Hacker News new | past | comments | ask | show | jobs | submit login
Marriott Data Breach Traced to Chinese Hackers, US Readies Crackdown on Beijing (nytimes.com)
195 points by jumelles 6 months ago | hide | past | web | favorite | 157 comments

“China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law”

"In accordance with the law” is the sneaky part that lets them add all kinds of 'Chinese characteristics' to whatever topic is being discussed. Their 'law' is often phrased very broadly and interpreted with lots of freedom and in practice is whatever the CPC wants. This is how they say one thing and do another, always "according to the law".

> This is how they say one thing and do another, always "according to the law".

Wasn't there a country that alleged yellow cake, WMD and other things in order to facilitate a grand mess in the Middle East. All perfectly legal according to the law, right?

Yes, but there is not yet any proof that Bush or Cheney lied about these things to start the war. Many in the CIA were genuinely convinced that Saddam had WMDs and/or resources to create WMDs. They turned out to be completely wrong, but it was their belief at the time. I wouldn't exactly be flabbergasted or Bush or Cheney willfully lied, but just because that's a common narrative doesn't mean it's substantiated.

Gulf of Tonkin would be a much better example.


did everyone forget the Snowden docs? NSA program ROYALCONCIERGE already hacked into Starwood hotels and stole their entire database of booking and guest dox. worst of all, the hack is persistent and tips off NSA in real time the moment Abu Bakr Baghdadi checks in. or what if this hack was oh say The Shadowbrokers using NSA'S backdoor to shame NSA and close the peep hole spying on every guest of every Starwood hotel in the world? how do we really know this hack wasn't NSA itself? who can you trust? trust no one. only believe what you have seen with your own 5eyes and certainly never let spooks who lie for a living trick you into going along with another Iraq war based on forged evidence with all the Intelligence chiefs and crooked FBI directors swearing to you on national TV that you just need to trust them, because the evidence is classified, so they can't prove it to you, but you need to get on board with believing in the new false flag Gulf of Tonkin and cheering for the new war. if you don't support the war, then you disrespect the troops and you should get the fuck out of America.

by the way,the Mirai hotel in Hong Kong where Snowden escaped to is a Starwood hotel. isn't it funny that ROYALCONCEIRGE didn't tip off NSA as to exactly where Snowden was the whole time? or maybe it did work and they were watching him all along.

Sorry to be nit-picky, but that sounds conspiracy theory-ish. The link you provided does not back-up your claim of the NSA having hacked the Starwood database. The linked article makes it sound like as a by-product of massively vacuuming up internet traffic, GCHQ has been able to track hotel booking confirmations sent to gov.whatever addresses. Which is noteworthy but (legally and morally) not as sinister as active measures.

> NSA program ROYALCONCIERGE already hacked into Starwood hotels and stole their entire database of booking and guest dox.

Your linked article makes no such claim. The specified program mentions neither the NSA nor Starwood Hotels nor hacked databases. It's a GCHQ program that appears to work on email messages collected elsewhere.

This make me curious about whether "national security letters" have been sent to Airbnb.

I'd be really interested in seeing the declassified intelligence the article mentions that points the finger at Chinese-intelligence. While proving that the attackers originate in China might be easy, clearly connecting this to a government-supported operation seems quite a challenge involving long chains of reasoning. It's probably not feasible to release all the info needed to independently verify this, but we'll see.

I can also imagine how this line could be blurry... perhaps the government quietly permits more profit motivated blackhat operations in exchange for some intelligence sharing. And really the perfect "cyber attack" shouldn't be attributable at all.

> perhaps the government quietly permits more profit motivated blackhat operations in exchange for some intelligence sharing

I've long wondered if we're going to see cyber warfare "letters of marque" at some point.

In retaliation to cyber attacks on US companies, the US government could designate Chinese firms with connections to the Chinese government (and particularly those which support the Chinese military) in letters of marque, allowing retaliatory IP theft, permission to cause damages, etc.

If the Chinese government is behind these attacks on US companies, than we are in a de facto state of warfare.

I doubt we'll see formal legal letters of marque until and unless we're in a state of open war. The US government already has a policy of using kinetic means to retaliate against serious cyber attacks and other governments take similar approaches. So unleashing a bunch of mercenaries without clear constraints would create a dangerous risk of unexpected escalation.

But federal law enforcement could simply decline to pursue private actors who attacked adversary states. Plausible deniability, to an extent.

If we see cyber warfare "letters of marque" imagine if they allow for the takedown of internet pirates without allegiance to any particular country.

But total war might follow.

Live by the sword...What if NSA already did the same to China? That's their mission, isn't it? China's "NSA" succeeded but became public.

Our NSA might have succeed dozens of time but China keeps it a secret.

The open warfare can't come soon enough, as far as caring about the stability of our infrastructure is concerned.

What are you thinking! Open cyber warfare could destroy our way of life. Imagine if all electronic records were very suspect. Bank acct values had millions of known wrong values.

I watched someone take ten pictures of pure black last night to keep a "streak" fire emoji next to their chats on Snapchat.

Our way of life is kind of fucked, to be blunt, and our consumer tech culture could use a cull.

Those who don't understand or respect tech...they haven't been (explained/bitten by) the consequences of their ignorance.

Did you have limited skirmishes in mind or a nuclear war?

Escalating attacks on State/corp network infrastructure would lead to better tools being built immediately by those who have the resources to do so, hopefully making their way to everyone eventually.

You're right, but there also may be highly sensitive intelligence at play here. If US intelligence has a mole in Chinese intelligence, and/or access to Chinese government systems, they could have smoking gun proof. They may have been able to trace it to them with high confidence even without that proof, but we'll probably never know for sure, since they'll never publicize the real details.

Chinese government is a complex hierarchy. Documented, planed, coordinated attacks are really rare. Most of the breaches are carried out by Chinese civil hackers or contractors, The harvested data was later funneled to government agencies by various markets and cooperative projects.

I've seen one these "lone wolf" actor preemptively collecting emails of a very high profile target via sophisticated penatration (APT? LOL), then sold these data to a state-owned enterprise. In exchange his hacking violations were cleared.

The government simply kept a loose end to these kind of foreign hacks. For domestic offense, the rules are very strict. Some dude famously posted some kind of minor XSS vulnerability of a random PLA veteran management site, then the hole public disclosure site was shutdown by the government and site admin was jailed. LMAO. So today the Chinese underground market was more active than ever before, because there are no more free bugs.

What's your sourcing on all of this?

Everything you just said--if legitimate and if identified via IC-contracted *INT--would with near-certainty be classified and appropriately compartmentalized. If it's research from an outside institution, it'd be more interesting to read it.

I think it's a mix of both, much like it is in Russia.

You are misinformed.

Are you just trying to sow doubt for China's sake or do you legitimately have issue with what was said by the two sources and Just Dept case.

> While proving that the attackers originate in China might be easy, clearly connecting this to a government-supported operation seems quite a challenge involving long chains of reasoning.

Connecting to a government-supported operation has already be done before [0]. There probably isn’t that much difficulty to do it again.

[0] https://en.wikipedia.org/wiki/PLA_Unit_61398

The article mentions that the US Government has not attributed the hack to China. This step has been done by private security contractor firms who "notice a lot of similarities" with other hacks attributed to China.

This is extremely weak reasoning. Any state actor would have the ability to cover its tracks, and more importantly to frame other state actors.

The article ends with a bit of classic anti-communism fear mongering.

It wouldn't be the first time a private security firm exposed Chinese hacking.


Mandiant's report: https://www.fireeye.com/content/dam/fireeye-www/services/pdf...

Replace Chinese with Russian and ask yourself if you still want to see the declassified Intel.

You should always ask for evidence for claims. A quick reminder that the US intelligence community lied to the Bush administration about WMDs in Iraq, as well as about the existence of PRISM and related programs. Trusting the intelligence community, in the absence of evidence, is hardly a reasonable standpoint.

Why would it matter if the claim were Russia, China, or North Korea?

Yes, I would like to see all declassified intel indicative of any foreign power performing a cyber attack on us. Is that somehow controversial?

Why wouldn't we want to see the declassified intel on Russian hacking? What does that even mean?

My guess is that it's a reference to Hillary Clinton losing election due to hacked emails.

I'm not sure what point you are trying to make with this comment.

You've violated the prime directive. /hackernews/2017/08/22/0/

I went to that date but couldn't see anything.

Given the long history of nation-states engaging in false flag premises for both diplomacy and "diplomacy by other means," how much scrutiny should we give to nation-states claims of hacking? How easy or hard is it to fake such claims? I should think it's much easier to fake than hiding nuclear weapons or instances of armed violence.

People do this all the time when they don't want to believe. At one point people didn't want to believe North Korea was the perpetrator of the Sony Hack, for political reasons, but then for other political reasons people were sure it was North Korea. Just like the email hacks --people tend to believe or not believe depending a lot on their ideology and how it aligns with them, unfortunately.

People do this all the time when they don't want to believe.

I'm fine with the prospect of China hacking the US. It fits in just fine with my world view. However, there's also the sinking of the Maine, the Gulf of Tonkin incident, and Iraqi WMD. Skepticism is called for.

That skepticism is earned indeed. But despite that people will believe something along these lines (WMD[1], Sony Hack, Russia, etc.) if it aligns with their political view. And if it doesn't then they're even more skeptical than is healthy.

[1]Although to be fair, Saddam _wanted_ his neighbors to believe he had WMDs. It was a sort of a reverse 'boy who cried wolf' and then not wanting to lose face kept playing games (which fooled many to believe more than they should have with flimsy independent evidence that he had WMDs (including many in the opposition parties).

To be fair: Even the responsible UN weapons inspector, Scott Ritter [0] quite bluntly stated there was no evidence at all for the Iraqi WMD program.

Not that anybody in the Bush administration would have cared, everybody there was well aware of this fact, that's also the reason why they tried to play up the fictitious "Saddam al-Qaeda" link [1] for a while and why the whole WMD thing just became a joke to them a mere year after the invasion [2].

[0] https://en.wikipedia.org/wiki/Scott_Ritter

[1] https://en.wikipedia.org/wiki/Saddam_Hussein_and_al-Qaeda_li...

[2] https://www.youtube.com/watch?v=O35NA6TywAg

That whole thing was a fiasco and a stupid mistake or undertaking. It really was a terrible thing to do (there was reason to unseat Saddam, but not at the cost it would take). However, it would be a mistake to think this was only a Bush thing. This was broadly bipartisan in the US. It was neoliberal politics and war hawks who thought they could shape the world in their neoliberal view. With the Soviets out of the way, they thought they could help make the rest of the world more like western democracies (obvs through force if necessary) We saw a continuation with the Arab spring enthusiasm which turned horribly wrong as well.

It was no mistake; they knew exactly what would happen, as Dick Cheney himself had publicly predicted just a few years before: Once you got to Iraq and took it over and took down Saddam Hussein's government, then what are you going to put in its place? That's a very volatile part of the world. And if you take down the central government in Iraq, you could easily end up seeing pieces of Iraq fly off. Part of it the Syrians would like to have, the west. Part of eastern Iraq the Iranians would like to claim. Fought over for eight years. In the north, you've got the Kurds. And if the Kurds spin loose and join with Kurds in Turkey, then you threaten the territorial integrity of Turkey. It's a quagmire if you go that far and try to take over Iraq.


There was a reason to unseat Saddam? What reason would that have been? Him belonging to the "axis of evil"? By that same logic, would you also be okay with invading Iran? Or are you fine with some good old covert regime-change action like it's been going on in Syria?

The US had no justification for doing what it did in Iraq, literally the whole world said "No" resulting in the biggest global peace protests in human history, the UN said "No", yet the US went straight ahead with it's "coalition of the willing".

Framing this like the "US just wanted to spread democracy out of the goodness of her heart" is not only dishonest, it's extremely cynical. The US isn't some "nice good guy", it didn't go into Iraq because it cared so deeply about the Iraqi people, it went in there for its own geopolitical interests.

I didn't say I thought the hawks were nice. I'm saying what they wanted to believe they were doing.

Saddam was a dictator and an all around bad guy [he gassed, he killed indiscriminately], he also, like Marshall Tito, kept a lid on the pressure cooker. But, yes, there was reason to get rid of him. If I take your claim at face value, Democrats claiming Trump should be impeached is the height of folly because they have no reason to want to unseat him.

Sure enough, he gassed, while the CIA gave him a hand with that when he gassed Iranians [0].

Just like Syria used to be an "ally in the war on terror" when Assad tortured terrorist suspects for the US, only to then turn around and use said torture as a pretext for "regime change actions" [1].

This is a common theme with US foreign policy, not just in the MENA region, and it's a major factor for the US not only losing international goodwill but also stirring up anti-US sentiments because most rational people see it for what it is: Hypocrisy

You also don't need to take any of my "claims" at face value, they've been considered established facts since the very beginning [2], particularly outside of the US [3]. Only in the Anglo-Saxon sphere was there any support for the invasion and most of that support was fabricated through influencing the narrative in the media [4].

The fact that you are still able to deny this, over a decade after, with all of its consequences undeniably impacting the world to this day, speaks bounds and volumes about the levels of indoctrination that happened back then.

What happened in Iraq was one of the greatest injustices in modern history and a major factor for radicalizing moderate Muslims, the "War on Terror" did nothing but create more terror. Exactly how Osama wanted 9/11 to play out, just like it kicked off massive refugee streams into Europe, lasting to this day.

Yet here you are, still trying to justify it like it's been the most normal thing in the world.

[0] https://foreignpolicy.com/2013/08/26/exclusive-cia-files-pro...

[1] https://www.theguardian.com/commentisfree/2012/feb/19/syria-...

[2] https://www.csmonitor.com/2001/0919/p12s2-woeu.html

[3] https://www.theguardian.com/world/2004/sep/16/iraq.iraq

[4] https://vimeo.com/67739294

They're the height of folly because these criminals aren't ever held responsible at that level, not because they're wrong.

> People do this all the time when they don't want to believe.

People do this all the time because people working in the sector know [0] that attribution, with anything "cyber", is near impossible, if the attackers know what they are doing it actually is impossible. As such most attribution usually boils down to guessing games based on code samples and used attack vectors but rarely, if ever, on anything actually solid.

[0] https://www.schneier.com/blog/archives/2015/01/attack_attrib...

People do this all the time because people working in the sector know [0] that attribution, with anything "cyber", is near impossible, if the attackers know what they are doing it actually is impossible.

This is wrong. Schneier has no idea what he is talking about (as usual). The funny part is that he opens with skepticism about the North Korea/Sony hack, of which many were skeptical early on, but now is not disputed by anybody. So he was wrong about that too. So very wrong. Especially this line:

More likely, the culprits are random hackers who have loved to hate Sony for over a decade, or possibly a disgruntled insider.

I'll be honest, I was skeptical of that one too. But I knew what I didn't know, so instead of challenging experts or trying to get my uninformed opinion out in the public sphere, I kept that to myself. And when I heard someone who I know would know make the NK claim without hesitation, it made me re-evaluate some assumptions. When it turned out that they were correct, I knew it was not a lucky guess.

Attribution is not easy, but it's absolutely not impossible in all cases, or even difficult in many cases.

People who understand technology make a lot of assumptions about how attribution works, and then make assertions like this. Attribution isn't simply that the bad packets came from a Chinese IP address.

A good rant on the topic is here: http://www.robertmlee.org/russian-election-meddling-grizzley...

> When it turned out that they were correct, I knew it was not a lucky guess.

And when did that happen? You do realize that the US DoJ charging somebody still isn't "evidence"? Just like claims that some NK agents coded something are mostly based on code heuristics and usually nothing else.

> Attribution isn't simply that the bad packets came from a Chinese IP address.

Where did I ever claim that? It's the whole reason why I pointed out what I did. Even your linked "rant" agrees that much:

> Attribution is not done with single pieces of evidence or a smoking gun it is done as analysis on complex data sets most of which is not even technical

"most of which is not even technical"

Just because you are clustering together a bunch of assumptions still doesn't make them any more than assumptions. Just like companies working in the sector have a vested interest in making it look like they are more certain than they actually are because nobody pays them for "maybes", people pay them with the expectation of getting solid answers.

In that context, it does not really help to harp on about "MOs" and how other security firms totally agreed with some attribution, they are all just wild-guessing based on what they expect the opposition to use and what fits their "MO". Assumptions which are extremely easy to exploit for anybody willing to go the distance.

You have no experience in this. Why do you keep insisting on challenging experts in the field? Clustering assumptions is still not accurate. Give it a rest.

That's rich coming from somebody who claimed Bruce Schneier doesn't know what he's talking about, before linking to a "rant", driving down exactly the same points I made, by a CEO of an InfoSec outfit, a former NSA spook to boot, praising the accuracy of his own service.

Sorry, but let's just agree to disagree, it's clear there ain't anything else left to do here.

Sounds good. You clearly have no idea how this industry works, and don't know who is reputable and who is not.

Rant is the right word, though he makes a rather good summary

>Attribution is not about having a smoking gun. Attribution is a good example of doing true intelligence analysis; there are no certainties and you only can come to an assessment such as low, moderate, or high confidence. Almost every single piece of data put forward in that assessment can and should have counters to it. Very reasonable counters as well.

Which is completely in line with.

> People do this all the time because people working in the sector know [0] that attribution, with anything "cyber", is near impossible, if the attackers know what they are doing it actually is impossible.

And that is plain and simply right. There is no credible way to actually attribute anything cyber. You can make an argument, that something looks like it was done by X, but not that something was actually done by X.

That's not what he's saying at all, and what you are saying is plain and simply wrong.

Please do elaborate.

1. Attribution is not about proofing something, or finding "the one proof", but about verbalizing that there are indications that someone might be responsible. And quantifying this likelihood.

2. Having a reasonable level of attribution of cyber attacks cant ever be realistic if your opponent isnt a moron, as the indications you work with can be artificially created to fool you. There is no way to differentiate between a high likelihood attribution and a clever enough framing. While this is also true for real life attribution, for lets say chemical weapons, it is much easier to create indications in cyber attacks. And the incentives to do so are clear.

You are taking one reasonable critique, that you cant expect a "one proof" in attribution and turn it around to make attribution to something that could actually proof something. The limit of attributions is that you can vocalize, to what degree something looks like it was done by someone. Nothing less but also nothing more.

Having a reasonable level of attribution of cyber attacks cant ever be realistic if your opponent isnt a moron, as the indications you work with can be artificially created to fool you.

You likely aren't aware (because you're speaking from ignorance) but you just called literally every intel agency "a moron" here. Even the NSA TAO has been attributed, beyond any doubt whatsoever, multiple times.

Given that you're digging your heels in and seem to be more interested in making false assertions than learning, I see no need to continue this. You've never worked in attribution or threat intel. Why do you feel the need to have a strong opinion about it? Do you do the same thing for other complex topics that you know little about? It's not a good look.

We do have actual proof of TAO and who used it. Actual evidence which could be used in for example a trial. A high likelihood attribution isnt evidence. There is a limit to how sure you can be with attributions of cyber attacks.

This is directly from the rant you posted.

"Attribution is a good example of doing true intelligence analysis; there are no certainties"

>Why do you feel the need to have a strong opinion about it?

A lot of people try to use attribution as something it isnt is, as evidence. There is no reason to muddy the water and use the misrepresentation of attributions for political means. This nonsense gives the entire field a bad rep. Its intelligence analysis and not forensics.

I find it a bit rich to call others ignorant, when your argument consists of nothing more then the assertion that your counterpart is wrong and unnamed experts would agree with you.

This shows how news orgs will continue to press on with disinformstiin despite having evidence disctediting their claims. Reputable organizations at that.

Yes, that's the first half of the article (and the primary motivation). The "Please Stop Arguing About Attribution Without Expertise In It" is the section I was pointing to.

This is to say nothing about this particular case. I have no idea how solid the attribution is here. But the same comments to dismiss the whole idea of attribution out of hand come up every time, and they don't get it.

We shouldn't take it on blind faith that some attribution is accurate because it appears in the press. But we also should not interject with uninformed speculation about how we think attribution works, and then attack that straw man so they can cast aspersions on the motives of those making said attributions.

Right but on the other hand, with the same hedges people _will_ believe something despite all these qualifications that something was done by someone if it aligns with their politics to believe it.

Accusations like this shouldn't be based on "hedges", as long as they do they only serve to do exactly what you describe: Lead people down predefined conclusions.

That's why it's important to point out the difficulties of attribution or else people will simply take it as they see it, without even questioning it.

In that context questioning it is not "hedging" anything, it's inquiring about actual evidence, which most rational people should be asking for instead of "hedging" based on political beliefs.

I agree with your take but I disagree with hedging being inappropriate here. Hedging just means using qualifications and conditions given some uncertainty in a claim.

> " if the attackers know what they are doing it actually is impossible"

Every attacker makes mistakes. It's not a matter of "knowing what they're doing". They're human.

If we are really talking about organized state sponsored hacking, then the variable of human error is usually minimized trough redundancies and oversight.

Unless you want to suggest that on one hand they are sophisticated enough to infiltrate all kinds of hardened systems, but still dumb enough to let themselves get caught in the act while doing so/leaving evidence behind pointing straight back at them.

That's why the vast majority of cyber attribution is rarely based on actual technical evidence, but rather on cui bono assumptions and by ascribing certain tools as exclusively used by certain actors. And because none of this a secret, it's a pretty easy to exploit methodology [0].

[0] https://arstechnica.com/information-technology/2017/04/wikil...

The Australians did exactly that, some binary wasn't scrubbed and pointed directly to their HQ

I also wanted to mention the Sony hack, and on the Wikipedia page there's a section quoting experts who doubted that it was them who did it. Associating this with sanctions against Chinese networking companies makes me think that it's just too convenient of an excuse.

Those "experts" were not experts in attribution, and the consensus is that they were wrong.

One is from Norse, a widely discredited and now defunct security firm, ironically infamous for their false attributions.

Two are journalists. Enough said.

One is Seth Rogen the actor. Enough said.

One is Sabu from LulzSec, a script kid turned FBI snitch, who is way out of his league commenting on this.

One is Marc Rogers, who I don't know personally, but I doubt he maintains his skepticism today. In any case, a security expert to be certain, but not an expert in attribution and not privy to the evidence (only some of which has ever been made public). Worth noting that he published followup blog posts to the wikipedia-linked citation that walked back his skepticism quite a bit (http://marcrogers.org/2015/01/24/wrapping-up-the-whole-sony-... - "In my eyes, the preponderance of evidence definitely suggests North Korean involvement or someone trying very hard to make it look like North Korean involvement."). He basically settled on it being plausible, but concerning, and acknowledged that he wasn't privy to the evidence.

Typically these situations where belief follows political lines are an indicator that there isn't strong evidence to support either interpretation.

Could’ve contracted it out too. It’s not necessarily the Chinese State, could’ve been freelancers hired by someone else.

For over a year there has been widespread reporting of a surge in Chinese hacking, since the trade conflict began with the Trump Administration. Before that, the Obama Administration managed to get a brief cease fire, during which reports of Chinese hacking plunged dramatically.

So what exactly was the Obama Administration getting an agreement on? China was doing it before, stopped after a publicly acknowledged agreement with the Obama Admin, and then it's so far fetched that they'd start up again during an increasingly aggressive trade war as to be worthy of false flag considerations - I don't think so.

