|
On February 22 2013 02:20 Shady Sands wrote:Show nested quote +On February 22 2013 02:16 Hryul wrote:Shanghai phone number/Pudong New Area IP blocks/Simplified Chinese language settings: Pudong New Area has about 5.4 million people, with a GDP of above 50 billion dollars. Foreign investment in Pudong varies between 4 and 8 billion dollars a year, going into some 11,000 different companies registered there. And obviously, most of the computers in Pudong have Chinese language settings. Based on population and business density in Pudong, a Shanghai number or IP block is pretty meaningless. Pudong New Area is literally the Chinese equivalent of Manhattan Island. It would be like Russia saying that since the US has a cyber unit in Manhattan, and somebody in Manhattan is hacking Russia from an English-language OS, then it must be that specific US cyber unit. Sorry I don't buy it. While a lot of people speak some rudimentary English, I'm quite skeptical about Chinese. And I'm not sure some foreign force would force their "agents" to learn Mandarin just to trick prosecutors. Wait, why wouldn't a foreign force do that?
I really hope you are not serious about that. We really need some irony tags . . .
On February 22 2013 02:20 Shady Sands wrote:Show nested quote +And since we all do know that there is internet censorship in China I highly doubt this amount of hacking could have been done with at least the goodwill of the Chinese government. Internet censorship affects content, not hacking. It affects things like forum posts and the content of foreign websites--not whether there's a botnet being set up in Shanghai (or anywhere in East China for that matter, since a botnet anywhere in that region would show up as originating traffic from Pudong) or virus crawling around the tubes.
Oh yes. So we are monitoring Internet traffic. But just "content" but not "hacking". How bad of a censorship would that be? I think of the Chinese as more skillful than that.
|
On February 22 2013 02:21 Shady Sands wrote:Show nested quote +On February 22 2013 02:07 zf wrote:On February 22 2013 01:01 Shady Sands wrote:The onus of proof against the report's authors shouldn't be that "we have to show beyond a doubt that Country A is NOT behind said attacks"; it should be that the report's authors themselves need to show, beyond a reasonable doubt, that Country A is behind said attacks. It's a basic principle of epistemology. No, it's a basic principle of criminal jurisprudence in the United States and countries with similar standards of guilt. It's a controversial standard of knowledge or justification in epistemology. :p Fair enough. I'll argue then that the evidence presented is insufficient to trace the attack to a specific state actor with any degree of certainty.
Even if we accept that as true that doesn't mean it is impossible to hold a state actor responsible for it. The attacks originated in China, or at least made use of chinese infrastructure. That alone makes the Chinese state responsible to some degree,
|
On February 22 2013 03:40 Derez wrote:Show nested quote +On February 22 2013 02:21 Shady Sands wrote:On February 22 2013 02:07 zf wrote:On February 22 2013 01:01 Shady Sands wrote:The onus of proof against the report's authors shouldn't be that "we have to show beyond a doubt that Country A is NOT behind said attacks"; it should be that the report's authors themselves need to show, beyond a reasonable doubt, that Country A is behind said attacks. It's a basic principle of epistemology. No, it's a basic principle of criminal jurisprudence in the United States and countries with similar standards of guilt. It's a controversial standard of knowledge or justification in epistemology. :p Fair enough. I'll argue then that the evidence presented is insufficient to trace the attack to a specific state actor with any degree of certainty. Even if we accept that is true that doesn't mean it is impossible to hold a state actor responsible for it. The attacks originated in China, or at least made use of chinese infrastructure. That alone makes the Chinese state responsible to some degree,
....So if an American-born member of Anonymous hacks into one of the German govt's databases, then the USA is responsible to some degree?
|
On February 22 2013 03:35 ddrddrddrddr wrote:Show nested quote +On February 22 2013 03:14 heartlxp wrote:
What do you think about this, quoted from the NYTimes:
"Mandiant discovered several cases in which attackers logged into their Facebook and Twitter accounts to get around China’s firewall that blocks ordinary citizen’s access, making it easier to track down their real identities."
Do you think someone else is actually doing the hacking and logging into Chinese ppl's facebooks for redirection? It's not just "somebody's forum-listed location", did you read the Times article?
By the way, people know that every somewhat developed country has it's own hacking group, this fact has NOTHING to do with whether PLA Unit 61398 is behind APT1. They narrowed it down to beyond just the New Pudong Area, again if you read the actual article you'll see it's just 1 neighborhood:
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.” Hackers working for the government do not have free outgoing access to the firewall? I am finding that hard to believe.
So what do you think are the possible scenarios here?
1. Hacker does NOT have convenient access to Facebook in China, so when he hacks into a US computer, he checks his Facebook.
2. A hacker outside of China hacks into a US computer, logs into a Chinese person's Facebook account
|
With a provocative title like this, perhaps the OP is hoping to get published on the Atlantic?
What's important to realize is that although the Chinese engage in hacking, so do other countries like Russia and Israel. Criminal gangs are also trying to steal information for profit, and yet another danger is that terrorist organizations might use criminals to launch cyberattacks. Let's not forget that the world's best offensive cyber warfare department is American, the creators of the Stuxnet worm and who knows what else.
Perhaps it is unfair that Chinese government-sanctioned hacking is singled out and its abilities exaggerated. After all, Kennedy warned the public falsely of a "missile gap" with the Soviets when in fact he knew that America had a massive advantage in both the number of nuclear warheads and delivery systems. Such panic mongering has long been a political tool. The only defense is for the media to be more judicious in reporting, but if they fail to do so, then it is up to the citizenry to stay informed.
However, cyber attacks are a legitimate concern. Spending money on cyber defense would pay itself back far more than more conventional weapons programs. The F-35 fighter (its boondoggle of a program aside) does almost nothing to enhance American safety, but protecting vulnerabilities in the nation's electrical grid could be well worth it. This is not just to protect against the Chinese, but also against all other hackers, be it Russian, Lithuanian, Israeli, French, or terrorists.
A better public discourse should not be focused on whether the Chinese are guilty or not of hacking, but rather on what should the appropriate level of investment into American cyber defenses be, in order to protect against all possible attackers. What level of security is acceptable, versus the tradeoff in money, convenience, time, and freedom?
|
Actually, this isn't really anything new. For the last 10 years both commercial entities as well as certain agencies have been pushing the threat of "cyberwar" and that of our helplessness in it. The problem however is that the term has no proper definition and is open to abuse. Simple DDoS attacks by groups like Anonymous are cyberwar. People defacing random sites leaving political statements are cyberwar. Hacks by unknown entities but originating from certain countries are cyberwar.
Which is not to say these aren't things we shouldn't care about or that there is no electronic espionage happening, but the agenda pushed with the grossly exaggerated horror stories is not one of increased security but rather one of increased spending towards and handing over control of the "battlefield" to the harbringers of doom. It's like the recording industry lobbying for internet filtering so we can fight childporn. Won't somebody think of the children? 
There's also a certain degree of hypocrisy going on here of course. Remind me, where did Stuxnet and the likes originate again? And the people making the policy decisions here? Yeah they have no clue about anything technical, yay, surely that'll end well ><
(As an aside I'd like to nominate the term "APT" as bastard term of the decade. It was never anything new or accurate, but damned if the thing won't fucking die..)
