for phones, computing, communications, military and satellites.

I would be thrown straight into the looney bin and charged with treason. Commies making our most valuable, necessary and trusted equipment? Never!

Fast forward 30 years. What could possibly go wrong?

Re:China is our friend! (0)

Anonymous Coward | about a year and a half ago | (#42847581)

But there were lots of American companies manufacturing high tech devices used for phones, computing, communications, military and satellites in 1982. General Dynamics, IBM, RCA, AT&T just to name a few, and none of which could be reasonably characterized as communist.

Reagan wasn't the sharpest tool in the shed, but I'm sure he would have heard of at least two of those.

Re:China is our friend! (1)

evanism (600676) | about a year and a half ago | (#42847667)

ARGH! Edit... bloody ipad missed my typing...

"American companies are deliberately having Chinese companies manufacturing high tech devices"

just like home! (2, Insightful)

Anonymous Coward | about a year and a half ago | (#42847535)

Hundreds of millions of Chinese operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move..

... just like Google! And Facebook! And half the Android apps!

Why not use encryption? (4, Insightful)

inglorion_on_the_net (1965514) | about a year and a half ago | (#42847551)

I don't understand the summary, but riddle me this: Is there any good reason not to use end-to-end encryption?

We've had PGP since 1991 and SSL and SSH since 1995. Some of these were developed in response to plaintext sniffing attacks. That means that the fact that communication in the clear is a security risk and the fact that there are people listening to your communications in order to obtain sensitive information haven't been news, and easy ways to protect your communications against this have been available, for over 15 years.

Re:Why not use encryption? (4, Interesting)

Kozz (7764) | about a year and a half ago | (#42847669)

...We've had PGP since 1991 and SSL and SSH since 1995 ... easy ways to protect your communications against this have been available, for over 15 years.

I don't think that your definition of "easy" is the same as mine. I've worked with all kinds of operating systems, hardware, software, and so on. I've read TLDP while deciding how I wanted to configure the multitudes of flags for a new kernel on my Slackware box (Pentium MMX FTW!). I'm not afraid of trying new stuff or reading documentation to get it done. I've used PGP(GPG) and I'd say it's far from easy. I understand PKI principles on a superficial level, but to use PGP hasn't ever been intuitive to me.

It's probably safe to say that a great number of people reading this post have had to field telephoned questions from relatives who didn't know how to download and install a Windows application. And you're telling me that PGP is easy? In the few cases I've used it, I've also had to give my colleagues or business partners tutorials on how to read or compose emails with it, because I'm the techie-guy, not them. And because of the high bar, there were very few people in personal or professional circles who could receive such a message.

HTTPS is relatively easy to implement for administrators and it's transparent to most users, requiring little additional knowledge. I really do welcome the day when a PGP-like product is that easy to use.

Re:Why not use encryption? (0)

Anonymous Coward | about a year and a half ago | (#42847719)

. I've used PGP(GPG) and I'd say it's far from easy.

I've been using it a while and it seemed pretty easy to set up. Installing it basically consisted of pressing enter a few times to accept the defaults it gave me (the "press enter a few times" part generated a private key automatically), and installing a plugin for Thunderbird (this step not necessary if your mailer supports it natively, as many do). From there on, it's just a checkbox when I send a mail as to whether I want to encrypt.

Granted it's not quite "double click an icon" simple, but it's not too far off that either. It bewilders me that more people don't use it, given the ubiquity of email harvesting for trackyourass purposes these days, and the ease of setting this up.

Re:Why not use encryption? (1)

Anonymous Coward | about a year and a half ago | (#42847945)

Way to miss the previous posters point.

The point is "I may know how to set this up, but nobody else I could reasonably use it with does."

The start of a secure communications channel starts with NOT handing something over in plain sight. As soon as that chain of custody is exposed, the entire chain is compromised. Sending encryption keys to China is a mistake waiting to happen.

Re:Why not use encryption? (1)

Anonymous Coward | about a year and a half ago | (#42848021)

Anyone who is even marginally computer literate can set up pgp. My father can do it. There just isn't much to it. "Not knowing how" is meaningless when it's a quick google away. It's like saying, "I don't know when the treaty of Versailles was signed". I don't as of this moment, but as of this moment after 5 seconds of googling, I know it was 28 Jun 1911. We live in a world where information is at your fingertips.

Don't tar SSH with your antique notions. (0)

Anonymous Coward | about a year and a half ago | (#42847889)

SSH works out of the box.

OpenSSH on linux distros and PuTTY for windows, dropbear on embedded crap.

My 80+ year old alzheimers Dad can use SSH and he has never taken a computer course in his life. Totally not exaggerating or kidding. If you can't learn how to use SSH in half an hour, you are not competent to drive a car or use a telephone.

Re:Why not use encryption? (1)

ntropia (939502) | about a year and a half ago | (#42848003)

I'm not convinced, and re-compiling the kernel seems like an extreme example to me.
The point would be that users who don't know how the FFT works shouldn't be able to use Instagram (oh, boy, if I wish so...).
The reality is that people use tons of complex algorithms every day without knowing it not because they are easy, but because they've been made easy for them and/or implemented in a transparent manner. Pretty much none of Gmail users even know what HTTPS stands for, but everybody started using it when Google decided it was going to be on by default.
My point is that even if PGP is more complex of HTTPS, it could be made easier and much more transparent than it is now.

Who are YOU talking about? (1)

Frosty Piss (770223) | about a year and a half ago | (#42848517)

It's probably safe to say that a great number of people reading this post have had to field telephoned questions from relatives who didn't know how to download and install a Windows application.

We're not talking about your grandma or dad or uncle Joe...

We're talking about a fairly substantial company doing business in China.

Common sense and perhaps (if they had it) internal security *should* have suggested encryption for critical business communications with the Mother Ship.

Re:Who are YOU talking about? (1)

AK Marc (707885) | about a year and a half ago | (#42848613)

I set up a connection from the US to Singapore, and we set up something fancy and new, a VPN. Though this was 15+ years ago, not current-day, so I'm sure this unreliable and newfangled tech will never catch on. Every email would get sent over the VPN and out the US connection.

Re:Why not use encryption? (2, Insightful)

Anonymous Coward | about a year and a half ago | (#42848607)

The reason it's not ubiquitous is US federal laws on the encryption of export. That's what's blocked its proper use with PGP, and with proper 3DES 25 years ago for UNIX passwords, and what prevents the use of reasonably robust encryption built into network cards themselves. The restrictions on export have also been used as a bludgeon to threaten companies that provide *domestic* end-to-end encryption in their products.

There have been attempts to get federal approval for such technologies, but *all* such approvied technologies involve someone in the government retaining access to either the private keys, or the signatures to sign new keys for a man-in-the-middle device to do a man-in-the-middle attack without telling the victims. Think I'm kidding? Take a good look at the Clipper Chip, which was only discarded when it was discovered that their "verified secure" technology violated at least 3 patents and could be used to make genuinely private keys despite their best efforts to have a "Law Enforcement Agency Field" to verify that Uncle Sam, or Bubba the KKK sherriff who thinks warrants are for wusses, would always have the private keys available.

They dropped it like hotcakes as soon as someone found out you could use real keys and fake out the LEAF.

Re:Why not use encryption? (3, Informative)

EmperorArthur (1113223) | about a year and a half ago | (#42847691)

Yes,

If part of your business is in china, and the government demands the ability to intercept its communications.

Like the summary said, this was likely an official monitor looking to make some quick cash on the side. These are the people who legally have access to your most sensitive corporate secrets because the government says so.

Re:Why not use encryption? (0)

Anonymous Coward | about a year and a half ago | (#42847953)

So a lot of businesses have a decision to make: is the potential profit from the Chinese market worth it?

Re:Why not use encryption? (3, Insightful)

jamesh (87723) | about a year and a half ago | (#42847957)

I don't understand the summary, but riddle me this: Is there any good reason not to use end-to-end encryption?

Encryption? Do you have something to hide there, comrade?

That's the reason why.

Re:Why not use encryption? (0)

Anonymous Coward | about a year and a half ago | (#42849215)

Comrade? You make it sound like it'd be different in the US. More underhanded, but ultimately the same.

Re:Why not use encryption? (0)

Anonymous Coward | about a year and a half ago | (#42848149)

What does end to end encryption have to do with it? Would you mug a mail man or look in a mailbox? Ok, given your answer why all the concern with mailman-armor?

Re:Why not use encryption? (0)

Anonymous Coward | about a year and a half ago | (#42848195)

Is there any good reason not to use end-to-end encryption?

Legalities. Using too high of encryption to send data out of the USA might be considered illegal by some authorities.

Re:Why not use encryption? (0)

Anonymous Coward | about a year and a half ago | (#42848931)

SSL. Cracked.
SSH. Cracked.
PGP. Cracked.

What else ya got?

ALL encryption has been broken now. All of it. Any home user can easily throw enough hardware at the problem cheaply to crack ANY encryption now.
Anyone who wants in. WILL get in.

Citation needed? Just go look if you havent been paying attention for the last 5 years....

block china (5, Interesting)

fazey (2806709) | about a year and a half ago | (#42847569)

Honestly, people should really just block all of the chinese IP ranges. I've moved the sshd ports on my servers back to port 22 simply to see how many attempts and from who I get. 80% of the attempts at password cracking are on IP space owned by china. I've reported the IP space to their providers, as well as any email addresses in the SWIP info. Honestly? Screw them. I will block their entire f'ing country, and suggest that everyone else do the same.

Re:block china (0)

Anonymous Coward | about a year and a half ago | (#42847651)

I wish I, as an otherwise intelligent but not terribly IP-au courant person, knew how to "block all of the Chinese IP ranges". I'm a specific example of a broad challenge, that is, how does somebody who uses the internet as a tool and not an end in itself, secure his stuff? Nobody can know everything, and not very many have time to figure this stuff out. Do we just give up? Stay off the net? How do we fix this?

Re:block china (4, Informative)

Qzukk (229616) | about a year and a half ago | (#42847713)

knew how to "block all of the Chinese IP ranges"

Okean.com has the goods [okean.com] .

Re:block china (1)

Zontar The Mindless (9002) | about a year and a half ago | (#42848587)

Want to block Chinese and Korean language emails even if they aren't relayed through mail servers in those countries?

This guy lives in SAN FRANCISCO of all places and says this?

Re:block china (-1)

Anonymous Coward | about a year and a half ago | (#42847665)

DID YOU READ THE ARTICLE?

He was IN CHINA! Working on a project INSIDE CHINA!

How could he block China?

Are you an idiot, or a retard?

Re:block china (-1, Flamebait)

fazey (2806709) | about a year and a half ago | (#42847745)

first off douche bag, post something worth while rather than just flaming people. My point was, f' that country and all of its corruption.They(and you) contribute more BS to the internet than good. So why do business with them at all? Next, if you want to be secure, you need to use something other than VPN, they use something that identifies VPN in use(http://www.theregister.co.uk/2012/12/21/china_blocks_vpns/). So you should expect a phone call requiring access/registration to your VPN. So there is really no doing business with them inside the country without prying eyes, and they make every attempt at getting in your shit outside the country. If you support that kind of business, go ahead, but don't bitch when they try to extort you with your moms naked photos.

Re:block china (0)

Anonymous Coward | about a year and a half ago | (#42847821)

They(and you) contribute more BS to the internet than good.

Don't know about the other AC, but I've more than once found manuals in Chinese websites, while having no problem with them (despite, you know, not being able to read their language and having to try to decode the engrish). Just use a key for SSH and disable passwords and let them try to log in as root/root to their heart's content.

So why do business with them at all?

Why do business with anyone? Money.

Re:block china (1)

Pf0tzenpfritz (1402005) | about a year and a half ago | (#42848075)

Agreed. (and implemented years ago). I'd nevertheless run fail2ban, too. Just to reduce traffic and system load. No need to block whole countries, really. It's completely sufficient to block the bad guys.

what about the innocents? (4, Insightful)

decora (1710862) | about a year and a half ago | (#42847893)

China is full of people who want to reach out to the other countries and talk with us... how can it be good to break them off?

Re:what about the innocents? (1)

fazey (2806709) | about a year and a half ago | (#42848107)

This wouldn't stop them from talking to us. When you talk to someone over instant messenger, their IP never speaks directly to yours. Companies like google(gtalk), act as a middle man(DMZ? lol) for the information. But expect prying eyes on that conversation. What a lot of people in China used to do, was buy a Server, or VPS in another country. Then VPN to it from China. So information from them to the server was encrypted. Then sent out in whatever protocol was needed. This became popular enough that the Chinese expanded the abilities of their firewall to kill VPN. It will re-emerge, just with a different protocol. I would be surprised if there wasn't another way around it already... like VPN on a different port, or a specific algorithm that was harder to find.

Re:what about the innocents? (1)

wisty (1335733) | about a year and a half ago | (#42848859)

They can't kill VPN, unless they only allow https on whitelisted sites, or MITM all non-whitelisted SSL.

Re:what about the innocents? (0)

Anonymous Coward | about a year and a half ago | (#42848861)

You're not kidding. I spent last year in China and after the People's Congress it was a real PITA to get around the new automated restrictions that they put in place. But, within a couple months the VPN service I was using had it figured out.

Cutting people in China off from the rest of the world, just serves to support the government's propaganda. I regularly hear the most astonishing beliefs about China being circulated. It's as if these people have never been to China, even though they're claiming to be citizens. Clearly, they've never been to real China, as in China outside the areas that the government maintains an image in. The rural areas would disabuse you of such notions quite quickly.

Re:block china (1)

DNS-and-BIND (461968) | about a year and a half ago | (#42849019)

This is how the internet dies. If it's not a global network, what's the point?

It's also racist, but we all get a free pass when talking about Chinese hackers for some reason.

Who This 'CEO' ? (-1)

Anonymous Coward | about a year and a half ago | (#42847641)

A 'CEO' "payed' "$150,000" to ... shut up the complaint ?

For any of the 'Tech' CEOs a pit-tense $150,000 is equivalent in mass to a 'fart' at '14:30', i.e. nothing.

Rather, I suspect this story is an example of disinformation and defamation against China by the Obama
administration II.

In the '50's through '00s the White House pumped up disinformation when it suited them; Obama continues. :) I see you and you do not see me ! My advantage.

Re:Who This 'CEO' ? (1)

rudy_wayne (414635) | about a year and a half ago | (#42847675)

A 'CEO' "payed' "$150,000" to ... shut up the complaint ?

No he didn't. He refused to pay the extortion.

Re:Who This 'CEO' ? (1)

we3 (546328) | about a year and a half ago | (#42847837)

oh crap they're monitoring us. everybody play it cool or they'll shut off our supply of iphones and ipads.

china teaching the wild west (1)

cenerentolo (2817897) | about a year and a half ago | (#42847827)

how it is done in the world of un privacy and wannabe anti piracy

privacy? (0)

Anonymous Coward | about a year and a half ago | (#42847847)

what time period are we living in, is this the early 90's?

does he think the US doesnt monitor stuff too? (2)

decora (1710862) | about a year and a half ago | (#42847885)

ever heard of Fusion Centers, the TSA, the NSA , etc etc etc?

granted we dont have widespread extortion and bribery - often because those programs are supposed to be secret.

WTF?? (4, Funny)

rudy_wayne (414635) | about a year and a half ago | (#42848011)

This alleged extortion plot happened in 2007

Go into China and not expect this? (0)

bagboy (630125) | about a year and a half ago | (#42848023)

Come on. It is really naive of anyone associated with business with and in foreign countries to not think they would be monitored and possibly have information used against them while on the internet. Personally, I think it says a lot about the individual who seems like this is some big surprise. Possibly he really wasn't qualified for that line of work if he couldn't expect the end results.

privacy? (0)

Anonymous Coward | about a year and a half ago | (#42848069)

Saw one of those investigative crime shows on TV about some cop-turned-rapist in California using police computers to "research" his victims before committing his crimes.
You better assume any form of electronic communication is monitored.