If it was China in this case, it's nothing more than par for the course for how they've been behaving for the last decade plus. It's an invaluable tool in their arsenal for dealing with the US in a variety of regards.

I thought this was Marriott's fault? Perhaps US should crack down on Marriott...

That was my thought as well. If this is due to gross negligence from Marriott's side, it's more their fault than the hackers. At least that's my personal opinion.

Exactly. This is actually excellent news for Marriott since it firmly shifts the blame and attention away from them.

Anytime the government claims that a hack originated from a specific country, assume it's politically motivated.

... or that they have evidence that the hack originated from the specific country. One or the other.

The decision to make the hack public is always political.

Why not both?

Sorry, that was indeed an inclusive or.

what is it about China and Marriott hotels?

there was also that time they made the company fire that employee https://news.ycombinator.com/item?id=16515274

Thanks to Snowden, we have hard proofs that the USA have been using hacking on a very large scale for multiple goals including industrial espionage.

Now, they say that their #1 economic rival is using hacking to steal data. But, there is no evidence.

At least, before the Irak invasion, the US made some efforts to forge some fake proofs that Sadam had weapons of mass destruction.

An internet facing rdp with user name and pw creation guidelines should be "traced" back to Marriott 's IT.

But while top administration officials insist that the trade talks are proceeding on a separate track, the broader crackdown on China could undermine Mr. Trump’s ability to reach an agreement with Mr. Xi.

Mr. Trump, in an interview with Reuters on Tuesday, said that he would consider intervening in the Huawei case if it would help serve national security and help get a trade deal done with China. Such a move would essentially pit Mr. Trump against his own Justice Department, which coordinated with Canada to arrest Ms. Meng as she changed planes in Vancouver.

I wonder if it's because Huawei's equipment or staff played a role, or if they just want to use Meng as a bargaining chip in the demands regarding cybersecurity and IP.

Meng's father, Ren Zhengfei, is an ex-PLA officer and has deep connections to the CCP. Her arrest and the timing of it are not coincidences. Notice the reaction of government media outlets in China.

It's a direct method of pressuring China's political elite.

Where would an English speaker be able to do this?

Someone downvoted me, but I'd like to point out to the genius that did that, today's FT article titled, "Trump makes Huawei CFO a bargaining chip" (FT, Dec 13, 2018) which is what I was asking.

People demanding to see evidence here have to realize that information like that tends to stay classified for some time as ongoing operations are put in jeopardy just by announcing this.

It's also from the justice department, meaning multiple groups of eyes were on this decision, not a few anti-China hawks. China does have a history of this kind of behavior.

I honestly find it quite concerning how much pro-chinese-government support bubbles up on platforms like HN, etc. Nothing against individuals in China, but as an entity the government (as with all governments) should be heavily scrutinized.

It's definitely the government's SOP to try and exfiltrate data from the west, and it's no small secret. I feel everyone is getting pretty nonchalant about it.

HN is now a pretty global community with enough presence outside western world. So as an Indian, I have no dog in fight (except that I stayed in Marriott, so my data is probably leaked), but I have absolutely no trust in both US and Chinese government and media and for that matter Indian govt and media.

It is very much possible that Chinese hackers got this data because they could and it is lucrative and then sold to players including govt. And US intelligence is only passing selective info. to show Chinese govt as the primary perpetrator.

I made a comment (that was the top comment on an article about fentanyl) criticising the Chinese for promoting labs making illegal and highly dangerous drugs such as fentanyl which they send to the west. My post was flagged and taken down!

Fentanyl is a Schedule II drug, the labs themselves aren't the problem, black market trade is

My problem with it is that the US government does plenty of horrible shit, including spying, warfare and torture.

The Snowden leaks showed without a doubt that US intelligence has no qualms collecting and admitting to spying on ALL communication between non-US citizens. Without telling anyone... hacking a marriot database is peanuts in comparison.

Somehow whatever the US does to protect its interests is moral but when another country does the same its evil or "concerning". Bullshit US paternalism.

Your comment, and similar cliche arguments on HN are tiring to refute over and over and over.

Before you put US on the same pedestal of morality as China, you must equate them on apples to apples basis. Picking and choosing horrible things US has done in the past is very convenient.

I immigrated to US and I’ve travelled extensively over the world. If you’re picking and choosing Guantanamo, Iraq war, etc. then I can do the same about Tianman square.

Let’s objectively assess the situation without picking and choosing - I can do the same about positive aspects of US: functioning justice system, representative democracy, cultural diversity and acceptance, LGBT rights, freedom of speech, freedom of press, right to run for public office, ... we could go on and on about this with no end.

I have a humble request: When arguing about A, please do not talk about B to escape the reality and scrutiny that A deserves. It’s distracting and tiring.

> Before you put US on the same pedestal of morality as China, you must equate them on apples to apples basis.

I think the mistake you make here is that we're talking about China's interaction vs the rest of the world and comparing that to U.S. interaction vs the rest of the world, which is more important to many than what is done domestically, because most of the people on here aren't in China, but the U.S. interference affects them even if they're not in the U.S., which is mostly not true for China.

How many coups has China been involved in as compared to the U.S. for example? Because these affect people on the other end of the globe from the U.S.

Why was there a military-style raid on Kim Dotcom in NZ, for something that is possibly a crime in the U.S.?

Why was there pressure put on Sweden to prosecute TPB from the U.S. side?

How come the U.S. claims to believe in the free market, but when a Chinese firm gets competitive there, they try to block them?

How come U.S. feels entitled to bomb in foreign territory, where they were not invited by the local government? Without UN approval at that?

How come U.S. feels entitled to bully other nations at the UN to vote their way on Palestine?

How come is it OK for the U.S. to attack a country that did not attack them?

How is it OK to go to war on a completely false pretext?

How is it OK for the U.S. to use chemical weapons?

How is it legal for the U.S. to commit terrorist acts in other countries?

How is it OK for the U.S. to tell other countries that they can't have nuclear weapons even as the U.S. is the only country to ever use the in war?

How is it moral for the U.S. to block civilian and medical goods, starve a country and help commit war crimes?

There are plenty of more local issues too, like the War on Drugs, the targeting of minority communities, the infiltration of civil rights groups, the jailing of whistleblowers and intimidation of journalists etc. but the above affects much of the world in some way or another.

This is why U.S. behavior is seen as such a problem outside its own borders. China has nowhere near the worldwide reach the U.S. does.

Yes, thank you for putting it so clearly. I’m concerned about how US/China affect the REST OF US (WE EXIST, THERE ARE 5 BILLION OF US, HELLO THERE!), so arguments about how well the US treats its own people or how poorly China treats theirs are completely immaterial to me. Its about how those countries operate outside their own borders.

You’re missing my point.

Digital espionage/cyberintelligence/hacking is a boring standard part of intelligence for ANY country that has the capability.

I brought up the Snowden stuff only as evidence that the US does it too. The point is not to criticize the US, the point is any country that can do digital espionage, China included, is doing it, simply because no one wants to fall behind in a global arms race. I don’t think that makes China the evil boogie man.

And I don’t appreciate the straw manning and condescension. I’m not trying to make some broad “China is better than the US” argument.

> I don’t think that makes China the evil boogie man.

> And I don’t appreciate the straw manning

If you have to turn "scrutiny" into "makes it the evil boogie man", that's kind of a giveaway. I would call this the compiler error of online comments, and static typing can catch errors without having to run the program every time. Which doesn't only save you time, but the readers too; starting the program, getting bogus results, freeing memory and writing a bug report takes much more time.

> I’m not trying to make some broad “China is better than the US” argument.

I don't know what you tried, but going by what's written here, you responded to the criticism of nonchalance with "the problem is that $random_stuff_about_the_US_nobody_denies", as if that refutes said criticism.

When there is an article about a disease, wouldn't it make sense to talk about all sorts of other diseases instead, so nobody thinks that disease is "the evil boogie man"? Are comments about US spook stuff also riddled with comments about China or Israel or any other the hundreds of nations, just so nobody gets the impression that "the US is the only country doing this"?

Why not simply assume everybody knows these very basic things? It's not like any comments (I saw) imply that they don't, unless you read that into them.

See, I really detest this argument because it's pretty low-level.

Yes, there is equally horrible shit going on with both sides. But that is absolutely no justification for accepting it.

Would you then be comfortable with the US stopping all spying on foreign governments while those countries continue? And surrendering all nukes while other countries keep theirs?

I'm against spying too, but if everyone else does it I can understand why China would want to also purely to equalize power. Its the same situation as nukes - i dont like them, it would be great if no one had them, but if some already do i fully understand why others would want to get them.

While this is a bit of strawman logic, I'll bite.

My answer is this - what we are seeing I feel is a build-up to a massive power shift in the coming decades. As the climate changes and resources undoubtedly become scarce (water, food, etc) something will eventually trigger a conflict between the major nations, which currently people refuse to believe is a possibility. I'd guess the relative economic stability of the last several decades has lead to this.

When the curtain inevitably falls, which would you prefer to take the baton. A quasi-democratic nation (US) that has clear pitfalls but at least a large portion of people living in relative freedom of thought, or the nation which has revoked the need to run elections, actively black-bags people for saying the wrong thing about their government, and institutes wide ranging censorship on a variety of important issues?

Neither side is perfect, but it must be objectively said that the humanitarian state of affairs in China is dismal.

Currently we are seeing the government in China stifling dissent as well as preparing to quash as much possibility of it in the future, while actively probing "the other side" for weaknesses.

In any strategic sense, what's going on right now should be concerning. And while the thought of 'picking sides' does honestly suck, I'll throw the question back at you.

What would you prefer?

I don't think talking about spies or nukes is irrelevant or straw manning - they're pretty similar to hacking in that they are essentially weapons against foreign governments. As a government, it makes sense to try to keep up in the global arms race.

Anyways, as to your question -

In short:

The way I see it, China will not displace the US as a global power anytime soon. It may become a 2nd global power in addition to the US. I think a multipolar world is healthier than a unipolar world for the same reasons competition makes markets better.

I think much of the frenzy around China is a US-centric reaction to the them potentially losing its spot as clear #1, but the world is better off without a clear #1.

More details:

China is absolutely not a democracy the way the US is. I do agree the US treats its OWN people better than China. But I'm not a US citizen - thats not really relevant to me.

The US is historically much crueler to foreign enemies than any other country - no one else comes close to how many countries they have invaded, bombed, etc. We have already seen them invade and kill millions in Iraq under scarcity of oil. If things head towards scarcity again, who is to say they wouldn't do the same things again? China by comparison has mostly left other countries alone.

I care about how the power balance affects the rest of the world besides US/China. As do 6B others. I absolutely support people’s right to argue for their own benefit, but they must atleast recognize that is what they are doing. Honestly im really tired of seeing a constant default equivocation between “whats good for the US” and “whats good for the world”. Those are often different things.

> What would you prefer?

None of the above, as the U.S. is pretty much an oligarchy at this point. There was a study showing that unless you have a sizable sum of money, your priorities simply aren't worth much to lawmakers.

Why is there no single payer for example, even as the majority of the population is for it?

So to answer your question, I'd much prefer a world where the U.S., China, Russia, India, Brazil and the European Union are roughly on equal footing and then there are a bunch of smaller states that can try different systems, without getting economically strangled by the U.S. the moment their system isn't 100% predatory capitalist like in the U.S.

That way, any of these will have to think long and hard before commuting to a significant unilateral action, resulting in a much better equilibrium than we have now.

...because in the context of global politics, it applies. If country A can spy on B, what right does it have to demand B not spy on A?

Whataboutism is about responding to a criticism of your countries internal problems with a criticism of theirs. This is not about internal problems, its about what one country can do to another.

Many people in the US criticized that behavior from the NSA. Maybe you didn't notice those stories. It doesn't make all other instances of hacking or spying okay.

