Re: Chinese Hacking, Mandiant and Cyber War

[Ali-Reza Anghaie <ali () packetknife com>]

There is an agenda but it's also information that is long overdue - and
there is more of it Classified for what many ppl consider no good reason.
Also, other reports have indicated faculty and staff at the Unis too. None
of which I doubt terribly.

For me the bigger issue is that is simply doesn't matter - it's not like
this level of nation-state backing is ~required~ for  most cyber heists or
most security issues. If anything it furthers (on top of other bad
perceptions) that competitiveness is increasingly a function of secrecy vs
innovation.

Oh well - I'm repeating myself. ;-)

-Ali



On Wed, Feb 20, 2013 at 10:49 AM, Jeffrey Walton <noloader () gmail com> wrote:

> On Wed, Feb 20, 2013 at 9:34 AM, Gary McGraw <gem () cigital com> wrote:
> > hi sc-l,
> >
> > No doubt all of you have seen the NY Times article about the Mandiant
> report that pervades the news this week.  I believe it is important to
> understand the difference between cyber espionage and cyber war.  Because
> espionage unfolds over months or years in realtime, we can triangulate the
> origin of an exfiltration attack with some certainty.  During the fog of a
> real cyber war attack, which is more likely to happen in milliseconds,  the
> kind of forensic work that Mandiant did would not be possible.  (In fact,
> we might just well be "Gandalfed" and pin the attack on the wrong enemy as
> explained here:
> http://searchsecurity.techtarget.com/news/2240169976/Gary-McGraw-Proactive-defense-prudent-alternative-to-cyberwarfare
> .)
> > Sadly, policymakers seem to think we have completely solved the
> attribution problem.  We have not.  This article published in Computerworld
> does an adequate job of stating my position:
> http://news.idg.no/cw/art.cfm?id=94AB4F98-9BBD-1370-154D49FAA7706BE9
> > Those of us who work on security engineering and software security can
> help educate policymakers and others so that we don't end up pursuing the
> folly of active defense.
> >
> I'm somewhat surprised a report of that detail was released for public
> consumption. The suspicion in me tells me its not entirely accurate or
> someone has an agenda. There's too much information in there that
> would be cloaked under "national security" given  other circumstances.
>
> There also appears to be a fair of FUD-fanning going on:
> "Additionally, there is evidence that Unit 61398 aggressively recruits
> new talent from the Science and Engineering departments of
> universities such as Harbin Institute of Technology." The US
> equivalent would be like saying the NSA actively recruits
> Mathematicians and Computer Scientists.
>
> Jeff
>
> _______________________________________________
> Secure Coding mailing list (SC-L) SC-L () securecoding org
> List information, subscriptions, etc -
> http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
> _______________________________________________
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________