
Chinese Army Unit Is Seen as Tied to Hacking Against U.S. - gcv
http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?emc=na&pagewanted=all
======
xfs
I would like to quote a past comment
<http://www.reddit.com/r/netsec/comments/m0i93/_/c2x87tb>

\- the volume of attack coming from Chinese IP addresses but are essentially
non-Chinese in origin is substantial. The windows xp piracy rate ends up in a
very low uptake of windows update, leaving quite possibly the largest
population of vulnerable hosts in the world. Attacks end up being false-flag
even if not intended

\- Attacks that are genuinely Chinese in origin tend towards being citizen
initiatives. Imagine if you lived in a jurisdiction where instead of being
treated like Garry McKinnon for attacking American infrastructure, just nobody
gives a fuck. The reverse also applies, but has a limit that Chinese is not
widely understood by American 'hackers'. Any Chinese skiddie can cause an
international incident by trying out their tools on an American company.
Universities that run courses in infosec, of which some are military, are
commonly accused origin IPs for attacks. The likelihood is that complacence,
rather than official sponsorship or policy is the prime driver behind this
phenomenon.

\- Instead of trying to build out \cough\ _\_ cybercommands, Government
sponsored CTF tournaments identify and reward talent, without bringing it on-
board the National Security apparatus. Talent is left out in the community on
the understanding it can be found if needed.

\- The 'Chinese Government' is nowhere near as cohesive and controlling as is
depicted in Western sources. Government sponsored economic espionage
activities that are out of proportion to American efforts against the rest of
the world will originate at the provincial level. Chinese industry is very
regional, with whole provinces specializing in specific industries, hence the
benefits of economic espionage is highly regional in nature too. It is not in
the central government's interests to sustain the Chinese hacker folklore, nor
would it be within their ability to rein in any provincial government
involvement.

~~~
cscurmudgeon
This is a very recent report. Your comment is more than a year old. Are you
asserting that nothing has changed?

Edit: From the report in the article

"Our research and observations indicate that the Communist Party of China
(CPC,中国共产党) is tasking the Chinese People’s Liberation Army (PLA,中国人民解放军) to
commit systematic cyber espionage and data theft against organizations around
the world "

They have a whole section devoted to backing this up.

~~~
xfs
The central point of that comment is that cyber espionage may not be
strategically organized by the central government. China is a large country
with complex power structures, while Chinese cyberspace is also underregulated
and chaotic. Evidence of Chinese hackers being related to CPC or PLA doesn't
imply the decision bodies in CPC and PLA all have such political or economic
motives.

Edit: Here is the conclusion of the report:

 _In a State that rigorously monitors Internet use, it is highly unlikely that
the Chinese Government is unaware of an attack group that operates from the
Pudong New Area of Shanghai._

This is likely false and demonstrating the authors do not understand what the
Chinese government is monitoring. The Chinese government monitors Internet
speech and content. It doesn't care about how many viruses or hackers are
there.

~~~
muglug
"Monitoring" is an unspeakably mild term for the mass censorship of the web
that the Chinese government undertakes.

The Chinese military is an appendage of the Chinese government, and acts
according to the government's demands. As with StuxNet, it's highly likely
that these attacks had officials calling the shots (if not writing the code).

------
hooande
I believe that Chinese hackers are the scariest thing in the world today. I
think that the threat from cyber warfare might be slightly overblown (though
the next pearl harbor will most likely be a cyber attack). The real threat is
the fact that no digital information can be kept secret anymore. If Chinese
hackers want what's on a given hard disk, there's no way to stop them.

People absolutely freak out when they suspect the US government of spying on a
citizen. But chinese hackers, state sponsored or not, seem to be able to roam
with impunity. Several US companies have had their ip stolen and their
businesses ruined. Companies have lost as much as a billion dollars in ip in a
single night. [1] There are so many of them with such diversity of skills that
almost no one is safe.

I'm not trying to rattle sabers here, just pointing out that the world is
facing a threat to privacy and secrecy that is greater than we have ever
known. Chinese hackers have more power than the CIA, KGB and Gestapo combined,
and nothing short of WWIII can slow them down.

[1] [http://www.nytimes.com/2012/04/03/opinion/how-china-
steals-o...](http://www.nytimes.com/2012/04/03/opinion/how-china-steals-our-
secrets.html)

~~~
neya
Step #1 to protect your private data - Have a separate computer, Ubuntu (or
some secure OS) installed and disconnect it from the internet _permanently_.
If you want to access any data, just go use the computer and save the data
then and there. If you want to transfer data from this computer to another
computer, just use a separate encrypted pen drive to transfer between files
securely.

If you don't want to use it, just turn it off. I'd love to see how the
Chinese/Russian hackers can hack such a machine, unless they have physical
access to them.

~~~
tomp
But what is a gigacorp to do? Make all their employees never use
Windows/email/internet again during work hours, and run around the office
building carrying USBs?

Also, how can you be sure that Ubuntu is secure? It seems to me that there is
a general problem with all *NIX systems with regards of how they (mis)manage
permissions (either file permissions or OS permissions), and I'm very sad that
not even the newly-developed OSes (Android) have not fixed that!

~~~
16s
How does Unix mismanage file permissions?

User, group, other and read, write execute has been around for decades. You
won't find a simpler, more understandable system for file permissions. There
are many more complex systems added on top of this, but the basics are simple
and easy to manage.

~~~
tomp
All permissions are inherited by all user's processes, with no better
granularity possible. That is a recipe for disaster and the core issue with
most of our security problems. Android is a bit better, since it has specific
permissions on a per-process level (or so it looks like), but you can't really
manage them.

------
contingencies
I've been in China on and off for ~7 of the last 10-11 years. During that time
I was once asked to write an online forum / comment scanning system by an
employer in Shanghai that could trace keyword usage. It was supposed to be for
marketing purposes but I didn't trust that claim. Needless to say I didn't
write the system. No idea who the employer was, or whether it's related. I've
also met some people that have worked on the public security bureau's CCTV
systems, and others who work in Beijing/Tianjin with government for computer
security projects.

I think the western military-industrial and government security industry wants
to daemonize China as justification for spending. Realistically, at the global
geostrategic level, China is already beating them at their own game, ie. pure
capitalism behind a facade of diplomacy and social concern.

Personally I would posit that the major area of conflict right now between
China and the US is probably Burma, not some random server providing a
pitifully limited window in to the vast bureaucratic engines of US governance.

~~~
cscurmudgeon
Do you really think they are just trying to demonize China given that there
have been attacks to control critical infrastructure?

~~~
greghinch
Considering the degree that defense spending props up the US economy, yes.

~~~
wololo
> the degree that defense spending props up the US economy

US defense spending was 4.7% of GDP in 2011. What do you call the other 95.3%?

(context: Russia 3.9%, China 2.0%, World 2.5%) --SIPRI

~~~
iooi
It's a lot more useful to compare defense spending to the budget, not GDP.
Would also be nice to see your sources.

In 2011 defense spending was 20% of the budget, and in real terms the US spent
more than the next 13 highest spending nations combined (China, Russia, UK,
France, Japan, India, Saudi Arabia, Germany, to name a few). [0]

[0]
[http://www.washingtonpost.com/blogs/wonkblog/wp/2013/01/07/e...](http://www.washingtonpost.com/blogs/wonkblog/wp/2013/01/07/everything-
chuck-hagel-needs-to-know-about-the-defense-budget-in-charts/)

~~~
wololo
[http://data.worldbank.org/indicator/MS.MIL.XPND.GD.ZS?order=...](http://data.worldbank.org/indicator/MS.MIL.XPND.GD.ZS?order=wbapi_data_value_2011+wbapi_data_value+wbapi_data_value-
last&sort=desc) (with nice description of what it includes and excludes)

> It's a lot more useful to compare defense spending to the budget, not GDP

Different types of government will lead to the same expenditures being handled
within the government's budget and not. US budget/GDP is low, so using that
ratio instead makes it look misleadingly high (since you get to 4x it).

budget/GDP ratio examples: Cuba 86.5%, France 55.7%, UK 50.9%, US 23.6%, China
23.0%, India 17.5%

[https://www.cia.gov/library/publications/the-world-
factbook/...](https://www.cia.gov/library/publications/the-world-
factbook/fields/2056.html)

> US spent more than the next 13 highest spending nations combined

If you're comparing how countries allocate their resources, you divide their
absolute numbers by the amount of resources they have (debt-to-GDP, etc).

By example: the US produced 46,500,000 tonnes of salt in 2006, and France
7,000,000 tonnes. US salt epidemic! But that salt production ratio is 6.64,
and their 2006 GDP ratio is 5.837.

edit: if you like 80s-90s US/NATO/world military expenditure comparisons, this
is comprehensive:
[http://csis.org/files/media/csis/pubs/bwcfcompsummary%5B1%5D...](http://csis.org/files/media/csis/pubs/bwcfcompsummary%5B1%5D.pdf)

------
WestCoastJustin
Here is a direct link to the 76 page report:
<http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf>

~~~
count
Does the report detail how the IP space is tracked to a physical neighborhood?
That's....sort of critically important here.

~~~
count
It says the IPs were determined to geo-locate to the Pudong New Area in
Shanghai, and jumped from there straight to the PLA Unit that happens to be in
Shanghai.

No big leap, Pudong only has 5 million inhabitants, roughly the size of the
Washington DC Metro area.

~~~
contingencies
Shanghai is defined by a river. The old town to the west, the new town to the
east. Pudong literally means ("east of the river"). Pudong is metaphorically
as well as physically _fully half of Shanghai_.

------
martian
"Mandiant discovered several cases in which attackers logged into their
Facebook and Twitter accounts to get around China’s firewall that blocks
ordinary citizen’s access, making it easier to track down their real
identities."

Amazing.

~~~
nikcub
could you explain this further? I re-read this line a few times but didn't
understand. How would logging into their FB and Twitter accounts get them
around the Great Firewall?

~~~
pygatea
I assumed that this meant the attackers logged into their own social network
accounts while they were "inside" (i.e. using) compromised machines in the
target locations.

~~~
nikcub
That makes sense, thanks. I didn't think they would be silly enough to do
that.

------
jkat
Does the US risk being seen as a dog with a loud bark but no bite here? If
you're going to make pronouncements that hacking will be considered an act of
war (1), don't you kinda paint yourself into a corner when you get hacked?

(1) [http://www.guardian.co.uk/world/2011/may/31/washington-
moves...](http://www.guardian.co.uk/world/2011/may/31/washington-moves-to-
classify-cyber-attacks)

~~~
xyzzy123
OK, so the link you provided is a gross simplification of current thinking.
Government officials have been quite clear that CNE[1] is NOT generally
considered an act of war, rather, it's part of the usual intelligence
operations expected during peacetime.

It's CNA (e.g. operations designed specifically to disrupt or destroy civilian
or military targets) which is "on the table" for act-of-war status,
particularly if there is kinetic effect. An example would be if something like
Stuxnet were deployed against the U.S. power grid.

The idea is that it doesn't matter whether a power plant was disabled via a
bomb or a backdoor. Both the intent and the outcome are the same. So the
declaration of policy you linked to is really a clarification rather than a
"change of course".

The lines are blurry when it comes to CNE and critical infrastructure. The
problem you have is that if, say, 3 competing agencies are all vying for
control of the same powerplant for CNE reasons (e.g. not _trying_ to cause
damage), the plant might nonetheless get taken out by accident. I'm not sure
anyone is clear on what to do in that kind of a situation.

[1] We can divide "cyber" operations into the following categories (straight
from wikipedia):

* Computer Network Attack (CNA): Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves.

* Computer Network Defense (CND): Includes actions taken via computer networks to protect, monitor, analyze, detect and respond to network attacks, intrusions, disruptions or other unauthorized actions that would compromise or cripple defense information systems and networks. Joint Pub 6.0 further outlines Computer Network Defense as an aspect of NetOps

* Computer Network Exploitation (CNE): Includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks.

~~~
rdtsc
Any irrationality on our part can and will be exploited using false flag
attacks. A third party who is not a friend of either US or China would benefit
perhaps from hacking Chinese infrastructure then use it to launch an attack on
US infrastructure -- a false flag attack.

Same applies to lower level stuff. If there is say a hypothetical an
irrational policy for mandatory arrest of anyone suspected of terrorism, one
shouldn't be surprised that neighbors will start reporting each other over the
color of fence or wrong type of shutters installed.

------
joe_the_user
I would assume that the most effective counter-strategy would be something
like a poisoned honey-pot approach: Make a large scale effort to start feeding
fake information to intruders and see what happens.

You probably couldn't do something like this but it's interesting to think
about: <http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage>

~~~
walshemj
This is what allegedly happend with concodrski (the Russian version of
concord) blueprints with design flaws where leaked to the russians.

~~~
stcredzero
What about AAMRAM-ski and Raptor-ski? (I just like the sound.)

------
blablabla123
I wonder if the New York Times and other high profile News papers could be
more easy on such allegations. This only improves the Cold War atmosphere some
political analysts predict since years.

It is also naive to assume that there is a G8 nation without a cyber warfare
unit in the Army. Or to assume that other nations don't do covert operations.

FUD has finally arrived in the mainstream.

------
omartinez
Timing of this news is interesting, for the lack of a better word in
describing it. This article is published the same week as CISPA comes back.

The news on Chinese cyber attacks to the US can help give a boost in public
support to these laws, giving them valid reasoning to give away our online
privacy.

------
sampsonjs
"In vague to non-existent evidence, Gray Lady hacks see absolute proof of what
their government handlers want you to believe". Word must have come down from
the White House to start pushing the "Cold War with China" kick.

------
thomasjames
Time for some technically literate people in Washington and some patriotic
hackers.

------
jinbakei
NY Times is just making bullshit...

~~~
berntb
>> NY Times is just making bullshit...

50 cent army? :-)

------
OGinparadise
_By DAVID E. SANGER, DAVID BARBOZA and NICOLE PERLROTH_

I hope you have no dirty laundry in your e-mail accounts, the Chinese military
is probably reading them right now.

Lit it or not, what the Chinese are doing is pretty smart, let' face it.
Countries launch (ed) wars to get what they want, the Chinese get it the easy
way.

