nanog mailing list archives

Re: NYT covers China cyberthreat


From: Warren Bailey <wbailey () satelliteintelligencegroup com>
Date: Thu, 21 Feb 2013 07:35:14 +0000

The only spanking that has been going on nanog lately is Jay using his
email to keep us up to date on current news. I am going to call it a
night, and look for a SCUD fired from Florida in the morning. ;)



On 2/20/13 11:29 PM, "Richard Porter" <richard () pedantictheory com> wrote:

When you really look at human behavior the thing that remains the same is
core motives. The competition makes sense in that it is human nature to
aggresse for resources. We are challenged in the "fact" that we 'want' to
belong among the other five. This will never change butŠŠŠŠ.

What is really a travesty here is that most of us have been saying "hey
this is critical" and can now shift to "I told you so"Š in that if you
did what we said to do 1 Š 5 Š. 10 Š years ago .. you would have
"mitigated" this risk..

Basically, genetically we have not changed, so what behavior would
suggest that (even with the introduction of faster calculators).. why
would we change? Just means we would do X faster ŠŠ.

This is my first comment to the list.. please flame me privately to save
the list :) *** or publicly who think I should really be spanked!!! ***


Regards,
Richard



On Feb 20, 2013, at 7:27 PM, Suresh Ramasubramanian <ops.lists () gmail com>
wrote:

Very true. The objection is more that the exploits are aimed at civilian
rather than (or, more accurately, as well as) military / government /
beltway targets.

Which makes the alleged chinese strategy rather more like financing
jehadis
to suicide bomb and shoot up hotels and train stations, rather than any
sort of disciplined warfare or espionage.

--srs (htc one x)
On 21-Feb-2013 7:40 AM, "Steven Bellovin" <smb () cs columbia edu> wrote:


On Feb 20, 2013, at 1:33 PM, valdis.kletnieks () vt edu wrote:

On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable.
you
can bet that they are all snooping and attacking eachother, the
united
states no less than the rest.  news at eleven.

The scary part is that so many things got hacked by a bunch of people
who made the totally noob mistake of launching all their attacks from
the same place....


This strongly suggests that it's not their A-team, for whatever value
of
"their" you prefer.  (My favorite mistake was some of them updating
their
Facebook pages when their work took them outside the Great Firewall.)
They
just don't show much in the way of good operational security.

Aside: A few years ago, a non-US friend of mine mentioned a
conversation
he'd had with a cyber guy from his own country's military.  According
to
this guy, about 130 countries had active military cyberwarfare units.
I
don't suppose that the likes of Ruritania has one, but I think it's a
safe
assumption that more or less every first and second world country, and
not
a few third world ones are in the list.

The claim here is not not that China is engaging in cyberespionage.
That
would go under the heading of "I'm shocked, shocked to find that
there's
spying going on here." Rather, the issue that's being raised is the
target:
commercial firms, rather than the usual military and government
secrets.
That is what the US is saying goes beyond the usual rules of the game.
In
fact, the US has blamed not just China but also Russia, France, and
Israel
(see http://www.israelnationalnews.com/News/News.aspx/165108 -- and
note
that that's an Israeli news site) for such activities.  France was
notorious
for that in the 1990s; there were many press reports of bugged first
class
seats on Air France, for example.

The term for what's going on is "cyberexploitation", as opposed to
"cyberwar".
The US has never come out against it in principle, though it never
likes it
when aimed at the US.  (Every other nation feels the same way about its
companies and networks, of course.)  For a good analysis of the legal
aspects,
see

http://www.lawfareblog.com/2011/08/what-is-the-government%E2%80%99s-stra
tegy-for-the-cyber-exploitation-threat/




               --Steve Bellovin, https://www.cs.columbia.edu/~smb














Current thread: