U.S. Calls On China To End Hacking; Start Cyberspace Dialogue 160
New submitter trickymyth writes "For the first time, the United States has mentioned the People's Republic of China in relation to cyber crime, officially acknowledging what has been long suspected by private security experts and the U.S. business community. The Obama Administration seeks to get the Chinese government to acknowledge the problem, to cease any state-sponsored hacker activity, and to start a dialogue on normative behavior on the internet. This announcement follows the recent 60-page report from the American cybersecurity firm Mandiant, who spent two years compiling evidence against the so-called 'Comment Crew.' They traced IP addresses, common behavior, and tools to track the group's activity, which led to a Shanghai neighborhood home to the People's Liberation Army (PLA's) Unit 61398. This tracking came at the behest of the Times, who has experienced some trouble with hacking in the past. The Chinese government rejected the report as 'unprofessional' and 'lacking technical evidence.' This announcement also comes amid a delicate leadership transition in China and numerous new reports on the vulnerability of U.S. business and government networks to attack."
Re:"Normative behavior" (Score:5, Informative)
Re:"Normative behavior" (Score:5, Funny)
"We are not hacking. Now go away, or I shall taunt you a second time."
(Guard 2 whispers): "Are they leaving?"
"I told them we weren't hacking." (Both snicker.)
Re: (Score:2)
"We are not hacking. Now go away, or I shall taunt you a second time."
(Guard 2 whispers): "Are they leaving?"
"I told them we weren't hacking." (Both snicker.)
Begin dialog
Fuck you!
End dialog
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
asimmetric
*asymmetric*
Re: (Score:1)
The military has relentlessly kicked the ass of anyone stupid enough to get in their way. Even when they have to fight with one hand tied behind their backs. It is the politicians who always pull defeat from the jaws of victory. The same politicians who have failed in every facet of running a government. The current group of incompetents should be embarrassed by their job performance and retire from the political scene before they do any more damage. Every military victory the US has had in the past 20 year
Re: (Score:2)
So true. It'd be like if the US wanted to go into talks with China to agree to stop spying on each other. Really? That's just not going to go anywhere. These are just countries looking after their best interests abroad. Why should they stop? Give me one good reason. (morals don't count. morals never count on a national scale, only things that get results count where entire nations are concerned)
Re: (Score:3)
Yeah they'll get right on that (Score:2, Insightful)
This is the same country they has a national firewall infrastructure to use against its own citzens. I'm sure their morals will guide them right when it comes to using hacking as a weapon of war.
Good Luck With That (Score:5, Interesting)
Re:Good Luck With That (Score:5, Funny)
Cyber war = rise of the nerds?
Re:Good Luck With That (Score:5, Funny)
Cyber war = rise of the nerds?
In case of Chinese government-fed hackers, it's rice of the nerds.
Re: (Score:1)
If that's the case were toast. They have more nerds, government support, training and no fear of legal consequences on their side. We have a bunch of lone wolf types with very little training, government condemnation, legal threats ever looming and no peer support. Point being there is very little in the way of approved security training / college level beyond the week long class type from SANS. We really don't have anything at the scale needed to compete at any level and that is why we are routinely owned.
Re: (Score:2)
If that's the case were toast.
if it's the same level of spelling in the code, "your toast" indeed :>
Re: (Score:2)
And more rice... we shall counter with Starbucks and McDonalds... they'll be too fat and over-caffeinated to counter. Or we could just send Dennis Rodman.
Re: (Score:1)
Well, China did respond angrily when some US hacker resources were pointed at finding out where all the Chinese hacking was done from. That was a sort of subtle 'we know where you live' message to those actually doing the spying for China.
Depending on how the diplomats take the message, this declaration is either an admission of failure (not likely considerring the prior story), a meeting of equals, or a mild threat with the implication that US hackers could do a whole lot worse than just tracking the atta
Re: (Score:3, Insightful)
yep, because there's no way sending a remote controlled robot after a team of hackers could go wrong.
Re: (Score:1)
I for one welcome our new communist hacked drone overlords.
Re:Agreed (Score:5, Insightful)
the U.S. WILL go in and do what is in their best interest.
I don't know why I have a feeling that US'es best interest is to fix their security flaws. Otherwise... what, will you do the same when e.g. Belarus (as a country) or a group of Russian hackers (acting "in private name") decides they'd like to test US tubez?
Or is one of your kinky pleasures to pay taxes that will end into the bank accounts of the "defense industry"?
Re:Agreed (Score:5, Funny)
I don't know why I have a feeling that US'es best interest is to fix their security flaws.
Fix... the flaws? But... that would be like... shipping products which were warranted to be of merchantable fitness! It would require mandatory code regression analysis and testing which might cost money and would certainly create jobs! You're asking the software industry to submit to invasive scrutiny from the same kind of Government jackboots that the food, banking and building industries now tremble under daily! And that's socialism.
The only thing that can stop a black hat with a rootkit is a white hat with a rootkit!
If you outlaw shoddy, worthless software containing a million zero-day exploits, only outlaws will be exploited!
You'll take my imperative thread-based unsafe self-modifying code from my cold dead FATAL EXCEPTION AT 00FE:4358 SYSTEM HALTED!
In conclusion, I support Mom, apple pie, and an American software developer's inalienable right to immediately patent and ship whatever string of line noise can be coerced to come out the other end of a rusty, sawn-off C++ compiler, and my esteemed opponent does not.
I know I can trust you all to vote with your hearts.
Mr President (Score:1)
Re: (Score:2)
Re: (Score:3, Funny)
No women! They'll destroy the purity and essence of our natural fluids!
Re: (Score:2)
Re:Mr President (Score:5, Informative)
You are not funny.
Re: (Score:2)
I propose that we find 200,000 hackers and barricade them inside a giant command center. From there, they will fight our enemies! Of course, the command center would be stocked with a high female-to-male ratio....wait, who am I kidding. More like 199,900 men and 100 women.
So... the Internet?
Mein Fuhrer, I can walk!
Not all good at home... (Score:1)
the desire to ship a product to maximize revenue rather than quality is the objective of many companies. The license agreements are better coded than most software.
Re: (Score:1)
USA: Syn(100) -------> China
Your move China.
USA: <----------- TCP_RST(100) China
Re: (Score:2)
Surely the U.S is hacking back?
Yeah sure! Now where did i put my netbus...
But Stuxnet was ok, eh? (Score:5, Insightful)
It's ok for the US but no one else?
Guess some left hand isn't talking to the right hand.
Re: (Score:2)
More like someone just realised that America is about 3,000,000% more vulnerable to such attacks than Iran or North Korea.
Re: (Score:1)
Let's see...
Hacking military installation to stop uranium enrichment beyond what is necessary for commercial power generation
vs
Hacking civilian companies to uncover the Chinese person/persons who leaked info on Wen Jiabao family's fortune in order to intimidate/punish them.
And in your mind these are equivalent?
Yes (Score:1, Insightful)
What is the purpose of China's hacks? Mostly economical, not exactly an apples to apples comparison here.
Re: (Score:3)
The Middle East itself disagrees with you.
Re: (Score:2)
Re:Yes (Score:5, Insightful)
Okay. You're a hypocrite.
Iran has no nuclear weapons program.
So when are you going to invade Israel to dispossess them of their ~200 nuclear weapons?
U.S. and Israeli bitching about Iran is like Biff Tannen bitching that Stephen Hawking has made a retaliatory threat to run over Biff's toes with a wheelchair if Biff attacks him first.
Re: (Score:2)
The USA and Israel are democracies, Iran is not.
You're right. The democratic leaders of Iran were overthrown by the US government. Look it up.
Re: (Score:2)
Even the U.S. and Israel admit Iran has no nuclear weapons program.
Link 1. [rawstory.com] Link 2. [pbs.org]
Reality. Feel free to visit it any time.
The United States has: overthrown Iran's democratically elected government, backed a torture loving dictator in the Shah, shot down an Iranian passenger jet, backed Iraq when it attacked Iran, committed an act of war with Stuxnet, has either assassi
Re: (Score:2)
Re:Imagine it's 2003 (Score:4, Insightful)
Imagine it's 2003, and Slashdot has an article about the widely criticized Iraqi invasion. An American makes a post just like yours:
"But invading Kuwait was ok, huh?"
Would you have embraced that sentiment? Would the moderators have modded it up?
I imagine that poster would be flooded with indignant replies containing variations of "two wrongs don't make a right"
Now imagine again that it's 2003. We know that North Korea is close to getting nukes, and their leader is literally insane. Far away, we have a bit of unreliable intelligence from some dude that was tortured and told us Saddam had WMDs, that we know is unreliable (because the guys that tortured him and told us about it also told us that it was unreliable). We also know that even if these WMDs do exist, they are not nukes. Also, unlike North Korea, Saddam was a major asshole but was not actually literally insane (at least not more than any other asshole politician). We know that if we take Saddam's regime out, we'll have to be there for a very, very long time to prevent an even bigger asshole from taking over. Meanwhile, our friends in South Korea would be happy to take over North Korea if we took out Kim Jong-Il's regime, and unite North and South Korea, significantly helping the entire population of North Korea.
10 Years prior, your daddy (president at that time) and your current VP (Secretary of Defense at that time) had both said invading Iraq to go after Saddam would have been obviously stupid. Your current VP even explained why it would be utterly stupid in an interview with C-SPAN in 1994.
Which country do you invade?
Imagine you have a relevant analogy (Score:2)
Iran hasn't invaded any countries in an aggressive war of choice in 200 years. As opposed to you-know-who.
Re: (Score:2)
The Chechen war was in, you know, Chechnya. Not against the United States, and Stuxnet wasn't released upon Russia - so no one is excused.
There goes your logic.
I have a cheap solution (Score:5, Funny)
Silly Times, if you are scared of the Chinese hackers, you can just insert this code at the top of your site:
< h1 > tiananmen square < /h1 >
It will fade away (Score:5, Interesting)
China is about to have an epic crash when their real estate bubble bursts:
60 minutes on China Real Estate Bubble [cbsnews.com]
When that happens, their economy will tank... similar to what happened in U.S. in 2008. And that will bring out people demonstrating in the streets. The Chinese security apparatus will have its hands full trying to stifle online dissent and stop people from plotting against the government. Cyber attacks on external targets will fade.
Re: (Score:1)
That logic assumes the Chinese government won't blame "foreign interference" for each and every possible thing that goes wrong, and attempt to fool the population into thinking it's "them, not us" that is the problem. This is one of the favorite excuses of an authoritarian government when things go wrong.
Re:It will fade away (Score:5, Interesting)
China is about to have an epic crash when their real estate bubble bursts
A different view, published a week after your CBSNews report:
http://www.forbes.com/sites/kenrapoza/2013/03/11/chinas-non-bubble-housing-bubble/ [forbes.com]
"By comparison, China’s housing bubble is a non-bubble... There’s also nothing close to a mortgage backed securities bubble and no sub-prime lending...'You don’t see the same amount of bank stress that you see in the U.S. because the debt levels are significantly lower, both for the builders and for the buyers'."
Re:It will fade away (Score:4, Insightful)
that's true, China doesn't have the mortgage-backed securities and subprime lending we saw in the U.S.
But while those things certainly help fan a bubble, you can still have a bubble without them. There was no subprime lending or Tulip-backed securities, yet the Tulip bubble still took place.
Re: (Score:2)
Re: (Score:2)
China's leaders have been very careful to avoid a bubble after seeing what happened in other east Asian countries that the US heavily invested in. That is why China lent the US so much money - it gives them control they can use to prevent the US doing it again. Obviously they wont do it themselves.
Re: (Score:2)
You're whistling in the dark.
I for one hate to see Americans including the US Govt being so
dumbassed obviously anal towards the Chinese.
They, Americans, used to be smart, across the board.
Better shape up. China will bury you. Do you even know how many
there are to 1 US [delusioned, fatigued -- like you] citizen?
Re: (Score:1)
You're whistling in the dark.
I for one hate to see Americans including the US Govt being so
dumbassed obviously anal towards the Chinese.
They, Americans, used to be smart, across the board.
Better shape up. China will bury you. Do you even know how many
there are to 1 US [delusioned, fatigued -- like you] citizen?
As an American, I wanted to respond, but ran out of breath typing this...
Re: (Score:1)
Spot on. The cyber-warfare rhetoric has been in an upward spiral for ages, but now they're even dumping money into hollywood for the full fear-mongering propaganda treatment (Skyfall, anyone?). "We don't know who our enemies are. They work in the shadows, so we must work in the shadows." Probably the closest you could ever come to an honest policy statement.
There aren't any credible visible threats, so we're being indoctrinated to believe in invisible monsters. My fellow Canadians might resonate with our re
Re: (Score:2)
Re: (Score:2)
JFK (Score:2)
Re: (Score:2)
Re: (Score:2)
Or just cut links to China and keep talking to the rest of the world.
Re: (Score:2)
Or just cut links to China and keep talking to the rest of the world.
But then how would Wal-mart get their orders filled?
Re: (Score:2)
Build a factory in some other 3rd world hellhole and exploit those people for a while, of course.
Re: (Score:2)
Wow, you really don't get the internet, do you?
Re: (Score:2)
Sure I do. I'm not the one who thinks it runs on spooky action at a distance. Block the routes to China at the routers and as far as the U.S. internet is concerned, there is no China.
That still leaves the possibility of hacking themselves a proxy in some other country, but it greatly increases the chances that a U.S. inquiry would get it shut down.
Re: (Score:3)
Re: (Score:2)
(I am referring to electronic goods/documents, not rare-earth materials which cannot be downloaded over the internet)
Won't work (Score:3)
Corrollory to Betteridge's Law (Score:5, Funny)
How would this be possible? (Score:2)
How could any government control the actions of 1 billion people....oh wait a minute.
"How about we call it a draw?" (Score:4, Insightful)
Seems to me that this is like asking for a truce when we're losing. They've got no reason to say yes.
Fortunately, this isn't a battle we have to lose. Yeah, I think we have to admit that every grandma-box running Windows 98 is going to be a spam-spewing zombie for the foreseeable future, but the corporations that make the juiciest targets should also be capable of at least some self-defense. If thy IP block offends thee, cut it off. Social engineering is always going to trump user education, but we can at least make it an arms race.
At least it's not nukes, which are harder to walk away from. That means we also don't have Mutually Assured Destruction. They're going to do it even if they sign a treaty saying that they won't, so we're going to have to hunker down and deal. Asking them to call it a draw isn't going to get us anywhere.
Re: (Score:3)
but the corporations that make the juiciest targets should also be capable of at least some self-defense.
You might think that, but apparently no. For example, here's this January 2013 report from the Defense Science Board [osd.mil], which I'm surprised hasn't made it to Slashdot yet. It's very sad and sobering reading.
After several months of researching best practices of cyber metrics in commercial, academia and government spaces, the Task Force determined that no metrics are currently available to directly determine or predict the cyber security or resilience of a given system. .... Even knowing if a system is compromised is very difficult. ... ... ... ... Strong authentication based on the Common Access Card (CAC) and Public Key Infrastructure (PKI) capabilities and other Defense in Depth mechanisms added to the overall “assurance” of the networks. Then, based on a significant infection of the Unclassified but Sensitive Internet Protocol (IP) Router Network (NIPRNet) and the Secret Internet Protocol Router Network (SIPRNet) in 2008, deployment of additional technologies, e.g., Host Based Security System (HBSS) and other hardening and situational awareness tools were accelerated.
In the process of conducting this study, it became apparent that the full spectrum cyber threat represented by a Tier V-VI capability is of such magnitude and sophistication that it could not be defended against.
Organizations in the Department today, however, do not generally share details about cyber attacks that have compromised their systems. Instead, system compromises are often classified, keeping people in the dark who must be aware so they can anticipate similar attacks. Consequently, DoD organizations are trying to field defenses based only on partial knowledge of what kind of vulnerabilities are being exploited.
For more than 15 years, the Department has invested significant resources (people and funding) in an effort to prevent, detect and respond to a full range of cyber threats.
While well-intentioned and strongly supported, these and subsequent initiatives have not had the desired impact on the overall IA posture of the Department. Defensive measures implemented at the boundaries between the NIPRNet and the Internet proved to be only marginally effective in blocking successful intrusions or reducing the overall attack surface of DoD networks and systems. Mobile platforms (smart phones, tablets, etc.) exacerbate this already challenging problem. Red teams, conducting operations during military exercises or at the request of Military Department and Agency officials, continue to have a nearly perfect success rate breaking into the systems.
Within classified networks, once thought to be safe for military command and control traffic, our adversary has successfully penetrated vulnerabilities created by poor user practices and a lack of discipline at all levels of the command structure. Operation BUCKSHOT YANKEE was clearly a wake-up call, suggesting that every system relied on for the conduct of war fighting operations is at risk of exploitation by an increasingly sophisticated adversary; an adversary ready and able to exploit any technical or human weakness to achieve their objectives.
Emphasis mine, but this is scary stuff. Even the classified US military IP networks have lousy security and have been infected by viruses.
I've never seen this announced before, but it's basically game over for network defense. The DoD can't keep their boxes patched. That's why they're talking about offensi
Getting tired of terrorist? (Score:1)
Re: (Score:1)
The Patriot Act targets hackers just as much as it does terrorists.
3 Strikes (Score:2)
China Responds (Score:2)
"You first, fuckers!"
I think we can all see where this is headed...
Wouldn't you prefer a nice game of chess?
Welcome to the party, pal. (Score:3)
China has been hacking US gamers for years. I get notifications from Guild Wars 2 that someone in China tried to access my account, please change my password. Welcome to the world wide web, Mr President and Congress, we need smarter policies, not more neolithic special interests pandering bullshit. Set up a firewall that you can monitor the hits on it, you will find that China is a beehive of hacker activity.
We do have people highly qualified and capable of not only securing our country's systems, but being our scalpel as well. Let's not panic for fuck's sake.
Shushu! (Score:2)
That's what the US State Dept is crying over in Beijing right now.
Poor timing (Score:2)
The Obama administration really needs to learn some tact. Did they really need to launch this initiative RIGHT now? Could it not have waited 6 months since it has taken them 2+ years so far to gather the evidence? The Chinese government has always used the "it wasn't me" and "As I told you, it would be absolutely, totally, and in all other ways inconceivable" arguments. All this will do is raise their hackles while we deal with a true international crisis that we need and have finally started getting Ch
Or what... (Score:2)
Issue sanctions? Stop it, it hurts to laugh.
How truth is made (Score:1)
1. Some company gets hacked
2. Some security company (Mandiant) investigates and makes a non-peer-reviewed report (PDF) with very thin evidence that jumps to conclusions [mandiant.com]
3. Sensational press repeats claims from report without investigating
4. Government uses "evidence" of what now seems a big problem and a certain source to start a war
5. Profit...
I'd like some smart Slashdot reader to read the report and tell us what you think. It contains a lot of random facts and then draws some very unscientific conclusions
Translation (Score:1)
China owns the US
China owns networks in the US
China has complete visibility of everything that happens in the US
We surrender. Please don't hurt us.
Silly to even try (Score:3)
Then you have their treaty with USA and WTO. They were required to drop most of their tariffs (around 90 at the time), no subsidies for exported goods, no dumping of exported goods, and free their money. Instead, they now have over 400 tariffs, subsidize many key items, are constantly dumping in foreign nations, and manipulate their money.
Likewise, they have a treaty with Japan that requires them to have pollution control on all new cement and coal plants. Sadly, the Japanese made a mistake in not requiring them to turn on the controls. As such, China simply turns off the controls most of the time. They only turn it on when Chinese gov. tells that they must and for how long (typically a special event or somebody coming to check the environment).
And now somebody thinks that CHina will keep their word? Not a chance.
Re: (Score:1)
Probably about the same chance that the USA would keep their's!
I remember a US president saying on TV, that America had No Intention of bombing Hanoi! Not too long after that, Hanoi was bombed! In fact, I read that Hanoi was the most heavily defended city (in terms of anti-aircraft defences) ever to be bombed. Much to their surprise, the North Vietnamese managed to shoot down some B52's1!
Hit 'em where it hurts.... (Score:2)
...get their Most Favored Nation status taken away.
For domestic consumption only (Score:2)
I know China isn't going to stop. You know China isn't going to stop. Obama knows China isn't going to stop. China sure as hell knows it's not going to stop. So most likely this is grandstanding so Obama can say he's "doing something" to his more clueless buddies in business.
too much politics (Score:1)
You tried. (Score:3, Insightful)
Good for users - bad for manufacturers (Score:2)
cyber attacks (Score:1)
Like asking fire not to burn you... (Score:1)