China Wants Cyber Crisis Hotline

An anonymous reader writes "China should look at establishing a cyber crisis hotline with the United States, according to a Chinese newspaper seen as a window into official thinking. Discussions about a crisis hotline might seem an obvious first step in improving relations. But if it's a sign the Chinese government is beginning to think about how to coordinate a rapid, unified response to cyber emergencies, then it is an extremely important one."

Why?

[jgotts]

Why should the US government aid the Chinese surveillance state any more than it already does? If there is hacktivism going on against China then so be it. China would do well freeing its political prisoners, such as the Nobel Prize winner Liu Xiaobo, and then it can ask for cyber help from the US.

Re:

[masternerdguy]

It gives the USA free surveillance on China. Go USA!

Re:

[Anonymous Coward]

It gives the USA the illusion of free surveillance on China. Go USA!

FTFY.

Re:

[Fluffeh]

It gives the USA free surveillance on China. Go USA!

A window may be gazed through in both directions. This isn't about China asking for help so much as China asking to be let inside to explore and stake things out - under the pretense of coming inside to play.

Re:

[Sabathius]

...or let them know that we are about to launch the missiles when they attempt to hack the Pentagon again.

Re:Why?

[timeOday]

I don't see why you interpret this as a US-based helpdesk China could call for assistance.

I interpret it more like the cold-war Moscow/Washington "red telephone," the idea being that if bilateral conflict seems at risk of spiraling out of control, there is some mechanism to communicate and hopefully pull back from the brink of mutual harm.

Re:

[AssholeMcGee]

So if you live in China, or you are Chinese living in the U.S and talk shit about China's leaders the U.S. can help China's government track you down and punish the offenders?? Or is this related to spyware attacks, and hackers? Not sure what to make of this... The U.S has a boat load of ways to track countries, this agreement does not really do anything for U.S surveillance on China or China's Internet!!!!! Come on now people!!! You know that with the kind of resources the U.S has they do not need agreeme

Re:

[cavreader]

This is not what the proposed hot line is for. Not even close. Any priority bilateral communications between countries used to head off knee jerk or excessive actions due to perceived threats should be encouraged. Even if that communication channel does not solve the problem it is better than nothing. Or maybe you think we should rely on the UN to mediate these issues?

Re:

[lexsird]

Why? Because we are in the "We're evil and we suck" club now with them. If you haven't noticed, we are in the "bad guys" now.

Re:

[Xaedalus]

Okay, yeah, this is a troll, but this is a damned funny troll. Good job!

Re:

[ThatsMyNick]

I second that. To hell with mod points.

Re:

[Synerg1y]

Outside of the troll like presentation, he has a point, China would not report its top secret cyber attacks against the states on this call line, and when they happen they'll just point back at the call line and irresponsible Americans who did not call in :)

Good Intelligence Source

[Anonymous Coward]

And a hotline for when the U.S. is under cyber attack by China would be useful in assessing how successful the attack is going, and how it should be modified.

Of course, it is also possible it could be used for good.

Re:

[Joe_Dragon]

and that is all they will need to send the troops / bombs in as a cyber attack is a act of war.

Re:

[Wyatt Earp]

Its also a way to mitigate the US launching SLBMs at China in retaliation for cyber war.

The Chinese will try and talk down the National Command Authority.

Re:

[ackthpt]

And a hotline for when the U.S. is under cyber attack by China would be useful in assessing how successful the attack is going, and how it should be modified.

Of course, it is also possible it could be used for good.

Like a Hotline to Lord Voldemort for every time Harry Potter suffers one of those headaches.

"Hello, Lord Voldemore speaking. ... What do you mean you can see me in your dreams?!? And people call me sick!"

Re:

[Sulphur]

Of course, it is also possible it could be used for good.

Suppose someone cyber attacks the U.S. and spoofs that they are China. Good communication might help sort it out.

With all that China has done towards the US...

[sethstorm]

...their government departments(including nominally private organizations like Huawei [businessweek.com]) and any company's assets within China all deserve to be compromised.

Of course, this won't sit well with the China apologists that will (inevitably) modbomb this - just that China gets too many passes than it really deserves.

Re:With all that China has done towards the US...

[LordLucless]

just that China gets too many passes than it really deserves.

