Secure Coding mailing list archives

Re: Chinese Hacking, Mandiant and Cyber War

From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 20 Feb 2013 10:49:45 -0500

On Wed, Feb 20, 2013 at 9:34 AM, Gary McGraw <gem () cigital com> wrote:

hi sc-l,

No doubt all of you have seen the NY Times article about the Mandiant report that pervades the news this week.  I 
believe it is important to understand the difference between cyber espionage and cyber war.  Because espionage 
unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some 
certainty.  During the fog of a real cyber war attack, which is more likely to happen in milliseconds,  the kind of 
forensic work that Mandiant did would not be possible.  (In fact, we might just well be "Gandalfed" and pin the 
attack on the wrong enemy as explained here: 
http://searchsecurity.techtarget.com/news/2240169976/Gary-McGraw-Proactive-defense-prudent-alternative-to-cyberwarfare.)

Sadly, policymakers seem to think we have completely solved the attribution problem.  We have not.  This article 
published in Computerworld does an adequate job of stating my position: 
http://news.idg.no/cw/art.cfm?id=94AB4F98-9BBD-1370-154D49FAA7706BE9

Those of us who work on security engineering and software security can help educate policymakers and others so that 
we don't end up pursuing the folly of active defense.

I'm somewhat surprised a report of that detail was released for public
consumption. The suspicion in me tells me its not entirely accurate or
someone has an agenda. There's too much information in there that
would be cloaked under "national security" given  other circumstances.

There also appears to be a fair of FUD-fanning going on:
"Additionally, there is evidence that Unit 61398 aggressively recruits
new talent from the Science and Engineering departments of
universities such as Harbin Institute of Technology." The US
equivalent would be like saying the NSA actively recruits
Mathematicians and Computer Scientists.

Jeff

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

Chinese Hacking, Mandiant and Cyber War Gary McGraw (Feb 20)
- Re: [External] Chinese Hacking, Mandiant and Cyber War Goertzel, Karen [USA] (Feb 20)
  - Re: [External] Chinese Hacking, Mandiant and Cyber War Ali-Reza Anghaie (Feb 20)
- Re: Chinese Hacking, Mandiant and Cyber War Jeffrey Walton (Feb 20)
  - Re: Chinese Hacking, Mandiant and Cyber War Ali-Reza Anghaie (Feb 20)
- Re: Chinese Hacking, Mandiant and Cyber War Glenn Everhart (Feb 21)