Journalists' Yahoo E-Mail Accounts Compromised In China 130
andy1307 writes "According to this article in the New York Times, 'In what appears to be a coordinated assault, the e-mail accounts of at least a dozen rights activists, academics and journalists who cover China have been compromised by unknown intruders. The infiltrations, which involved Yahoo e-mail accounts, appeared to be aimed at people who write about China and Taiwan, rendering their accounts inaccessible, according to those who were affected. In the case of this reporter, hackers altered e-mail settings so that all correspondence was surreptitiously forwarded to another e-mail address. ... The victims of the most recent intrusions included a law professor in the United States, an analyst who writes about China's security apparatus and several print journalists based in Beijing and Taipei, the capital of Taiwan."
Is anyone surprised? (Score:5, Insightful)
China is a totalitarian state. Has been since 1949. What free trade has done is to make it a rich totalitarian state instead of a poor one. I never understood the argument that capitalism would lead to anything like democracy. Democracy [usually] leads to at least some level of capitalist/free-enterprise economy, but not the other way around.
Re:Damn Chinese! (Score:4, Insightful)
Don't you know that you should do your wiretapping directly at the ISP level, like real Americans?
I'm sure that they know and they do. But wiretapping at the ISP level doesn't help if their victims use HTTPS or SSL IMAP/POP like pretty much all Gmail (and Yahoo?) users do. Real Americans(TM) subpoena Google or Yahoo records directly over their convenient law-enforcement interfaces -- China can't do that...
Re:This is why you don't do business with China (Score:1, Insightful)
I bet my future wife and unborn daughter that the computer you posted from is made in china.
So let's get this straight: (Score:1, Insightful)
- for 20 years now malware targets mostly DOS/Windows, yet these guys still use exactly that
- the main vector of malware coming in is via e-mail attachments, yet these guys keep clicking on them
- signed e-mails and attachments would make reception thereof fairly safe, yet these guys have no idea about it
- nevermind encryption, cause why would these guys be responsible towards their sources
- etc.pp.
So I'd say....TOLD YOU SO....but then these guys probably would feign complete ignorance and amazement over the fact, that especially the totalitarian governments of the world don't exactly work with white gloves on and...GASP...don't give a shit about your self-aggrandized ego of 'a journalist' and the hallowed freedom of press!
Re:This is why you don't do business with China (Score:4, Insightful)
Re:Is anyone surprised? (Score:5, Insightful)
I never understood the argument that capitalism would lead to anything like democracy.
The reason you can't understand that argument is that it's complete BS. It was created to try to convince Americans that the reason our government is making it extremely easy to trade with China is to spread democracy, not increase corporate profits at the expense of American workers' careers.
And historically at least, the system of government best suited to corporate profits is not democracy, but fascist-leaning dictatorships. That's true whether we're talking about Mussolini, Hitler, Franco, Pinochet, or Batista.
Re:This is why you don't do business with China (Score:2, Insightful)
People seem to think of China as this troublesome country that does whatever it wants and that nothing can be done about it. This is simply not true.
China is actually more dependent on US and EU than the other way around. They devote most resources to the production of products that need to be mandatorily exported as the the chinese masses cannot afford them.
Corporations and states seem to ignore the blatant anti-freemarket and anti-freedom-speech-policies because of the el-dorado of the 2 bilion people market. WAKE UP. Chinese policy will never allow for free market, and will always be biased towards chinese products.
To add insult to injury, in EU, chinese imports SIMPLY PAY NO TAXES, sinking the local producers in the process.
So what can be done? Well western states can stop acting like slaves to their chinese overlords.
Re:This is why you don't do business with China (Score:5, Insightful)
Re:This is why you don't do business with China (Score:3, Insightful)
Fixed.
Re:Yahoo (Score:2, Insightful)
Re:Hmm yeah (Score:3, Insightful)
A lot of freelance journalists use google and yahoo, as do many people who have professional mail accounts, but prefer to conduct private and/or personal business using a 'free' provider. Do you really want a confidential source in China to risk sending info to *@nytimes.etc?
Re:Damn Chinese! (Score:5, Insightful)
> https is very easy to MITM if you can inject bogus signed certificates.
agreed
> For that you need to control a CA.
agreed
> for example, CNNIC whose root certificate is included in MSIE and Firefox.
agreed
> Bug 542689 - Please remove CNNIC CA root certificate from NSS
agreed BUT: Why do you single out this particular CA when the valid issues you raised APPLY TO ALL OF THEM?!
Re:Is anyone surprised? (Score:5, Insightful)
I don't understand it either, mainly because I think the climate in China is closer to free market capitalism than the climate in the US. In relative terms China is a capitalist utopia, particularly from a producer's perspective.
Re:Is anyone surprised? (Score:3, Insightful)
Perhaps you need a history course. Historically, Mussolini, Hitler, and Franco drew their countries into ruinous wars, which are very hard on corporate profits. Batista so weakened his government that it was taken over by communists who nationalized everything. Corporations hate that.
Saying that the system of government best suited to corporate profits is a fascist-leaning dictatorship is like saying Bernie Madoff will get you the best return on your investment. It is sometimes true in the short term, but in the long term it is very, very false.
Re:Damn Chinese! (Score:3, Insightful)
The real bug is Mozilla doesn't _help_ you realize and figure out that a cert has been changed for no good reason.
Yes the way to do it won't work 100% for the average person. But the average person will get pwned anyway.
So in this case, Mozilla should help the ones who care about security - warning people that the server cert has been changed rather early, or worse the CA has changed, or even worse the CA has changed AND the new CA is in a different country.