Depends what you mean by "deserves". It get passes because it's large, rich, and still growing. It gets them because the US is afraid of pissing it off. It's pretty much the same reason the US has received special consideration from so many other governments in the past. As far as "deserves" (a subjective judgement) can be objectively analyzed, it deserves them because it is sufficiently large and powerful to demand them - which is all that matters when it comes to international politics.

Re:

[ShovelingSnw]

China deserves to be compromised.

Re:

[toutankh]

I won't disagree on that, but please take some perspective. First, why would I care about what China has done towards the US in particular? Why not consider all other countries? I'll let you count how many other countries China has invaded over the last, say,10 years, and compare it to how many other countries the US have invaded over the last 10 years, under a number of fallacious pretexts and while blatantly lying (e.g. about chemical weapons or WMD). You might also want to have a look at the US embargo o

Re:

[ShovelingSnw]

China suppresses the response to its aggressions using passive aggressive tactics. Like someone bumps into you, that could be a fight, but instead they smile. And then the next time they see you, they bump into you again, and again they smile and pat you on the back. It gives you a weird feeling, but you aren't willing to start a fight over a misunderstanding. And yet again, it keeps happening. Then, emboldened by your lack of response, they tell you you bumped into them.

China uses human psychologic

One-way traffic

[Nidi62]

All the calls would be coming from the US, and China would just deny them anyway. If a global cyber attack starts affecting Chinese systems, then the PRC government just has to call down to whichever department or military unit is pulling off the attack, and tell them to cool it a bit. This is like a police department setting up a system to investigate robberies by talking with the pawn shop that happens to be the local fence. Not much is going to get done,

Re:

[ackthpt]

All the calls would be coming from the US, and China would just deny them anyway. If a global cyber attack starts affecting Chinese systems, then the PRC government just has to call down to whichever department or military unit is pulling off the attack, and tell them to cool it a bit. This is like a police department setting up a system to investigate robberies by talking with the pawn shop that happens to be the local fence. Not much is going to get done,

Chinese call going to US:

"You stop talking about Wayward Province of Taiwan, now or we filter all traffic!"

Re:

[ShovelingSnw]

China is trying to use "human warfare" to overcome their technological gap with the United States. They know their zerg rush tactics are useless in modern warfare, so they are going for the dirty tricks to try to even the odds. Tricks such as political posturing, psychological warfare (bogus pro china comments everywhere), and evidently this -- an attempt to prevent our primary recourse to their hacking attacks. I think it's time that Americans decided to try some asymmetric warfare on China themselves.

Re:

[Nidi62]

The easiest way to hurt China would simply be to bring manufacturing jobs back to the US. The best way to hurt China is to take away their biggest bargaining chip.

Re:

[ShovelingSnw]

I agree with this. Thus far our efforts at doing it have failed. Why? Probably because of a combination of factors. A lot has to do with propaganda being spread online that we "need" them. I remember reading this as early as 2006. I was like "What? Why do we need a slave labor force for? We did just fine in the 1990s without them." But attempts to protest China seem to the neutral observer to be too much like Joe Nobody's personal movements "free tibet", "stop burning fossil fuels", "don't eat anima

Re:

[ShovelingSnw]

We need to organize more protests and spread awareness of China's activities. One of the things China does (like a good sociopath) is they do things that are counterproductive to us, but then try to suppress our ability to respond. Whether with rhetoric and propaganda, or by people posting defeatist comments saying we "need" them or other such nonsense. It's like the AIDS virus, it disarms its host, and that is why its so successful. What we need is a suppression of the suppression.

Double-Cross

[Chaseshaw]

I'm glad everyone is so skeptical of this. My first thought was, "oh, so then when they hack the crap out of us and we call to say we're having a 'cyber crisis' they can deny it directly..."

Re:Double-Cross

[ackthpt]

I'm glad everyone is so skeptical of this. My first thought was, "oh, so then when they hack the crap out of us and we call to say we're having a 'cyber crisis' they can deny it directly..."

Not like identification of attack source is immediately known. After the attack and the information is pieced together what do you do?

"Hey, we were attacked by a bunch of servers in your country yesterday."

"It was not us!

Yeah, that sounds useful. News media is more effective to get our displeasure across.

CorpCo, a company fulfilling contracts to sell missile defence components to Taiwan was under cyber attack on Sunday, attacks originated from Hu Jintao's mobile phone. When asked about the attack Hu said his mobile phone had been stolen a week ago and he was just now getting around to calling the police.

Cyber Crisis Hotline?

[Hartree]

"Hello. Cyber Crisis Hotline."

