I don't get the whining. US spies on everyone, Israel spies on the US heavily, Russia spies on the US as well. Why the hell does the US keep whining about Chinese spying? What's so special about China? Can't US protect itself from cyber attacks from what's not even a first world nation?
The difference here is that it's not just US government entities being attacked -- it's US companies, particularly those already doing business in China. The counter-argument is a "you reap what you sow" vis-a-vis low cost offshoring, but in a lot of cases the risk is justified by the immense opportunities of participating in a 1B consumer domestic market.
Coincidentally or not, I received an email from one of my colleagues in Hong Kong this morning asking some IT security questions (as part of a customer IP audit of our greater China operations) regarding collaboration tools we use and whether they could be restricted to on-premise access and whether we could prevent content from being shared externally. Companies are taking notice, but I'd wager that almost none have deep enough pockets or internal expertise sufficient to erect reasonable security measures.
Plausible deniability if your are so overt your caught bang to rights then any intel you have is tainted and the contra inteligence guys can feed you duff information via double agents which you pay for.
MI5's first motor car back in ww1 was funded by the German intelligence services when they captured a spy and feed bad information back and got the Germans to send their suborned spy money.
There's a significant difference in the USA spending the money developing the capabilities versus actually using them, and using them on the scale that China is.
If nothing else China seems to being brazen about the attacks - whereas international espionage largely remains hidden and deniable, at least to the public at large.
If US companies were routinely catching Russians trying to sneak onto their premises the reaction would be somewhat different.
The US tends to use anything but passive gathering in more focused ways -- specifically against government targets or in actual shooting wars (e.g. killing power plants during airstrikes to support SEAD missions). China seems to use active attacks against purely commercial entities, as well as government entities, when not engaged in a shooting war.
Lots of people claiming the US does this as well, which is true to a certain extent.
There are major differences though. The Chinese government (sometimes via state-owned enterprises) steals information and technologies - military, industrial, and commercial - from military and civilian targets and leaks these to their military and industry. A large part of China's success in the last decade stems from these stolen technologies.
China as a whole is a massive IP stealing machine, and their work is nearly done. They've neither licensed nor innovated the vast majority of the technologies they use - they just steal. This is changing now as they've stolen nearly enough to catch up, and now innovation is finally coming from China.
All countries do this to some extent. Not all countries make a policy of the practice and use the resources of their military and government to carry it out. There are lots of other IP stealing tactics - from joint ventures, to technology "partnerships", to "trial order inspections".
You've got to give them credit: they've play the game very, very well, and taken full advantage of the west's naiveté.
It's interesting that we use the word "stealing" for this. Intellectual property is a wishy-washy term, defined entirely by the laws of the land. If China's laws and philosophy don't recognize United States IP laws, then it's not really "stealing" on their end.
Perpetuating the mentality that US ideas of IP are the only ones in town does a great deal of harm (see: RIAA, MPAA), and quickly leads to absurdity. Maybe we all deserve Chinese justice on account of us stealing their paper technology?
China does not have the kind of high minded ideals that angsty westerners like to project on to them. They are pragmatists. The see the arc of their economy following that of the U.S. Watch what happens as they become a net exporter of technology rather than merely a user of technology.
This has nothing to do with different ideas of IP. China has similar IP laws as the US, and certainly tries to enforce them when the theft is in the other direction.
"If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. Its peculiar character, too, is that no one possesses the less, because every other possesses the whole of it. He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me. That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation. Inventions then cannot, in nature, be a subject of property."
«Although silk was well known in Europe and most of Asia, China was able to keep a near monopoly on silk production. The monopoly was defended by an imperial decree, condemning to death anyone attempting to export silkworms or their eggs. Only around the year 300 CE did a Japanese expedition succeed in taking some silkworm eggs and four young Chinese girls, who were forced to teach their captors the art of sericulture.
…
While the Chinese lost their monopoly on silk production, they were able re-established themselves as major silk supplier (during the Tang dynasty) and industrialize their production in a large scale (during the Song dynasty). China continued to export high-quality fabric to Europe and the Near East along the silk road.
…
Much later, following the Crusades, techniques of silk production began to spread across Western Europe. In 1147 while Byzantine emperor Manuel I Komnenos was focusing all his efforts on the Second Crusade, the Norman king Roger II of Sicily attacked Corinth and Thebes, two important centres of Byzantine silk production. They took the crops and silk production infrastructure, and deported all the workers to Palermo, thereby causing the Norman silk industry to flourish. The sack of Constantinople by the Fourth Crusade in 1204 brought decline to the city and its silk industry, and many artisans left the city in the early 13th century. Italy developed a large domestic silk industry after 2000 skilled weavers came from Constantinople. Many also chose to settle in Avignon to furnish the popes of Avignon.
The sudden boom of the silk industry in the Italian state of Lucca, starting in the 11th and 12th centuries was due to much Sicilian, Jewish, and Greek settlement, alongside many other immigrants from neighbouring cities in southern Italy.[24] With the loss of many Italian trading posts in the Orient, the import of Chinese styles drastically declined. Gaining momentum, in order to satisfy the rich and powerful bourgeoisie's demands for luxury fabrics, the cities of Lucca, Genoa, Venice and Florence were soon exporting silk to all of Europe. In 1472 there were 84 workshops and at least 7000 craftsmen in Florence alone.»
Interesting tidbit of history, but not sure I get your point. This pre-dates international IP conventions and the flourishing of innovation in the modern age, and this was a single technology over which China had a monopoly hundreds of years.
Nobody is saying the west never steals anything. There is a difference between pointing out one occurrence of a technology being "stolen" 500 years ago and a modern policy of government supported IP theft through hacking, trickery, and contract violation.
Talking about and "government supported IP theft", the "They" in "They took the crops and silk production infrastructure, and deported all the workers to Palermo" from the excerpt I quoted refers to "the Norman king Roger II of Sicily" and "Byzantine emperor Manuel I Komnenos". Those were surely _govern sponsored_.
Just to back up your point of "most countries have", the report in [1] provides an interesting read. It also shows America previously performing industrial espionage as well, targeting both government and civilian targets, and commonly passing valuable information along to domestic companies. China's just doing it all far more loudly and explicitly.
Brief Examples from European Parliament's "Report on existence of ECHELON"[1]:
NSA vs Airbus: Intercepted orders and contracts for aircraft between Airbus and the Saudi Arabian national airline. Also exposed bribes paid by the European Airbus Consortium American. American company (McDonnel-Douglas) won $6bn contract after exposing bribery and competing against deals.
NSA intercepted details of Enercon's gear-less wind generator technology to a US firm which may have allowed them to patent the invention in America before Enercon
NSA/CIA vs Thomson-Alcatel: Bribery exposed for winning Brazillian contract (US $1.4bn), Clinton pressures Brazillian govt to awarding the contract to the US firm Raytheon
CIA hacked into computer system of the Japanese Trade Ministry to assist in negotiations on import quotas for US cars on the Japanese market
I think we should all be clear on what's happening: China's use of tons of man and computer power to attack commercial interests has led to the militarization of the internet (which, in all fairness, would have probably happened anyway)
So those saying "it's all the same" -- no, it is not. You don't bring up a new server at a site in South America and see a hundred attacks from American computers, but you'll sure as shit see attacks from China. The Chinese have notified the world early on through their actins that the internet exists to be plundered. While in the west the net is a symbol of individual freedom and power, to the Chinese it is another tool of the state.
This will continue to escalate until it ends up with people dying or both sides back down.
Well yes. Plenty because even one human is plenty. But plenty compared to how many people died in WWII? Or WWI? Or any real war we had before?
Compared to what happened immediately before, the cold war was incredibly peaceful.
So I suspect this new cyber war will continue the trend and keep real killings to 0. I do believe we will have a real internet hacking and protecting and counter hacking "war" if you will. But I suspect, and obviously hope, no one actually dies from it.
Ah, USA good, China bad. I suspect the Chinese will see it differently.
