
China airs documentary proving military university is hacking U.S. targets - bjonathan
http://www.geek.com/articles/news/china-airs-documentary-proving-military-university-is-hacking-u-s-targets-20110822/
======
insraq
Note that this news comes from The Epoch Times, which belongs Falun Gong, an
anti-PRC organization.

The Chinese government (CCP) declared Falun Gong illegal on 1997. The two
parties have been "attacking" each others ever since. Falun Gong once
interfered TV satellites in China. And Chinese government has banned all
websites related to Falun Gong (using Great Firewall, of course).

All the sites in the screenshot are related to Falun Gong. That's why they are
on the "target list". This is not evidence that China is hacking U.S.
agencies. I am not saying that China has never done that - I mean even if
China is doing that, they will do it secretly and will never disclose it on a
propaganda TV program.

I personally think this news is misleading by not disclosing all the
information.

~~~
SoftwareMaven
The targets are related to Falun Gong (which is explicitly mentioned in the
article). More importantly, the _source_ of the attacks is a hacked machine at
the University of Alabama.

Sure, all of the politics about China and Falun Gong are not mentioned, but
they really aren't completely relevant to the fact that China is using
American computers for their hacking.

~~~
mcantelon
Given that Falun Gong is led by a fellow who has claimed he can levitate and
control people's actions with his mind, I would want some third-party
collaboration of their "evidence". Pretty easy to cook up screenshots and
such.

~~~
alnayyir
The word you want is corroboration unless you mean for a third-party to help
Falun Gong in their fight against the PRC.

To corroborate:

to make more certain; confirm.

Example: He corroborated my account of the accident.

~~~
mcantelon
Yeah, that was an early morning typo.

~~~
alnayyir
Typo is for letters, I don't know the equivalent for choosing the wrong word.

~~~
IsaacL
Malapropism.

------
ansy
Computer hacking as a new battlefield is inevitable if not already a reality.

Much like how at one time in the US there was no Air Force and airplanes were
part of the Army, right now there is no Cyber Force and hackers are part of
the Air Force. If computers really are a new theater of war, there probably
needs to be a new branch of the military to recruit, train, and deploy new
kinds of hacker-soldiers.

The hacking operations of the Chinese right now are like American high-
altitude spy planes and satellites flying with impunity over the China and the
Soviet Union during the Cold War. The longer the US delays to enter the cyber
arms race the more it risks conceding dominance for the foreseeable future.

I could actually see a lot of positive economic synergy if the United States
were to establish a Cyber Force to recruit and train computer security
specialists.

EDIT: I recognize the US does have a Cyber Command. It's in the Air Force. The
point is it's under-funded, understaffed, and under-publicized. Recruitment is
pretty much limited to a handful of people already in the Air Force with
computer backgrounds. There are no commercials on TV or recruitment offices to
tell people to join the hacker corps like there are for the other military
branches.

Mixing geeks with paratroopers isn't effective. The US needs a new branch that
can make its own rules, recruitment standards, and awards to be truly
effective in a different kind of war.

~~~
wgx
>there probably needs to be a new branch of the military to recruit, train,
and deploy new kinds of hacker-soldiers.

Agree, but I'd suggest it likely that this branch is already well-established
and operational, if hidden from the public eye.

~~~
gcb
why people still think it's ok to have secrets in a government?

is it the many movies where the hero help the gov to hide some alien invasion
to prevent panic that causes people to think this is right?

~~~
jerf
Because people who wish you harm for various reasons really exist, and
nobody's figured out how to tell the entire world every detail about our
defensive capabilities without substantially weakening them in the process.

I'm a little-l libertarian and I'll happily join the calls for "more
transparency" where appropriate, but "government should have no secrets",
especially in the area of self defense, is not a realistic position. It's an
abusable-but-necessary evil.

~~~
darklajid
I don't want to be dragged into politics right now, but

> Because people who wish you harm for various reasons really exist, and
> nobody's figured out how to tell the entire world every detail about our
> defensive capabilities without substantially weakening them in the process.

..sounds like security through obscurity to me.

~~~
redxaxder
No more than keeping your encryption keys a secret is security through
obscurity.

Even if you're transparent about your overall scheme, you need to keep some
execution details hidden.

~~~
gcb
no. security and government decency is telling everyone "we spend x billions
here and use z and y to encrypt access to it"

what happens is "we spent x billions on toilet seats (to quote an alien movie)
and password go over the air unencrypted, but we are not telling you the
frequency"

------
DanielBMarkham
I think sometime in the last year or two this issue has transformed into
something that you could argue one way or another to something that's obvious:
the Chinese are actively and purposefully trying to break into computers
around the world. This is a policy of their government.

Motives are still unclear. Everyone seems to agree on punishing dissidents and
suppressing political groups they don't like. Most folks (I think) think it's
pretty obvious they're trying to steal U.S. (and foreign) military secrets.
Industrial secrets also look high on the list. Perhaps it's all of the above.
And more. My money says they're out to steal anything they can.

Now that the discussion is beginning to yield conclusions -- most people agree
that this exists and is a problem -- the interesting thing is what to do about
it. Maybe I'm wrong, but I don't see a lot happening in the next couple of
years. But pressure will increase domestically in democracies to provide some
kind of relief from this. Would a new administration in the U.S. be more
confrontational? Would we start a more public counter hacking effort? Does
this just heat up more and more as both sides escalate without dealing with
the underlying problem? Or does one side or another try to get some
resolution? If the politicians continue to dodge it, does it at some point
just blow up?

This is going to be a fascinating story to watch play out over the next decade
or so.

~~~
cpeterso
Could the US create a "digital moat" isolating China's internet? Would that be
considered an act of war if the network was disconnected on US soil (e.g. MAE-
West)?

~~~
VladRussian
that is unfortunately double-edged proposition as severing the Internet
connection would also mean that US couldn't spy on China as well. The goal of
Internet war isn't to avoid it, the goal is to win.

------
ximeng
Later in the video that this article talks about there is a picture of a "US
hacker", running "hack.bat" in a Windows 2000 command prompt. hack.bat copies
"ph0rce.jpg" out. There is an IP address visible which looks like
209.134.176.39, that resolves to a subdomain of iss.net, an IBM security site.
Not really sure what to make of the combination of the bizarre "hacking" and
the real IP addresses.

Some more translated bits and pieces from 03:46 in the video, when it starts
talking about US capabilities:

* US first to introduce the concept of network warfare, also first to put into practical use

* In 2002 the US army established the world's first hacker unit, and in 2006 officially made this unit a core part of the airforce capabilities, with a general leading it and an operational remit consisting of 541 locations

* The unit has 3000 to 5000 experts in network warfare, and 80000 soldiers. The training of the unit started officially in 2007.

* Army, navy, and air force all have computer response squadrons to maintain network security.

* The US is the pacesetter in computer technology, so its economy relies on this technology more than other countries, meaning it pays particular attention to network security.

* Other countries such as South Korea, Japan, India, UK also have network warfare units

~~~
dramaticus3
Based on the assumption that the network the computer is attached to is the
same network as iss.net is attached to.

I could make you a video where I attack every IP address on the net if you
like.

------
buss
I think it's important, when viewing anything put out by the chinese
government, to take the information with a huge dose of skepticism.

This shows a simple GUI with a list of Falun Gong targets and an "Attack"
button. There's no reason to believe this is an actual tool, or to believe
that the Chinese government _accidentally_ allowed this to be filmed and
published. This is almost certainly a propaganda effort, intended to show the
Chinese people that the government is ready and willing to attack the
technological infrastructure of its enemies. There are very few Falun Gong
sympathizers inside China, and the majority of the population would view this
video snippet with pride.

------
ximeng
The geek.com article adds little if nothing to the original, available at:

[http://www.theepochtimes.com/n2/china-news/slip-up-in-
chines...](http://www.theepochtimes.com/n2/china-news/slip-up-in-chinese-
military-tv-show-reveals-more-than-intended-60619.html)

The above also has links to the original video in Chinese.

~~~
khafra
"little, if anything" is the English idiom.

~~~
ximeng
Oops, thanks.

------
gaoshan
The screenshot does not show any IP addresses at all. The drop down does say
something about Falun Gong and the buttons do say what the article claims
(about "Attack" and what not) but aside from that, the rest is just hearsay.

So we have a screenshot of a window that could be created by anyone, reported
by the Epoch Times (a Falun Gong media outlet). That fails the smell test.

As much as I don't like the Chinese government's position with regards to what
it views as dissident organizations, the evidence is not there and this sort
of article runs the risk of being a "must be true because I don't like 'em"
sort of thing.

------
127001brewer
For anyone interested, CNBC recently produced a "special" called "Code Wars:
America's Cyber Threat"[1], which talks about cyber attacks against American
interests.

In my opinion, the show was technically weak and seemed more concerned pushing
fear-uncertainty-doubt than factual information (on actual cyber attacks
against American interests). For example, the show referenced the "Northeast
Blackout of 2003" as an example of the potential damage hacking an energy
utility could do ... except, as the show quickly (and a little more quietly)
pointed out, the event was caused by mechanical failure.

Overall, cyber attacks are a concern, but not necessarily more so than other
threats and certainly not as great as some would like you to believe.

1\. <http://www.cnbc.com/id/42210831/>

_Edited for clarity._

------
lukejduncan
Given that hacking is considered an act of war... where does this lead?
[http://online.wsj.com/article/SB1000142405270230456310457635...](http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html)

