Journalists' Yahoo E-Mail Accounts Compromised In China

andy1307 writes "According to this article in the New York Times, 'In what appears to be a coordinated assault, the e-mail accounts of at least a dozen rights activists, academics and journalists who cover China have been compromised by unknown intruders. The infiltrations, which involved Yahoo e-mail accounts, appeared to be aimed at people who write about China and Taiwan, rendering their accounts inaccessible, according to those who were affected. In the case of this reporter, hackers altered e-mail settings so that all correspondence was surreptitiously forwarded to another e-mail address. ... The victims of the most recent intrusions included a law professor in the United States, an analyst who writes about China's security apparatus and several print journalists based in Beijing and Taipei, the capital of Taiwan."

Damn Chinese!

[fuzzyfuzzyfungus]

Don't you know that you should do your wiretapping directly at the ISP level, like real Americans?

Re:Damn Chinese!

[Marcika]

Don't you know that you should do your wiretapping directly at the ISP level, like real Americans?

I'm sure that they know and they do. But wiretapping at the ISP level doesn't help if their victims use HTTPS or SSL IMAP/POP like pretty much all Gmail (and Yahoo?) users do. Real Americans(TM) subpoena Google or Yahoo records directly over their convenient law-enforcement interfaces -- China can't do that...

Re:Damn Chinese!

[KiloByte]

https is very easy to MITM if you can inject bogus signed certificates. For that you need to control a CA. Like, for example, CNNIC whose root certificate is included in MSIE and Firefox.

Please to vote on the bug report [mozilla.org] to remove this security hole.

Re:Damn Chinese!

[muckracer]

> https is very easy to MITM if you can inject bogus signed certificates.

agreed

> For that you need to control a CA.

agreed

> for example, CNNIC whose root certificate is included in MSIE and Firefox.

agreed

> Bug 542689 - Please remove CNNIC CA root certificate from NSS

agreed BUT: Why do you single out this particular CA when the valid issues you raised APPLY TO ALL OF THEM?!

Re:

[TheLink]

The real bug is Mozilla doesn't _help_ you realize and figure out that a cert has been changed for no good reason.

Yes the way to do it won't work 100% for the average person. But the average person will get pwned anyway.

So in this case, Mozilla should help the ones who care about security - warning people that the server cert has been changed rather early, or worse the CA has changed, or even worse the CA has changed AND the new CA is in a different country.

But no, the Mozilla developers still haven't lifte

Re:

[Spazztastic]

Is there an addon that warns of cert changes? I don't know how to program, but it seems that would be a really good addon to develop. I'd donate to it.

Re:

[muckracer]

Check out Perspectives: http://www.cs.cmu.edu/~perspectives/ [cmu.edu]

Of course, by removing all CA's, manually/permanently accepting the site's cert you'll also be warned if it changes (pretty much like SSH then).

Re:

[TheLink]

There's "Certificate Patrol" for Mozilla Firefox.

But I'm not sure how trustworthy that is. You could look at the source code and the data (I'm not so sure how to check the initial database/config).

Re:

[ObsessiveMathsFreak]

https is very easy to MITM if you can inject bogus signed certificates.

Ah yes. The Myth in the Middle. That great urban legend of cryptography.

Out of curiosity, could someone actually provide a concrete example of a MITM attack ever being successfully carried out? Bonus points for anyone who can further provide reasons for why this means Firefox no longer likes self signed certs.

Re:

[tlhIngan]

Out of curiosity, could someone actually provide a concrete example of a MITM attack ever being successfully carried out? Bonus points for anyone who can further provide reasons for why this means Firefox no longer likes self signed certs.

Well, there's SSLSniff [thoughtcrime.org] that was used to demonstrate faking Paypal certificates (via NULL attacks in browsers). There's also the neat SSLStrip [thoughtcrime.org] that transforms a HTTPS transaction down to an HTTP one.

They work by ARP spoofing right now, and if you combine with the IE WPAD (w

Re:

[fuzzyfuzzyfungus]

They aren't generally considered "attacks"; because they are conducted by the owners of the hardware and the connection; but a nontrivial percentage of the sorts of proxy servers commonly sitting between a corporate/institutional LAN and the hostile wide world of the internet are at least capable of such, if not configured for it. Since the corporation owns the computers, pushing their internal CA as trusted into client browsers is a trivial matter, which allows their web proxy to preserve the client machi

Re:

[nazsco]

>They aren't generally considered "attacks"; because they are conducted by the owners of the hardware and the connection;

Yes. The one they own and you rent. hence man in the middle.

what's so friggin difficult to understand?

Just spread "china is for dictators" all over.

[h00manist]

If everyone spreads messages protesting china all over the net, it will be hard for them to hide. Google should spread the message right on their homepage. They can do it now.

Re:Protest the Chinese!

[h00manist]

It's a great moment to protest against government espionage. Everyone in the west will agree on protesting chinese espionage, but it will indirectly call attention to western government practices too. Implementing protests in Chinese text does pose some interesting technical and language problems....

Re:

[TheLink]

> But wiretapping at the ISP level doesn't help if their victims use HTTPS or SSL IMAP/POP like pretty much all Gmail (and Yahoo?) users do.

1) Yahoo mail is not encrypted. Only the login is. So it is possible to sniff the session credentials (cookies etc) and do stuff like change the passwords.

And it's not just Yahoo. None of them (Yahoo, Hotmail, Google) allowed you to use https for the entire email session, including Gmail, until the recent Google hack incident.

The banks I use don't even allow you to a

Re:

[EXrider]

And it's not just Yahoo. None of them (Yahoo, Hotmail, Google) allowed you to use https for the entire email session, including Gmail, until the recent Google hack incident.

Gmail has offered the option to use HTTPS for your entire session for several years now, I remember discovering it back in '05 while perusing the preferences. It just wasn't the default.

Re:

[TheLink]

Hmm, ok I guess my memory was bad then.

I thought I recalled it redirecting me from https to http when I tried it a while back.

Re:

[Asic Eng]

Wiretapping at the ISP level isn't so convenient when the ISP is outside your jurisdiction. Some of the people attacked were based in Taiwan and the US. Also journalists often move around, so you might have to attack many ISPs in order to gain access. In this case it just makes more sense for the Chinese to attack webmail accounts.

Re:

[TubeSteak]

Don't you know that you should do your wiretapping directly at the ISP level, like real Americans?

Why would you need to when the e-mail hosts have so thoughtfully buried an auto-forwarding function on a settings page that no one ever checks?

"Free" e-mail has generally only improved in quality over the last decade, but that one move was incredibly boneheaded.
Every time I log in, the first thing I should see is "Your E-Mail Is Forwarded To: [No Where/Address]".
Anything else is just pure gold for malicious actors.

Is anyone surprised?

[Anonymous Coward]

China is a totalitarian state. Has been since 1949. What free trade has done is to make it a rich totalitarian state instead of a poor one. I never understood the argument that capitalism would lead to anything like democracy. Democracy [usually] leads to at least some level of capitalist/free-enterprise economy, but not the other way around.

Re:Is anyone surprised?

[dkleinsc]

I never understood the argument that capitalism would lead to anything like democracy.

The reason you can't understand that argument is that it's complete BS. It was created to try to convince Americans that the reason our government is making it extremely easy to trade with China is to spread democracy, not increase corporate profits at the expense of American workers' careers.

And historically at least, the system of government best suited to corporate profits is not democracy, but fascist-leaning dictatorships. That's true whether we're talking about Mussolini, Hitler, Franco, Pinochet, or Batista.

Re:

[h00manist]

I never understood the argument that capitalism would lead to anything like democracy.

The reason you can't understand that argument is that it's complete BS.

Indeed. Democracy is a form of voting, representation, social organization of people, citizens, governments. Capitalism, as well as socialism, are mostly organizing methods for distributing money, finances, and perhaps labor and goods. No actual relation to government organization. Of course money and politics are related, but I think they are still separate segments and entities. Government and finance are inter-related to health care, education, media, technology and a bunch of things too, but not inse

Re:

[h00manist]

"Socialism GOOD, capitalism BAD! Kill THEM for FREEDOM!". Umm oh wait, sorry that was on the other side, whatever, just invert it.

Re:

[Midnight Thunder]

"Socialism GOOD, capitalism BAD! Kill THEM for FREEDOM!". Umm oh wait, sorry that was on the other side, whatever, just invert it.

Then again, neither is necessarily bad or good. It all depends on how it is run. For me the only good spot is somewhere in the middle, accepting social needs and human motivation.

Re:

[MightyMartian]

I'm sorry, how is that different from an insurance company saying "Your patient's policy does not cover this. Please let him die."

You anti-health care nuts really are a greedy, and yet pathetically retarded bunch.

Re:

[dkleinsc]

In other words:

Basil Exposition: Austin, the Cold War is over!
Austin Powers: Finally those capitalist pigs will pay for their crimes, eh? Eh comrades? Eh?
Basil Exposition: Austin... we won.
Austin Powers: Oh, smashing, groovy, yay capitalism!

funny jokes are reality jokes that are not funny

[h00manist]

False flag operations [wikipedia.org] "False flag operations are covert operations which are designed to deceive the public in such a way that the operations appear as though they are being carried out by other entities. The name is derived from the military concept of flying false colors; that is, flying the flag of a country other than one's own. False flag operations are not limited to war and counter-insurgency operations, and have been used in peace-time; for example during Italy's strategy of tension." ...

Re:

[Skillet5151]

And historically at least, the system of government best suited to corporate profits is not democracy, but fascist-leaning dictatorships. That's true whether we're talking about Mussolini, Hitler, Franco, Pinochet, or Batista.

Uh, what? If you mean that having a rather militarist government is good if you're a corporation in the arms industry, then yes. But why the hell would an arbitrary corporation prefer having the laws change at the pleasure of a demagogue who may or may not like them instead of having an easily "lobbied"/bribed legislature?

Re:

[dkleinsc]

But why the hell would an arbitrary corporation prefer having the laws change at the pleasure of a demagogue who may or may not like them instead of having an easily "lobbied"/bribed legislature?

Because bribing 1 despot is cheaper and easier than bribing the 300 or so congresscritters/MPs needed to get a majority. Plus you do so much work to buy off particular politicians, and then the pesky public votes for someone else and you need to start over again.

Re:

[Skillet5151]

It seems unlikely that the man who dominates the entire country and can take what he likes from its tax revenues is going to do whatever you ask for a check.

Re:

[blackraven14250]

He will, however, do whatever you ask if you're increasing the size of his country's treasury....

Re:

[Jeremy Erwin]

Uh, what? If you mean that having a rather militarist government is good if you're a corporation in the arms industry, then yes.

What's wrong with making both toy guns for boys, and real guns for men?

Re:

[Software Geek]

Perhaps you need a history course. Historically, Mussolini, Hitler, and Franco drew their countries into ruinous wars, which are very hard on corporate profits. Batista so weakened his government that it was taken over by communists who nationalized everything. Corporations hate that.

Saying that the system of government best suited to corporate profits is a fascist-leaning dictatorship is like saying Bernie Madoff will get you the best return on your investment. It is sometimes true in the short term, b

Re:

[Spitfirem1]

Saying that the system of government best suited to corporate profits is a fascist-leaning dictatorship is like saying Bernie Madoff will get you the best return on your investment. It is sometimes true in the short term, but in the long term it is very, very false.

That would be relevant, if only people and corporations had the foresight to pay attention to anything more than the Next Big Thing. The lack of any sort of a long view and the attitude that what is best for right now is always the right choice are both almost ubiquitous in our culture and are detrimental to society in many cases.

Re:

[ciggieposeur]

Historically, Mussolini, Hitler, and Franco drew their countries into ruinous wars, which are very hard on corporate profits.

They were only ruinous because they lost those wars.

Re:

[WiiVault]

Exactly. What the GP forgot to mention is that they expected to WIN these wars, which if they had would have been insanely profitable. Or perhaps he thinks their strategy was to lose all along?

Re:

[dkleinsc]

If we're talking companies based in the countries that lose the war, then you'd be correct. But in a lot of cases (including those in the 1930's and 40's) we're talking about outside multinationals, who can move their capital quite easily from one country to another. Ergo they can and will play they short-term gain in, say, Spain, then head to Germany for a decade, then to Argentina, and so on.

It's remarkably similar to investments in fundamentally unsound securities. The idea is to make a bundle while ever

Re:

[Asic Eng]

Well the claim that Mussolini, Hitler etc were economically successful was of course put out by the propaganda of these dictatorships. However after the war Germany certainly did very well as a democracy with a market economy, going from an utterly destroyed country to being the world's biggest exporter (see Wirtschaftwunder [wikipedia.org]).