You are correct, there is a difference. The USA precisely targets, relatively, and China scatter guns. I guess China is working the way it best can, and the USA is way more advanced and efficient.
Perhaps the US might like to share its spying and espionage software with China so that it might do its evil in a more acceptable way?
I think it's worth remembering that the U.S. government funded the development of the Internet in the first place, and then made an affirmative decision to release its technologies as a freely available public good. Tim Berners-Lee, a British citizen in Western Europe, followed suit with his WWW.
As far as I know, China has brought nothing to the technological infrastructure of the Internet but crime and annoyance.
They'll reverse engineer the infrastructure, change it around, re-patent it, and call it "Chinese Innovation".
For those who are updated with international news you know they love using that term. They used it a lot after they copied and re-patented German and French high speed rail technology then started selling it off as their own.
I'd assumed up to this point that the "Great Firewall" of China was primarily intended to censor and control China's own population. Now I'm thinking it's main purpose was as a strategic defense initiative. Now they can attack more freely without fearing for their own infrastructure.
Censorship is also a cloak for protectionism. Facebook, Ebay, Google, etc have all been banned or throttled to make way for censorship. It says something that censorship is more tolerated by the world than overt protectionism, and that trade protectionism must be done in the good name of censorship.
In a way, this article promotes the idea for more cyber-security, which is one of the only growth industries[2]. A simple Google News search for "china cyberattacks" returns almost a million results[3].
Computer security is, basically, misunderstood by non-technical people, who are in charge of managing various computer systems. So the constant stream of "cyberattacks" (literally) creates a market of more eager buyers of security product and services. (It's almost getting to the point of "nobody ever got fired for buying security products/services".)
Is that a bad thing? Maybe or maybe not.
However, from my own experiences, I think it's better to build a foundation with good security practices instead of applying band-aids on top of a crumbling foundation.
I did not say these stories form a conspiracy nor is it a public relations campaign. I merely saw the similarities of "The Submarine" essay and the increased frequency of stories about "cybersecurity" in various news outlets.
From Paul Graham's essay, "PR is not dishonest. Not quite. In fact, the reason the best PR firms are so effective is precisely that they aren't dishonest. They give reporters genuinely valuable information."[1]
There's nothing wrong with someone benefiting from a story, but, maybe, there's more to a story than what's on the surface...
One of the things I find most annoying about HN is the liturgical quoting of Paul Graham scripture. This comment offers no substantive proof at all that this article resulted from a PR pitch. Its relevance rests entirely on the fact that pg once wrote an essay about press coverage and PR, and pg also runs HN.
I am currently working for a large multinational corporation here in Texas, we had a meeting with the network security guys about this a couple weeks ago (yes, this corporation actually have a group dedicated to mitigate hackers).
They told us it's even funny to monitor network traffic and see it explode between 8am and 5pm Beijing time. It's like they have a bunch of guys whose day job is to hack.
From a network security perspective there is absolutely no new news in this article. For those who watch networks, the impact of China on network security is as obvious as the sun coming up. The news is rather that the U.S. has taken one step up the ladder of international relations, toward some kind of consequence.
What I do not get is why do governments and so on keep vital infra connected to the damn Internet! Haven't we learned anything from BSG?
You don't keep nuclear plant computers on the same network with Facebook!
That's rather myopic. There's a very enormous category of computers whose security needs fall between 'Facebook' and 'nuclear plant' - in fact, almost every computer being used by government agencies, NGOs, media, multinational corporations, etc.
46 comments
[ 3.9 ms ] story [ 83.6 ms ] threadI wonder how many people spelt TianAnMen as Tienamen...
Stuxnet? I wasn't aware there was any definitive proof it was the US.
Coincidentally or not, I received an email from one of my colleagues in Hong Kong this morning asking some IT security questions (as part of a customer IP audit of our greater China operations) regarding collaboration tools we use and whether they could be restricted to on-premise access and whether we could prevent content from being shared externally. Companies are taking notice, but I'd wager that almost none have deep enough pockets or internal expertise sufficient to erect reasonable security measures.
