Forgot your password?
typodupeerror
Government Security The Internet Your Rights Online

Does China's Cyber Offense Obscure Woeful Defense? 132

Posted by samzenpus
from the paper-cyber-tiger dept.
Gunkerty Jeb writes "The official line in Washington D.C. is that there's a new Cold War brewing, with an ascendant China in the place of the old Soviet Union, and cyberspace as the new theater of war. But work done by an independent security researcher suggests that the Chinese government is woefully unprepared to fend off cyber attacks on its own infrastructure."
This discussion has been archived. No new comments can be posted.

Does China's Cyber Offense Obscure Woeful Defense?

Comments Filter:
  • Cyber war (Score:1, Offtopic)

    by nomorecwrd (1193329)
    first to post, wins!
    • by Larryish (1215510)

      So what you mean roundeye, pirated XP machines no good security?

      Yu Dum.

      • by Luckyo (1726890)

        On that topic, I ran a vanilla XP (no service packs) until 2008. Zero virii.

        Firewall + anti-virus + only 3 users, all of whom weren't computer illiterate.

        Often it's not the OS, it's the users or admin. That said, on an office machine, updates would be pretty much mandatory. But then, with huge amount of machines, wouldn't it be more sensible for China to fork their own linux distro for government usage?

        • On that topic, I ran a vanilla XP (no service packs) until 2008. Zero virii.

          I'm sorry, I not familiar with these hard english words like that. What is a "virii"? It isn't anything that I've ever heard of before.

          Back on topic, did that computer get any viruses?

  • ...the US government is keeping mostly mum about the threats coming over from China. That and they want to keep getting their money.

    • by h4rr4r (612664) on Wednesday April 27, 2011 @04:27PM (#35957180)

      What the 6% of our debt they own?
      About the same amount the Japanese own.
      Where does this "The Chinese own the US" myth come from?

      • by bsDaemon (87307) on Wednesday April 27, 2011 @04:30PM (#35957212)

        From the interpretation that sensationalist news services give to the words of scaremonger politicians.

        • by hey! (33014)

          And if people stopped being scared for a moment and thought (which they won't), they'd realize exactly who has whom by the proverbial short hairs on the debt issue. China doesn't want to undermine our ability to pay, say by totally cutting off cash to fund our *deficit* (a different but obviously related issue). They can turn down the cash spigot and make us hurt, but not *too* much, and it'd probably be for our own long term good.

          • It's get harder each day to find posts like this one that leaves out the ideological dogma when evaluating China.
      • oooo... major ownage...
      • It might be the rate at which they're acquiring our debts.

      • by Dutchmaan (442553)

        Where does this "The Chinese own the US" myth come from?

        From the same place that "The Japanese own the US" myth came from in the 80's... Ironically the British owned the most US assets followed by the Dutch then the Japanese in the 80's... I have no idea who owns what in what capacity these days.

        • Re: (Score:3, Informative)

          by CaptainLard (1902452)
          Here you go:

          http://www.treasury.gov/resource-center/data-chart-center/tic/Documents/mfh.txt

          I'd say the amount china owns is substantial. I'm against sensationalism as much as the next guy but a trillion dollars held by a foreign country is a shitload no matter how you slice it. Sure Japan has over 75% as much as china but there is a HUGE drop off after that. If we're going to say Japan owns almost as much as China to downplay foreign debt, we should also say Japan and China hold almost as much US debt as

          • Owning foreign debt is a slight misnomer. China's purchase of government debt instruments is an investment for them. And when you invest you want to chose the most stable and the most likely to fulfill the terms of the investment. In essence they are placing their trust in the US economy. Should they attempt to weaken the US economy it will most likely hurt them worse than the US. A big part of Chinese economy is the US market. Without access to that market they stand to lose big time. Also remember that Ch
          • by smelch (1988698)
            Are you counting US citizens as holders of US debt in your "rest of the world combined" comparison? I bet you are not. Foreign entities only own a total of 4ish trillion dollars, domestic entities own 10ish trillion. http://www.usdebtclock.org [usdebtclock.org]
            • You are correct. I did not include US citizens as part of "the rest of the world" in holding FOREIGN debt. To your credit I forgot to put the word foreign in front of debt in that second to last sentence leaving myself open to semantic attack. Curse you slashdot! You win again. (I just hope I didn't misspell anything...)
      • Well, they own all your factories.