But no, the Mozilla developers still haven't lifted a finger to help. Not even after 5 years.
See this:
https://bugzilla.mozilla.org/show_bug.cgi?id=286107 [mozilla.org]
And comment #5 and rest of discussion.
Quote:
Ian Grigg 2005-03-15 12:14:26 PST
#4. I'd agree with that.
The critical change is when a new cert comes in signed by a *different* CA. In
the event that this is a bad situation, both CAs can disclaim by pointing the
finger at each other. The bad CA just shrugs and says "I followed my
established and audited procedures...." In practice, even a little finger
pointing will break any semblance of CAs backing up their words.
Re:Is anyone surprised? (Score:3, Insightful)
But why the hell would an arbitrary corporation prefer having the laws change at the pleasure of a demagogue who may or may not like them instead of having an easily "lobbied"/bribed legislature?
Because bribing 1 despot is cheaper and easier than bribing the 300 or so congresscritters/MPs needed to get a majority. Plus you do so much work to buy off particular politicians, and then the pesky public votes for someone else and you need to start over again.
Re:Is anyone surprised? (Score:2, Insightful)
It seems unlikely that the man who dominates the entire country and can take what he likes from its tax revenues is going to do whatever you ask for a check.
Re:Is anyone surprised? (Score:4, Insightful)
Re:Is anyone surprised? (Score:2, Insightful)
Saying that the system of government best suited to corporate profits is a fascist-leaning dictatorship is like saying Bernie Madoff will get you the best return on your investment. It is sometimes true in the short term, but in the long term it is very, very false.
That would be relevant, if only people and corporations had the foresight to pay attention to anything more than the Next Big Thing. The lack of any sort of a long view and the attitude that what is best for right now is always the right choice are both almost ubiquitous in our culture and are detrimental to society in many cases.
Re:Damn Chinese! (Score:3, Insightful)
Don't you know that you should do your wiretapping directly at the ISP level, like real Americans?
Why would you need to when the e-mail hosts have so thoughtfully buried an auto-forwarding function on a settings page that no one ever checks?
"Free" e-mail has generally only improved in quality over the last decade, but that one move was incredibly boneheaded.
Every time I log in, the first thing I should see is "Your E-Mail Is Forwarded To: [No Where/Address]".
Anything else is just pure gold for malicious actors.
Re:Is anyone surprised? (Score:3, Insightful)
To some degree I agree with you. I have more knowledge of Industrial England than of Rome (though there was a pretty major civil war between the Plebs and the Proles that lead to an expansion of the aristocracy there). In England, at least, the people had the good fortune of a number of historical trends lining up at the same time; labor shortages at the tail end of the Middle Ages (after the Black Death) which saw a sharp increase in demand for workers, the beginnings of a free market economy being established even before the Industrial Revolution, a stable and effective government with clear lines of authority thanks to the Glorious Revolution, and, by the 18th century a rapidly expanding population, a major overseas empire that basically kickstarted the consumer revolution (this is when China as manufacturer of cheap goods to the West really begins, thanks in large part to European, and in particular to Dutch and English merchants), and, of course, the ultimate development of a middle class in particular during the Victorian Era. I agree the aristocracy in large part was responsible for the major reform bills, but I'd say that once some of the reforms had begun, it was a snowball. The more political power the ordinary people got, the more they wanted, and the more the political class could benefit from giving it to them. That's the real story, that the landed gentry in England, already weakened by the end of any remnants of feudalism, were ultimately supplanted by the political class. That latter fact precedes the Industrial Revolution, and was born out of all things the struggles between Parliament and the Stuarts over who had the right to run the country.
funny jokes are reality jokes that are not funny (Score:3, Insightful)
Re:So let's get this straight: (Score:4, Insightful)
Like everyone else on the planet. Not that it matters whether you access webmail via Linux or via Windows.
the main vector of malware coming in is via e-mail attachments, yet these guys keep clicking on them
Webmail cracked - that's almost certainly not clicking-on-attachments territory, more likely poor password choice. Access to company servers from the inside (employees collaborating with the attackers) is another possible path of attack.
signed e-mails and attachments would make reception thereof fairly safe, yet these guys have no idea about it
Works only on a node-to-node basis. If their contact doesn't have the tools, then they can't use it. Same applies to encryption obviously. Is PGP freely available in China? How long till the government detects that you are using PGP and takes you in for questioning solely based on that fact?
but then these guys probably would feign complete ignorance and amazement over the fact, that especially the totalitarian governments of the world don't exactly work with white gloves
If the Chinese government attacks western computer systems, that's news. It might require a political response, that should be in the public discussion. Regardless, it's certainly worth reporting.
Freedom of the press is vital for my freedom and for yours. I think your disdain is completely inappropriate here.
Re:Is anyone surprised? (Score:3, Insightful)
I'm sorry, how is that different from an insurance company saying "Your patient's policy does not cover this. Please let him die."
You anti-health care nuts really are a greedy, and yet pathetically retarded bunch.
Re:Is anyone surprised? (Score:3, Insightful)
If we're talking companies based in the countries that lose the war, then you'd be correct. But in a lot of cases (including those in the 1930's and 40's) we're talking about outside multinationals, who can move their capital quite easily from one country to another. Ergo they can and will play they short-term gain in, say, Spain, then head to Germany for a decade, then to Argentina, and so on.
It's remarkably similar to investments in fundamentally unsound securities. The idea is to make a bundle while everything looks great, and leave someone else holding the bag when it goes sour.