MI5's first motor car back in ww1 was funded by the German intelligence services when they captured a spy and feed bad information back and got the Germans to send their suborned spy money.
Think Captain Renault in Casablanca :-)
The US is doing the same with their Cyber Attack units... in fact spending 10 to 15 more money than any other country of the world in this.
Of course Obama does not talk about that, he wants more money spent by the public sector, and TSA members on every street.
If US companies were routinely catching Russians trying to sneak onto their premises the reaction would be somewhat different.
There are major differences though. The Chinese government (sometimes via state-owned enterprises) steals information and technologies - military, industrial, and commercial - from military and civilian targets and leaks these to their military and industry. A large part of China's success in the last decade stems from these stolen technologies.
China as a whole is a massive IP stealing machine, and their work is nearly done. They've neither licensed nor innovated the vast majority of the technologies they use - they just steal. This is changing now as they've stolen nearly enough to catch up, and now innovation is finally coming from China.
All countries do this to some extent. Not all countries make a policy of the practice and use the resources of their military and government to carry it out. There are lots of other IP stealing tactics - from joint ventures, to technology "partnerships", to "trial order inspections".
You've got to give them credit: they've play the game very, very well, and taken full advantage of the west's naiveté.
Perpetuating the mentality that US ideas of IP are the only ones in town does a great deal of harm (see: RIAA, MPAA), and quickly leads to absurdity. Maybe we all deserve Chinese justice on account of us stealing their paper technology?
Thomas Jefferson, in a letter to Isaac McPherson (13 Aug. 1813) [ http://press-pubs.uchicago.edu/founders/documents/a1_8_8s12.... ]
"If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. Its peculiar character, too, is that no one possesses the less, because every other possesses the whole of it. He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me. That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation. Inventions then cannot, in nature, be a subject of property."
https://en.wikipedia.org/wiki/History_of_silk
«Although silk was well known in Europe and most of Asia, China was able to keep a near monopoly on silk production. The monopoly was defended by an imperial decree, condemning to death anyone attempting to export silkworms or their eggs. Only around the year 300 CE did a Japanese expedition succeed in taking some silkworm eggs and four young Chinese girls, who were forced to teach their captors the art of sericulture.
…
While the Chinese lost their monopoly on silk production, they were able re-established themselves as major silk supplier (during the Tang dynasty) and industrialize their production in a large scale (during the Song dynasty). China continued to export high-quality fabric to Europe and the Near East along the silk road.
…
Much later, following the Crusades, techniques of silk production began to spread across Western Europe. In 1147 while Byzantine emperor Manuel I Komnenos was focusing all his efforts on the Second Crusade, the Norman king Roger II of Sicily attacked Corinth and Thebes, two important centres of Byzantine silk production. They took the crops and silk production infrastructure, and deported all the workers to Palermo, thereby causing the Norman silk industry to flourish. The sack of Constantinople by the Fourth Crusade in 1204 brought decline to the city and its silk industry, and many artisans left the city in the early 13th century. Italy developed a large domestic silk industry after 2000 skilled weavers came from Constantinople. Many also chose to settle in Avignon to furnish the popes of Avignon.
The sudden boom of the silk industry in the Italian state of Lucca, starting in the 11th and 12th centuries was due to much Sicilian, Jewish, and Greek settlement, alongside many other immigrants from neighbouring cities in southern Italy.[24] With the loss of many Italian trading posts in the Orient, the import of Chinese styles drastically declined. Gaining momentum, in order to satisfy the rich and powerful bourgeoisie's demands for luxury fabrics, the cities of Lucca, Genoa, Venice and Florence were soon exporting silk to all of Europe. In 1472 there were 84 workshops and at least 7000 craftsmen in Florence alone.»
Nobody is saying the west never steals anything. There is a difference between pointing out one occurrence of a technology being "stolen" 500 years ago and a modern policy of government supported IP theft through hacking, trickery, and contract violation.
Most of the industries that vigorously support intellectual property now benefited the most from public domain knowledge and blatant piracy of ideas.
Talking about and "government supported IP theft", the "They" in "They took the crops and silk production infrastructure, and deported all the workers to Palermo" from the excerpt I quoted refers to "the Norman king Roger II of Sicily" and "Byzantine emperor Manuel I Komnenos". Those were surely _govern sponsored_.
My point is an easy one: history repeat itself.
Brief Examples from European Parliament's "Report on existence of ECHELON"[1]:
NSA vs Airbus: Intercepted orders and contracts for aircraft between Airbus and the Saudi Arabian national airline. Also exposed bribes paid by the European Airbus Consortium American. American company (McDonnel-Douglas) won $6bn contract after exposing bribery and competing against deals.
NSA intercepted details of Enercon's gear-less wind generator technology to a US firm which may have allowed them to patent the invention in America before Enercon
NSA/CIA vs Thomson-Alcatel: Bribery exposed for winning Brazillian contract (US $1.4bn), Clinton pressures Brazillian govt to awarding the contract to the US firm Raytheon
CIA hacked into computer system of the Japanese Trade Ministry to assist in negotiations on import quotas for US cars on the Japanese market
[1]: http://cryptome.org/echelon-ep-fin.htm#10 (Ctrl+F "Published cases") [2]: http://en.wikipedia.org/wiki/ECHELON#Controversy (good overview)
So those saying "it's all the same" -- no, it is not. You don't bring up a new server at a site in South America and see a hundred attacks from American computers, but you'll sure as shit see attacks from China. The Chinese have notified the world early on through their actins that the internet exists to be plundered. While in the west the net is a symbol of individual freedom and power, to the Chinese it is another tool of the state.
This will continue to escalate until it ends up with people dying or both sides back down.
Or everyone just keeps up this new internet war just like we kept the cold war going for decades, with no one being killed by it.
Compared to what happened immediately before, the cold war was incredibly peaceful.
So I suspect this new cyber war will continue the trend and keep real killings to 0. I do believe we will have a real internet hacking and protecting and counter hacking "war" if you will. But I suspect, and obviously hope, no one actually dies from it.
You are correct, there is a difference. The USA precisely targets, relatively, and China scatter guns. I guess China is working the way it best can, and the USA is way more advanced and efficient.
Perhaps the US might like to share its spying and espionage software with China so that it might do its evil in a more acceptable way?
As far as I know, China has brought nothing to the technological infrastructure of the Internet but crime and annoyance.
For those who are updated with international news you know they love using that term. They used it a lot after they copied and re-patented German and French high speed rail technology then started selling it off as their own.
Censorship is also a cloak for protectionism. Facebook, Ebay, Google, etc have all been banned or throttled to make way for censorship. It says something that censorship is more tolerated by the world than overt protectionism, and that trade protectionism must be done in the good name of censorship.
In a way, this article promotes the idea for more cyber-security, which is one of the only growth industries[2]. A simple Google News search for "china cyberattacks" returns almost a million results[3].
Computer security is, basically, misunderstood by non-technical people, who are in charge of managing various computer systems. So the constant stream of "cyberattacks" (literally) creates a market of more eager buyers of security product and services. (It's almost getting to the point of "nobody ever got fired for buying security products/services".)
Is that a bad thing? Maybe or maybe not.
However, from my own experiences, I think it's better to build a foundation with good security practices instead of applying band-aids on top of a crumbling foundation.
[1] http://www.paulgraham.com/submarine.html [2] http://www.google.com/search?q=cybersecurity+growth+industry [3] http://www.google.com/search?q=china+cyberattacks&aq=f...
From Paul Graham's essay, "PR is not dishonest. Not quite. In fact, the reason the best PR firms are so effective is precisely that they aren't dishonest. They give reporters genuinely valuable information."[1]
There's nothing wrong with someone benefiting from a story, but, maybe, there's more to a story than what's on the surface...
[1] http://www.paulgraham.com/submarine.html
They told us it's even funny to monitor network traffic and see it explode between 8am and 5pm Beijing time. It's like they have a bunch of guys whose day job is to hack.