

U.S. Directly Blames China’s Military for Cyberattacks  - erickhill
http://www.nytimes.com/2013/05/07/world/asia/us-accuses-chinas-military-in-cyberattacks.html?hp&_r=0

======
aneth4
Lots of people claiming the US does this as well, which is true to a certain
extent.

There are major differences though. The Chinese government (sometimes via
state-owned enterprises) steals information and technologies - military,
industrial, and commercial - from military and civilian targets and leaks
these to their military and industry. A large part of China's success in the
last decade stems from these stolen technologies.

China as a whole is a massive IP stealing machine, and their work is nearly
done. They've neither licensed nor innovated the vast majority of the
technologies they use - they just steal. This is changing now as they've
stolen nearly enough to catch up, and now innovation is finally coming from
China.

All countries do this to some extent. Not all countries make a policy of the
practice and use the resources of their military and government to carry it
out. There are lots of other IP stealing tactics - from joint ventures, to
technology "partnerships", to "trial order inspections".

You've got to give them credit: they've play the game very, very well, and
taken full advantage of the west's naiveté.

~~~
aegiso
It's interesting that we use the word "stealing" for this. Intellectual
property is a wishy-washy term, defined entirely by the laws of the land. If
China's laws and philosophy don't recognize United States IP laws, then it's
not really "stealing" on their end.

Perpetuating the mentality that US ideas of IP are the only ones in town does
a great deal of harm (see: RIAA, MPAA), and quickly leads to absurdity. Maybe
we all deserve Chinese justice on account of us stealing their paper
technology?

~~~
aneth4
This has nothing to do with different ideas of IP. China has similar IP laws
as the US, and certainly tries to enforce them when the theft is in the other
direction.

------
127001brewer
"The Submarine" [1]

In a way, this article promotes the idea for more cyber-security, which is one
of the only _growth industries_ [2]. A simple Google News search for "china
cyberattacks" returns almost a million results[3].

Computer security is, basically, misunderstood by non-technical people, who
are in charge of managing various computer systems. So the constant stream of
"cyberattacks" (literally) creates a market of more eager buyers of security
product and services. (It's almost getting to the point of "nobody ever got
fired for buying security products/services".)

Is that a bad thing? Maybe or maybe not.

However, from my own experiences, I think it's better to build a foundation
with good security practices instead of applying band-aids on top of a
crumbling foundation.

[1] <http://www.paulgraham.com/submarine.html> [2]
<http://www.google.com/search?q=cybersecurity+growth+industry> [3]
[http://www.google.com/search?q=china+cyberattacks&aq=f&#...</a>

~~~
tvon
Someone benefitting from a story does not mean there is a PR conspiracy afoot.

~~~
127001brewer
I did not say these stories form a conspiracy nor is it a public relations
campaign. I merely saw the similarities of "The Submarine" essay and the
increased frequency of stories about "cybersecurity" in various news outlets.

From Paul Graham's essay, " _PR is not dishonest. Not quite. In fact, the
reason the best PR firms are so effective is precisely that they aren't
dishonest. They give reporters genuinely valuable information._ "[1]

There's nothing wrong with someone benefiting from a story, but, maybe,
there's more to a story than what's on the surface...

[1] <http://www.paulgraham.com/submarine.html>

------
vpeters25
I am currently working for a large multinational corporation here in Texas, we
had a meeting with the network security guys about this a couple weeks ago
(yes, this corporation actually have a group dedicated to mitigate hackers).

They told us it's even funny to monitor network traffic and see it explode
between 8am and 5pm Beijing time. It's like they have a bunch of guys whose
day job is to hack.

~~~
snowwrestler
From a network security perspective there is absolutely no new news in this
article. For those who watch networks, the impact of China on network security
is as obvious as the sun coming up. The news is rather that the U.S. has taken
one step up the ladder of international relations, toward some kind of
consequence.

------
dguido
Here's the full report:
<http://www.defense.gov/pubs/2013_China_Report_FINAL.pdf>

------
sort3d
I'd assumed up to this point that the "Great Firewall" of China was primarily
intended to censor and control China's own population. Now I'm thinking it's
main purpose was as a strategic defense initiative. Now they can attack more
freely without fearing for their own infrastructure.

~~~
aneth4
It's a good point.

Censorship is also a cloak for protectionism. Facebook, Ebay, Google, etc have
all been banned or throttled to make way for censorship. It says something
that censorship is more tolerated by the world than overt protectionism, and
that trade protectionism must be done in the good name of censorship.

------
DanielBMarkham
I think we should all be clear on what's happening: China's use of tons of man
and computer power to attack commercial interests has led to the
militarization of the internet (which, in all fairness, would have probably
happened anyway)

So those saying "it's all the same" -- no, it is not. You don't bring up a new
server at a site in South America and see a hundred attacks from American
computers, but you'll sure as shit see attacks from China. The Chinese have
notified the world early on through their actins that the internet exists to
be plundered. While in the west the net is a symbol of individual freedom and
power, to the Chinese it is another tool of the state.

This will continue to escalate until it ends up with people dying or both
sides back down.

~~~
fghh45sdfhr3
_This will continue to escalate until it ends up with people dying or both
sides back down._

Or everyone just keeps up this new _internet_ war just like we kept the _cold_
war going for decades, with no one being killed by it.

~~~
arjn
Plenty of people died (directly or indirectly) due to the cold war.

~~~
fghh45sdfhr3
Well yes. Plenty because even one human is plenty. But plenty compared to how
many people died in WWII? Or WWI? Or any real war we had before?

Compared to what happened immediately before, the cold war was incredibly
peaceful.

So I suspect this new cyber war will continue the trend and keep real killings
to 0. I do believe we will have a real internet hacking and protecting and
counter hacking "war" if you will. But I suspect, and obviously hope, no one
actually dies from it.

------
est
> The name of China’s first aircraft carrier was also misspelled. It is the
> Liaoning, not the Lianoning.

I wonder how many people spelt TianAnMen as Tienamen...

------
Nux
What I do not get is why do governments and so on keep vital infra connected
to the damn Internet! Haven't we learned anything from BSG? You don't keep
nuclear plant computers on the same network with Facebook!

~~~
gwern
That's rather myopic. There's a very enormous category of computers whose
security needs fall between 'Facebook' and 'nuclear plant' - in fact, almost
every computer being used by government agencies, NGOs, media, multinational
corporations, etc.

------
forgottenpaswrd
As Steve Blank says in the last article:
<http://steveblank.com/2013/04/29/fly-high/>

The US is doing the same with their Cyber Attack units... in fact spending 10
to 15 more money than any other country of the world in this.

Of course Obama does not talk about that, he wants more money spent by the
public sector, and TSA members on every street.

~~~
gwgarry
But US does it for FREEDOM. China does it for oppression. Surely you can see
the truth in this?

~~~
friendly_chap
I can't decide if you are being sarcastic or simply naive.

~~~
mtgx
He's sarcastic.

~~~
friendly_chap
Gotta upgrade my sarcasm-o-meter.

------
jstrate
>When the United States mounted its cyberattacks on Iran’s nuclear facilities

Stuxnet? I wasn't aware there was any definitive proof it was the US.

~~~
wfunction
[http://www.nytimes.com/2012/06/01/world/middleeast/obama-
ord...](http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-
of-cyberattacks-against-iran.html)

------
gwgarry
I don't get the whining. US spies on everyone, Israel spies on the US heavily,
Russia spies on the US as well. Why the hell does the US keep whining about
Chinese spying? What's so special about China? Can't US protect itself from
cyber attacks from what's not even a first world nation?

~~~
eitally
The difference here is that it's not just US government entities being
attacked -- it's US companies, particularly those already doing business in
China. The counter-argument is a "you reap what you sow" vis-a-vis low cost
offshoring, but in a lot of cases the risk is justified by the immense
opportunities of participating in a 1B consumer domestic market.

Coincidentally or not, I received an email from one of my colleagues in Hong
Kong this morning asking some IT security questions (as part of a customer IP
audit of our greater China operations) regarding collaboration tools we use
and whether they could be restricted to on-premise access and whether we could
prevent content from being shared externally. Companies are taking notice, but
I'd wager that almost none have deep enough pockets or internal expertise
sufficient to erect reasonable security measures.

------
wfunction
Pot calls the kettle black?

