
U.S. Decides to Retaliate Against China’s Hacking - ddlatham
http://www.nytimes.com/2015/08/01/world/asia/us-decides-to-retaliate-against-chinas-hacking.html
======
mark_l_watson
""Intelligence officials say that any legal case could result in exposing
American intelligence operations inside China — including the placement of
thousands of implants in Chinese computer networks to warn of impending
attacks.""

That also sounds like hacking into another country's systems.

The rational move is a massive investment in security technology including
strong encryption and the kind of work that the NSA used to do in the 1990s of
working to make Windows and Linux more secure for American businesses.

Any attempt by our intelligence services to back door computer systems,
instead of working to make everyone more secure, is a grave disservice to the
American taxpayer.

~~~
aikah
> Any attempt by our intelligence services to back door computer systems,
> instead of working to make everyone more secure, is a grave disservice to
> the American taxpayer.

And that's what our leaders don't understand. If the NSA has access to
backdoors in collusion with vendors, what stops China or Russia from
exploiting the same backdoors ? absolutely nothing. If the NSA can hack phones
because provider X or Z has setup a "secret" interface for that purpose, well
it's going to be exploited by someone else, and foreign hackers will figure it
out. How can the NSA be sure that PRISM and co themselves aren't compromised?

~~~
throwawaymsft
Our leaders have a poor understanding of technology. In the Washington Post
there was a call for encryption with access for a "golden key". You know, so
police, etc. can investigate if needed. They don't realize how that weakens
the entire system, making it easier for your adversaries as well.

------
rrggrr
Retaliation is a side show. Focus on hardening. The same sets of laws that
exist for products and environmental liabilty must be implemented for
information liability. Make companies economically liable for hardening their
software and hardware and the lawyers will get it done. If there is one thing
our overly litigious system is good it... Its extracting economic penalties
for failure.

~~~
jsprogrammer
Are there any proven (or speculated) damages? If no one was actually damaged,
is there really liability?

~~~
nitrogen
In cases where damages in aggregate are obvious but difficult to prove in
specific, laws have provided statutory damages or fines.

------
Bahamut
"The White House could determine that the downsides of any meaningful, yet
proportionate, retaliation outweigh the benefits"

And yet, the title is "U.S. Decides to Retaliate Against China’s Hacking" \-
this is quite sensationalistic.

~~~
sosuke
You're absolutely right, there is no decision, there is no announcement, they
even say the White House can't decide how to. NYT needs to add a [RUMOR] tag.

~~~
wil421
Doubt it's a rumor someone leaked this or talked off the record. The
government wanted to get this out even it was just to save face.

~~~
sosuke
I guess I've developed a (healthy?) distrust for anything I read that at this
point reading they have a source is meaningless. Especially when you tie it to
a link bait title.

------
adam419
In my opinion, seeing an article like this is a huge display of weakness of
behalf of the united states.

You don't see other nations who engage in adversarial ways against the US
broadcasting their intentions in public theatre.

If the US and obama administration really wanted to demonstrate power and
deter china from cyber attacks, they wouldn't go chatting about all the things
they're going to do. They would go do it and it would be heard of after the
fact.

Has the concept of the element of surprise been forgotten?

~~~
Redoubts

      "One of the conclusions we’ve reached is that we need to be a bit more public about our responses, and one reason is deterrence," said one senior administration official involved in the debate
    

This sentiment should probably be read as "so as not to appear impotent to the
citizens at home" instead.

------
ohsnap
I'd guess US would retaliate by releasing information that hurts the Chinese
government politically, specifically corruption. I don't think it would
escalate into anything other than stealing/releasing information. Full on
cyber war is really unlikely as both sides would prefer to stay in power.

~~~
themeekforgotpw
They've been purging corruption for the entire Xi Jinping's administration.
Not that it isn't there.

They would also have to disrupt the world reputation of China - not just its
domestic one.

And be rest assured the US already does and attempts to do this.

~~~
adam419
It's been documented that the "purging of corruption" has by and large just
been a means for Jinping to attack his enemies.

~~~
themeekforgotpw
Can you document that for me, and for HN?

------
cottonseed
Because, you know, the US has never conducted cyber-espionage against China or
obtained valuable information before.

~~~
brayton
Agreed - The US is way too laissez-faire to get into that kind of nonsense

------
pvnick
> While James R. Clapper Jr., the director of national intelligence, said last
> month that “you have to kind of salute the Chinese for what they did,”...

You have to kind of salute Clapper for what he did, committing perjury and
then keeping his job

------
ub
I think cyber warfare is inevitable. Because systems are so complex, defensive
techniques will always fall short. The only effective deterrent is an
offensive attack or at least the fear of an attack. The US has to create a
catch-22 situation for China so that it fears the repercussions.

~~~
bahador
mutually assured cyber destruction?

~~~
ub
I hope not. I think it's like the nuclear arms race. Everyone wants one so
that it can deter it's enemies but using a nuclear weapon can be disastrous.
Similarly, the US strategy here could be to show China that it's capable of
retaliating if it wanted to but doesn't necessarily have to resort to it.

~~~
dikaiosune
I'm pretty sure that the nuclear arms race was largely driven by adherence to
MAD. And what you're describing is exactly the kind of escalate-in-kind
deterrence policy that was built on top of the mutually assured destruction
philosophy.

------
contingencies
The Snowden documents showed that the US had already hacked SMSCs and other
major communications infrastructure right across China. The notion that China
is the aggressor here is laughable.

------
JohnTHaller
We could have the US conduct a widespread, multi-day DDOS against Baidu which
would be proportional considering the Chinese government used Baidu to conduct
a widespread multi-day DDOS of github.

------
CamperBob2

       “This is one of those cases where you have to ask, ‘Does 
       the size of the operation change the nature of it?’ ” one 
       senior intelligence official said. “Clearly, it does.”
    

But of course, that doesn't apply to NSA's bulk data collection, right?

~~~
Zikes
Maybe China's just trying to help fight terrorism!

------
skybrian
If they weren't so conflicted about encryption, the logical response would be
to get serious about defensive measures and make sure they're more widely
available.

------
jqm
"But in a series of classified meetings, officials have struggled to choose
among options that range from......"

Apparently the meetings weren't really all _that_ classified.

Sadly, it has come to a point I don't know what to believe anymore. Whoever
released the story has an agenda. Does the agenda in any way mirror factual
reality? Beats me.

I'm a westerner. I support the west. My lively hood depends on it. So if they
say we've always been at war with Eastasia I guess I don't know enough to say
differently.

Looking around at bureaucratic politic filled government agencies and big
companies I don't see real protective measure being taken any time soon. The
leadership of those places has been filling up for years with ass covers and
bullcrappers, and a turn around towards effectiveness isn't going to happen
any time soon. So maybe send some drones or something. Oh wait... we can't do
that, because those are all reserved for poor Muslims who can't really fight
back at any scale. So I don't know. I guess puffing around and taking the
lumps is about the only option for now.

------
sakopov
Hardening security measures should be more important than announcing
retaliation like a bunch of angry children. I don't know the nature of all of
these attacks but didn't Sony get broken into via simple social engineering?
The guy literally walked into main lobby and got ahold of network engineer's
credentials or something of this kind. A lot of companies have very little to
no basic security awareness, let alone any kind of significant security
infrastructure in place.

------
ccvannorman
This will most assuredly end well. I'm sure the Chinese won't respond in kind
by escalating even further, thus creating mutual demand in both markets for
cyber warfare.

~~~
gruez
and what's the alternative? not retaliate and try to beef up security even
more? obviously that approach isn't working.

~~~
ccvannorman
Frankly, I do believe an alternative is to try to minimize long-term damage by
being smarter about security and making sure hackers go for the low-hanging
fruit that will be easily fixed. For example, make a prediction market for
where hackers will hit, and play with difficulty and incentive factors so that
you control the game, rather than simply begging the opponent to go for
bigger, better (worse) targets, which is what I assume is going to happen with
the current course of action.

------
seccess
Not that counterattacking is necessarily the best option, but from what I've
heard from colleagues in China, the security ecosystem there is far worse than
the US. Especially with respect to encryption, many companies and government
services rely on poorly designed homebrew solutions.

------
petilon
First of all, China likely has far less cyber surface area than US. Which
means US will suffer more damage in the event of a cyber war.

Secondly, it is dangerous to suppress cyber attacks via negotiations, appeals
and threats (as opposed to technological means) because then we'll be in the
dark as to their capabilities and our exposures, and in the event of an actual
war we'll be unprepared and they will cripple us easily.

Instead, we should do what companies such as Google and recently United
Airlines have done: reward hackers who find vulnerabilities. Then disarm the
opponent by fixing our vulnerabilities as quickly as possible.

~~~
tellthetruth
Or simply drastically reduce the surface area of attack.

~~~
jsprogrammer
Both?

------
rdlecler1
China can retaliate by going after American economic interests, but ultimately
they'd be cutting off their nose to spite their face. China is not a friendly
environment for non-domestic companies, and American companies are going to
need to understand sooner or later that this is a dangerous market to pin
hopes of growth. Google got out of China and now they're liberated from
China's coercion tactics. Retatiation would inflict some short term pain on
American companies, but ultimately they'd rebalance and it would be China that
would suffer from their economic withdraw.

------
dikaiosune
I wonder if this is how they decided to retaliate...by saying they would? This
has the feel of an intentional leak to tell the Chinese that we mean business.
If so, why telegraph our actions if we're actually going to follow through?

~~~
lotu
It is possible this is a leak by someone in the administration that opposes
retaliation and thinks it will be less likely if there is press coverage.

------
dragonbonheur
Tip to the Chinese: Seize all XBox and iDevice Shipments. Close down their
production lines. Watch them cry. Easy win.

------
squires
This is complete speculation, but perhaps an interesting idea. What if the
recent turmoil in China's stock market is a direct result of the US
retaliation for this incident? Clearly, the US wouldn't admit that, but they
might want the implication to exist.

~~~
adventured
It's poor speculation.

China's growth has been trending down for a decade plus. The fundamentals of
their economy continue to get worse by the year. Keeping that picture in mind,
their stock market lifted off to insane heights, in a matter of months, for
absolutely no good reason other than a flood of margin that was encouraged by
the State.

China's stock market crashed because it went up drastically for reasons that
were never going to be able to support the new levels (ie not due to growth or
general improvement in economic fundamentals).

The US has also not been crashing their real estate market the past year. That
too is a mess of their own making.

------
sillygeese
> _The Obama administration has determined that it must retaliate against
> China for the theft of the personal information of more than 20 million
> Americans from the databases of the Office of Personnel Management_

Someone tell me _what use_ China has for "personal information" of Americans
from the _Office of Personnel Management_.

Seriously. What do the records contain and what is it to China? Wouldn't China
be more interested in the "personal information" of their own peons?

> _But in a series of classified meetings, officials have struggled to choose
> among options that range from largely symbolic responses — for example,
> diplomatic protests or the ouster of known Chinese agents in the United
> States_

So how classified were the meetings if you know what they talked about?

> _In public, Mr. Obama has said almost nothing, and officials are under
> strict instructions to avoid naming China as the source of the attack._

.. But it's alright for the _New York Times_ to declare to the world that
China is being naughty?

> _unless the United States finds a way to respond to the attacks, they are
> bound to escalate_

Yeah, pretty soon the Chinese government will be hacking PayPal for Americans'
credit card numbers! You know, for extra revenue and all.

> _In the Sony attack, the theft of emails was secondary to the destruction of
> much of the company’s computer systems, part of an effort to intimidate the
> studio to keep it from releasing a comedy that portrayed the assassination
> of Kim Jong-un, the North Korean leader._

Why the hell would the Chinese government give a flying fuck about a comedy
about Kim Kong-Un? Let alone to the extent of _" destroying Sony's computer
systems"_, whatever that's supposed to mean? How do you destroy computers by
hacking them remotely?

> _The Justice Department is exploring legal action against Chinese
> individuals and organizations believed responsible for the personnel office
> theft_

So assuming these people were working for the Chinese government, the US would
have to extradite/kidnap them from China to get them convicted. How's that for
"escalation"?

If kidnapping isn't in the plans, why would they "explore" legal action,
knowing it would be a waste of time? Why would they publicize their plans for
legal action? Do they just want to make themselves look stupid?

In reality, this article is just Cold War 2.0 propaganda. Who knows if any
hacking even happened? It makes no sense for China to hack Sony over a movie,
so why wouldn't this be bullshit too?

 _Russia and China are Bad, mmm 'kay?_

~~~
kinghajj
> Someone tell me what use China has for "personal information" of Americans
> from the Office of Personnel Management.

> Seriously. What do the records contain and what is it to China? Wouldn't
> China be more interested in the "personal information" of their own peons?

From what I've read, these files can potentially contain very sensitive
information. As part of the background check for some government positions,
many dark secrets are unearthed and documented. Why? So that the government
has a heads-up on how its employees may be compromised by foreign adversaries.
So if the Chinese had such files on 20 million people, they would have a
treasure trove of information to use as leverage against US citizens.

> Why the hell would the Chinese government give a flying fuck about a comedy
> about Kim Kong-Un?

They don't, and the article never implies that they did. "Admiral Rogers made
clear in a public presentation to the meeting of the Aspen Security Forum last
week that he had advised President Obama to strike back against North Korea
for the earlier attack on Sony Pictures Entertainment. Since then, evidence
that hackers associated with the Chinese government were responsible for the
Office of Personnel Management theft has been gathered by personnel under
Admiral Rogers’s command, officials said." The DPRK is associated with the
Sony hack, and PRC with the OPM one.

> So assuming these people were working for the Chinese government, the US
> would have to extradite/kidnap them from China to get them convicted. How's
> that for "escalation"?

"Legal action" could be sanctions, warrants, etc. Why do you jump to
kidnapping so suddenly? (Not that I would put it past this government...)

> In reality, this article is just Cold War 2.0 propaganda.

Of course, it's in the NYT!

------
tellthetruth
"the goal was espionage, on a scale that no one imagined before."

NSA comes to mind...

~~~
shillno1138
You are not wrong, however, I would have a hard time believing the NSA would
hack a personnel database, and then sell social sec info and personal info to
the highest bidder. I have no problem believing the chinese would.

~~~
barry-cotter
The PRC is a state, not a criminal gang. They have the second largest GDP
after the USA. Why on Earth would they _sell_ the information? The more people
have the blackmail material gathered by hacking the OPM the less valuable it
is.

------
highslater
I really think if the US wants to retaliate they can just make it legal for US
citizens to hack china's targets. Then just wait for the phone call "Prease
make it stop!"

~~~
wil421
I was wondering about this. What recourse would the Chinese government have if
you sabotaged some of their systems? Stealing their data would be the best
move but causing some problems wouldn't be too difficult.

~~~
highslater
I didn't envision anything harmful like stuxnet. But It would be funny to see
some 14 year old kid take ownership of Atlantic Yards in Brooklyn.

------
click170
And so begins World War III.

We will look on in horror as the tools _we built_ are used against us.

~~~
userbinator
If only war was completely in "cyberspace" and no one got physically hurt...

~~~
harigov
Well, may not be physically hurt but a full blown cyber war does affect
everyone's lives.

~~~
lotu
If WWIII results in mass extreme inconvenience I will be a happy man.