Re:privacy? (0)

Anonymous Coward | about a year and a half ago | (#42848405)

The rule of thumb has always been: Never say anything in a phone call, email, or text that you wouldn't want to hear repeated back in an open courtroom. That probably now applies to any postal mail and any electronic communication.

Beware of all Chinese companies. (1)

moneybabylon (2226376) | about a year and a half ago | (#42848683)

Beware of getting involved with Chinese companies.

I have seen several business friends in the technology industry dealing with Chinese businessmen - turns out their companies were all owned by the People's Liberation Army.

At the end, they all suffered losses and getting their technologies stolen and copied. They also found bugging devices and spyware installed by the Chinese businessmen.

Monitoring devices (3, Informative)

weegiekev (925942) | about a year and a half ago | (#42848895)

Please take this article with a pinch of salt. I was working in Shanghai in 2008 and spent a few years out there. We had a server room, leased lines, an ICP license. Yes, the internet there was filtered and monitored, but that was all done at the ISP level or beyond. I've never heard of any situation where the government installed a monitoring device attached to a server. I really doubt that's what happened, and it sounds like the person quoted in the article doesn't work in IT. Most likely they had a managed leased line and the telecoms provider was being proactive about the service. That's not uncommon.

I heard a lot of speculation and fears from colleagues who came over. I had our HR manager tell me how she knew her blackberry was getting monitored because she could hear it getting tapped. Seriously, your mobile doesn't get routed through an analogue exchange with a tape recorder attached. There's a lot of misunderstanding and mistruths that get spread around. That's not to say censorship doesn't happen. A number of people I know had blog posts removed because of sensitive keywords - that actually seemed to be regarded as pretty normal, and they weren't worried about being dragged away for a 'cup of tea' with the authorities. The reality is generally a lot more normal that you'd imagine though.

In terms of what happened to the CEO's mail account, I think it's much more likely that their machine was compromised with malware. Malware is rife in China, mostly as there's still a huge amount of software piracy. I've seen plenty of download sites in China with files riddled with trojans. Given that their personal email was also broken into, it does sound like their machine was compromised rather than line monitoring. The device attached to the server? I don't buy it...

Re:Monitoring devices (1)

Anonymous Coward | about a year and a half ago | (#42849055)

Actually, they do have monitoring devices for internet traffic.

Typically a huaiwei router doing sniffing for keyword traffic that then gets passed to local PSB level monitors.
I can take a photo for you of one in a day or so if you want. I get to maintain stuff that connects to them, basically you ensure that everything is encrypted and goes through a vpn so they don't get to do much sniffing..

Re:Monitoring devices (1)

weegiekev (925942) | about a year and a half ago | (#42849101)

If they're providing client routers whic is doing that it's news to me. Would be very interested to know details though. To be honest I wouldn't see the point, it wouldn't be able to do anything you can't do upstream. Re the original article, the suggestion was there was a device inside their network. Again, I really doubt that.

What sort of story is this? (0)

Anonymous Coward | about a year and a half ago | (#42848957)

Evil(?) Chinese(?): "Hi, give me money, here's stuff from you I'll distribute to your competitors if you don't."
CEO's Lawyer: "No. The authorities are notified."
Evil(?) Chinese(?): "Ok, forget about it."

Where's that a story for this site?

Marlon? (0)

Anonymous Coward | about a year and a half ago | (#42849023)

Is that you, Marlon? Moving on from MMOs, I see...

Wow (0)

Anonymous Coward | about a year and a half ago | (#42849059)

This is a little confusing though. the internet is dying cuz of thinks like this on here, i mean i think there might be a pinch of racism to this, especially when you start to hear countries like china or Nigeria... oh well. My website is here [dindindara.com] BTW incase anyone might wanna help with a review. :)

this summary is bad (0)

Anonymous Coward | about a year and a half ago | (#42849097)

and you should feel bad

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?