Hi, I need a cyber crisis pronto. More than just the usual ICMP bombing or BGP storm. Something really noticeable with physical damage.

But, I don't want to get into releasing toxic industrial chemicals or the like. That has a bad rep after Bhopal. If you could do a SCADA subversion on a high water dam and release a massive flood that'd be perfect.

"No problem, sir. We have standard rates for major seminatural disasters. That'll be 100 million in gold to our Cayman Islands bank account for a standard target. If the country has nukes or an umbrella treaty with a nuclear power, that'll be 300 million and must be disguised as an IMF loan."

Re:

[wierd_w]

"You need cybahcruime righ nao? Ok, we attack you long time! You wan unhappy ending? Dat extra! We have special righ nao on discoun razer purinturs. We throw in special remote exproit in PeeSeeErr rogic. Very easy upgruade! You like! We take regula fee: interecturah pruropurty, and you promise not tark abou' proriticar dishidents. Dat good, oh' you nee' soona? Good dear on purinturs! Factory overflowing!, you take deal? We righ on it!"

Re:

[spazdor]

insert the usual DATS RACIST caveat, but... excellent job in transliterating the accent. spot-on.

Stop Online Piracy Act (SOPA)?

[PythonM]

China and USA are finally doing the same: protecting top 1% of their most influential citizens!

So the idea is...

[otaku244]

To have a hotline set up where the US can report to China that China is hacking the US?
Wouldn't the Chinese already know this?... oh wait... the call center would be in India.

Good idea

[PPH]

They'll set up a system to report and track hacking incidents. Until we discover that the Chinese have just given us the phone number of the local laundry.

It was the "no tickee, no washee" that gave it away.

They must have Anonymous in China also

[wezelboy]

enemy of my enemy and all that.

Ok

[ShooterNeo]

Is "cyberwarfare" even technically or practically POSSIBLE? Or does it depend on the side being attacked being a total moron? I've never quite gotten my head around this : if you isolate the systems that can actually do bad things in the real world from external network access, for the most part the enemy can't do shit to you. As long as you keep those power stations and water pumps and all the other useful infrastructure, both civilian and military, on air gapped internal networks, it's going to be darn hard to sabotage them from across the globe.

Not impossible, I suppose...could fake a phone call. But cold war saboteurs could do the same thing, so nothing has changed there.

Now if you start connecting all your critical systems to the internet, and you don't use firewalls or they have security flaws, and you frequently stick thumbdrives full of possible viruses into your air gapped computers...well...I suppose you get what you deserve, then.

Re:

[Anonymous Coward]

Air gap means air gap. The majority of all compromised systems since the early early 2000s were behind firewalls, many of them competently configured.

An air gap alone is insufficient

[sociocapitalist]

There are many other possible vectors, consider:
Operating system and other software updates imply that the providers are as secure as you need to be
Zero day vulns that might be in pdf or some other file that has been scanned and is thought to be secure
Printers can be vectors for attacks
Disgruntled or careless workers who deliberately or accidentally compromise the air gap
Network hardware sourced from vendors or manufacturers that might have hidden backdoors in hardware/firmware/software

heard of stuxnet? Re:Ok

[Fubari]

Have you read anything about how stuxnet propagated?
It was "darned hard", as you say, and the attackers pulled it off.
"Air gap" means far less than it used to.
With every passing year, more and more "things" are dependent upon more and more CPU power.
You don't need to own your targets & control them, just denial of service would be enough. (e.g. suppose there was an exploit that could brick every cell phone made in the last 3 years? Or take power grids offline? Or... you know, it really is a long

Facepalms

[lightknight]

Most forms of "cyber" emergency can be solved by not mandating an Ethernet port on your new rocket launcher (let alone 802.11n). I.e. If you want it to be secure, don't plug it into the f*cking internet!

But in all seriousness, I hope they (and the US) do spend breathe-taking amounts of their constituents money on another pointless endeavor; why, you ask? Because then Marines and every colorful variant thereof will have to field tech support calls from people "who think their Facebook has been hacked." I ima

"Keep your friends close...

[sociocapitalist]

...and your enemies closer."

Sun-tzu. Chinese general & military strategist (~400 BC)

How the mighty have fallen...

[cylcyl]

Now we're doing tech support for China users?

Good

[Krojack]

I can call it every day and complain about all the Chinese IP's slamming the fuck out of my network. Not that it will do any good but at least I can vent some rage at someone.