      • by econolog (2081738)
        It's not 6%... http://www.usdebtclock.org/ [usdebtclock.org] Quotes US national debt at ~14 trillion. China holds ~3 trillion in US bonds. That is ~21% of our national debt. Citation:http://news.xinhuanet.com/english2010/china/2011-04/23/c_13842843.htm [xinhuanet.com] Also, bonds aren't the only form of obligations the US sells to cover its debts. I think its safe to assume China likely owns a larger chunk of US debt than the bonds alone. In a world of nuclear weapons, economic domination is king. You may also want to look at the allia
      • Probably from their currency manipulation schemes that lower the value of their currency (and, in turn, lower the cost to buy their goods). That scheme subsidizes Americans more than any debt ownership. Still, we're mutually dependent, I'm not worried about them.

        • by c0lo (1497653)

          Probably from their currency manipulation schemes that lower the value of their currency (and, in turn, lower the cost to buy their goods). That scheme subsidizes Americans more than any debt ownership. Still, we're mutually dependent, I'm not worried about them.

          While China does something to work itself out [indiatimes.com] from the "mutual dependency" with US, what is US doing (or even able to do)?

      • by nobodie (1555367)

        I don't know about your numbers, but I do know that there is beginning to be a ... well what appears to be a planned and deliberate media attack against China. Yes I know China appears scary because they have grabbed so much power so quickly and they really do not have the finesse to know how to use it, work with it or manage it effectively, but they are in an accrual phase anyway.

        Case 1 for me was the frenzy last weekend about the "Chinese church stopped from having Easter services". This was sheer BS. The

  • The official line in Washington D.C. is that there's a new Cold War brewing

    Since when?

    • by Biff Stu (654099) on Wednesday April 27, 2011 @04:53PM (#35957414)

      The official line in Washington D.C. is that there's a new Cold War brewing

      The official line from Fox News is that there's a new Cold War brewing

      • by tater86 (628389)

        Yeah, but it's the fox news office with the white house in the background.

      • by quenda (644621)

        The official line from Fox News is that there's a new Cold War brewing

        The official line from Fox is we have always had a cold war with Eastasia.

    • by unjedai (966274)

      The official line in Washington D.C. is that there's a new Cold War brewing

      Citation needed. Oh wait. It's in the summary. You can make up whatever bullsh#t you like. Nevermind.

  • I wonder why China never thought of securing their systems more tightly. Surely they must have realized that retaliation would come their way at some point, no? I mean, aside from the fact secure systems are usually preferably to ones that are not...
    • Re:Retaliation? (Score:5, Interesting)

      by Ancantus (1926920) on Wednesday April 27, 2011 @04:29PM (#35957204) Homepage Journal

      TFA answers your question:

      A lot of what is running in China is developed in-house by Chinese firms. They're not using Western products or open source platforms, because they don't trust them or they're worried that someone might put a back door into them.

      So they are rebuilding from the ground up without taking advice from other people who have tried it. Eliminates back doors (unless your own coders are putting them in) but it seems the front door is wide open...

    • Re:Retaliation? (Score:4, Insightful)

      by jandersen (462034) on Wednesday April 27, 2011 @04:46PM (#35957350)

      I wonder why China never thought of securing their systems more tightly. Surely they must have realized that retaliation would come their way at some point, no? I mean, aside from the fact secure systems are usually preferably to ones that are not...

      Quite so. It is also worth noting that we have never actually seen anything that looks like evidence for the Chinese state organising "cyberattacks" on the US - all we have to go on is allegations spread on places like /. in the form of rumours.

      Can it really have escaped anybody's attention that it is extremely easy to spread false rumours, especially on the internet, and it is extremely easy to spoof the origins of any attack?

      And how can anybody credit a tall tale about some anonymous source "knowing" that some "Chinese secret service" is orchestrating hacker attacks? It that really all that likely - a guy sits in his parents' garage and just knows this? What happened to simple, common sense and critical thinking? I mean, with Wikileaks you have documents - mr Assange doesn't go around saying "somebody told me ...", does he?

      Until this kind of accusations are accompanied by sound references, I can't regard it as more than an attempt to poison the well.

      • by jandrese (485)
        Cyber attacks are real. The Advanced Persistent Threat has been targeting government contractors for some time now with varying degrees of success. The reason it works is because the APT is very smart and very good at what they do, and the people on the defense are mostly just wage slaves that don't really understand security. That's also how a country can be so good at attack and so poor at defense at the same time. It is of no surprise at all to me that random government ministries in China are vulner
      • by T.E.D. (34228)

        It is also worth noting that we have never actually seen anything that looks like evidence for the Chinese state organising "cyberattacks"

        Of course not. It could just be a total coincidence that all the top known Chinese hackers just happen to be employed by the government [thedarkvisitor.com] in some capacity.

