Of course they can, what makes you think they aren't?
But a more interesting question is to look at what information is presented and what is missing. How much is new, how much is old. Then on policy stories like this one I sometimes pop over to the senate web site and look at what's coming up on the senate calendar [1] and oh look, on May 7th they are having a hearing to talk about
Hearings to examine the Department of the Air Force in
review of the Defense Authorization Request for fiscal
year 2014 and the Future Years Defense Program.
Hmm, who is in charge of Cyber Command? Why it's the Air Force! Who would have guessed.
It's not cynical at all. You just demonstrated an example of a phenomenon that was well-documented in the 80s by people like Noam Chomsky. His book Manufacturing Consent talks in great detail about how mass media is used to manipulate public opinion.
>Hmm, who is in charge of Cyber Command? Why it's the Air Force!
Is that really the case, though? Their own verbiage makes it sound different.
"Who is assigned to USSTRATCOM?
The men and women of USSTRATCOM come from all four services —Army, Navy, Marines, Air Force— and include Guard and Reserve members, Department of Defense civilians and contractors. Thus, the command is a unified command. This concept allows USSTRATCOM to adapt to the changing international political and military landscape with all military branches providing key input and recommendations."[1]
and
"Organization
USCYBERCOM is a sub-unified command subordinate to U. S. Strategic Command (USSTRATCOM). Service Elements include Army Cyber Command (ARCYBER); 24 AF/ Air Force Cyber Command (AFCYBER); Fleet Cyber Command (FLTCYBERCOM); and Marine Forces Cyber Command (MARFORCYBER)"[2]
Cyber Command seems to be headquartered at an army base, Fort Meade.
The Air Force and defense industrial complex are using this as a budget point, but they are also facing legitimate threats to both government and private industry.
Just like during the cold war, there were legitimate threats from the Soviets, but it also became a self-perpetuating thing.
The irony is this time we're borrowing money to defend ourselves from the Chinese from...the Chinese. So at some point a marginal dollar spent on defense actually reduces our security!
But I think infosec is one of the more efficient means of spending defense dollars; tens or hundreds of billions of dollars of other stuff I'd cut first.
If you're going to assume that they are trying to manipulate public opinion, it seems more likely to me that they are pushing for CISPA to pass than an obscure Senate hearing.
For those who don't see the connection, CISPA is intended to allow the government to help with exactly this type of situation.
The only thing as breathtaking as the amount of information the Chinese military has stolen is how dysfunctional their military is. Here [1] is an excellent article about corruption in the Chinese military. The Chinese government is a bizarre mix of authoritarianism, greed, patronage and nationalism, and it has no clear structure. The military is no different. It doesn't matter how much technology they have; as long as the military has no internal cohesion and accountability, they will never overtake the United States.
Here's a quote from the article, citing a 'princeling':
" "China no longer has a paramount leader who can hammer down authority at crucial junctures. "Gangs" of patronage and bribery are congealing together, he said, adding that "Corruption is the glue that keeps the whole system together, after the age of idealism." "
And another:
" A third princeling, whose father once ran China's security apparatus, blames Jiang for sabotaging the last leadership transition in 2002 by refusing to relinquish control of the military. He said Jiang promoted dozens of generals who are, as he put it, either "henchmen" or "morons." The result is that nobody is really in control, he said. "
Such articles like the OP's seem to cater to alarmism and hyperbole as these kind of events occur all the time. The difference here is that the US gov is being quite unprofessional by resorting to publicizing these events. Also, it's quite trivial/foolish to care whether or not any country will overtake the US (or another country). The way I see it - decreasing the US' influence may actually be beneficial. Rather than a unipolar/bipolar world, there can be a multipolar world. Maybe it'll reduce the crap that the US gov does/causes domestically and internationally, as it seems the fed believes it can ignore accountability because of supposed exceptionalism.
There has existed a multipolar world in the past, in Europe. That world was very frequently in a state of overt war, so it's not clear that that's a better state of affairs than an unchallenged dominant nation.
"quite unprofessional by resorting to publicizing these events"
What kind of bizarre world are you imagining where governments are meant to or do act "professionally". The international diplomatic community is indeed a noxious swamp where immoral and illegal activities get ignored and hushed up all the time. However it's also an environment where governments release stories to their populations through newspapers. Like China provoking that fight with Japan over islands and pretty much every story in the Daily Mail in the UK (or is it the Sun?).
The activities described in this article are shameful and it is one of the tragedies of this age that large organisations whether governments or corporations literally have no shame or morals. And more importantly nor do we have a way of requiring them to act rationally, reasonably or morally.
Well ... if you don't want something hacked don't expose it to the internet. Is there a reason why corporations does not have inner network that is electrically disconnected from the internet where the sensitive data is stored and manipulated?
Buying a second pc for every person is pocket change.
People want to work remotely. They want email on their iPhones/Androids/Blackberries. They want to e-mail people at other companies. Every once in a while you need a nontrivial amount of information to cross that airgap. Then you have Stuxnet-style attacks to worry about, too.
Maybe if they want to work remotely, they're just going to have to suck it up and admit that you can't do that with sensitive information. There have in fact been times when military secrets were considered more valuable than people's lifestyle or convenience.
I'm thinking that if these secrets are not more valuable than the lifestyle and convenience of military consultants, then they're not actually all that live-or-die, are they? Instead, they're used as fodder for alarmism.
'“When it comes to cyber security QinetiQ couldn’t grab their ass with both hands, so it cracks me up that they won,” Bob Slapnik, vice president at HBGary'
Capitalism only works when there are security precautions to make sure that business between corporations and individuals is safe. This is true on the physical level, and sadly, will have to be true at the digital level as well. If companies are infamous for being unable to do long-term accounting, why the fuck are we expecting them to suddenly hold themselves accountable to other long-term risk?
I think it's stupid to cast this as the super whiz kid Chinese hackers and the poor SOB admins looking at the logs. There usually isn't even a proper budget for admins to be looking at logs.
I find it surprising that it would seem that the only country on the face of this planet hacking foreign countries and business are Chinese. I'm so pleased that no one in the US, UK, Israel, Russia, South Africa, Pakistan, India, Japan, Canada, etc would clearly never dream of such things. On top of that, I cant even begin to imagine why countries other than the US would seek intelligence to help them in defence.
Good job that no one is using computer or the internet to launch attacks on research and production facilities in foreign countries.....stuxnet.......oh.
This might be new to some, but it it turns out countries spy and thieve off each other. But all we seem to see is lots of articles about the evil red commie Chinese, who we all happily do business with, including allowing to own our debt, hack the US. Strange that.
For the record, the Chinese don't actually own that large a portion of the US national debt, which is almost entirely held by American organizations. Propping up our currency, now, that's a looming problem - but one that will hurt China a lot more than it'll hurt us when it hits the fan.
The Fed is the #1 individual holder of US debt (for sovereigns or banks). Social Security holds $2.7 trillion. China has about $1.1 trillion, just in front of Japan.
China's holdings are actually not a big deal. If pressed to do so, the Fed could print a trillion dollars tomorrow and buy it all back (with some obvious consequences, but non-the-less).
"The breakout of foreign-held debt shows that China was the largest holder, at $1.161 trillion (as of October 2012, most recent data). Japan came in second, at $1.134 trillion."
china is basically doing exactly what the US did to come to economic power and people are shocked, shocked! to see it.
people really, truly, honesty believe the last 200 years of US and European ascent didn't happen, as if the world sprang forth fully formed in 1997. the vast majority of people haven't spent 5 minutes really thinking about how this stuff works.
a lot of this double-standard is inextricably tied to racism also.
Who did the US steal the transistor, cell phone, modern operating system, microprocessor, router and Internet from?
Did the US steal all the oil in Titusville (which instigated a massive economic boom) from Britain? How about all the chemistry work and exploration work that the US did to make oil useful and plentiful? Standard Oil had one of the most advanced R&D labs on the planet. I guess all the advanced technology out of Xerox PARC and Bell Labs was stolen from... Madagascar?
Who did Tesla steal his inventions from while he was in America? How about George Westinghouse? Edison invented a few things that you might have heard of.
The US is known to have used ECHELON for industrial espionage. This was for aerospace.
While avoiding hyperbole of the parent comment let's not imagine that any country is immune from industrial espionage and industrial corruption. (The UK which has relatively little political corruption has some astounding examples of industrial corruption.)
There were a lot of important things invented before cell phones and operating systems, like starting from the wheel and the fire, you know? What we call USA today grew on immigration, isn't this speak for itself? But why am I talking generics when some of my engineering teachers (the young ones) left for USA even in my university study years! The qualified people, the ones that takes a lot of time and resource to train - taken! Could be here all night? Really?
P.S.: BTW, the knowledge on which transistor relies did NOT occurred in USA, and networks similar to USA's ARPANET were developed in other countries in the same period, so the fact that Internet has an USA origin is purely incidental ...something that may be true for a lot of other things.
your argument assumes the US sprang fully-formed in 1900.
what you are doing is comparing the height of the US as it was hitting its stride (cellphones, cpus, internet) with the very beginnings of an industrial revolution in china. the US also had a beginning industrial revolution, and it stole much of that technology from the UK/Europe.
read that again: you are comparing the HEIGHT of a country (20th century US) to the BEGINNINGS of another. what you should be doing is comparing the BEGINNINGS of the US to the BEGINNINGS of china 2.0
but nobody really gives a shit about this stuff anymore because it's so old. what have you done for me lately, right?
yes, the US achieved prominence through all those inventions, but not before there were sweatshops, theft of English intellectual property, mass exportation of cheaply made goods, etc.
and maybe now china is ascending again, and in the next 50 years, you will see the equivalent of transistor, cell phone, CPUs, etc.
but then again that's probably just WAY too far-fetched for you to believe.
George Westinghouse bought the rights to a steam turbine design off a UK engineer. Technically it wasn't "theft", but the idea wasn't his, was it? Also, one of the first working steam turbines was built in Sweden. We stand on shoulders of giants. Developing transistor required a lot of groundwork. Not all was done in the US. An important part of success of Edison's light bulb was Sprengel pump designed in... London.
Hace you ever heard the name Werner von Braun?
I am not negating any of those achievements, but arguing it was all purely done by US is ridiculous
All the facts are from Wikipedia
This just makes my brain hurt. "Cyber pillage" of the nation's "most closely guarded secrets" - so secret they were exposed on the Internet without, apparently, keeping up the security updates?
I think maybe the fault lies not with the Chinese superhackers, but with your definition of "closely guarded."
I grow weary of reading these "hacking," "cyberspy," etc articles. They always read like a plot of a bad action movie (Hackers, Swordfish, etc) rather than what people who actually work in the sector (IT, Security, even programming) have to deal with day to day.
Just once, I'd love to read an article that talks in specifics, like how they got in (e.g. via exploit XYZ), how they spread (e.g. via hole in network policy XYZ), and what was done about it.
Also, if this super-top-secret information is so vital to the US's national security then why was it in the hands of a private company? I might be misunderstanding something here, but it seems less like information vital to national security and more like information vital to that company's future success (i.e. industrial espionage).
I cannot help but wonder if someone at this company (e.g. former CIA director) made a few phone calls and turned an industrial espionage incident into a national security incident in order to cover their arses.
That aspect often escape people. If this was too serious they probably wouldn't be writing articles about it, as that just tells others (say enemies) more information. This is looking like buttering up for a contract or new legislation.
There is virtually no distinction between the government and these private companies where national security is concerned, hence the term "military-industrial complex".
Check out Mikko Hypponen's company weblog (http://www.f-secure.com/weblog/), they have a lot of posts on different cybersecurity related incidents and go into detail about them. I find it is far more fascinating to read then a lot of the news media coverage.
There are many levels of 'secrets.' The really secret stuff never even touches a networked device and is only seen in underground meeting rooms built like vaults. Think the computer room with the touch sensitive floor in Mission Impossible.
The real secrets are secure, but no guarantees on the Kernel's Chicken recipe.
I worked, long ago, at the group in QinetiQ that got hacked. A couple of observations:
1. The Talon project (the robot pictured) is not, in fact, super secret. I worked with the Talon platform, and while my projects were "confidential", it wasn't some super secret thing. Would the government rather not have the Chinese have that IP? Of course. Is it at a security disaster? Hardly. That's not to say that they didn't have other, much more secretive, projects that were also compromised; it's just that the stuff being reported in this article isn't, like, nuclear launch codes.
2. IT security there (and, as I understand it, at similar government contractors) really was laughable. Total cowboy land. Assuming it hasn't revolutionized its security and culture, this attack didn't need to be some amazing exploit; it may have been a phishing attack or something similarly straightforward. So while the article lacks details, I'm not sure there's anything interesting to find here about the merits of the attack.
Aren't there any active packet-inspection devices out there (Palo Alto?) that can detect this kind of stuff?
* Joe's working from home, but logged in? Disconnect!
* Joe's transfered 80GB today when he normally does 2GB? Disconnect!
* Joe's connecting from a VPN server in Croatia? Disconnect!
It's foolish to either ignore this stuff or to panic. Learn your lessons and continue developing technology. We'll starve in the streets before the government stops trying to develop another billion-dollar superweapon.
Even if the Chinese didn't have good hackers, they could do as the Russians used to do and turn Americans into spies with offers of money and sex.
That said, China has a major social flaw that has persisted throughout its' history -- success can be just as fatal as failure. Any wagers as to how long Comment Crew will continue to operate before they turn on their government or are snuffed out pre-emptively?
62 comments
[ 3.3 ms ] story [ 120 ms ] threadBut a more interesting question is to look at what information is presented and what is missing. How much is new, how much is old. Then on policy stories like this one I sometimes pop over to the senate web site and look at what's coming up on the senate calendar [1] and oh look, on May 7th they are having a hearing to talk about
Hmm, who is in charge of Cyber Command? Why it's the Air Force! Who would have guessed.(yes I can be that cynical)
[1] http://www.senate.gov/pagelayout/committees/b_three_sections...
You can usually tell what hearings are coming up just by looking at what ads are currently plastered in and around metro stations
Is that really the case, though? Their own verbiage makes it sound different.
"Who is assigned to USSTRATCOM? The men and women of USSTRATCOM come from all four services —Army, Navy, Marines, Air Force— and include Guard and Reserve members, Department of Defense civilians and contractors. Thus, the command is a unified command. This concept allows USSTRATCOM to adapt to the changing international political and military landscape with all military branches providing key input and recommendations."[1]
and
"Organization USCYBERCOM is a sub-unified command subordinate to U. S. Strategic Command (USSTRATCOM). Service Elements include Army Cyber Command (ARCYBER); 24 AF/ Air Force Cyber Command (AFCYBER); Fleet Cyber Command (FLTCYBERCOM); and Marine Forces Cyber Command (MARFORCYBER)"[2]
Cyber Command seems to be headquartered at an army base, Fort Meade.
[1]http://www.stratcom.mil/faq/#faq2 [2]http://www.stratcom.mil/factsheets/Cyber_Command/
Just like during the cold war, there were legitimate threats from the Soviets, but it also became a self-perpetuating thing.
The irony is this time we're borrowing money to defend ourselves from the Chinese from...the Chinese. So at some point a marginal dollar spent on defense actually reduces our security!
But I think infosec is one of the more efficient means of spending defense dollars; tens or hundreds of billions of dollars of other stuff I'd cut first.
For those who don't see the connection, CISPA is intended to allow the government to help with exactly this type of situation.
Whenever Chinese military needs money, spread news outlets about horrifying US threats
The Chinese tweaked the plans so when they tried building the thing nothing would fit.
Here's a quote from the article, citing a 'princeling':
" "China no longer has a paramount leader who can hammer down authority at crucial junctures. "Gangs" of patronage and bribery are congealing together, he said, adding that "Corruption is the glue that keeps the whole system together, after the age of idealism." "
And another:
" A third princeling, whose father once ran China's security apparatus, blames Jiang for sabotaging the last leadership transition in 2002 by refusing to relinquish control of the military. He said Jiang promoted dozens of generals who are, as he put it, either "henchmen" or "morons." The result is that nobody is really in control, he said. "
[1] http://www.foreignpolicy.com/articles/2012/04/16/rotting_fro...
Note: You don't have to sign up for foreignpolicy.com to read the article. Just disable JS or stop the page from loading before the popup shows up.
What kind of bizarre world are you imagining where governments are meant to or do act "professionally". The international diplomatic community is indeed a noxious swamp where immoral and illegal activities get ignored and hushed up all the time. However it's also an environment where governments release stories to their populations through newspapers. Like China provoking that fight with Japan over islands and pretty much every story in the Daily Mail in the UK (or is it the Sun?).
The activities described in this article are shameful and it is one of the tragedies of this age that large organisations whether governments or corporations literally have no shame or morals. And more importantly nor do we have a way of requiring them to act rationally, reasonably or morally.
Buying a second pc for every person is pocket change.
I'm thinking that if these secrets are not more valuable than the lifestyle and convenience of military consultants, then they're not actually all that live-or-die, are they? Instead, they're used as fodder for alarmism.
I'd find it very hard pressed to find a place where you can work remotely. (Especially with all the useless crap IT pushes usually)
Or make it easier, you can work remotely only by remote desktop access (like Google does internally).
(Yes, you can capture a video of the data, but it's one thing to see a picture of a cad drawing, another one to have the file)
I love the smell of irony in the morning.
Yes, one was a moron. And the other was a moron for employing that moron :)
I think it's stupid to cast this as the super whiz kid Chinese hackers and the poor SOB admins looking at the logs. There usually isn't even a proper budget for admins to be looking at logs.
Good job that no one is using computer or the internet to launch attacks on research and production facilities in foreign countries.....stuxnet.......oh.
This might be new to some, but it it turns out countries spy and thieve off each other. But all we seem to see is lots of articles about the evil red commie Chinese, who we all happily do business with, including allowing to own our debt, hack the US. Strange that.
China's holdings are actually not a big deal. If pressed to do so, the Fed could print a trillion dollars tomorrow and buy it all back (with some obvious consequences, but non-the-less).
"The breakout of foreign-held debt shows that China was the largest holder, at $1.161 trillion (as of October 2012, most recent data). Japan came in second, at $1.134 trillion."
http://useconomy.about.com/od/monetarypolicy/f/Who-Owns-US-N...
There's a massive number of sources, but here you go:
http://finance.townhall.com/columnists/politicalcalculations...
people really, truly, honesty believe the last 200 years of US and European ascent didn't happen, as if the world sprang forth fully formed in 1997. the vast majority of people haven't spent 5 minutes really thinking about how this stuff works.
a lot of this double-standard is inextricably tied to racism also.
Did the US steal all the oil in Titusville (which instigated a massive economic boom) from Britain? How about all the chemistry work and exploration work that the US did to make oil useful and plentiful? Standard Oil had one of the most advanced R&D labs on the planet. I guess all the advanced technology out of Xerox PARC and Bell Labs was stolen from... Madagascar?
Who did Tesla steal his inventions from while he was in America? How about George Westinghouse? Edison invented a few things that you might have heard of.
We could be here all night.
While avoiding hyperbole of the parent comment let's not imagine that any country is immune from industrial espionage and industrial corruption. (The UK which has relatively little political corruption has some astounding examples of industrial corruption.)
http://en.wikipedia.org/wiki/Al-Yamamah_arms_deal
The parent claimed the US primarily stole technology to fuel its way to economic power. The facts do not support that.
P.S.: BTW, the knowledge on which transistor relies did NOT occurred in USA, and networks similar to USA's ARPANET were developed in other countries in the same period, so the fact that Internet has an USA origin is purely incidental ...something that may be true for a lot of other things.
what you are doing is comparing the height of the US as it was hitting its stride (cellphones, cpus, internet) with the very beginnings of an industrial revolution in china. the US also had a beginning industrial revolution, and it stole much of that technology from the UK/Europe.
read that again: you are comparing the HEIGHT of a country (20th century US) to the BEGINNINGS of another. what you should be doing is comparing the BEGINNINGS of the US to the BEGINNINGS of china 2.0
then of course there's:
http://en.wikipedia.org/wiki/List_of_Chinese_inventions
but nobody really gives a shit about this stuff anymore because it's so old. what have you done for me lately, right?
yes, the US achieved prominence through all those inventions, but not before there were sweatshops, theft of English intellectual property, mass exportation of cheaply made goods, etc.
and maybe now china is ascending again, and in the next 50 years, you will see the equivalent of transistor, cell phone, CPUs, etc.
but then again that's probably just WAY too far-fetched for you to believe.
I think maybe the fault lies not with the Chinese superhackers, but with your definition of "closely guarded."
Just once, I'd love to read an article that talks in specifics, like how they got in (e.g. via exploit XYZ), how they spread (e.g. via hole in network policy XYZ), and what was done about it.
Also, if this super-top-secret information is so vital to the US's national security then why was it in the hands of a private company? I might be misunderstanding something here, but it seems less like information vital to national security and more like information vital to that company's future success (i.e. industrial espionage).
I cannot help but wonder if someone at this company (e.g. former CIA director) made a few phone calls and turned an industrial espionage incident into a national security incident in order to cover their arses.
I really wish people would stop posting them.
National security is a profit machine.
[1] http://en.wikipedia.org/wiki/Doctor_Who_fandom
The real secrets are secure, but no guarantees on the Kernel's Chicken recipe.
Now that is a fast food restaurant I'd like to visit.
1. The Talon project (the robot pictured) is not, in fact, super secret. I worked with the Talon platform, and while my projects were "confidential", it wasn't some super secret thing. Would the government rather not have the Chinese have that IP? Of course. Is it at a security disaster? Hardly. That's not to say that they didn't have other, much more secretive, projects that were also compromised; it's just that the stuff being reported in this article isn't, like, nuclear launch codes.
2. IT security there (and, as I understand it, at similar government contractors) really was laughable. Total cowboy land. Assuming it hasn't revolutionized its security and culture, this attack didn't need to be some amazing exploit; it may have been a phishing attack or something similarly straightforward. So while the article lacks details, I'm not sure there's anything interesting to find here about the merits of the attack.
FWIW.