|
On February 22 2013 03:42 SamsungStar wrote:Show nested quote +On February 22 2013 03:40 Derez wrote:On February 22 2013 02:21 Shady Sands wrote:On February 22 2013 02:07 zf wrote:On February 22 2013 01:01 Shady Sands wrote:The onus of proof against the report's authors shouldn't be that "we have to show beyond a doubt that Country A is NOT behind said attacks"; it should be that the report's authors themselves need to show, beyond a reasonable doubt, that Country A is behind said attacks. It's a basic principle of epistemology. No, it's a basic principle of criminal jurisprudence in the United States and countries with similar standards of guilt. It's a controversial standard of knowledge or justification in epistemology. :p Fair enough. I'll argue then that the evidence presented is insufficient to trace the attack to a specific state actor with any degree of certainty. Even if we accept that is true that doesn't mean it is impossible to hold a state actor responsible for it. The attacks originated in China, or at least made use of chinese infrastructure. That alone makes the Chinese state responsible to some degree, ....So if an American-born member of Anonymous hacks into one of the German govt's databases, then the USA is responsible to some degree?
The US government is, and it would take that responsibility by prosecuting said hacker. Private citizens cannot simply attack foreign state infrastructure, either the government of the citizen intervenes or it becomes complict by not upholding international principles of sovereignty. If a state is unable to, or unwilling to, intervene, there are consequences.
See Bin Laden hiding in Afghanistan, leading to the war.
|
On February 22 2013 04:14 Derez wrote:Show nested quote +On February 22 2013 03:42 SamsungStar wrote:On February 22 2013 03:40 Derez wrote:On February 22 2013 02:21 Shady Sands wrote:On February 22 2013 02:07 zf wrote:On February 22 2013 01:01 Shady Sands wrote:The onus of proof against the report's authors shouldn't be that "we have to show beyond a doubt that Country A is NOT behind said attacks"; it should be that the report's authors themselves need to show, beyond a reasonable doubt, that Country A is behind said attacks. It's a basic principle of epistemology. No, it's a basic principle of criminal jurisprudence in the United States and countries with similar standards of guilt. It's a controversial standard of knowledge or justification in epistemology. :p Fair enough. I'll argue then that the evidence presented is insufficient to trace the attack to a specific state actor with any degree of certainty. Even if we accept that is true that doesn't mean it is impossible to hold a state actor responsible for it. The attacks originated in China, or at least made use of chinese infrastructure. That alone makes the Chinese state responsible to some degree, ....So if an American-born member of Anonymous hacks into one of the German govt's databases, then the USA is responsible to some degree? The US government is, and it would take that responsibility by prosecuting said hacker. Private citizens cannot simply attack foreign state infrastructure, either the government of the citizen intervenes or it becomes complict by not upholding international principles of sovereignty. If a state is unable to, or unwilling to, intervene, there are consequences. See Bin Laden hiding in Afghanistan, leading to the war.
Good point. I concede the argument and agree the burden of responsibility would be on China to prosecute and enforce their laws on the hacker.
|
Good for them. I hope they steal all the secrets.
|
This is nothing new. People have been saying this for decades, and though this is concrete in a way that former reports were not, it's still not enough evidence to bring the case to an international court.
I rather view this as a way for Mandiant to gain street creds in the cyber security industry than a NGO discovering what the US government doesn't know already.
|
On February 22 2013 03:14 heartlxp wrote:
They narrowed it down to beyond just the New Pudong Area, again if you read the actual article you'll see it's just 1 neighborhood:
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
I read the actual report in addition to some articles and I just don't see how they were able to narrow that down from the whole New Pudong Area (population over 5 million) to the area around that building. Anyone figure that out? I don't think the Chinese telcom company would just tell them where those IP addresses went to (assuming they knew they went to the military).
|
On February 22 2013 02:37 Scootaloo wrote:
OP, why would you know all this shit better then governments or media outlets?
It just seems you're just stating they're all drawing false positives while clearly far more reputable sources take this information as legit.
This is not some anti virus program giving you a malware-gen report you know, governments tend to know what they're doing, and China has been hacking all the information they can get for decades now, and suddenly, the great Shady Sands is going to tell us that this report of this government known for hacking might not be hacking because it's not based on falsification?
Just makes me wonder what your motivation is here really, is this an attempt at defending China or what?
The United States government is great at the art of disinformation. They only release what they want the public to believe and have been known to do this on a regular basis. Actually for all we know they could of released partial information to skew the public's opinion. If something of this scale were to be 100% true it would absolutely damage relations with US/China. All I am saying is we as the public most likely do not have all the information. Media outlets only say and *report* what they are told because they get paid to do so.
|
Considering NYT and WSJ say they've been hacked in the past, these new articles just reek of propaganda and bias.
|
Perhaps it just gets suspicious after a while. After a while of getting hacked, often from the same place, the same areas as Chinese government facilities, you start to question. As if my house kept having some one bashing the window in, then fleeing when I come down the stairs and running back to my neighbors house. After the first couple thousand times it happens, I might start blaming the neighbor whose house they run back into.
Whether or not China as a government is involved doesn't even matter anymore. Its the fact that China has done little and has done nothing to curb more sophisticated threats coming from their country. That is what frustrates the west so much, china is clearly a nation strong enough internally to remain sovereign over itself, so it pushes the west into thinking the other alternatives is that either china does it or supports it.
|
Bot edit.
User was banned for this post.
|
I think the comments are super hypocritical.
I don't really give a shit about what China hacks until the US stops doing it as well.
The US caused a nuclear meltdown in Iran using the most sophisticated attack in history, zero days are very rare and very expensive, this was the first time multiple zero days were used in an attack as well as bribing employees at hardware companies to make the virus even more powerful. We are talking viruses that would have cost a billion dollars to make.
Symantec and Kaspersky spent months working overtime using their most elite employees and eventually traced the origin back to the United States. The reverse engineered code and several other factors, made it 100% conclusive that it was done by the united states government. (It was found to be codenamed "Operation Olympic Games" and used several times via anecdotes of Bush/Obama)
Thanks to Murphy's law the virus was not self contained because an employee at the plant "illegally" brought the usb home. The virus is now all over the world and can potentially cause a meltdown at any Siemens based nuclear facility in the world. It is impossible to stop the spreading, and very costly to prevent. On wikileaks we saw random employees of nuclear powerplants being fired suspected for not knowing their shit and causing problems, and then 2 years later find out it was Stuxnet that caused it.
The US is far more dangerous and caused a lot more damage to even their own allies and themselves, than China when it comes to hacking.
http://en.wikipedia.org/wiki/Stuxnet
|
On February 22 2013 03:14 heartlxp wrote:
Do you think someone else is actually doing the hacking and logging into Chinese ppl's facebooks for redirection? It's not just "somebody's forum-listed location", did you read the Times article? Yes. If we're talking about attacks that require nation-state financing, then anything is on the table. If you wanted to poke at shit that the US doesn't want you to poke at, taking over a few boxes in a suspicious-looking area of China would be a pretty obvious first step.
On February 22 2013 03:14 heartlxp wrote:
By the way, people know that every somewhat developed country has it's own hacking group, this fact has NOTHING to do with whether PLA Unit 61398 is behind APT1. They narrowed it down to beyond just the New Pudong Area, again if you read the actual article you'll see it's just 1 neighborhood:
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
So... here's something.
The Chinese government really doesn't care about people getting past the great firewall to do whatever. It's trivially easy to get around (really, like even pptp that's built into any windows install by default). What they do care about is whether or not you're saying bad shit about the Chinese government while you're doing it. Then they come down on you. It's entirely possible that people could be doing nefarious shit on their own. Sure the government might know about it, but the internet monitors really don't care about that stuff.
It's not the most controlled network. Possibly the most monitored. The powers that be are too busy trying to keep up with the latest slang terms for whatever it is they don't want people talking about, and scrubbing.
Now this is not to say China isn't hacking the US. Everybody's hacking everybody. China->US is a subset of that. This is much ado about nothing. What people should actually be concerned about is locking down systems that matter, and stop worrying about specifically where the attack is coming from. It really doesn't matter where it's coming from if someone shuts down the power grid or some shit.
|
|
|
|
|
|
|
|
EPT
