nanog mailing list archives
Re: NYT covers China cyberthreat
From: Steven Bellovin <smb () cs columbia edu>
Date: Wed, 20 Feb 2013 21:07:07 -0500
On Feb 20, 2013, at 1:33 PM, valdis.kletnieks () vt edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:boys and girls, all the cyber-capable countries are cyber-culpable. you can bet that they are all snooping and attacking eachother, the united states no less than the rest. news at eleven.The scary part is that so many things got hacked by a bunch of people who made the totally noob mistake of launching all their attacks from the same place....
This strongly suggests that it's not their A-team, for whatever value of "their" you prefer. (My favorite mistake was some of them updating their Facebook pages when their work took them outside the Great Firewall.) They just don't show much in the way of good operational security. Aside: A few years ago, a non-US friend of mine mentioned a conversation he'd had with a cyber guy from his own country's military. According to this guy, about 130 countries had active military cyberwarfare units. I don't suppose that the likes of Ruritania has one, but I think it's a safe assumption that more or less every first and second world country, and not a few third world ones are in the list. The claim here is not not that China is engaging in cyberespionage. That would go under the heading of "I'm shocked, shocked to find that there's spying going on here." Rather, the issue that's being raised is the target: commercial firms, rather than the usual military and government secrets. That is what the US is saying goes beyond the usual rules of the game. In fact, the US has blamed not just China but also Russia, France, and Israel (see http://www.israelnationalnews.com/News/News.aspx/165108 -- and note that that's an Israeli news site) for such activities. France was notorious for that in the 1990s; there were many press reports of bugged first class seats on Air France, for example. The term for what's going on is "cyberexploitation", as opposed to "cyberwar". The US has never come out against it in principle, though it never likes it when aimed at the US. (Every other nation feels the same way about its companies and networks, of course.) For a good analysis of the legal aspects, see http://www.lawfareblog.com/2011/08/what-is-the-government%E2%80%99s-strategy-for-the-cyber-exploitation-threat/ --Steve Bellovin, https://www.cs.columbia.edu/~smb
Current thread:
- NYT covers China cyberthreat Jay Ashworth (Feb 18)
- Re: NYT covers China cyberthreat Kyle Creyts (Feb 19)
- Re: NYT covers China cyberthreat Randy Bush (Feb 19)
- Re: NYT covers China cyberthreat Valdis . Kletnieks (Feb 20)
- Re: NYT covers China cyberthreat Steven Bellovin (Feb 20)
- Re: NYT covers China cyberthreat Suresh Ramasubramanian (Feb 20)
- Re: NYT covers China cyberthreat Richard Porter (Feb 20)
- Re: NYT covers China cyberthreat Warren Bailey (Feb 20)
- Re: NYT covers China cyberthreat Suresh Ramasubramanian (Feb 20)
- Re: NYT covers China cyberthreat Randy Bush (Feb 19)
- Re: NYT covers China cyberthreat Kyle Creyts (Feb 19)
- Re: NYT covers China cyberthreat Steven Bellovin (Feb 21)
- Re: NYT covers China cyberthreat Warren Bailey (Feb 19)
- Re: NYT covers China cyberthreat David Barak (Feb 20)
- Network security on multiple levels (was Re: NYT covers China cyberthreat) Jay Ashworth (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Warren Bailey (Feb 20)