

Cables Discuss Vast Hacking by a China That Fears the Web - quan
http://www.nytimes.com/2010/12/05/world/asia/05wikileaks-china.html?pagewanted=all&_r=1&hp

======
irq
This article finally adds detail about how the Google hacks were carried out -
something I've been waiting for since the first day of cablegate, when it was
mentioned that there were cables discussing the event.

~~~
trotsky
According to the wikileaks schedule, the raw cables on china are being
released tomorrow (sunday).

~~~
davidmurphy
Where is the schedule? I've been looking for something like this.

~~~
trotsky
I'm pretty sure it was on cablegate.wikileaks.org the first day of the cable
release, but I can't find it anywhere now. It's kind of moot though, as they
only had a weeks worth of topics listed through today (sunday).

------
jfager
_The cables indicate that the American government has been fighting a pitched
battle with intruders who have been clearly identified as using Chinese-
language keyboards and physically located in China._

Does anyone have insight into how keyboard language and physical location get
clearly identified? I can't think of how you'd do that reliably.

Keyboard language: can you build timing signatures for how people type on
different keyboards? Then set up a keylogger on a known compromised host or a
honeypot, watch the intruder type for a while, and match the signature? That
seems pretty easily defeatable: do as much as you can via scripts, and if you
ever need to type something, pass all your keystrokes through a filter that
knows how to mimic each timing signature.

I can't come up with a plausible way to pin down physical location, but I'm
sure someone on here has a better working knowledge of that kind of thing than
I do.

~~~
riobard
There is no such thing as “Chinese-language keyboards”.

Well there used to be some experimental prototypes designed to facilitate
inputs, but they never gained any traction. Now it's all standard US
keyboards.

But it would be rather easy to know the language based on keyboard input: most
likely the typed string will contain more of the user's mother tongue I
assume?

~~~
jseliger
_Well there used to be some experimental prototypes designed to facilitate
inputs, but they never gained any traction. Now it's all standard US
keyboards._

This is interesting, and it's a problem I've never really thought about. Can
you say more about it?

~~~
riobard
I cannot say much about those prototypes since I only heard about them long
time ago and never touched a real one. In fact few people even know about
those silly stuff anyway…

Inputting Chinese on a keyboard is hard because of the sheer amount of
characters. There is no feasible way to have enough physical keys mapping to
even a very limited subset (think 2+k chars as the bottom line).

So the way out is to use Input Method Editor (IME's) to map a sequence of
keystrokes on an ordinary US keyboard to a single Chinese character or phrase.
Currently in mainland China there are two families of IME's that are in wide
use: Pinyin-based and Wubi-based.

Pinyin-based IME's converts Pinyin, basically the sound of Chinese characters
in Roman alphabet, to the corresponding chars. This family of IME's is the
most popular one because almost any kid born after 70's knows Pinyin, and thus
the learning curve to use Pinyin-based IME's is just mastering the keyboard
itself. The shortcoming of Pinyin-based IME's is that a single sequence of
Pinyin can translate into a lot more chars (1:50 ratio is quite common), and
the user has to choose which one is intended. This is considered rather slow
and error-prone. Most modern Pinyin-based IME's focus on NLP model to predict
the correct chars, and I have to say it is now much much better than 10 years
ago.

Wubi-based IME's rely on a formal and rather complicated method to decompose
Chinese chars into sub-components based on shape, then map the 26 alphabet
keys on a standard US keyboard to these components. The user chooses the
correct components to form the characters. The advantage is that a single char
requires less than 4 keystrokes to input, which is considerably faster than
Pinyin-based IME's which usually require more keystrokes. There is also much
much less “hash collisions” in that a keystroke sequence usually maps to only
one or two chars, thus no need to manually choose anymore. The downside
though, is that the method to decompose chars into components must be
memorized, which is very difficult, and the mapping of components on the
keyboard must also be familiarized, which is even more confusion. Some
keyboards come with extra labeling to help this, much like a typical Japanese
keyboard. In addition, I have the feeling that this method is designed for
professional typists instead of ordinary users because it is quite counter-
intuitive to think how chars are written and then decompose them when you are
just chatting with someone. Professional typists, on the other hand, are
looking at existing documents and try to input them into a computer, which is
quite different from the mental model of chatting.

There are other less used IME's too. For example bank representatives used to
use a method that map a 4~5 digit number into a char purely on the numpad
because it is considerably faster once you master it. I don't think anyone is
using this method anymore though. The learning curve is just insane. Other
IME's try to combine both Pinyin and Wubi together with different tradeoffs,
but few gain real traction.

In Taiwan and Hongkong there exist different IME's because they use
Traditional Chinese which have much more complex strokes than Simplified
Chinese used in mainland. Also in Hongkong they speak Cantonese whose
pronunciation is different than Mandarin, so normal Pinyin is not used there.

------
etherael
I'm finding the degree to which the political establishment is clueless as to
the actual hard technical details of what is happening with this entire
episode quite interesting, for example a quote from a recent article on the
arab press response to the incident;

 _No one knows the truth of this WikiLeaks thing. Is it plausible that the
United States with all its greatness, power and valor, cannot stop WikiLeaks
and its millions of documents? Or have these documents been leaked by the
Americans themselves to achieve a particular goal? Or has America simply
turned a blind eye to the leak?_

China's paranoia and amusing conclusions about the "fundamentally
controllable" nature of the web also betray a lack of understanding of how
this all really works, and a lot of the US response seems to fail to grasp
that the game is already over and wikileaks has already won regardless of any
action they take from here on in short of turning off the internet. And even
the effectiveness of that is questionable, disregarding the fact that it
simply will not happen.

~~~
chrischen
The web can be controlled. It's just much harder and expensive to do so.

But what China should be worrying about is whether it can keep controlling the
people in general. As the government begins to meet basic human needs, the
citizens will start to yearn for higher needs to be satisfied like freedom of
information. The government cannot provide that and continue it's
authoritarian regime.

~~~
DannoHung
The web can only be controlled so long as it's a wired affair.

If the concept of a wireless mesh can be realized, it's game over for anything
but a silly illusion of control.

~~~
Groxx
And if one controls the technology which creates the mesh? ie, requires a
back-door into every device?

~~~
rgrieselhuber
Excellent point. Vintage networking hardware could start to become quite
valuable.

~~~
Natsu
Assuming it's still compatible with anything else at that point. Honestly,
though? With cheap mass storage, we could end up going all the way down to
sneakernet.

They really could do a lot more to control the internet. Not fully, of course.
It can't ever be fully controlled. But they really could do a lot to put us
into an age of digital prohibition.

------
DanielBMarkham
_The cable goes on to quote this person as saying that the hacking of Google
“had been coordinated out of the State Council Information Office with the
oversight” of Mr. Li and another Politburo member, Zhou Yongkang.” Mr. Zhou is
China’s top security official....But the person cited in the cable said he did
not make that claim, and also doubted that Mr. Li directed a hacking
attack..._

You can rest assured he also will never be making any further claims or
providing further sensitive information to American diplomats. Not after this.

I don't mean that as a good-bad thing. It simply is a statement of how things
are -- and how they have changed. Draw your own conclusions.

~~~
rgrieselhuber
I also found it interesting that the NYT didn't mention his name. If it's
listed in the cables, the fact that they left it out would be a rather clear
indication of policy.

Makes me wish once again that newspapers were required to provide detailed
bibliographies for their stories somewhere.

~~~
klbarry
Were they ever really required to do that? That would be amazing.

------
shykes
China's current advantage in "cyber-warfare" is temporary.

As China keeps developing, the internet surface area of its corporations and
institutions will be just as vast as the US. And it won't be magically immune
to script-kiddies around the world, either.

------
joe_the_user
Let's put two and two together folks...

First: Wouldn't the person who leaked the news of the Chinese hacking have a
reasonable expectation that his leak would come back to the Chinese _through
their hacking_?

Second: Every nation is spying on every other nation all the time and
diplomatic communication is one of the first targets. That is why diplomats
are ... diplomatic. They know they are always being watched even when they
supposedly aren't.

Perhaps Wikileaks got far more than any other nation could expect to get
through all the spying that goes on. But I doubt it.

What's out so-far hasn't been especially embarrassing to the US. That could be
because the US is all sweetness and light. Or it could be because there's
difference between 'secure' and 'secret'. Secure channels for things that
shouldn't get out but wouldn't be a disaster to let out.

On the subject of Wikileaks itself, this brings up the point that whatever
wikileaks winds up with through "humanitarian" leaking is going to be less
than enemies of the US will wind-up through adversarial hacking.

Shouldn't the US public know at least as much about US behavior and
motivations as the Chinese Polit Bureau?

~~~
GHFigs
_Wouldn't the person who leaked the news of the Chinese hacking have a
reasonable expectation that his leak would come back to the Chinese through
their hacking?_

If the informant believed that the Chinese government had full access to US
State Department communications, he forgot to mention it. On the contrary, the
NYT article describes a _failed_ phishing attack on State department
employees, in what sounds distinctly like a tip-off. That's a few notches down
from the movie-caliber pervasive espionage you suppose.

 _Or it could be because there's difference between 'secure' and 'secret'.
Secure channels for things that shouldn't get out but wouldn't be a disaster
to let out._

You seem to be implying that none of the information made public so far has
been secret (or rather, classified "SECRET"). This is false. Most of the
cables are unclassified, many are CONFIDENTIAL, and about 5% (IIRC) are
SECRET. Those released thusfar are a mixture.

 _whatever wikileaks winds up with through "humanitarian" leaking is going to
be less than enemies of the US will wind-up through adversarial hacking_

This is nonsensical, as the two are additive.

~~~
joe_the_user
_If the informant believed that the Chinese government had full access to US
State Department communications, he forgot to mention it._

Sure, but there's a difference between what you know to be the case and what
you can easily imagine. You know X hacking happened. You can or at least
should imagine that Y hacking also can occur.

\-- I should have noted that my other comments were more speculative. Let me
know if you've got concrete information to refute my speculation. My "secure"
versus "secret" distinction wouldn't necessarily correspond to the
bureaucratic classifications used. I'm hardly an expert but even I know that
all of sorts of BS can become classified secret.