Re:

[phantomfive]

The reason you can't understand that argument is that it's complete BS.

Actually it's not. The reasoning behind the argument is that it's happened in a number of other countries, for example, south Korea, Taiwan, and El Salvador. Once people hit a certain level of wealth and comfort, they seem to demand more power in their government. There has been some effort to determine what level of wealth that is exactly, but to come up with a good number, we would need to run more experiments. That isn't very practical for obvious reasons.

Mussolini, Hitler, Franco, Pinochet, or Batista.

Really? Because I can name a number of democra

Re:

[u38cg]

China is a totalitarian state. Has been since 949.

FTFY. To an order of magnitude, anyways.

Re:

[Gothmolly]

+1 Insightful to you.

Re:Is anyone surprised?

[Hijacked Public]

I don't understand it either, mainly because I think the climate in China is closer to free market capitalism than the climate in the US. In relative terms China is a capitalist utopia, particularly from a producer's perspective.

Re:

[TubeSteak]

China has endless standards and regulations.
They're just generally not aimed at improving health and safety.
IIRC, a recent Time Magazine article said China releases more rule/regulation changes every year than the rest of the world combined.

Re:

[evilviper]

China has rules and regulations, they just aren't enforced until there's a bit problem. Then you, like everyone else, are in violation of some many laws you get an automatic death penalty.

For larger companies, who can't continue to operate under the radar, the government is ever-present. You can't really have a large company without the Chinese government owning a major share of it.

Re:

[corbettw]

The argument is that capitalism would increase the general wealth of the nation. As wealth increased, living standards would increase. As living standards increased, a middle class would form. And that it would be that middle class that would lead the push for democracy and freedom.

Of course, this ignores the fact that stable democracies have, historically, been formed by pushes from an aristocratic regime focused on ensuring property rights and liberty for as many people as possible. Athens, Rome, Iceland,

Re:

[MightyMartian]

To some degree I agree with you. I have more knowledge of Industrial England than of Rome (though there was a pretty major civil war between the Plebs and the Proles that lead to an expansion of the aristocracy there). In England, at least, the people had the good fortune of a number of historical trends lining up at the same time; labor shortages at the tail end of the Middle Ages (after the Black Death) which saw a sharp increase in demand for workers, the beginnings of a free market economy being estab

Re:Is anyone surprised?

[jav1231]

We should have shit-canned our trade with China when Tienanmen Square happened. Period. Everything after was hypocrisy.

Re:

[crunzh]

China has ALLWAYS been a totalitarian state, the communist takeover in '49 was just a new regime in a long line of totalitarian regimes.

Re:

[guanxi]

I never understood the argument that capitalism would lead to anything like democracy. Democracy [usually] leads to at least some level of capitalist/free-enterprise economy, but not the other way around.

There's some evidence for it: Chile, South Korea, and Taiwan are examples of countries that went from right-wing, capitalist dictatorships to democracies. The idea is that capitalism allows individuals to build wealth and make large investments (e.g., factories). Then, they have something to lose in the pol

Re:Is anyone surprised?

[MightyMartian]

It doesn't always work out, but having a middle class helps, also because they have time, skills, and money to spend on politics.

China is the great experiment. It's been a given since the the English Civil War that a middle and mercantile classes will demand, and will ultimately take a greater share of the political system. I posit that the Chinese leadership is hoping to accomplish the creation of a thriving middle class without any great increase in political liberties. Will the experiment work? Hard to say. Damned scary if it does, that's for sure.

Re:

[thetoadwarrior]

Most people don't care. They love the cheap shit China produces.

Hmm yeah

[Dunbal]

Reminds me of all those emails I get from the head of the International Bank of Nigeria who somehow has to use hotmail/gmail/yahoo mail. Or how the "British National Lottery" also can't afford it's own mail server.

Seriously, "journalists" can't use anything but yahoo? Or even if they were limited to yahoo - they can't encrypt their email?

I suspect these "journalists" are just some "random group of people" and that the story is just more hype.

