

2nd China Army Unit Implicated in Online Spying - JohnTHaller
http://www.nytimes.com/2014/06/10/technology/private-report-further-details-chinese-cyberattacks.html

======
samstave
As much as I like the idea that Crowdstrike has researchers that have
identified the Chinese in a cyber attack as some sort of revelation, we have
known about this for literally over a decade.

I've even posted about it here on N years ago: at lockheed they were subject
to extensive Chinese spying and very intricate and successful social
engineering attacks. Chinese agents would either go to, or comb, attendee list
of DoD conferences and then contact them as plausible other attendees from the
same conference where they would say something along the lines of "Hey Joe! We
attended the same conference about system such-and-such. Here are my notes on
the talk we both saw on X - let me know what you think" where the attachement
of the notes had a payload.

Further, they were so dedicated to the attacks that they would go and attack
the machines of 2nd 3rd and 4th party contributors to a project such that they
could infect the USB inserts to these machines with hopes of getting onto
lockheeds network.

They also were successful in installing a leaky worm on the Lockheed network
which was trickling out data slowly, but once it was discovered -- and the
chinese knew that it had been discovered -- they turned it up to 11 to push
out as much data as it could until the egress points from lockheeds network
could be closed.

this was all between 2002?--~2007.

Yeah, no surprises here....

~~~
Throw67F4D509
Russia must also have significant network espionage capabilities, and if I
were Russia, I'd strongly consider starting my attacks on US and Western
European targets by first infecting some of the millions of unpatched Windows
boxes in China, particularly any machines in Chinese military school dorms.

------
opendais
Well, I think we've pretty much established that the USA's modus operandi is
deniable assets [e.g. compromised anonymous hacking groups] for direct attacks
and a massive surveillance network.

The Chinese are more direct, less disciplined with opsec [using personal
emails/projects that link to active operatives], and seem more irritated by
the loss of face from the accusations than anything else.

Unless I missed something?

Anyway, this genuinely seems like it is going to be the new Cold War if it
isn't already. I just hope it is with less loss of life and less open warfare
via proxies.

Tbh, I wonder if this is going to be the rationale [unofficially, if not
officially] for maintaining indefinite Patriot Act provisions and/or
intelligence programs.

~~~
Cookingboy
I don't think it's going to be a cold war like the last one. With the amount
of globalization and how much U.S and China rely on each other economically
(China is becoming the biggest market for many American companies, and America
is still the biggest importer of Chinese goods), it doesn't benefit anyone to
have a real hostile relationship.

A lot of the hostile postures are methods for each government to redirect its
population's attention toward external problems instead of focusing on
internal ones. For Americans, instead of really acknowledging weakness in our
society, a simple blame like "The Chinese are stealing everything from us ,
including tech and jobs" is very attractive for a populist politician. For the
Chinese, vilifying the U.S government as a global bully fuels nationalism
internally and distract the people away from issues such as social inequality
and government corruption.

But in the end, both countries' leaders totally realize they absolutely need
each other, so this "frenemy" relationship will continue for quite a while.

~~~
mpyne
> it doesn't benefit anyone to have a real hostile relationship.

It benefits _China_ greatly to have a "hostile" relationship, at least as far
as using networked computing to carry it out.

Computers and cyber-attacks bring a lot for China that are asymmetrically not
as advantageous for much of the rest of the world.

\- They are much more covert means of conducting espionage (either industrial
or political, take your pick). Obviously NSA finds this useful too, but even
if we assume NSA had an industrial espionage program as advanced as China's,
what does China have for the U.S. to steal, relative to what the U.S. has for
China? This question repeats itself for every other country in the West.

\- Attribution of cyberattacks is difficult, which adds to the deniability
aspect. If literally all that China has to worry about is a loss of face, then
they can proverbially cry all the way to the bank. No one is going to be
nuking or invading China for an over-active spy program.

\- Because of the economic ties you mention, it is difficult for victim
nations to take effective deterrence measures to convince China to change
their behavior, since many measures that might cause China to feel a pinch
would hurt the parties imposing sanctions just as much.

Moreover, "eye for an eye" is taken off the table by the asymmetric nature of
the threat, and passive defense is taken away by the interconnected nature of
the Internet. Sure, the U.S. and its critical industries can do better as far
as defense, but so far it's been a case of "the bomber will always get
through".

So looking at the situation from China's perspective, you'd almost have to ask
why they would ever stop. Western norms and morals are not necessarily their
norms and morals and in any event the deterrence/coercion framework is simply
not there. There's no good reason for China to stop covert methods (even if
there are good reasons to avoid being overtly hostile).

------
moron4hire
This is like playing the parlour game "Mafia". When the "mafia"is discovered,
it's really not a surprise. It's just "oh, hey, yeah, that's the end of that
round, who is next?"