But surveillance is one issue (which is valid and we should talk about it). Stealing intellectual property using your intelligence apparatus in a way that benefits your state-sponsored businesses is another. We can talk about that too.

People did criticize it but that didn’t stop them did it? Last I checked Snowden was declared a criminal.

I’m talking about the Chinese governments perspective. From their perspective, until the the NSA stops spying (whether its criticized by US citizens or not) it does not make sense for China to stop spying either, purely to equalize the playing field. I’m against spying too but i can understand why any country wants to protect its interests.

There is a FISA court system in place preventing random access to data collected by the NSA. It has to be obtained via warrant, on record, from a judge. Most of it is metadata (call times, etc) and most of it was collected by cooperating with tech companies. The rumors about widespread NSA infiltration into all of our devices via hacking were greatly exaggerated.

The closest you come to that is with the CIA Vault 7 stuff (from WikiLeaks) which as we now know probably came from Russian sources, was probably also exaggerated, and we don't have any proof that it was used outside of targeted operations. It would be dumb for government not to develop tools for dealing with other nation-state hackers.

In fact, maybe that's exactly how we can pin attribution to China in this case.

I'll repeat my previous position:

> [...] surveillance is one issue (which is valid and we should talk about it). Stealing intellectual property using your intelligence apparatus in a way that benefits your state-sponsored businesses is another. We can talk about that too.

There is a difference, imo, and we should continue to talk about what China is clearly doing.

“People did criticize it...”

In China, that is not possible. Freedom of speech does not exist nor does freedom of press. Whether critizing made a difference (btw, yes it did. Snowden’s revelations has had a profound impact on spying on citizens, not just in the US but in the history of mankind in the digital age) is irrelevant.

China deserves criticism and so does US. The difference is that in the US, we can freely critize everything without the fear of anything. China has no such luxury and therefore, it needs even more criticism.

Just yesterday some people were commenting how there has been a marked rise in ANTI-Chinese government comments on HN recently

I think there might be a lot of confirmation bias going on

Both could be true, at the expense of more neutral comments, if there's more polarization.

I would love to see an analysis of HN comments. I don't even know if there is already a dataset of all HN comments to analysis or if someone would have to scrape..

It feels to me either my personal bias of where I think the world opinion stands is off (e.g. # of ulta-defensive of China comments > I expect), or there is in fact organized pro-china comments. Maybe a mix of both!

Fyi all hacker news comments since 2006 are available via bigquery on GCP:


I've noticed that too. Some of it might be suspicious but I suspect there's just a lot of misinformation, disinformation, and feelings floating around.

I think it's fair to acknowledge there is a non-trivial amount of users from China on HN, with their own agenda. Just as I am American, and pro-America, I am sure they are pro-China.

With that said, China has a history of bad behavior, especially with regards to cyber-warfare against US companies.

That's been my assumption too.

There also seems to be more acceptance of that even in the business world. I get contacted by Chinese tech companies offering partnership deals because I've made YouTube videos about electronics and they tend to have interesting contractual agreements surrounding social media.

For instance, no other tech company has ever asked me to censor negative user comments if I review their product but multiple Chinese companies have requested exactly that. One of them worded it as "silencing the slanderous tiny trumpets".

>"silencing the slanderous tiny trumpets"

Love it!

This is what a concerted government propaganda campaign looks like in today’s digital world.

Edit: witness the downvotes - my point exactly.

Did you mean American or Chinese?

> Edit: witness the downvotes - my point exactly.

It doesn't take much.

Every time a downvote occurs, a black helicopter simultaneously flies over my house - it’s uncanny!

People demanding to see evidence are already falling for a trap of a narrow Overton window. The Internet is hostile noise, and it does not really matter "who" hacked whatever - what matters is who created and maintained such ridiculously insecure systems. And no, I'm not talking about the actual servers themselves - but the business practices of keeping a surveillance log of every hotel guest ad infinitum.

The sad reality is that the tech community has basically zero faith in the US government.

This is not my position, but it's very clear that is the most vocal sentiment being expressed and seems to be the most prevalent even among those who aren't very vocal.

I don't think that the faith in China is much greater among most of those people. It's just that the censorship among anti-China sentiment is more aggressive than anti-US.

Actually I think that's the wrong perspective.

I don't think these folks have any more faith in China than they do the US, moreso, they don't see China as as much of a threat to themselves and others as the US.

Precisely this.

As an European, I just don't think China has as much power over me as the U.S.

Also, ask Kim Dotcom who he thinks is the bigger problem.

The US government lost all credibility for this type of claim in 2003 when they manufactured intelligence to justify the Iraq war. So it's not surprising that people now demand verifiable evidence.

That was the administration vs the intel community. There were CIA reports advising the administration that there was no clear evidence but the admin pushed the WMD narrative really hard because of a potential.

Even then, it was more complicated than that because Iran was on the verge of attacking Iraq (which is probably why the admin and military were pushing to move in the first place).

Tangent aside, it's different when US administrative, US intelligence, and multiple other countries are in agreement about Chinese hacking and intellectual property theft.

> That was the administration vs the intel community.

There's plenty of examples of the CIA manufacturing evidence, doing coups etc. so that doesn't mean much either. What matters is the result.

Yes but those subtleties are lost on the general public and most foreign governments. Regardless of the causes, in the end the US government lied. Credibility is fragile.

Isn’t the justice department under the executive branch? With head appointed by the president? Or are they the judicial branch and have independence?

It's exec but a decision like this would still require numerous people.

Not that situations haven't arisen where exec is in disagreement with intel (Iraq, for instance) but that's pretty rare. And it's hard to tell exactly until more info comes in and other agencies corroborate.

My point was that this isn't one person trying to start something. Multiple people had to be involved if what the Times is reporting here is correct.

Not everything is a conspiracy.


Funny, China has been using that excuse for the last century. Blame the foreign influence!

It was China's reality for about a century, not merely an excuse.