      • by Mn3m0nic (234085)
        Believe it or not, but there are a lot of govies that read and post on Slashdot. Sure, you have to take everything said online with a grain of salt, but not everything is purely nonsense.
    • by Khopesh (112447)

      I wonder why China never thought of securing their systems more tightly. Surely they must have realized that retaliation would come their way at some point, no? I mean, aside from the fact secure systems are usually preferably to ones that are not...

      That might be related to their lack of confidence in their enemies' ability to attack. Alternatively, they might be considering it like nuclear warfare, in that there's no way to do a perfect job, so the threat of retaliation is more potent. Therefore, they're focusing all resources on aggression.

      Additionally, everything is built in-house (for a very large "house"), so they have some security-through-obscurity for the items that aren't just forked F/OSS projects. If I were them, I'd lull other nations

    • by timeOday (582209)

      I wonder why China never thought of securing their systems more tightly.

      More tightly than what? The article says the US is as bad or worse. There are no large, well-secured networks. It has never been demonstrated that it is even remotely feasible to do such a thing. Day after day we see these articles about security issues, and eveybody saying, "how could this happen?" as if vulnerabilities were avoidable and abnormal, in the absence of any evidence that this is the case.

      • by gnick (1211984)

        There are no large, well-secured networks.

        Actually we have multiple large VERY well secured networks. The drawback is that they're only used by government agencies for transmission of classified data and not by our general infrastructure/industry. To my knowledge those have never been victim to attack except by insiders. It would be nice if we had kind of a "yellow" network in between the "green wild west level and "red" classified networks for use on power grids and the like.

  • "Best defense is a good offense"

    If you can attack them quick and well enough, they won't have any non compromised systems left to come back at you. :)

    • by MarkvW (1037596)

      But "Defense wins Championships."

      • I vaguely remember a super bowl from the early 2000's where the Baltimore Ravens defense pretty much -was- the game. They did their job and the offense's job and won the Superbowl all by themselves.

        Wikipedia says it was superbowl XXXV, and Ray Lewis (a linebacker!) was named superbowl MVP, if you want an idea just how dominate that D was. All 16 of the Giants possessions ended with punts or interceptions.

      • by Nidi62 (1525137)
        Offense wins games, defense loses them.
    • by _Sprocket_ (42527)
      Which is fine when you're playing football. Oddly enough, every situation in life is not football. Football involves two set teams with a set roster on a defined playing field attempting to achieve limited and directly contradictory goals through the application of a defined set of rules (as well as fundamental undefined rules - the laws of physics) over a limited and defined period of time. What we're dealing with is the exact opposite on every single point. There are not set teams. There are not set
  • Did he hit a bunch of honeypots? If China is better defended than he though, he'll dead by morning.
  • Fear over a the cold war kept jobs in the United States... Maybe if I had enough $$$ to be 'global' I'd be happier, but as it stands I'm stuck here locally...
    • I hope you're joking. The Cold War sucked ass. I direct your attention to the history of the Cuban missile crisis. For all intents and purposes, nuclear war should have happened, but (thankfully) didn't happen. I'm still gobsmacked that it didn't!

      • Nope, not joking. If you look into it, there really never was much, if any danger. The USSR was a broken country with few, if any, missiles that could reach us. Hell, after WWII they didn't have enough gas to get their tanks back home. They pulled them with horses & mules (look it up). The entire thing was an invention of Eisenhower. He thought w/o a credible threat our entire economy would collapse. There are quotes floating around where he talks about regretting the decisions; he basically created the
  • Most of the hacking and spam that come from China can be directly traced to compromised pirated version of Windows. Just walk down the street, pirated software is but a block away in many cases. Unfortunately for them, their compromised machines can be turned against them.

    You know the ol saying. Live by the sword, die by the sword (or some such).

  • Holy shit.

    Another example is China's National University of Defense Technology. They had a bunch of Web servers that weren't using SSL or HTTPS

    This is basic stuff...good lord are they bad.

    I'd estimate that 40% of logins are user name and either all numerical or all lowercase passwords. There are no hash or space characters.

    I'm just going to stop here.

  • by peter303 (12292) on Wednesday April 27, 2011 @04:44PM (#35957334)
    Everyone copied it illegally to save a buck.
  • This sounds crazy, but why does China need to put effort into as much defense as other places?

    If one thinks about it, they really don't have much to lose, compared to American or European businesses. Militarily, China may have trade rivals, but no true enemies. They have no terrorist groups wanting to level Shanghai, there is no such thing as an Al-Qaeda like threat to the PRC in any shape or form.

    Because China really has no world enemies, combined with the fact that their IP is already known to others, a

    • They have no terrorist groups wanting to level Shanghai, there is no such thing as an Al-Qaeda like threat to the PRC in any shape or form.

      The Uyghurs are trying. They aren't half the threat that the PRC makes them out to be (the same could be said for Al-Qaeda), but they are still a threat and they still do blow stuff up and kill people.

      • by Anonymous Coward

        "The Uyghurs" are trying? As an entire race? Really?

        If anyone here says something along the lines of "the Muslims are trying to level NYC" they'd be buried. Rightfully.

  • Mutually assured cyber destruction. I can't wait for the made-for-TV movie!
  • "the Chinese government is woefully unprepared to fend off cyber attacks on its own infrastructure."

    I don't think anyone is, or even can be, prepared to fend off large-scale "cyber attacks".
    If there's one thing that you can rely on, its that big organizations are always several years behind on implementing new technology in a large scale. Sure, the NSA etc might be doing cutting edge security research and stuff, but how long does it take to get defences against new attacks actually implemented across the re

    • by lwsimon (724555)

      Yep - physical isolation. That's what has protected the Iranian nuclear program's computer so thoroughly :)

      • Just imagine what would have happened if those machines had had direct internet access....

        Meaningful security does not imply complete security. The fact that the machines were depending solely on the airgap (which was bridged by unsecured USB keys) for security wasn't all that good either. They needed ACLs and a locked down system at minimum.

  • So... what you're saying is that the only thing that keeps American hackers from overrunning China with viruses, spam, and various forms of hackery is that we haven't taken the time to learn their language? That's either impossibly inaccurate or we are incredibly lazy. Hey Anonymous! Go learn some Chinese.
  • It was probably "nice" of him to report his findings to China CERT but as a citizen of the U.S. (I'm assuming, if he's working for NSS) couldn't that be considered something, I dunno...bad? I mean, China is an enemy of the U.S., and the cold war is based on information. "Hey, dude, your fortifications are weak here, here and...oh here." Seems a little off. I would probably have submitted the information to someone on our side, but I do see his neutrality point - a bit.
  • I'd be interested to see how well prepared our (USA) infrastructure is.

    Let me guess...

  • Maybe it'll take the American equivalent of China's "patriotic hacker" movement, to educate the Chinese of the error of their ways.

  • In all reality, I doubt either country would be in position to fend off cyber attacks. I mean the US government tried to go after Anonymous and ended up having the security firm they hired get a huge black eye and multiple government websites getting smacked up as well. In terms of China, they have attacked multiple countries, but it seems when they get hit themselves they stop what they were doing and being denial of the facts.
  • There is not a cyber 'cold war' brewing. It is already happening. I've seen it at the company I work for first hand. The Chinese are infiltrating and stealing everything they can copy the bits of from US corporate infrastructure. Most companies don't even have the awareness to know they are infected. They believe having a firewall and Anti-Virus is protecting them. Anyone who thinks the US isn't doing the same things to China is just being willfully ignorant.
  • There firewall is fully operational!

  • because if we didnt have something to flee from in cringing terror at all times, politicians would be forced to account for our failing states, education systems, healthcare infrastructure, employment, and foreign policy.
  • I was at Google when the Chinese attacked, and I felt personally violated. I would be more than happy to see the favor returned.

    And anyone who doesn't think it was actually the Chinese intelligence agency that mounted that attack against Google is a victim of wishful thinking.

  • I hope this young man is correct in his assessments which pretty much trash / emasculate Chinas own Cyber vulnerability in the eyes of the readers. I had read for some time already that since many or most Chinese computers run on pirated Microsoft Window products that this could be the case. I always wonder when odd perspectives like this are injected into a volatile mix in the area of Warfare / Public Opinion / Technology if their isn't some attempt being made to mold, test or to shape popular opinion.
    • The cyberwar hype exists to sell juicy defense contracts to supply snake oil. That's it. That's the whole "threat".

  • That there is not and never has been a credible threat from China on this. That the entire purpose of the cyberwar hype is to generate juicy defense contracts selling snake oil to the government. Your taxes at work.

  • I don't think there's been much discussion of China's vulnerability, mainly because their society seems so much less DEPENDENT on tech than the West (particularly the US).

    To pick a superficial example:
    - person A has a top of the line firewall, and orders all their groceries online every other day
    - person B has a garden and farm animals.

    Clearly, person A has far better 'defenses' than person B, but who's really more vulnerable.

Arithmetic is being able to count up to twenty without taking off your shoes. -- Mickey Mouse

Working...