~~~
hugh3
At the point where hacking isn't _really_ considered an act of war. Obviously
neither side actually does consider it an act of war, or else they wouldn't
dare. If "hacking is considered an act of war" were ever a bluff, then it has
been thoroughly called long ago.

Anyone enthused about going to war against China about this? Anyone? Anyone?
Nope. I guess it's not going to happen then.

And of course I think we can only assume that the US is hacking 'em back.

It's like spying. It's officially against "the rules", and everybody acts
shocked, _shocked_ when they catch foreign spies within their country, but
everybody is constantly doing it to everybody and everybody knows it.

~~~
tptacek
"Hacking" is like "terrorism"; it's not an end state. It's "spying" when it's
done for "spying". It's an "act of war" when it's done to shut down the power
grid.

------
zurn
So what in the video "proves" it's a live situation? Probably half the
countries in the world have some giddy geeks in bunkers demoing their their
own LOIC clones.

------
p_h
It's depressing that this is so out in the open, and it seems like there's
nothing America can do to defend itself.

~~~
roc
> _"it seems like there's nothing America can do to defend itself."_

We could consider a legal requirement to disclose security breaches. If every
firm that failed its customers had to admit it to the market, I would think
financial pressure would move us toward more effective security fairly
quickly.

~~~
127001brewer
States have already been passing such laws for security breaches that contain
personal identifiable information since 2002:

[http://en.wikipedia.org/wiki/Security_breach_notification_la...](http://en.wikipedia.org/wiki/Security_breach_notification_laws)

It has to be considered that effective security has significant costs
financially and non-financially. (An example of a non-financial cost is a
overly difficult registration process for a web application that requires
long, complex passwords with multiple security questions and answers.)

~~~
roc
I was thinking more about the systems for major banks, defense contractors,
industry suppliers, etc.

And effective security wasn't meant to imply the best thing you can think of.
It would be a huge step forward if more people simply did the things we all
know we should be doing: e.g. policies of accounts not having more access than
necessary, network security not 100% focused on the firewall, etc.

~~~
127001brewer
_It would be a huge step forward if more people simply did the things we all
know we should be doing..._

That's what I mean by "effective security".

Although security breaches at banks should fall under such laws (especially
since they have personal identifiable information), I do not believe defense
contractors, energy concerns, industrial suppliers, etc, should even
acknowledge such breaches simply because of national security.

~~~
roc
> _"That's what I mean by "effective security"."_

That stuff doesn't cost all that much more. It's non-trivial, sure. But it's
not going to make a huge impact on the bottom line. A demand for it would end
up costing enterprise software suppliers quite a bit in one-time costs to
clean up their code-bases and standard install practices.

> _"I do not believe defense contractors, energy concerns, industrial
> suppliers, etc, should even acknowledge such breaches simply because of
> national security."_

Perhaps not to the general public, but certainly they should be required to
disclose to their clients.

------
ww520
The Reddit thread yesterday has some detail and discussion.

[http://www.reddit.com/r/worldnews/comments/jqnpa/oops_china_...](http://www.reddit.com/r/worldnews/comments/jqnpa/oops_china_accidentally_broadcasts_evidence_of/)

------
Gustomaximus
I don't see how this proves state collusion in hacking rather than just some
individual working on their on behalf? While we all know this is likely, I
don't get the "proving" claim. Did I miss something in the story?

~~~
est
Yes, because the title of the software says "Denial of Service Network
Attacking Tool, By Chinese P.L.A. Electronic Engineering Institute, Version
1.0"

Btw the Institute website is <http://www.eei.edu.cn/>

------
TeMPOraL
Another thing - does this tool _looks_ like anything that can be used for
hacking? Even Hollywood does a better job at showing 'hacking scenes'...

For me, that's +1 on my fake-news detector.

------
applicative
Why not think this was made by some Chinese dissident at Alabama/Birmingham?
Not that it's likely, but its absurdly credulous to link it.

------
click170
Link is inaccessible from safari on iPhone. Most frustrating.

------
utunga
and now we get to see how the people's liberation army responds to an
'internet scandal' in the west.. my guess? ignore it completely ';-)