Sure, but then we can also say we were influenced by foreign powers in our history as well and trot that out whenever convenient. I mean, it's not as though France didn't intervene to screw over the Brits.

In this case, the actual foreign abuse overlaps significantly with the other comment's "for the last century" period.

It's 2018, no one bothered China except Japan and their communist neighbors for almost an entire century now.

Time to move on and quit being a victim?

Please do not use HN for political and especially not nationalistic battle.


“Except Japan” is an exceptionally bizarre clause to use here. It’s like saying “except Nazis” when talking about what Jews have suffered.

If you just said “since the mid 20th century” that would make a lot more sense.

Oh boy I'm sure you are a western sympathizer of China, and I am almost ashamed of myself for not being nearly as defensive.

Japan and said nieghbors has been at war with the middle kindom for millennia, East Asians will be hating each other for another millennium, but does this justify China's never-ending hate towards the entire world? More specifically anyone else who's not a communist country or ally?

And the vast amount of people Japan so ruthlessly and nefariously massacred in China is only a fraction of what communism scored?

Not to mention the CCP just loves to ride this hatred, they are "the only savior and protector" of Chinese afterall.

It makes you wonder if sometimes people make opinionated comments on here just to elicit free lessons in some unfamiliar topic.

I mean, I do that sometimes. Once there was a thread discussing an app, and I wanted to know if the app has a certain feature. Instead of just asking whether it has that feature, I posted a comment saying "the only thing preventing me from switching to [app] is its lack of [feature]", thinking I'm more likely to get a response that way. And indeed right away I got a correction from an angry poster with just the information I was looking for. lmao

I admit my historical views are (or was?) extremely skewed, flawed and uninformed, I'm never proud of that, but I will never hate myself for it too since those are what Chinese textbooks and society taught me since I'm born.

I do regret that I came to realize it a bit late in my life tho, but that's what life is right?

What about Soviet meddling in their domestic politics, was that interference or was that welcome internationalism from fellow Marxists, or should we ask old hands from the KMT?

In perspective, it hasn't really been that long since the Cold War - most of those lizards are (unfortunately) still alive and pining for the glory days.

Politicians have been blaming scapegoats as long as there have been politics.

North Korea hacked sony - how do we know? That’s when it started

Unemployment is particularly an odd one to put in there. Nobody is complaining about macro unemployment due to Canada or tariffs. Tariffs aren't causing serious problems so far. In fact pretty much every report indicates they're helping the US, with China eating the bulk of the cost up to now. US steel companies are booming for the first time in decades. Steel & aluminum tariffs are also not harming the economy yet.[1]

Employment is increasingly setting records on almost everything. Check out the job demand boom on durable goods manufacturing [2]:


[1] https://www.cnbc.com/2018/12/11/steel-and-aluminum-tariffs-a...

[2] https://www.bnnbloomberg.ca/u-s-factories-are-posting-job-op...

My suppliers are facing extreme pricing pressure, and most are raising prices on many commodities. I’ve had more contract performance issues in the last 6 months than in the last decade.

Employment is tough to measure. Acecdotally, my employer is attracting many mid/senior level people who are good who are taking entry/journeyman level gigs. That’s usually a forward indicator of bad times ahead, in my experience.

Another factor is that tariffs are mechanisms that pick winners and losers. Automated steel and aluminum mills may be booming, but in contrast I just donated to a food drive for dairy farmers in my old hometown — many of whom will be bankrupt soon. They have to choose between heating the barn or buying food. Tariffs are also destroying small and midsize farmers in grain and other commodities.

unemployment numbers are distorted. they count all part time jobs and gig economy signups as employment. these arent jobs, you can afford a decent life with this kind 'employment'. people working as teachers, working as salesperson at an official car dealerships, working in retail cant afford to rent an apartment and are living from shared rooms.


This has nothing to do with that.

The issues are definitely related.

That the government is in the middle of one of it's biggest negotiations in history, with it's largest trading partner - and there have been twice in that last few months indications of 'Chinese government spying' - would imply that they are quite related wether we want them to be or not.

The first story was bizarre and didn't seem to have credibility, making one wonder how it came to be.

This story comes at an even more sensitive time, and so more clarity, more information is better.

Even the arrest of the Huawei rep. a few days ago - though maybe part of a separate investigation - will ultimately be viewed by 'the other side' as a tactic, ergo, it's part of the discussion wether we want it to be or not.

FYI - just today, a few days after Huawei VP is nabbed in Canada, the Chinese have 'dissapeared' a former Canadian diplomat in China working for an NGO. [1]

... which is exactly the kind of thing that many predicted would happen.

[1] https://nationalpost.com/news/canada/former-canadian-diploma...


Nothing, China paranoia was part of the current president's election campaign.

I didn't vote for Trump and don't support him to this day. But I still think that China has gotten away with more than they should up until this point.

There is nuance to this all.

I really hope the Western countries severely curtail China's ability to operate in the West. Ban their companies, ban party officials and employees operating in the West, completely lock them down and out of the rest of the world.

They need to understand there are real consequences for these actions.

Ban their companies, like Foxconn, that builds all iPhones?

What about all the hundreds of billions of dollars in other goods that are manufactured there that the West is reliant on?

I also want to see consequences for these actions, but the situation is more nuanced than you seem to realize.

Foxconn is a Taiwanese company. They'd be unable to export things from their Chinese factories, but I doubt it'd affect them much.

It's not like China is the only country capable of building iPhones and other goods. Taiwan, Thailand, Vietnam, etc all seem like good alternatives until the goods can be manufactured in democratic countries with the help of robots.

Would the western countries, companies and consumers suffer economically? Sure, but sometimes it's necessary to make sacrifices for the greater good, and it would be very shortsighted to ignore the threat China poses to the world.

Do you think the average voter cares more about this than being able to buy an iPhone?

I doubt turning China into the next North Korea will help it develop into a modern democracy.

Hey, how about voting for another Chinese Exclusion Act? I think all Chinese people gonna thank you for bringing those talents settled in US back home.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact