This article finally adds detail about how the Google hacks were carried out - something I've been waiting for since the first day of cablegate, when it was mentioned that there were cables discussing the event.
I'm pretty sure it was on cablegate.wikileaks.org the first day of the cable release, but I can't find it anywhere now. It's kind of moot though, as they only had a weeks worth of topics listed through today (sunday).
The cables indicate that the American government has been fighting a pitched battle with intruders who have been clearly identified as using Chinese-language keyboards and physically located in China.
Does anyone have insight into how keyboard language and physical location get clearly identified? I can't think of how you'd do that reliably.
Keyboard language: can you build timing signatures for how people type on different keyboards? Then set up a keylogger on a known compromised host or a honeypot, watch the intruder type for a while, and match the signature? That seems pretty easily defeatable: do as much as you can via scripts, and if you ever need to type something, pass all your keystrokes through a filter that knows how to mimic each timing signature.
I can't come up with a plausible way to pin down physical location, but I'm sure someone on here has a better working knowledge of that kind of thing than I do.
There is no such thing as “Chinese-language keyboards”.
Well there used to be some experimental prototypes designed to facilitate inputs, but they never gained any traction. Now it's all standard US keyboards.
But it would be rather easy to know the language based on keyboard input: most likely the typed string will contain more of the user's mother tongue I assume?
most likely the typed string will contain more of the user's mother tongue I assume?
It's not like an attacker is going to be writing emails on the compromised machine. Anything they'd actually be typing would probably just be standard Unix commands.
I didn't realize the Chinese used standard US keyboards, thanks. That just reinforces my feeling that the claim of "clearly identified" is probably total bullshit.
Well there used to be some experimental prototypes designed to facilitate inputs, but they never gained any traction. Now it's all standard US keyboards.
This is interesting, and it's a problem I've never really thought about. Can you say more about it?
I cannot say much about those prototypes since I only heard about them long time ago and never touched a real one. In fact few people even know about those silly stuff anyway…
Inputting Chinese on a keyboard is hard because of the sheer amount of characters. There is no feasible way to have enough physical keys mapping to even a very limited subset (think 2+k chars as the bottom line).
So the way out is to use Input Method Editor (IME's) to map a sequence of keystrokes on an ordinary US keyboard to a single Chinese character or phrase. Currently in mainland China there are two families of IME's that are in wide use: Pinyin-based and Wubi-based.
Pinyin-based IME's converts Pinyin, basically the sound of Chinese characters in Roman alphabet, to the corresponding chars. This family of IME's is the most popular one because almost any kid born after 70's knows Pinyin, and thus the learning curve to use Pinyin-based IME's is just mastering the keyboard itself. The shortcoming of Pinyin-based IME's is that a single sequence of Pinyin can translate into a lot more chars (1:50 ratio is quite common), and the user has to choose which one is intended. This is considered rather slow and error-prone. Most modern Pinyin-based IME's focus on NLP model to predict the correct chars, and I have to say it is now much much better than 10 years ago.
Wubi-based IME's rely on a formal and rather complicated method to decompose Chinese chars into sub-components based on shape, then map the 26 alphabet keys on a standard US keyboard to these components. The user chooses the correct components to form the characters. The advantage is that a single char requires less than 4 keystrokes to input, which is considerably faster than Pinyin-based IME's which usually require more keystrokes. There is also much much less “hash collisions” in that a keystroke sequence usually maps to only one or two chars, thus no need to manually choose anymore. The downside though, is that the method to decompose chars into components must be memorized, which is very difficult, and the mapping of components on the keyboard must also be familiarized, which is even more confusion. Some keyboards come with extra labeling to help this, much like a typical Japanese keyboard. In addition, I have the feeling that this method is designed for professional typists instead of ordinary users because it is quite counter-intuitive to think how chars are written and then decompose them when you are just chatting with someone. Professional typists, on the other hand, are looking at existing documents and try to input them into a computer, which is quite different from the mental model of chatting.
There are other less used IME's too. For example bank representatives used to use a method that map a 4~5 digit number into a char purely on the numpad because it is considerably faster once you master it. I don't think anyone is using this method anymore though. The learning curve is just insane. Other IME's try to combine both Pinyin and Wubi together with different tradeoffs, but few gain real traction.
In Taiwan and Hongkong there exist different IME's because they use Traditional Chinese which have much more complex strokes than Simplified Chinese used in mainland. Also in Hongkong they speak Cantonese whose pronunciation is different than Mandarin, so normal Pinyin is not used there.
If you can install software on their computer that runs with their authority, you can look to see what keyboard layout is configured and who their ISP is. You can also take pictures of them with their webcam and steal copies of all the passwords they type.
I'm finding the degree to which the political establishment is clueless as to the actual hard technical details of what is happening with this entire episode quite interesting, for example a quote from a recent article on the arab press response to the incident;
No one knows the truth of this WikiLeaks thing. Is it plausible that the United States with all its greatness, power and valor, cannot stop WikiLeaks and its millions of documents? Or have these documents been leaked by the Americans themselves to achieve a particular goal? Or has America simply turned a blind eye to the leak?
China's paranoia and amusing conclusions about the "fundamentally controllable" nature of the web also betray a lack of understanding of how this all really works, and a lot of the US response seems to fail to grasp that the game is already over and wikileaks has already won regardless of any action they take from here on in short of turning off the internet. And even the effectiveness of that is questionable, disregarding the fact that it simply will not happen.
The web can be controlled. It's just much harder and expensive to do so.
But what China should be worrying about is whether it can keep controlling the people in general. As the government begins to meet basic human needs, the citizens will start to yearn for higher needs to be satisfied like freedom of information. The government cannot provide that and continue it's authoritarian regime.
>As the government begins to meet basic human needs, the citizens will start to yearn for higher needs to be satisfied like freedom of information.
Really? I mean, its nice to paraphrase Maslow and all, but what evidence do you have that it will actually turn out that way? At least, here in the US, the citizenry seems to be tolerating a government that becomes more authoritarian with regards to freedom of information and rights against unreasonable searches.
I do hope that things do turn out the way you envision. My fear is that you're seeing inevitability where I see historical caprice.
Assuming it's still compatible with anything else at that point. Honestly, though? With cheap mass storage, we could end up going all the way down to sneakernet.
They really could do a lot more to control the internet. Not fully, of course. It can't ever be fully controlled. But they really could do a lot to put us into an age of digital prohibition.
That cost becomes a big deal when you're competing with people who decide not to tax their creative populations in the same way. Unfortunately for Americans, there's a huge gap between what we consider unacceptable, and what China disallows. That means the US tax can go up considerably before becoming uncompetitive.
At the same time getting into the "how stupid can you be and still come out ahead?" race opens up tremendous opportunity for others who are far more nimble, and are only too happy to place bets on which economic superpower will choke itself first.
Couldn't the web be controlled from a legal standpoint? What if people had to fear imprisonment for downloading classified documents? I'm not asking this rhetorically; I'm hoping someone can point out why I'm incorrect.
I don't think it's possible to control the internet when any sort of stronger encryption is available that prevents inspection of passing information by the routing nodes. Even then, you could use steganography to hide data. It would be very, very difficult to enforce this sort of legal restriction even if it were passed as a law.
As the web stands currently, no. Look at repressive regimes such as China where dissidents still get unfiltered net access via VPN, or at the other end of the spectrum technical measures such as freenet that make the current situation look like a locked down paradise for authorities.
The fundamental architecture could be changed to the point where it actually was controllable, for example if all packets had to be encrypted with a key that was provided to the sender by a centralised authority. This would make all the unencrypted traffic stand out like a sore thumb, and the encrypted traffic would be amenable to deep packet inspection and the like by the centralised authority. Banning encryption that does not use an escrow key would of course also be necessary, but this would also stand out like a sore thumb.
To say the technical challenges of actually implementing the aforementioned approach are non trivial however is to put it mildly, not to mention the necessary political hurdles and the degree of power the centralised authority in question would need to have to practically pull such a plan off. We're not there by a long shot, and it appears that the majority of people who want us to get there do not have the intellectual capital to pull it off or indeed even come up with it, or indeed even understand the reason that they would need to come up with it.
And if you're watching, you can't steal mine, I've patented it. ;)
It's true China cannot absolutely filter the web. However the majority of the people won't bother with VPN. China doesn't need to make dissident ideas absolutely contained to be effective. They just need to make it sufficiently hard for those ideas to spread.
It depends on how strongly the ideas resonate with the populace.
The dangerous thing about containing dissident ideas is that when a society begins to function less well, the average person has greater incentive to learn about alternative ideas. So alternative ideas become readily available exactly when they seem most plausible. That's what has historically made authoritarian regimes fragile.
It's not about the idea. It's the execution. China has the power to effectively mold the minds of the majority (like 80-90%), and the majority is all that's needed. The idea may be in the back of the minds of a lot of people but China can prevent them from coordinating, spreading, and developing those ideas.
If China had a popular democracy, they'd only need to mold the minds of 51% of the populace (assuming Australian-style compulsory voting, or 31% assuming US-et-al-style voluntary voting).
Everything gets harder as things change and you need to adapt. But I don't think China is having too much trouble adapting. Their tactics are working at shaping the population's minds. They may not be able to bend minds but they certainly can mold and guide it.
I hope you are right but even knowing a fair amount about web technologies I am not certain that the Internet is technologically uncontrollable.
Deep packet inspection and the seizing of domain names are tools that authorities could use if they generally agreed on their goals. If Wikileaks' activities were considered out-and-out illegal and indefensible a-la child pornography, I'm doubtful we would see a lot of them.
So it seems to me that Wikileaks' activities are being protected by Western free speech traditions as much as by technological barriers.
And yet as bad as it is, CP isn't hard to find--it's just if you're found with it you're in huge trouble. The people found with CP aren't typically expert computer users...
The cable goes on to quote this person as saying that the hacking of Google “had been coordinated out of the State Council Information Office with the oversight” of Mr. Li and another Politburo member, Zhou Yongkang.” Mr. Zhou is China’s top security official....But the person cited in the cable said he did not make that claim, and also doubted that Mr. Li directed a hacking attack...
You can rest assured he also will never be making any further claims or providing further sensitive information to American diplomats. Not after this.
I don't mean that as a good-bad thing. It simply is a statement of how things are -- and how they have changed. Draw your own conclusions.
I also found it interesting that the NYT didn't mention his name. If it's listed in the cables, the fact that they left it out would be a rather clear indication of policy.
Makes me wish once again that newspapers were required to provide detailed bibliographies for their stories somewhere.
Whoever-it-was who leaked this ipso facto already knew that the Chinese were in the process of bugging the Americans. Why would this person expect that the information they were giving the Americas would remain secret??
China's current advantage in "cyber-warfare" is temporary.
As China keeps developing, the internet surface area of its corporations and institutions will be just as vast as the US. And it won't be magically immune to script-kiddies around the world, either.
First: Wouldn't the person who leaked the news of the Chinese hacking have a reasonable expectation that his leak would come back to the Chinese through their hacking?
Second: Every nation is spying on every other nation all the time and diplomatic communication is one of the first targets. That is why diplomats are ... diplomatic. They know they are always being watched even when they supposedly aren't.
Perhaps Wikileaks got far more than any other nation could expect to get through all the spying that goes on. But I doubt it.
What's out so-far hasn't been especially embarrassing to the US. That could be because the US is all sweetness and light. Or it could be because there's difference between 'secure' and 'secret'. Secure channels for things that shouldn't get out but wouldn't be a disaster to let out.
On the subject of Wikileaks itself, this brings up the point that whatever wikileaks winds up with through "humanitarian" leaking is going to be less than enemies of the US will wind-up through adversarial hacking.
Shouldn't the US public know at least as much about US behavior and motivations as the Chinese Polit Bureau?
Wouldn't the person who leaked the news of the Chinese hacking have a reasonable expectation that his leak would come back to the Chinese through their hacking?
If the informant believed that the Chinese government had full access to US State Department communications, he forgot to mention it. On the contrary, the NYT article describes a failed phishing attack on State department employees, in what sounds distinctly like a tip-off. That's a few notches down from the movie-caliber pervasive espionage you suppose.
Or it could be because there's difference between 'secure' and 'secret'. Secure channels for things that shouldn't get out but wouldn't be a disaster to let out.
You seem to be implying that none of the information made public so far has been secret (or rather, classified "SECRET"). This is false. Most of the cables are unclassified, many are CONFIDENTIAL, and about 5% (IIRC) are SECRET. Those released thusfar are a mixture.
whatever wikileaks winds up with through "humanitarian" leaking is going to be less than enemies of the US will wind-up through adversarial hacking
If the informant believed that the Chinese government had full access to US State Department communications, he forgot to mention it.
Sure, but there's a difference between what you know to be the case and what you can easily imagine. You know X hacking happened. You can or at least should imagine that Y hacking also can occur.
-- I should have noted that my other comments were more speculative. Let me know if you've got concrete information to refute my speculation. My "secure" versus "secret" distinction wouldn't necessarily correspond to the bureaucratic classifications used. I'm hardly an expert but even I know that all of sorts of BS can become classified secret.
