|
China hacks. There's no doubt that it does--but nor is there doubt that many, many other people do. What should be doubted is that a Chinese military organization--a nefarious-sounding Unit 61398--is responsible for the specific trail of persistent industrial espionage in the United States by the group of hackers identified as Advanced Persistent Threat 1, or APT1.
Reading the NYT, WaPo, and WSJ, you'd be forgiven for not knowing that fact. After all, this is what they state:
A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.
An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.
This is mild compared to what the WaPo and WSJ have been harping on. Bloomberg, The Atlantic, Business Insider... all of them are repeating it. It must be true, right?
Wrong. Here's why--
The Mandiant report doesn't actually check off competing hypotheses for the behavior it observes. In other words, it doesn't consider what other things could be happening that create the evidence it's captured.
In order to tie APT1 to Unit 61398, Mandiant presented the following evidence from their recent report:
![[image loading]](http://i.imgur.com/MMbpEL9.png) ![[image loading]](http://i.imgur.com/rUvgiBY.png)
Unfortunately for Mandiant, the above, while substantive, isn't convincing. This is because plausible other causes exist for each of the above phenomena:
- Mission area: Russia, Israel, France, and other non-English countries steal IP from English-speaking organizations and their scientific priorities often are the same as those in China's 5-year plans--those priorities are often so broad as to encompass nearly every possible scientific activity
- Tools, Tactics, and Procedures: Just being organized and military-style is no indication of China. There are over 30 nations with active commands that run "mil-grade computer network operations"
- Scale of operations: Organized crime families known to be engaged in IP theft, as well as commercial hacker rings, are all known to have dozens to hundreds of members; and over a half-dozen nations worldwide have 1000+ people in their cyber warfare commands
- English language proficiency/recruiting from universities: Most military and intelligence agencies have people that know how to speak English, and most of these agencies partner with their nation's universities for top talent
- Shanghai phone number/Pudong New Area IP blocks/Simplified Chinese language settings: Pudong New Area has about 5.4 million people, with a GDP of above 50 billion dollars. Foreign investment in Pudong varies between 4 and 8 billion dollars a year, going into some 11,000 different companies registered there. And obviously, most of the computers in Pudong have Chinese language settings. Based on population and business density in Pudong, a Shanghai number or IP block is pretty meaningless. Pudong New Area is literally the Chinese equivalent of Manhattan Island. It would be like Russia saying that since the US has a cyber unit in Manhattan, and somebody in Manhattan is hacking Russia from an English-language OS, then it must be that specific US cyber unit.
- APT1 persona self-id'd location in Pudong: I'll leave it to you TL users to guess why using a somebody's forum-listed location as a clue to their real location is retarded.
(h/t: Jeff Carver, CEO of cybersec firm Taia Global)
There are other arguments against their hypothesis as well:
The Beijing Workday Argument. The hackers could have been from anywhere in the world. The timezone that Mandiant imagines as a Beijing workday could easily apply to a workday in Bangkok, Singapore, Taiwan, Tibet, Seoul, and even Tallinn – all of whom have active hacker populations.
The Lanxiang Vocational School Argument. The article mentioned that the hackers were traced back to the “same universities used by the Chinese military to attack U.S. military contractors in the past.” If memory serves, one of those was the Lanxiang Vocational School in Jinan, the capital of Shandong province and home to a PLA regional command center. Actually, Jinan is an industrial city of six million people and more than a dozen universities. IP Geolocation to one school means absolutely nothing.
Furthermore, even if the Chinese government was involved in cyber espionage against the New York Times, it wouldn’t use its military for that. It would use its Ministry of State Security (China’s equivalent of the CIA). And they wouldn’t be stupid enough to run the attack from their own offices, which if you’re interested in checking IP addresses, is in Beijing – 274 miles from Jinan.
The problem those points above create is precisely the key one Mandiant and our cherished free press refuse to acknowledge:
There are multiple states engaged in cyber-based industrial espionage and infrastructure snooping, not just China.
Israel, Russia, and numerous other countries all hack each other on a regular basis.
But wait--there's a reason that, even given that fact, America should focus on China, right?
However, Adam Segal, the Maurice B. Greenberg Senior Fellow for China Studies for the Council on Foreign Relations, believes that the scale and scope of cyber conflict is greatest in China. "There's a sense of competitive metabolism there," he said, "and China has resources that the other countries lack."
(h/t: The Atlantic)
Leaving aside the classic appeal to authority (and the wrong type of authority as well--how is an IR scholar going to be an authoritative expert on technical resources available for computer hacking?) I have to say: competitive metabolism? What sort of weasel word bullshit is that? And also, what resources does China have that other countries lack?
Yeah.
So the question then becomes: why this sudden flurry of articles based on a report that claims false certainty?
One possible reason is that there's a five-letter bill out there floating in the dead space of Congress designed to regulate the internet and increase government contracts/encourage private contracts for companies like Mandiant (the author of the China hacking report). Of course, there could be other reasons at play as well, so I'm not going to state this as a definite answer. I only wish mainstream journalism--you know, the people that get paid for this stuff--could exercise the same sort of logic and restraint. But hey, you get what you pay for, right?
|
Zurich15364 Posts
I am sorry if I really cut this short, but am I right that: All you are saying is that instead of saying "it is certain China is behind it" we should say "it is highly likely China is behind it"?
Basically all this does is point out that the evidence is weaker than suggested by mainstream media, but provides absolutely no evidence which suggests it WASN'T China. So the news here is that mainstream media like to exaggerate things?
|
The fact that government sources confirmed the stories and that there seem to be real political repercussions coming from the US government to China makes me think that they are pretty damn certain.
I don't doubt that the arguments you make are valid, but as a layman, they do seem pretty unlikely. I think that it would be a pretty big coincidence that with this evidence it wouldn't be China. Also, as long as the attacks originate in China, which they do, it is their responsibility.
|
On February 22 2013 00:54 zatic wrote:
I am sorry if I really cut this short, but am I right that: All you are saying is that instead of saying "it is certain China is behind it" we should say "it is highly likely China is behind it"?
Basically all this does is point out that the evidence is weaker than suggested by mainstream media, but provides absolutely no evidence which suggests it WASN'T China. So the news here is that mainstream media like to exaggerate things?
No, the news is that the report is drawing a false positive. The onus of proof against the report's authors shouldn't be that "we have to show beyond a doubt that Country A is NOT behind said attacks"; it should be that the report's authors themselves need to show, beyond a reasonable doubt, that Country A is behind said attacks. It's a basic principle of epistemology.
|
Will the real slim shady please stand up...
|
The question is, Is Mandiant themselves saying its 100% the Chinese goverment or is the media blowing things up as they always tho so that your average simpleton gets it.
Because case 1 means that indeed they need solid proof but most often then not its simple case 2.
Happends with science stuff all the time aswell.
|
On February 22 2013 01:00 Derez wrote:
The fact that government sources confirmed the stories and that there seem to be real political repercussions coming from the US government to China makes me think that they are pretty damn certain.
But think about it--why would those government sources hold off on political repercussions against until some random private company publishes a report on it, especially if, as a confirmation implies, those government sources knew about the attacks before the story went public?
I don't doubt that the arguments you make are valid, but as a layman, they do seem pretty unlikely. I think that it would be a pretty big coincidence that with this evidence it wouldn't be China. Also, as long as the attacks originate in China, which they do, it is their responsibility.
These are a bunch of other hypotheses that are all equally valid in light of the evidence:
1) Unit 61398 is running a signals monitoring operation off the main
cable between China and the United States, and the hacking operations
are done by some other part of the Chinese government (i.e. Ministry
of State Security) which may or may not be in Pudong.
2) The Chinese government is responsible for 10%, 20%, 30%, 40%, 50%,
60%, 70%, 80%, 90%, or 100% of the hacking traffic going through Pudong.
3) The geolocation is wrong and it's not in Pudong.
4) Some agency of the Chinese government has successfully put together
a "cyber-militia". Said agency gives patriotic hackers information
about what data they are looking for, and then collects said data
without asking questions.
5) Unit 61398 is responsible for cyber-hacking, but they are obviously
incompetent.
6) This is all a clever (but possibly unintentional) disinformation
campaign by the Chinese government. It attacks sites incompetently
with amateurs, gets people to tighten up security, and once everyone
is safe, it pulls in the real professionals.
7) It's a clever (and perhaps intentional) disinformation campaign by
the Chinese government. The Chinese military and intelligence
services have planted deep moles into US industry, and if there is now
a massive data leak, then the hackers did it, and no one thinks about
normal theft.
8) Some fraction (0-100%) of the packets going through China are
actually from Russia, Iran, or North Korea, because China has much
better internet access to the United States, and it's impossible to
set up a botnet in North Korea.
9) The Chinese military is undertaking cyber-hacking without the
knowledge of the Party leadership, and the amount of civilian control
over the military or the role of military in domestic spying and been
greatly misinterpreted.
Again, the point isn't that the evidence doesn't imply China hacks the United States--it's that the report paints a false picture of certainty about one very specific scenario when in reality the evidence suggests a myriad of things could be happening. That's galling.
|
There could indeed be significant skullduggery to make the attack look Chinese, but you can't fault the media for taking things at face value.
If it turns out to be some big frame-job against the Chinese by another country/entity later I'm sure the first media outlet to find that out conclusively will fly it like a banner in other media outlets' faces saying "ho ho, we're so smart".
|
On February 22 2013 01:01 Shady Sands wrote:The onus of proof against the report's authors shouldn't be that "we have to show beyond a doubt that Country A is NOT behind said attacks"; it should be that the report's authors themselves need to show, beyond a reasonable doubt, that Country A is behind said attacks. It's a basic principle of epistemology.
No, it's a basic principle of criminal jurisprudence in the United States and countries with similar standards of guilt. It's a controversial standard of knowledge or justification in epistemology. :p
|
Shanghai phone number/Pudong New Area IP blocks/Simplified Chinese language settings: Pudong New Area has about 5.4 million people, with a GDP of above 50 billion dollars. Foreign investment in Pudong varies between 4 and 8 billion dollars a year, going into some 11,000 different companies registered there. And obviously, most of the computers in Pudong have Chinese language settings. Based on population and business density in Pudong, a Shanghai number or IP block is pretty meaningless. Pudong New Area is literally the Chinese equivalent of Manhattan Island. It would be like Russia saying that since the US has a cyber unit in Manhattan, and somebody in Manhattan is hacking Russia from an English-language OS, then it must be that specific US cyber unit.
Sorry I don't buy it. While a lot of people speak some rudimentary English, I'm quite skeptical about Chinese. And I'm not sure some foreign force would force their "agents" to learn Mandarin just to trick prosecutors.
And since we all do know that there is internet censorship in China I highly doubt this amount of hacking could have been done with at least the goodwill of the Chinese government.
|
On February 22 2013 02:16 Hryul wrote:Show nested quote +Shanghai phone number/Pudong New Area IP blocks/Simplified Chinese language settings: Pudong New Area has about 5.4 million people, with a GDP of above 50 billion dollars. Foreign investment in Pudong varies between 4 and 8 billion dollars a year, going into some 11,000 different companies registered there. And obviously, most of the computers in Pudong have Chinese language settings. Based on population and business density in Pudong, a Shanghai number or IP block is pretty meaningless. Pudong New Area is literally the Chinese equivalent of Manhattan Island. It would be like Russia saying that since the US has a cyber unit in Manhattan, and somebody in Manhattan is hacking Russia from an English-language OS, then it must be that specific US cyber unit. Sorry I don't buy it. While a lot of people speak some rudimentary English, I'm quite skeptical about Chinese. And I'm not sure some foreign force would force their "agents" to learn Mandarin just to trick prosecutors.
Wait, why wouldn't a foreign force do that?
And since we all do know that there is internet censorship in China I highly doubt this amount of hacking could have been done with at least the goodwill of the Chinese government.
Internet censorship affects content, not hacking. It affects things like forum posts and the content of foreign websites--not whether there's a botnet being set up in Shanghai (or anywhere in East China for that matter, since a botnet anywhere in that region would show up as originating traffic from Pudong) or virus crawling around the tubes.
|
On February 22 2013 02:07 zf wrote:Show nested quote +On February 22 2013 01:01 Shady Sands wrote:The onus of proof against the report's authors shouldn't be that "we have to show beyond a doubt that Country A is NOT behind said attacks"; it should be that the report's authors themselves need to show, beyond a reasonable doubt, that Country A is behind said attacks. It's a basic principle of epistemology. No, it's a basic principle of criminal jurisprudence in the United States and countries with similar standards of guilt. It's a controversial standard of knowledge or justification in epistemology. :p
Fair enough. I'll argue then that the evidence presented is insufficient to trace the attack to a specific state actor with any degree of certainty.
|
OP, why would you know all this shit better then governments or media outlets?
It just seems you're just stating they're all drawing false positives while clearly far more reputable sources take this information as legit.
This is not some anti virus program giving you a malware-gen report you know, governments tend to know what they're doing, and China has been hacking all the information they can get for decades now, and suddenly, the great Shady Sands is going to tell us that this report of this government known for hacking might not be hacking because it's not based on falsification?
Just makes me wonder what your motivation is here really, is this an attempt at defending China or what?
|
On February 22 2013 02:21 Shady Sands wrote:Fair enough. I'll argue then that the evidence presented is insufficient to trace the attack to a specific state actor with any degree of certainty.
Cheers! Thanks for putting up with my pedantry.
|
We all know countries all over the world hack. And it wouldn't surprise me that China does too.
However, this news of China hacking the US comes at a funny time does it not? CISPA (cyber intelligence sharing & protecting act) was already defeated, but a newer version of the bill is being pushed hard in the US house as we speak.
If you are unaware of what CISPA is.. think of it as the Patriot Act for the internet. People need to be scared for their safety and security before they give up liberties. This is not a new tactic.
Here is a link to oppose CISPA 2.0 if you are interested:
http://act.demandprogress.org/act/cispa_is_back/?referring_akid=a7983999.506224.KT-M7r&source=auto-e
|
On February 22 2013 02:37 Scootaloo wrote:
OP, why would you know all this shit better then governments or media outlets?
It just seems you're just stating they're all drawing false positives while clearly far more reputable sources take this information as legit.
I'll just leave this here.
![[image loading]](http://i.imgur.com/MEBcEVS.png)
|
What do you think about this, quoted from the NYTimes:
"Mandiant discovered several cases in which attackers logged into their Facebook and Twitter accounts to get around China’s firewall that blocks ordinary citizen’s access, making it easier to track down their real identities."
Do you think someone else is actually doing the hacking and logging into Chinese ppl's facebooks for redirection? It's not just "somebody's forum-listed location", did you read the Times article?
By the way, people know that every somewhat developed country has it's own hacking group, this fact has NOTHING to do with whether PLA Unit 61398 is behind APT1. They narrowed it down to beyond just the New Pudong Area, again if you read the actual article you'll see it's just 1 neighborhood:
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
|
On February 22 2013 02:54 lolmlg wrote:Show nested quote +On February 22 2013 02:37 Scootaloo wrote:
OP, why would you know all this shit better then governments or media outlets?
It just seems you're just stating they're all drawing false positives while clearly far more reputable sources take this information as legit.
I'll just leave this here.
Emmm yeah, I don't believe we need to establish CNN is full of crap, might as well be quoting Fox News.
I'd be surprised however if it's just the republican puppet media reporting on this, this seems like the kind of thing not just them would be interested in, my local dutch media seems to not really give a damn right now, after a little bit of digging, there's some short reports on it, but they're quite factual, claiming nothing but that Mandiant's reports the Chinese are behind it, and later an article about how the chinese government denies the claims, which is what they've always done at any allegations of hacking. To be precise, they stated it was wrong for much the same reasons OP lists, and seeing how it's dated the 20th of februari I'm really hoping that's not OP's source.
Even if Mandiants report is a load of crap, the Chinese government has been using the internet to steal information for a very long time now, it's practically common knowledge, and some steps should be undertaken against it.
Obviously, them trying to use it as a SOPA camouflage is just horrible, and kind of speaks for the sad decrepid state american politics is in, but does not invalidate the dangers of the Chinese government's technology becoming on par with that of the US.
Especially now that China's pet facist dictatorship, North Korea, is barking again, when we havn't been able to establish how insane and warhungry their current heavenly leader is.
|
I do find it amusing China would use army to hack rather than their intelligence agency, one of the most secretive and opqaue in the world.
|
On February 22 2013 03:14 heartlxp wrote:
What do you think about this, quoted from the NYTimes:
"Mandiant discovered several cases in which attackers logged into their Facebook and Twitter accounts to get around China’s firewall that blocks ordinary citizen’s access, making it easier to track down their real identities."
Do you think someone else is actually doing the hacking and logging into Chinese ppl's facebooks for redirection? It's not just "somebody's forum-listed location", did you read the Times article?
By the way, people know that every somewhat developed country has it's own hacking group, this fact has NOTHING to do with whether PLA Unit 61398 is behind APT1. They narrowed it down to beyond just the New Pudong Area, again if you read the actual article you'll see it's just 1 neighborhood:
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
Hackers working for the government do not have free outgoing access to the firewall? I am finding that hard to believe.
|
On February 22 2013 02:20 Shady Sands wrote:Show nested quote +On February 22 2013 02:16 Hryul wrote:Shanghai phone number/Pudong New Area IP blocks/Simplified Chinese language settings: Pudong New Area has about 5.4 million people, with a GDP of above 50 billion dollars. Foreign investment in Pudong varies between 4 and 8 billion dollars a year, going into some 11,000 different companies registered there. And obviously, most of the computers in Pudong have Chinese language settings. Based on population and business density in Pudong, a Shanghai number or IP block is pretty meaningless. Pudong New Area is literally the Chinese equivalent of Manhattan Island. It would be like Russia saying that since the US has a cyber unit in Manhattan, and somebody in Manhattan is hacking Russia from an English-language OS, then it must be that specific US cyber unit. Sorry I don't buy it. While a lot of people speak some rudimentary English, I'm quite skeptical about Chinese. And I'm not sure some foreign force would force their "agents" to learn Mandarin just to trick prosecutors. Wait, why wouldn't a foreign force do that?
I really hope you are not serious about that. We really need some irony tags . . .
On February 22 2013 02:20 Shady Sands wrote:Show nested quote +And since we all do know that there is internet censorship in China I highly doubt this amount of hacking could have been done with at least the goodwill of the Chinese government. Internet censorship affects content, not hacking. It affects things like forum posts and the content of foreign websites--not whether there's a botnet being set up in Shanghai (or anywhere in East China for that matter, since a botnet anywhere in that region would show up as originating traffic from Pudong) or virus crawling around the tubes.
Oh yes. So we are monitoring Internet traffic. But just "content" but not "hacking". How bad of a censorship would that be? I think of the Chinese as more skillful than that.
|
On February 22 2013 02:21 Shady Sands wrote:Show nested quote +On February 22 2013 02:07 zf wrote:On February 22 2013 01:01 Shady Sands wrote:The onus of proof against the report's authors shouldn't be that "we have to show beyond a doubt that Country A is NOT behind said attacks"; it should be that the report's authors themselves need to show, beyond a reasonable doubt, that Country A is behind said attacks. It's a basic principle of epistemology. No, it's a basic principle of criminal jurisprudence in the United States and countries with similar standards of guilt. It's a controversial standard of knowledge or justification in epistemology. :p Fair enough. I'll argue then that the evidence presented is insufficient to trace the attack to a specific state actor with any degree of certainty.
Even if we accept that as true that doesn't mean it is impossible to hold a state actor responsible for it. The attacks originated in China, or at least made use of chinese infrastructure. That alone makes the Chinese state responsible to some degree,
|
On February 22 2013 03:40 Derez wrote:Show nested quote +On February 22 2013 02:21 Shady Sands wrote:On February 22 2013 02:07 zf wrote:On February 22 2013 01:01 Shady Sands wrote:The onus of proof against the report's authors shouldn't be that "we have to show beyond a doubt that Country A is NOT behind said attacks"; it should be that the report's authors themselves need to show, beyond a reasonable doubt, that Country A is behind said attacks. It's a basic principle of epistemology. No, it's a basic principle of criminal jurisprudence in the United States and countries with similar standards of guilt. It's a controversial standard of knowledge or justification in epistemology. :p Fair enough. I'll argue then that the evidence presented is insufficient to trace the attack to a specific state actor with any degree of certainty. Even if we accept that is true that doesn't mean it is impossible to hold a state actor responsible for it. The attacks originated in China, or at least made use of chinese infrastructure. That alone makes the Chinese state responsible to some degree,
....So if an American-born member of Anonymous hacks into one of the German govt's databases, then the USA is responsible to some degree?
|
On February 22 2013 03:35 ddrddrddrddr wrote:Show nested quote +On February 22 2013 03:14 heartlxp wrote:
What do you think about this, quoted from the NYTimes:
"Mandiant discovered several cases in which attackers logged into their Facebook and Twitter accounts to get around China’s firewall that blocks ordinary citizen’s access, making it easier to track down their real identities."
Do you think someone else is actually doing the hacking and logging into Chinese ppl's facebooks for redirection? It's not just "somebody's forum-listed location", did you read the Times article?
By the way, people know that every somewhat developed country has it's own hacking group, this fact has NOTHING to do with whether PLA Unit 61398 is behind APT1. They narrowed it down to beyond just the New Pudong Area, again if you read the actual article you'll see it's just 1 neighborhood:
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.” Hackers working for the government do not have free outgoing access to the firewall? I am finding that hard to believe.
So what do you think are the possible scenarios here?
1. Hacker does NOT have convenient access to Facebook in China, so when he hacks into a US computer, he checks his Facebook.
2. A hacker outside of China hacks into a US computer, logs into a Chinese person's Facebook account
|
With a provocative title like this, perhaps the OP is hoping to get published on the Atlantic?
What's important to realize is that although the Chinese engage in hacking, so do other countries like Russia and Israel. Criminal gangs are also trying to steal information for profit, and yet another danger is that terrorist organizations might use criminals to launch cyberattacks. Let's not forget that the world's best offensive cyber warfare department is American, the creators of the Stuxnet worm and who knows what else.
Perhaps it is unfair that Chinese government-sanctioned hacking is singled out and its abilities exaggerated. After all, Kennedy warned the public falsely of a "missile gap" with the Soviets when in fact he knew that America had a massive advantage in both the number of nuclear warheads and delivery systems. Such panic mongering has long been a political tool. The only defense is for the media to be more judicious in reporting, but if they fail to do so, then it is up to the citizenry to stay informed.
However, cyber attacks are a legitimate concern. Spending money on cyber defense would pay itself back far more than more conventional weapons programs. The F-35 fighter (its boondoggle of a program aside) does almost nothing to enhance American safety, but protecting vulnerabilities in the nation's electrical grid could be well worth it. This is not just to protect against the Chinese, but also against all other hackers, be it Russian, Lithuanian, Israeli, French, or terrorists.
A better public discourse should not be focused on whether the Chinese are guilty or not of hacking, but rather on what should the appropriate level of investment into American cyber defenses be, in order to protect against all possible attackers. What level of security is acceptable, versus the tradeoff in money, convenience, time, and freedom?
|
Actually, this isn't really anything new. For the last 10 years both commercial entities as well as certain agencies have been pushing the threat of "cyberwar" and that of our helplessness in it. The problem however is that the term has no proper definition and is open to abuse. Simple DDoS attacks by groups like Anonymous are cyberwar. People defacing random sites leaving political statements are cyberwar. Hacks by unknown entities but originating from certain countries are cyberwar.
Which is not to say these aren't things we shouldn't care about or that there is no electronic espionage happening, but the agenda pushed with the grossly exaggerated horror stories is not one of increased security but rather one of increased spending towards and handing over control of the "battlefield" to the harbringers of doom. It's like the recording industry lobbying for internet filtering so we can fight childporn. Won't somebody think of the children? 
There's also a certain degree of hypocrisy going on here of course. Remind me, where did Stuxnet and the likes originate again? And the people making the policy decisions here? Yeah they have no clue about anything technical, yay, surely that'll end well ><
(As an aside I'd like to nominate the term "APT" as bastard term of the decade. It was never anything new or accurate, but damned if the thing won't fucking die..)
|
On February 22 2013 03:42 SamsungStar wrote:Show nested quote +On February 22 2013 03:40 Derez wrote:On February 22 2013 02:21 Shady Sands wrote:On February 22 2013 02:07 zf wrote:On February 22 2013 01:01 Shady Sands wrote:The onus of proof against the report's authors shouldn't be that "we have to show beyond a doubt that Country A is NOT behind said attacks"; it should be that the report's authors themselves need to show, beyond a reasonable doubt, that Country A is behind said attacks. It's a basic principle of epistemology. No, it's a basic principle of criminal jurisprudence in the United States and countries with similar standards of guilt. It's a controversial standard of knowledge or justification in epistemology. :p Fair enough. I'll argue then that the evidence presented is insufficient to trace the attack to a specific state actor with any degree of certainty. Even if we accept that is true that doesn't mean it is impossible to hold a state actor responsible for it. The attacks originated in China, or at least made use of chinese infrastructure. That alone makes the Chinese state responsible to some degree, ....So if an American-born member of Anonymous hacks into one of the German govt's databases, then the USA is responsible to some degree?
The US government is, and it would take that responsibility by prosecuting said hacker. Private citizens cannot simply attack foreign state infrastructure, either the government of the citizen intervenes or it becomes complict by not upholding international principles of sovereignty. If a state is unable to, or unwilling to, intervene, there are consequences.
See Bin Laden hiding in Afghanistan, leading to the war.
|
On February 22 2013 04:14 Derez wrote:Show nested quote +On February 22 2013 03:42 SamsungStar wrote:On February 22 2013 03:40 Derez wrote:On February 22 2013 02:21 Shady Sands wrote:On February 22 2013 02:07 zf wrote:On February 22 2013 01:01 Shady Sands wrote:The onus of proof against the report's authors shouldn't be that "we have to show beyond a doubt that Country A is NOT behind said attacks"; it should be that the report's authors themselves need to show, beyond a reasonable doubt, that Country A is behind said attacks. It's a basic principle of epistemology. No, it's a basic principle of criminal jurisprudence in the United States and countries with similar standards of guilt. It's a controversial standard of knowledge or justification in epistemology. :p Fair enough. I'll argue then that the evidence presented is insufficient to trace the attack to a specific state actor with any degree of certainty. Even if we accept that is true that doesn't mean it is impossible to hold a state actor responsible for it. The attacks originated in China, or at least made use of chinese infrastructure. That alone makes the Chinese state responsible to some degree, ....So if an American-born member of Anonymous hacks into one of the German govt's databases, then the USA is responsible to some degree? The US government is, and it would take that responsibility by prosecuting said hacker. Private citizens cannot simply attack foreign state infrastructure, either the government of the citizen intervenes or it becomes complict by not upholding international principles of sovereignty. If a state is unable to, or unwilling to, intervene, there are consequences. See Bin Laden hiding in Afghanistan, leading to the war.
Good point. I concede the argument and agree the burden of responsibility would be on China to prosecute and enforce their laws on the hacker.
|
Good for them. I hope they steal all the secrets.
|
This is nothing new. People have been saying this for decades, and though this is concrete in a way that former reports were not, it's still not enough evidence to bring the case to an international court.
I rather view this as a way for Mandiant to gain street creds in the cyber security industry than a NGO discovering what the US government doesn't know already.
|
On February 22 2013 03:14 heartlxp wrote:
They narrowed it down to beyond just the New Pudong Area, again if you read the actual article you'll see it's just 1 neighborhood:
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
I read the actual report in addition to some articles and I just don't see how they were able to narrow that down from the whole New Pudong Area (population over 5 million) to the area around that building. Anyone figure that out? I don't think the Chinese telcom company would just tell them where those IP addresses went to (assuming they knew they went to the military).
|
On February 22 2013 02:37 Scootaloo wrote:
OP, why would you know all this shit better then governments or media outlets?
It just seems you're just stating they're all drawing false positives while clearly far more reputable sources take this information as legit.
This is not some anti virus program giving you a malware-gen report you know, governments tend to know what they're doing, and China has been hacking all the information they can get for decades now, and suddenly, the great Shady Sands is going to tell us that this report of this government known for hacking might not be hacking because it's not based on falsification?
Just makes me wonder what your motivation is here really, is this an attempt at defending China or what?
The United States government is great at the art of disinformation. They only release what they want the public to believe and have been known to do this on a regular basis. Actually for all we know they could of released partial information to skew the public's opinion. If something of this scale were to be 100% true it would absolutely damage relations with US/China. All I am saying is we as the public most likely do not have all the information. Media outlets only say and *report* what they are told because they get paid to do so.
|
Considering NYT and WSJ say they've been hacked in the past, these new articles just reek of propaganda and bias.
|
Perhaps it just gets suspicious after a while. After a while of getting hacked, often from the same place, the same areas as Chinese government facilities, you start to question. As if my house kept having some one bashing the window in, then fleeing when I come down the stairs and running back to my neighbors house. After the first couple thousand times it happens, I might start blaming the neighbor whose house they run back into.
Whether or not China as a government is involved doesn't even matter anymore. Its the fact that China has done little and has done nothing to curb more sophisticated threats coming from their country. That is what frustrates the west so much, china is clearly a nation strong enough internally to remain sovereign over itself, so it pushes the west into thinking the other alternatives is that either china does it or supports it.
|
Bot edit.
User was banned for this post.
|
I think the comments are super hypocritical.
I don't really give a shit about what China hacks until the US stops doing it as well.
The US caused a nuclear meltdown in Iran using the most sophisticated attack in history, zero days are very rare and very expensive, this was the first time multiple zero days were used in an attack as well as bribing employees at hardware companies to make the virus even more powerful. We are talking viruses that would have cost a billion dollars to make.
Symantec and Kaspersky spent months working overtime using their most elite employees and eventually traced the origin back to the United States. The reverse engineered code and several other factors, made it 100% conclusive that it was done by the united states government. (It was found to be codenamed "Operation Olympic Games" and used several times via anecdotes of Bush/Obama)
Thanks to Murphy's law the virus was not self contained because an employee at the plant "illegally" brought the usb home. The virus is now all over the world and can potentially cause a meltdown at any Siemens based nuclear facility in the world. It is impossible to stop the spreading, and very costly to prevent. On wikileaks we saw random employees of nuclear powerplants being fired suspected for not knowing their shit and causing problems, and then 2 years later find out it was Stuxnet that caused it.
The US is far more dangerous and caused a lot more damage to even their own allies and themselves, than China when it comes to hacking.
http://en.wikipedia.org/wiki/Stuxnet
|
On February 22 2013 03:14 heartlxp wrote:
Do you think someone else is actually doing the hacking and logging into Chinese ppl's facebooks for redirection? It's not just "somebody's forum-listed location", did you read the Times article? Yes. If we're talking about attacks that require nation-state financing, then anything is on the table. If you wanted to poke at shit that the US doesn't want you to poke at, taking over a few boxes in a suspicious-looking area of China would be a pretty obvious first step.
On February 22 2013 03:14 heartlxp wrote:
By the way, people know that every somewhat developed country has it's own hacking group, this fact has NOTHING to do with whether PLA Unit 61398 is behind APT1. They narrowed it down to beyond just the New Pudong Area, again if you read the actual article you'll see it's just 1 neighborhood:
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
So... here's something.
The Chinese government really doesn't care about people getting past the great firewall to do whatever. It's trivially easy to get around (really, like even pptp that's built into any windows install by default). What they do care about is whether or not you're saying bad shit about the Chinese government while you're doing it. Then they come down on you. It's entirely possible that people could be doing nefarious shit on their own. Sure the government might know about it, but the internet monitors really don't care about that stuff.
It's not the most controlled network. Possibly the most monitored. The powers that be are too busy trying to keep up with the latest slang terms for whatever it is they don't want people talking about, and scrubbing.
Now this is not to say China isn't hacking the US. Everybody's hacking everybody. China->US is a subset of that. This is much ado about nothing. What people should actually be concerned about is locking down systems that matter, and stop worrying about specifically where the attack is coming from. It really doesn't matter where it's coming from if someone shuts down the power grid or some shit.
|
|
|
|
|
|
|
|
EPT