Hacks yes... was Re:Hmm yeah

[mjwalshe]

well Journalists arn't normaly that techie (even 99% of the technology ones) and for and for on the move journalist a webmail system does have a lot of advantages. And an ISP in china would probaly allow the security services to access their data where an external system like yahoo might require at least some form of due process.

You do wonder if who ever is doing thease sorts of hacks has thier own agenda certaily it would make sense for the PRC's security people to pull their horns in at the moment.

Re:

[tokul]

well Journalists arn't normaly that techie (even 99% of the technology ones) and for and for on the move journalist a webmail system does have a lot of advantages.

And their journals are so poor that they can't have own webmail setup. "journalist like webmail" is not excuse for using third party email servers.

Re:

[umghhh]

well one may wonder about security services involvement - see here [economist.com]

Re:

[RockDoctor]

well Journalists arn't normaly that techie (even 99% of the technology ones) and for and for on the move journalist a webmail system does have a lot of advantages.

Neglecting the spelling and grammar which you should be ashamed of, the use of a convenient webmail system does not preclude the use of encryption outside the webmail system. Viz : on your laptop, you write your super-secret email ; you then run it through your encryption package to produce a blob of data ; you then use your webmail account to tr

Re:

[RockDoctor]

oh sorry my dyslexia

If dyslexia is a real complaint (not proven), that's even less excuse to not use the readily available tools to assist controlling it. That is rather like someone who knows that they're short-sighted complaining about other drivers not driving closely enough to be seen.

kicked in

I've never heard anyone claiming that dyslexia is an intermittent complaint.

and I repeated "and for" and woooo I missed a , big fucking deal.

Your post still doesn't make (much) sense if parsed with that claim

Re:

[Bearhouse]

A lot of freelance journalists use google and yahoo, as do many people who have professional mail accounts, but prefer to conduct private and/or personal business using a 'free' provider. Do you really want a confidential source in China to risk sending info to *@nytimes.etc?

Re:

[umghhh]

Well it is not only content of mails that went to wrong people but contact names [economist.com] too - so Chinese governement has surely hands in it.

Re:

[jon3k]

Freelance journalists would use free web based e-mail, possibly with their own domain [yahoo.com].

This is why you don't do business with China

[smooth wombat]

People roll their eyes when I tell them I don't buy products made in China. I refuse to support a government with such an abusive human rights record.

It's tough at times finding a product not made in China, but I use the free market to make my point.

Some people talk the talk when it comes to making a statement. Very few actually walk the walk.

Re:

[Anonymous Coward]

I bet my future wife and unborn daughter that the computer you posted from is made in china.

Re:

[Anonymous Coward]

I carved it myself, out of a solid lump of silicon.

Re:

[LordAzuzu]

I dont believe that the hardware you are writing from is not made in China.
They have the greatest power of all: economic power.
What if, some day, China stops exporting goods? The whole economy would hang, while China will still be self sufficient. Yes, they too would be hit stopping the economy cycle, but being foreseen I'm quite sure they could handle it much better than any other country.

Re:This is why you don't do business with China

[east coast]

This is all the more reason to actively avoid their product; so that we can make it profitable for other countries to take up the production of items that only seem to sell at the lowest price point possible. It may cost us a little today but in the long run we won't be so attached to one provider that we have to put up with their abusive nature if we need to "cut the cord."

Re:

[c-reus]

Can you name any affordable personal computing devices that do not have any Chinese-manufactured parts in them?

Re:

[darku]

I would refuse to buy products that use patented stuff if I were you. Then all of your furniture would be made out of wood by gypsies on the side of the road, right?

Re:

[Jaysyn]

May I ask what brand of computer you are using that has no components made in China?

Re:

[cdrudge]

May I ask what brand of [just about anything] you are using that has no components made in China?

Fixed.

Re:

[e2d2]

It's a Hemptronics 3000 with a bubbler CPU. I like how the glass turns colors over time.

Re:

[dr-alves]

Very true.

People seem to think of China as this troublesome country that does whatever it wants and that nothing can be done about it. This is simply not true.

China is actually more dependent on US and EU than the other way around. They devote most resources to the production of products that need to be mandatorily exported as the the chinese masses cannot afford them.

Corporations and states seem to ignore the blatant anti-freemarket and anti-freedom-speech-policies because of the el-dorado of the

Re:

[Ash Vince]

To add insult to injury, in EU, chinese imports SIMPLY PAY NO TAXES, sinking the local producers in the process.

What utter rubbish. Here is the site on the eu website that will allow you to calculate the duty:

http://ec.europa.eu/taxation_customs/dds/cgi-bin/tarchap?Lang=EN [europa.eu]

It takes a while to figure out how it works, but I just searched for a DVD Recorder (TARIC CODE = 8521900090) and the import duty was 13.9%. Here is the result for non-magnetic tape video recording apparatus:

http://ec.europa.eu/taxation_customs/dds/cgi-bin/tarduty?Taric=8521900090&SimDate=20100331&Action=1&ProdLine=80&Country=CN/0720 [europa.eu]

Re:This is why you don't do business with China

[u38cg]

The quickest way to sort out the human rights situation in China is to create a population with enough of a stake in society for it to be worth standing up and be counted. Free speech means very little when you're on the breadline. Even if your boycott had any meaningful effect, it would just make government repression easier, not harder - and China is quite easily big enough to run a closed economy if it wanted to.

Re:

[evilviper]

The quickest way to sort out the human rights situation in China is to create a population with enough of a stake in society for it to be worth standing up and be counted.

Actually, the booming economy has undeniably lessened the popular unrest of the 80s, and the government sees it as necessary to ensure a continuously growing economy, to maintain their power over the people.

Almost every example in history of government overthrow is one of peoples being repressed and suffering. Keeping them fat and happy t

Re:

[DoofusOfDeath]

People roll their eyes when I tell them I don't buy products made in China. I refuse to support a government with such an abusive human rights record.

Oh jeeze, are you going on about this again?

Re:

[Cro Magnon]

Some people talk the talk when it comes to making a statement. Very few actually walk the walk.

Unfortunately, my shoes are also made in China.

Re:

[Jaysyn]

From the extensive 5 minutes of research I just performed it appears that the only mass market brand of shoe that is actually made in the USA are from New Balance & Wolverine.

You can however order shoes & boots from any of the fine American companies on this page if you don't mind something a little less mass market.

http://www.usstuff.com/shoes.htm [usstuff.com]

Re:

[Jaysyn]

Ok, that page hasn't been updated in a while & some of the links are dead. Oops.

Re:

[cduffy]

Speaking of US-made shoes...

I wear SAS (San Antonio Shoes, made here in Texas). Their style is undoubtedly old-school (I'd guesstimate that 1/3 of the fellow customers I see in there are near- or post-retirement-age, though they're trying to remedy that somewhat with new products), but they're extremely comfy and the sales staff (they have outlets here in Austin) knows their stuff.

Re:

[elrous0]

Unfortunately, decades of corporate dominance in the western world have made an embargo of China pretty much impossible. Any country that tried this would face economic collapse (even the whole EU united probably couldn't pull it off). Very little in the way of manufactured goods is still made or exporting outside of Asia (mostly China). Boycotting them would mean having to recreate from scratch the entire manufacturing base of your country and having to completely redefine modern retail (no more Walmarts o

Re:

[camg188]

It's tough at times finding a product not made in China

Indeed, but "Made in China" often actually means "Assembled in China". Our global economy often makes your decision difficult.
For example, according to this article, What the iPod tells us about Britain's economic future [telegraph.co.uk], out of the $190 captured value for every iPod (made in China) sold in the US, China actually only earns $4. The rest of the captured value goes to countries where the retailer, product developer and high value component manufacturers

Re:

[c++0xFF]

You mean there are products not made in China?

Re:

[Skuld-Chan]

I try the best I can to buy American made products - or failing that products made in countries that have fair treatment of their employees, but I know for a fact you typed that message on a machine that has at least one Chinese component in it.

Even my Pegasos II (which was made in Germany) has some chips on it that were manufactured in China.

Re:

[Noam.of.Doom]

Everytime we buy Chinese stuff, we're supporting communism.

And don't forget that it makes baby Jesus cry.

Re:

[muckracer]

> > Everytime we buy Chinese stuff, we're supporting communism.

> And don't forget that it makes baby Jesus cry.

Please provide adequate proof for your claim. Cell phone video on Youtube will suffice. :-P

Re:

[shentino]

Crying Baby Jesus *

* MADE IN CHINA

Re:

[Rusty KB]

No, you're not... China != Communism, or communism even.

Re:

[NeutronCowboy]

China is as much a communist state as North Korea is a democratic Republic.

Re:

[Island Admin]

Its more than just supporting communism. With the amount of production being sent to China, it is eroding the economies of the western world, putting our own people out of work .... and making us adherent to what ever the Chinese government demands.

Just helping the people

[irn]

This was obviously just another step [slashdot.org] in ridding the China-ternet of porn.

Are you sure it wasn't the Mossad?

[Noam.of.Doom]

And I bet they would've gotten away with it, if it wasn't for those meddling journalists.

Is Yahoo going to follow Google?

[Arancaytar]

Time for all foreign internet companies to boycott the Chinese network, in my view. If they want to wall themselves off and not play nice, let them see where it gets their economy.

So let's get this straight:

[muckracer]

- for 20 years now malware targets mostly DOS/Windows, yet these guys still use exactly that
- the main vector of malware coming in is via e-mail attachments, yet these guys keep clicking on them
- signed e-mails and attachments would make reception thereof fairly safe, yet these guys have no idea about it
- nevermind encryption, cause why would these guys be responsible towards their sources
- etc.pp.

So I'd say....TOLD YOU SO....but then these guys probably would feign complete ignorance and amazement over the

Re:

[muckracer]

Coming to think of it...does anybody have additional information on how the Tibetan's now deal with things in the aftermath of Ghostnet? WOuld love to know if they wised up/got support to use e-mail authentication/encryption and generally beefed up security....

Re:So let's get this straight:

[Asic Eng]

for 20 years now malware targets mostly DOS/Windows, yet these guys still use exactly that

Like everyone else on the planet. Not that it matters whether you access webmail via Linux or via Windows.

the main vector of malware coming in is via e-mail attachments, yet these guys keep clicking on them

Webmail cracked - that's almost certainly not clicking-on-attachments territory, more likely poor password choice. Access to company servers from the inside (employees collaborating with the attackers) is another possible path of attack.

signed e-mails and attachments would make reception thereof fairly safe, yet these guys have no idea about it

Works only on a node-to-node basis. If their contact doesn't have the tools, then they can't use it. Same applies to encryption obviously. Is PGP freely available in China? How long till the government detects that you are using PGP and takes you in for questioning solely based on that fact?

but then these guys probably would feign complete ignorance and amazement over the fact, that especially the totalitarian governments of the world don't exactly work with white gloves

If the Chinese government attacks western computer systems, that's news. It might require a political response, that should be in the public discussion. Regardless, it's certainly worth reporting.

...don't give a shit about your self-aggrandized ego of 'a journalist' and the hallowed freedom of press

Freedom of the press is vital for my freedom and for yours. I think your disdain is completely inappropriate here.

Re:

[evilviper]

Is PGP freely available in China?

PGP or at least GnuPG certain is.

How long till the government detects that you are using PGP and takes you in for questioning solely based on that fact?

That's immensely nonsensical. If the government can detect that you are using PGP, they can damn well read the full text of your e-mails, and find out the much more incriminating information therein. You might as well run around in a war-zone without a bullet-proof vest, because people shooting at you just might notice you

Yahoo, MS is poison

[AHuxley]

With reports like "Yahoo 'helped jail China writer'" in 2005 ... would most people with any public or private interest in China stay with Yahoo's products in any form after its "complicity" over the past years?
http://news.bbc.co.uk/2/hi/4221538.stm [bbc.co.uk]

At least this will never happen with Hotmail

[Rogerborg]

I mean, they won't have to hack the accounts - MS will just meekly hand over the keys to "comply with local laws."

They use webmail for confidential data?

[guanxi]

I think I probably wrote the same thing when news of the GMail hacking allegations came out: Who is dumb enough to use a public webmail service for confidential email? Don't they have access to any good advice? Training? Or just think it through a little -- does Yahoo Mail seem like a secure place to store sensitive data?

Re:

[TheCowSaysMooNotBoo]

Yeah, real journalists use their ISP's webmail (*cough*), their own servers (which can be confiscated) or their friends (also confiscateable). Then you have the possibility of offshore email accounts on an american friend's server (which will get blocked). At least when using webmail, the others have to either break in the servers (like they did in TFA) or subpoena them (which I don't see the Chinese govt. do tbh).