Alotau writes "Chinese hacking is getting some serious Congressional attention. Two House members said Wednesday their Capitol Hill computers, containing information about political dissidents from around the world, have been hacked by sources apparently working out of China. Virginia Rep. Frank Wolf says four of his computers were hacked. New Jersey Rep. Chris Smith says two of his computers were compromised in December 2006 and March 2007. The two lawmakers are longtime critics of China's record on human rights."
The U.S. makes a lot of money off doing business with China, something like $386 billion in 2007. Retailers like Walmart and Target, manufacturers of every description, and shippers all have a huge stake in U.S.-China trade, even though China enjoys a growing surplus with the U.S.
Under these circumstances, it's not surprising that some mischievous hacking of Congressional computers is overlooked by the people who are supposed to care about such things. Where it gets more serious is the hacking of Pentagon systems that seems to be originating from sites in China.
China's government today is trying to juggle a growing nationalism among younger Chinese, a nationalism that is not friendly toward the West and the U.S. in particular, despite our close economic ties. They have fostered a hostile attitude toward the U.S. through years of propaganda, and this, too, the Americans have ignored in the interests of making money.
It will be interesting to see what happens come the day that China's huge internal market is affluent enough and their technology level high enough that they no longer need the U.S. as either a customer or investor. But in the meantime, it would be advisable for these Congressmen and other officials like Carlos Gutierrez (whose laptop was compromised during a trip to Beijing) to switch away from easily hacked systems like Microsoft Windows, and maybe keep their systems offline or only on a secured and firewalled intranet.
I also think that the U.S. government should not be using home computers like Dells running Windows. The hardware components are largely manufactured in China these days and who knows what evil back doors might be implanted in ROMs, akin to the compromised printers that were shipped to Iraq from the U.S. in the pre-Gulf War days.
The funny thing about the nationalism argument is that US is one of the most nationalistic nations in the world. We call it Patriotism and consider it a good thing.
So then why is it bad if the Chinese are Patriots too?
We have nothing on China. According to the BBC's annual poll of nations [globescan.com] opinions of other nations influence, 90% of Chinese think China has a positive influence on the world. Ninety percent. That's not only provocative, but outrageous. That's surely similar to 1940s-era America, hardly like now, where only 56% of Americans believe that America has a positive influence on the world.
China has an unquestionable horrifying nationalism problem. This can be seen in issues such as Tibet and Taiwan. What's troubling isn't that Chinese want Tibet and Taiwan to be part of China, I can view that as acceptable. What isn't acceptable, however, are such obvious propaganda-induced lines of reasoning such as "Tibet has always been a part of China and forever will be a part of China." Not only is that false -- Tibet was its own country until China marched in there 50 years ago and took it, but that's how it works in war; winner takes all. But then the Chinese government proceeded to educate their entire 1+ billion population that, indeed, Tibet had always been a part of China, and that anyone who questioned otherwise was not Chinese and was siding with the Dalai Lama, who isn't even human.
Another Nationalism-brought issue outlined by the BBC poll is its hatred of Japan. There are only two important countries in the world that hate Japan -- China and South Korea. One might argue that it's because of Japan's war-time atrocities that they never properly atoned for. They have apologized many times, however poorly, and Japan is not elegant in international relations. That said, my argument is, East Asia was hugely and negatively affected by the Japanese Empire. China and South Korea aren't the only countries affected with horrendous atrocities. But why then, have all of the other South-East nations forgiven Japan, but China and South Korea haven't? Only 12% of Chinese carry a positive view of Japan's influence on the world -- not opinion of Japan, but opinion of the positiveness of Japan's influence on the world. Whereas in Taiwan, Japan's very popular culturally, even though many elderly people still speak Japanese from being forced to learn it during occupation!
And my last argument -- Anti-Anti-Chinese protests? VIOLENT Anti-Anti-Chinese protests, with prevalent stalking and death threats of anyone that criticized China? C'mon, that's pitiful.
And to any Chinese that might be reading this, my message would be that there's nothing wrong with being proud to be Chinese. There's nothing wrong with wanting the Chinese people to be united and patriotic. But people and government are separate. Just because you're Chinese doesn't mean you have to defend your government for no other reason than that it's my government, just how Americans don't have to defend President Bush just because he's my President. Nationalism is good in small doses for the morale of a country, but in large quantities like currently present in China, war is almost certainly inevitable. Think about the nationalism of 1940s America, 1940s Japan, 1940s Nazi Germany (hah, Godwin's law strikes again!). Unchecked Nationalism only brings horror and foolish decisions, all for the sake of being Chinese, or being American, or being Japanese, or being German.
They have apologized many times, however poorly, and Japan is not elegant in international relations.
Heh, you should watch Australia and Japan in our current relations. From my perspective as an Australian, Japan's doing pretty well and Australia's suffering from foot in mouth. The new Prime Minister of Australia just pointed out in defending the fact that it took him over six months to visit Japan (but only two or three to visit China) that "in the period since his Government came in, how many Japanese ministers have visited Australia? None." (Not a literal quote, but that's the same expression.) Sounded like a child defending himself.
Yet the Japanese expression of displeasure has mostly been made known via leaks and it makes it almost look they're not really that displeased y'know. Much more elegant even if they are unhappy. I think I'm quite displeased about how the Australian government's handled it.
If you think SE Asians are not still pissed at the Japanese, talk to older Filipinos sometime. You'll get an earful. Of course people in SE Asia are not as emotional about the Japanese in WW2 - other than the Philippines, SE Asia was relatively untouched compared to northeast Asia. Taiwan had already been fully occupied by Japan for 50 years prior to the war, so most of the populace had been pacified and assimilated by then (my Taiwanese in-laws can speak Japanese much better than Taiwanese).
Japan is not just culturally popular in Taiwan. Its culture is a main driving force all over East Asia, without exception. Japan's plan to wait it out has worked the way it was supposed to - the older people who lived through or have heard about the war are dead or are very old. Young people today hold no such grudges, and slurp up Totoro stuffed animals just as well.
I don't see why it's surprising that Chinese and Koreans are still sore about Japan. To this day, Japan's high-ranking officials have paid both personal and state visits to shrines containing memorials to convicted WW2 war criminals [wikipedia.org]. If a German chancellor was to humbly visit Hitler's birthplace, that would certainly be seen as an unspeakable act. If Nazi Germany was in power today, would you also suggest the Jews of the world to "forgive" them as well?
The interesting thing is - the latest round of negative feelings toward Japan was not instigated by the Chinese government (although they certainly didn't work very hard to calm their citizens). Conversely, the Chinese government would rather not stir up any raw feelings because Japan is now a much more integral trading partner. Ironically, it was the freedom of information which let the average Chinese read about these war criminal shrine visits in Japan, or when naive Westerners shoot their mouths off about China [tmz.com].
The Yasukuni Shrine I think has always been a scapegoat. 2.7 million Japanese died in WWII. 2.46 million are enshrined in the Yasukuni Shrine. The shrine is, more or less, a shrine to all those that died in the war. And of those enshrined there, 1086 were convicted of war crimes. That means 0.04% of those enshrined there are war criminals. But yet, the Japanese should be apologetic to other nations for visiting the shrine? Or they shouldn't visit the shrine to honor the other 2,464,932 people enshrined there? Does it not just seem like an excuse to be angry at Japan?
And the biggest reason China and Korea hate Japan still, I think, is those governments have been the most proactive in spreading anti-Japanese propaganda, until recent years when relations have finally improved a little. It wasn't the freedom of the press that made Chinese people angry enough at Japan to refuse earthquake aid from them, it was because they, and their parents, and even their grandparents have always been brought up being told that Japan is evil, they've committed atrocities, and the country is vile. So now that China is finally opening up, it's very easy for a Chinese person to look on the internet and see that, in fact, Japan DID commit atrocities. But Japan has forgiven America for the atomic bomb, because the Japanese people haven't grown up being told that America is a spawn of hell that heartlessly destroyed two cities filled with civilians. Chinese, on the other hand, have grown up being told that, so when they see facts showing that such atrocities did happen, it just reaffirms their anger that they've been taught to have. And even with little to no propaganda now, the damage has been done, and the hatred will stay for the next 50 years until the current generation is old and begins to die.
The solution is simple: Don't connect personal computers containing Shit That Matters to the internet. Invoking teh Yellow Peril is a smokescreen. If they can get in, so can others...
They have fostered a hostile attitude toward the U.S. through years of propaganda, and this, too, the Americans have ignored in the interests of making money.
One thing I'd like to point out is, this is much less due to "years of propaganda", as you say, than the fact that the US has not exactly made friends throughout the world recently. It's viewed as an arrogant superpower trying to police the world.
On the flip side, US media is doing its best to foster a national sentiment that is very unfriendly towards China.
Yeah, Chinese companies are not meeting standards, and they are probably cutting corners. BIG shock.
As far as openly executing executives? I've heard of one case where that's happened, and - I don't have any sources handy - it was for something egregious, like intentionally shipping a product resulting in hundreds of deaths (I'll stop because admittedly, I don't remember the details. I wouldn't say the guy deserved to die, but that's just me). So what are you suggesting with the "kill themselves" in quotes? That the Chinese government is running some secret program whereby company execs who embarrass the name of the country are killed off?
Someone needs to drink less of the Western media kool-aid.
But well, China is clearly a world threat, given its aggressive tendencies...you know, Red China ramping up their military, how dare any country do such a thing. But we're in no position to point fingers here, because we've been the country going around, occupying other countries, for - as time goes by - reasons which become more and more farcical.
There's a much stronger argument that the US is the biggest threat to the world, but thankfully, this could change with a new administration. (+1 for democracy).
But you know what, China's economic and military growth IS a threat to the US's status as a superpower, something which we would very much like to hold on to, so you bet the US government and our "free, independent" media wants us all to think of China as a dangerous, evil "dragon" waiting to rise and destroy us all. That's propaganda.
Not only that, but the issue at hand isn't just crappy software, or cheap hardware, the issue is that the laptops and desktops used by the "representatives" are truly representative of their base. Built on ignorance.
I will illustrate what they are NOT, instead:
My personal work, and travel abroad laptop, contains CAD software, email RECEIVING software, video watching software, instant messaging software and secure delete software. It does not contain, services, weatherbug type stuff, spyware or other things that should NOT be running on a system that might get stolen or broken into while I'm out sampling the local night life in some third world country.
Does my system contain sensitive info? Depends what you call sensitive. Is it hard to get to? You betcha. Are the federales in the USA (or government agents in ANY country for that matter) as careful with THEIR client info (namely that of their respective people or informants abroad?) All evidence points to the contrary. Trust the government if you wish for a not so swift, painful death at the hands of whomever they willingly or unwittingly sell you out to. As for me, I value my health and wealth enough not to leave my data lying around for others to partake of.
Not because I worry that I will be hacked or my clients will sue me... no, I do this out of RESPECT for those with whom I've done business or with whom I've exchanged information. I respect them enough NOT to sell their info or treat them like trash. As a result, they return the favor. And if they do not, they won't long remain on my contact list. I make it a point not to associate with the stupid or the insane. I safeguard even my tavern mates' information, not because it is financially valuable, but because I respect those individuals and would not subject them to undue privacy violations (other than what the DHS and other spy in the sky types will subject them to regardless of their guilt or innocence in any particular subject). Respect is one of those things that is not valued as much in this world, even if it, along with TRUST are still the most valuable and among the few things one should consider "assets".
Do the government goons and politicians in various countries respect those whose information they access on their computing equipment? Apparently, the answer is not exactly one that encourages me to wish to associate with these individuals, regardless of how much money they make or what titles they are bestowed with.
The government has more secure systems for people's laptops, like Bastile Linux, and should be using them instead of a consumer grade OS that was never intended to store anything more important than Solitair. When insecure systems are used to access secure systems, security falls to the level of the weak system.
But as we see in the business world, even though there are technologies that are 10000X superior to what you are currently using and may even cost less, those in upper management will complain that it isn't familiar and they might have to learn something new. I wouldn't see anything different in this case.
And the same things have been said about unpatched Windows without an anti-virus. About how easy it is for spyware and keyloggers to help steal your identity, about how they will ruin your OS install, about how they contribute to spam, slow down your computer, etc. Still, I run into unpatched Windows installs with no anti-virus will probably hundreds of types of malware on the machine. These people probably see their machine as insignificant, and think that the laptop they have will never get a virus, wi
Jebus...can we leave the OS wars out of it? Just this once?
From the line you quoted, it sounds like they had physical access to the machine to do the copying. Any and every OS will fall if you have the thing in your hands.
Jebus...can we leave the OS wars out of it? Just this once?
No, we can't. And we shouldn't.
People in the government are putting life-critical and national-security-critical information on computers driven by a software system that is notorious for a multi-decade history of being riddled with security holes, some of which are architectural and unfixable.
Doing this - and CONTINUING to do this when they should know better - is a major part of the issue under discussion.
In this case it has resulted in the disclosure of the identities of dissidents to the intelligence agencies of foreign governments who wish them eliminated. This will probably result in a number of incarcerations, tortures, and deaths.
In other cases it may even lead to outcomes as serious as the US losing a war, being conquered, or being destroyed.
This is an important issue. Failing to fix it may result the deaths of multiple millions of people and creating a future consisting of a jackboot on humanity's neck for generations to come.
For us to refrain from discussing it because you're sick of "OS wars" would be beyond criminal. It only lacks a declaration of war to qualify as treason.
Whole disk encryption fails if you have physical access to the running machine, as the keys are in memory somewhere, but it's certainly better than nothing.
It's not at all hard to use whole disk encryption with a Windows laptop. The complaint here should be "why wasn't the laptop encrypted", not "why was it running an unfashionable OS".
Windows can be perfectly secure, if you exercise some common sense. My company's XP laptops are all encrypted, and require a password at boot time to work. You can also use BitLocker if you have Windows Vista. Your Solitaire dig is unfunny at best.
In any case, they had physical access to the machine, so unless you're encrypting the HDD, it's game over. Your stock Debian laptop would have been compromised as quickly as the one with Windows XP. Bastille Linux is just the same type of protection that can be had for Windows if you want or need it, and I'm guessing in this case they do want and need it. But it's not Windows' fault, and it's not Microsoft's fault, no matter how much you want that to be the case.
Bastile-Linux. Great tool. It doesn't prevent you from booting the laptop with knoppix or something of the like, then mounting the drive and dd'ing it. They should be using multi-tier'd security for any system that leaves the premises. With considerations for different types of attack vectors. Physical and virtual. JMO. Also... If they can fry the electronics in a plane with the flip of a switch why can't they make the laptops self destruct when something cracks or penetrates the case? You could easily kill anything that would of had data on it by frying it if someone tries to remove it. Or better yet... Don't carry a laptop with data on it. Get the data via some secure channel and have it armed with a TTL, so it removes itself from existance.
But what do I know, all my important stuff lives on the flash drive in my pocket and its encrypted.
Sorry, they could have been running a fully locked down setup that even the legitimate END USER has trouble getting into, and it wouldn't make any difference.
If they were able to get the laptop long enough to copy the system, you're screwed either way.
Am I missing out on something here, you're responding to a post that seem to be calling Windows an insecure operating system by saying that the author was hired by microsoft.
Am I missing out on something here, you're responding to a post that seem to be calling Windows an insecure operating system by saying that the author was hired by microsoft.
I think he was referring to Windows being classified as 'consumer grade'. It could be argued it doesn't even qualify as that.
It's kind of a running joke that twitter is such a massive failure [slashdot.org] at advocating free software, often garnering more scorn and ridicule than the credibility and recognition he craves, that he must be employed by Microsoft to make all free software advocates look bad by simple association.
Unlike his claim that anyone who disagrees with him must work for Microsoft, I don't actually believe that. But the fact that someone would actually consider it is bad enough.
His objective is to get modded up so he can use the resulting mod points on some accounts to drive the others, mod down people he doesn't like, etc. As long as it's obviously working (as in this thread), he'll keep doing it.
Unfortunately there seems to be a Fight Club-like rule that talking about twitter in a thread where he's posting with five different accounts is a big no-no. You're a troll and offtopic if you dare do that. But twitter's OK, he just replies to himself with as many accounts as he can an
Most of the rest of us get cheap inferior crap, lead poisoning, manufacturing sectors out-sourced, and jobs greeting people at Wal-Mart. I am not the least surprised by this China is on a bid to become the dominant super power through what ever means necessary, the only thing they have in their way is the United States (there are others above them, but not as far). Therefore by keeping tabs on and gradually infiltrating the US they advance their way to dominant status. I just wish some people other than
I just wish some people other than us left-wing nutjobs would actually start looking at this and thinking about it.
Actually you're in pretty good company here, none less than the illustrious Donald Rumsfeld has expressed his concern over China's growing influence in the world. Lot's of people agree that it's a problem, but the fact is, and this is important, there is nothing we can do to stop it. If the US doesn't trade with China, they will make money trading with Europe. If Europe doesn't trade with China, they will become strong by building their internal economy. Will it take longer? Yes. That is all we can d
Having not read TFA but read the summary, it only says that they were working out of China. That could mean that any person in China with access to a computer and *possibly* access beyond the great firewall of China could have done it. The summary sounds like if a US hacker hacked the Chinese government it would have to be the US government and not some ordinary hacker.
In TFA, Frank Wolf implies that the Chinese government is involved, but the the article presents no evidence that that's the case.
Harassing a human rights critic is the kind of thing a nationalistic script kiddie moron would do; the Chinese intelligence agencies have much higher-value targets to pursue.
It seems to me, that they (whoever they may be) are trying to start a war of sorts... pinning country against country on the internet... to what gain, im not really sure, perhaps ultimately to create a UN (United Network?) for the Internet, or simply just to create more business trying to out-do other countries security, intelligence (as in the passing of information), and control of their public.
I don't really understand why this is such a surprise to people. Countries spy on each other. News at 11. No one is starting a war, it's plain ol' espionage such as has gone on since the beginning of civilizations.
The fact that the US government seems to think that this doesn't apply to computers and the internet is what's appalling, not the fact that China has spies.
It's time that the government wake up and secure their systems. That the Chinese and every other government will look out for their own interests by whatever means they can get away with should simply be assumed.
Because I think its going to be a useful skill given the way the wing is blowing.
Only a few years ago the eclipsing of the US by China was seen as a far off, ad even an unlikely, contingency. Now it is looking almost certain. They've quietly kept their heads down, developing their economy and their military, whilst the US has blown trillions of dollars on a pointless war, fumbled its economy and trashed its international reputation.
What kind of superpower can't do anything in response to such an open violation of its national security? It is the same kind of powerlessness that was demonstrated by the UK when the Russians openly murdered someone in the middle of London and we did nothing of consequence.
We in the west have squandered our soft power and shown our hard power to be just about adequate for securing two barely armed third world shitholes. This fact hasn't been missed by Russia and China.
I know many native chinese and have even been to Beijing. I can say that you should take Mandarin if you want to learn more about Chinese culture or because you want to travel there, not because your afraid of China becoming a super-power. They're not super-powering anywhere yet.
The same cultural factors that cause them to ship lead paint based toys and glycol laced toothpaste [nytimes.com] affects them too. It's called corruption. For one thing, the whole place is an environmental disaster. For another, if you look at building quality there it's the same thing -- buildings in China that have been made 15 years ago look like they were made 50 years ago, with water stains and poor quality maintenance. A good example of this? Look at the school buildings that fell down in the earthquake [timesonline.co.uk], bricks that fell apart like sand, rotten supports, etc. etc. etc. Classic corruption at work. This also extends to their military. [nytimes.com]
Let's put it this way, in the U.S. we have occasional overt corruption of politicians and government officials (notably the current administration and their no-bid contracts to Halliburton in Iraq, etc.), and some institutionalized corruption such as lobbying, but it's nothing like China. Imagine politicians like Bush and Cheney, or the democratic congressman with the $90k in his refrigerator were the norm. from the state to local level. Nothing would work, everyone would be promoted due to loyalty rather than competence. In the U.S. there's been tremendous damage just from seven years of the current adminstration, but think about what the country would look like after 50 years of it: that's China. So yeah, if the Chinese were to suddenly change their culture and make it dishonorable to be corrupt rather than just get caught, we'd have problems but as it is China is going nowhere fast.
Oh, come on. China has tons of problems, your post is typical of people who only read Western media (no offense meant). The corruption has to be seen to be believed, tons of schools collapsed, killing thousands of children during the recent earthquake. People were breaking apart the sandy concrete in their hands, and the government is 100% responsible. Try zonaeuropa.com or danwei.org if you want some real news. Or chinalawblog.com for the huge regulatory problems up ahead. We're not even talking about the stock market melting down, which is bound to happen due to rampant speculation.
I have a server the size of a double CD case locked in a dark generator shed on a tiny island miles from anywhere that sits alone 9 months of the year reporting battery bank voltages to me.... Chinese hackers attempt to break into it several times a day.
The fact is, there is a metric shitload of Chinese hackers out there. Just because you think you are something special doesn't mean they are targeting you.
(of course the hacker may not be from China, they are just using a machine in China as the most recent hop.)
I looked into this because my FTP server was getting the dictionary thrown at it (happens regularly to that and everything else). Using ARIN, APNIC traceroute etc, I kept coming up with XO local IP addresses with Beijing physical addresses.
Does anyone know anything about this link? Does anyone else think it could
Suppose China were found unequivocally guilty by this congressional hearing, what kind of punishment/sanction is our pro-business government (both parties) going to impose? There'll surely be economical retaliation and Walmark are not going to like that.
Just like suppose Windows were found to be running on most of the hacked computer, is our government going to to tough enough to demand replacing all our military computers with something more secure? Not when a multi billion contractor from Redmond has anything to say about it.
This raises another point. Surely our enemies with resource (and computer resource is cheap and abundant) are going to try to hack us. Shouldn't we be more focused on securing our system: something we can do pro-actively. Instead of blaming the attacker, over whom we have to jurisdiction (or unwilling) to punish, shouldn't we punish those people who leave us vulnerable here, at home, when we are paying them shit load of tax money to secure our infrastructure? And if the infrastructure is to blame, should we blame congress?
Surely our enemies with resource (and computer resource is cheap and abundant) are going to try to hack us. Shouldn't we be more focused on securing our system:
Enemies. Yes, that's a good point. Security is all well and good, but frankly we should be more focused on the consequences of our economic ties to a hostile totalitarian state.
Okay, considering what I know about hacking, how do you 'hack' your way into a laptop? I bet the real truth of the situation is that these two users installed some malware or other malicious files on their computers, that pushed sensitive data out, or at least gave them a back door rather than hackers 'hacking' it out. But using the word hacking sounds more sensational.
This has been happening since China first got IP space. Their defense department was the origin of their first (very amateurish) hacks, those against pro-Tibet web sites. Thousands have happened since and have been reported, and it's no more likely to end than any other intrusions.
If the US wanted it to stop they'd put up honey pots with credible but artificial data and then wait for it to get used. This is how you catch the intruder and protect the real data at the same time. And the US knows this. This is first semester psyops. Fact is, they're almost certainly doing it, making this announcement utterly meaningless. And it is, unless you stick around for second semester psyops. That's when they teach you how to craft a story that makes such a big splash that something more important but entirely unrelated gets missed.
The present administration rarely hides its efforts along these lines, or Jon Stewart wouldn't have nearly as much material to work with. It's when something is really threatening to them that they work in the grey. Just as a possible for instance, in how many sources can you find this story, and in how many can you find the story of Kucinich's reading of articles of impeachment? And which is the more important story?
When something gets way too much coverage than it deserves, look around and see what's not getting enough. It'll be there because they can't make it go away. All they can do is tie a bell around the media's neck and wait for the sheeple to follow it.
by Anonymous Coward
on Wednesday June 11 2008, @06:59PM (#23756915)
I work at a place that is routinely attacked. As someone else noted there's a load of hackers in china, most script kiddies, but when you work at a nice juicy target you get thousands more hits. Where I work I've watched the hack attempts come in and regardless of other posts saying "Oh, China's actual government would be more careful", most of the time they are pretty brazen, easily traceable and there isn't a damn thing we can do about it. We tried to run it up the chain once and after a lot of complaining we got sat down and told:
"Even if we confront someone from the Chinese government they'll just look at us and deny it." but we have the logs. "They'll say we faked them." but we'll let them pull the logs themselves. "They'll say that we are staging the attacks to frame the chinese." I didn't have a response to this. "We've done this before. Don't feel bad. Everyone who gets assigned to monitoring thinks they will be the first person to prove the chinese government is allowing its employees to target us. You get used to it after a while. Next year come to the import meeting and we'll let you hear how we are obviously setting up insecure servers just to tempt moral citizens to hack us." said the PHB.
George Bush and his crew of incompetence have NOTHING on the chinese when it comes to flat out lying, ignoring evidence, and blaming the target of the attacks.
What do we hope to accomplish by confronting them about it? We should just react by withdrawing from our friendly relationships and then as a consequence of that, let them negotiate with us and face the evidence.
It would be like if you had evidence your significant other was cheating on you, but rather than dumping them you just continued to ask them to acknowledge it. Of course they'll just keep denying it because you won't do anything about it.
I notice the article doesn't mention if any of the data on these computers was encrypted. It's one thing to hack into a Windows desktop. It's quite another to have to break a 1024-bit AES cipher to actually make use of the data you find. This should be (yet another) wakeup call that any data of any importance should be encrypted with a strong cipher. It's not like it's difficult to do, and it's not like the software is expensive (TrueCrypt, anyone?). I encrypt all my personal data, and if it was compromised, worst case scenario my identity might be stolen. These idiots (sorry, that's Representatives...) are storing personal information about political dissidents and refugees. If THAT data is compromised, worst case scenario people get killed, and entire political movements are quashed by force.
"plans to introduce a resolution that he says will help ensure protection for all House computers and information systems".
That's the scary part. Our elected officials are, on their best day, utterly clueless about any technology more advanced than an AR15. The kind of legislation they might enact to protect their own computers boggles the imagination.
Two House members said Wednesday their Capitol Hill computers, containing information about political dissidents from around the world, have been hacked by sources apparently working out of China
We are talking about two politicians here? A breed of people that, according to the consensus on/. are as competent, trustworthy and generally agreeable as the common US lawyer? That kind of people are a reliable source of information about where a hacking attempt has originated from? So how did they find out where it came from - did they follow the actual "tube" and ended up in a suburb to Shanghai or something like that?
Even I with my limited knowledge about how one can hide one's tracks on the internet, even I know that it is exceedingly easy. I'm sure if the Chinese government has a number of cyber-operatives hacking into American servers, they will be a bit more knowledgeable about these things than I am. In fact, wouldn't the most reasonable approach be to not do it from somewhere in China? Or even better, not be so clumsy that you leave dirty fingerprints all over a second-rate politician's Windows machine.
A much more likely scenario, if you ask me, is that this is either a simple, barefaced lie, or it is somebody who has spoofed his address to somewhere in China, which is not at all hard: Just hack into a machine in China, then go from there.
Is it really all that difficult to conceive of disposing of the nation state? Now that we live in an age of a global society, what do nations do for us?...
You are in much the same position as a cow or sheep proposing to get rid of farmers.
It's easy to conceive of getting rid of nation states. It's really hard to do it. The people in power raise, herd, milk, and slaughter the bulk of the population for their own benefit. Part of this process is culling from the herd those "rogues" who attempt to change t
It's all about money. (Score:5, Interesting)
Under these circumstances, it's not surprising that some mischievous hacking of Congressional computers is overlooked by the people who are supposed to care about such things. Where it gets more serious is the hacking of Pentagon systems that seems to be originating from sites in China.
China's government today is trying to juggle a growing nationalism among younger Chinese, a nationalism that is not friendly toward the West and the U.S. in particular, despite our close economic ties. They have fostered a hostile attitude toward the U.S. through years of propaganda, and this, too, the Americans have ignored in the interests of making money.
It will be interesting to see what happens come the day that China's huge internal market is affluent enough and their technology level high enough that they no longer need the U.S. as either a customer or investor. But in the meantime, it would be advisable for these Congressmen and other officials like Carlos Gutierrez (whose laptop was compromised during a trip to Beijing) to switch away from easily hacked systems like Microsoft Windows, and maybe keep their systems offline or only on a secured and firewalled intranet.
I also think that the U.S. government should not be using home computers like Dells running Windows. The hardware components are largely manufactured in China these days and who knows what evil back doors might be implanted in ROMs, akin to the compromised printers that were shipped to Iraq from the U.S. in the pre-Gulf War days.
Re: (Score:3, Interesting)
China's Nationalism problem is tremendous. (Score:5, Insightful)
China has an unquestionable horrifying nationalism problem. This can be seen in issues such as Tibet and Taiwan. What's troubling isn't that Chinese want Tibet and Taiwan to be part of China, I can view that as acceptable. What isn't acceptable, however, are such obvious propaganda-induced lines of reasoning such as "Tibet has always been a part of China and forever will be a part of China." Not only is that false -- Tibet was its own country until China marched in there 50 years ago and took it, but that's how it works in war; winner takes all. But then the Chinese government proceeded to educate their entire 1+ billion population that, indeed, Tibet had always been a part of China, and that anyone who questioned otherwise was not Chinese and was siding with the Dalai Lama, who isn't even human.
Another Nationalism-brought issue outlined by the BBC poll is its hatred of Japan. There are only two important countries in the world that hate Japan -- China and South Korea. One might argue that it's because of Japan's war-time atrocities that they never properly atoned for. They have apologized many times, however poorly, and Japan is not elegant in international relations. That said, my argument is, East Asia was hugely and negatively affected by the Japanese Empire. China and South Korea aren't the only countries affected with horrendous atrocities. But why then, have all of the other South-East nations forgiven Japan, but China and South Korea haven't? Only 12% of Chinese carry a positive view of Japan's influence on the world -- not opinion of Japan, but opinion of the positiveness of Japan's influence on the world. Whereas in Taiwan, Japan's very popular culturally, even though many elderly people still speak Japanese from being forced to learn it during occupation!
And my last argument -- Anti-Anti-Chinese protests? VIOLENT Anti-Anti-Chinese protests, with prevalent stalking and death threats of anyone that criticized China? C'mon, that's pitiful.
And to any Chinese that might be reading this, my message would be that there's nothing wrong with being proud to be Chinese. There's nothing wrong with wanting the Chinese people to be united and patriotic. But people and government are separate. Just because you're Chinese doesn't mean you have to defend your government for no other reason than that it's my government, just how Americans don't have to defend President Bush just because he's my President. Nationalism is good in small doses for the morale of a country, but in large quantities like currently present in China, war is almost certainly inevitable. Think about the nationalism of 1940s America, 1940s Japan, 1940s Nazi Germany (hah, Godwin's law strikes again!). Unchecked Nationalism only brings horror and foolish decisions, all for the sake of being Chinese, or being American, or being Japanese, or being German.
Parent
Re:China's Nationalism problem is tremendous. (Score:4, Interesting)
Heh, you should watch Australia and Japan in our current relations. From my perspective as an Australian, Japan's doing pretty well and Australia's suffering from foot in mouth. The new Prime Minister of Australia just pointed out in defending the fact that it took him over six months to visit Japan (but only two or three to visit China) that "in the period since his Government came in, how many Japanese ministers have visited Australia? None." (Not a literal quote, but that's the same expression.) Sounded like a child defending himself.
Yet the Japanese expression of displeasure has mostly been made known via leaks and it makes it almost look they're not really that displeased y'know. Much more elegant even if they are unhappy. I think I'm quite displeased about how the Australian government's handled it.
Parent
Re:China's Nationalism problem is tremendous. (Score:5, Interesting)
Japan is not just culturally popular in Taiwan. Its culture is a main driving force all over East Asia, without exception. Japan's plan to wait it out has worked the way it was supposed to - the older people who lived through or have heard about the war are dead or are very old. Young people today hold no such grudges, and slurp up Totoro stuffed animals just as well.
I don't see why it's surprising that Chinese and Koreans are still sore about Japan. To this day, Japan's high-ranking officials have paid both personal and state visits to shrines containing memorials to convicted WW2 war criminals [wikipedia.org]. If a German chancellor was to humbly visit Hitler's birthplace, that would certainly be seen as an unspeakable act. If Nazi Germany was in power today, would you also suggest the Jews of the world to "forgive" them as well?
The interesting thing is - the latest round of negative feelings toward Japan was not instigated by the Chinese government (although they certainly didn't work very hard to calm their citizens). Conversely, the Chinese government would rather not stir up any raw feelings because Japan is now a much more integral trading partner. Ironically, it was the freedom of information which let the average Chinese read about these war criminal shrine visits in Japan, or when naive Westerners shoot their mouths off about China [tmz.com].
Parent
Re:China's Nationalism problem is tremendous. (Score:4, Interesting)
And the biggest reason China and Korea hate Japan still, I think, is those governments have been the most proactive in spreading anti-Japanese propaganda, until recent years when relations have finally improved a little. It wasn't the freedom of the press that made Chinese people angry enough at Japan to refuse earthquake aid from them, it was because they, and their parents, and even their grandparents have always been brought up being told that Japan is evil, they've committed atrocities, and the country is vile. So now that China is finally opening up, it's very easy for a Chinese person to look on the internet and see that, in fact, Japan DID commit atrocities. But Japan has forgiven America for the atomic bomb, because the Japanese people haven't grown up being told that America is a spawn of hell that heartlessly destroyed two cities filled with civilians. Chinese, on the other hand, have grown up being told that, so when they see facts showing that such atrocities did happen, it just reaffirms their anger that they've been taught to have. And even with little to no propaganda now, the damage has been done, and the hatred will stay for the next 50 years until the current generation is old and begins to die.
Parent
Re: (Score:3, Insightful)
Don't connect personal computers containing Shit That Matters to the internet.
Invoking teh Yellow Peril is a smokescreen. If they can get in, so can others...
Re:It's all about money. (Score:4, Insightful)
One thing I'd like to point out is, this is much less due to "years of propaganda", as you say, than the fact that the US has not exactly made friends throughout the world recently. It's viewed as an arrogant superpower trying to police the world.
On the flip side, US media is doing its best to foster a national sentiment that is very unfriendly towards China.
But I do agree with the rest of your post.
Parent
Re:hmm.. i think the chinese are doing a good job (Score:5, Insightful)
Yeah, Chinese companies are not meeting standards, and they are probably cutting corners. BIG shock.
As far as openly executing executives? I've heard of one case where that's happened, and - I don't have any sources handy - it was for something egregious, like intentionally shipping a product resulting in hundreds of deaths (I'll stop because admittedly, I don't remember the details. I wouldn't say the guy deserved to die, but that's just me). So what are you suggesting with the "kill themselves" in quotes? That the Chinese government is running some secret program whereby company execs who embarrass the name of the country are killed off?
Someone needs to drink less of the Western media kool-aid.
But well, China is clearly a world threat, given its aggressive tendencies...you know, Red China ramping up their military, how dare any country do such a thing. But we're in no position to point fingers here, because we've been the country going around, occupying other countries, for - as time goes by - reasons which become more and more farcical.
There's a much stronger argument that the US is the biggest threat to the world, but thankfully, this could change with a new administration. (+1 for democracy).
But you know what, China's economic and military growth IS a threat to the US's status as a superpower, something which we would very much like to hold on to, so you bet the US government and our "free, independent" media wants us all to think of China as a dangerous, evil "dragon" waiting to rise and destroy us all. That's propaganda.
Parent
Re:It's all about money. (Score:5, Interesting)
I will illustrate what they are NOT, instead:
My personal work, and travel abroad laptop, contains CAD software, email RECEIVING software, video watching software, instant messaging software and secure delete software. It does not contain, services, weatherbug type stuff, spyware or other things that should NOT be running on a system that might get stolen or broken into while I'm out sampling the local night life in some third world country.
Does my system contain sensitive info? Depends what you call sensitive. Is it hard to get to? You betcha. Are the federales in the USA (or government agents in ANY country for that matter) as careful with THEIR client info (namely that of their respective people or informants abroad?) All evidence points to the contrary. Trust the government if you wish for a not so swift, painful death at the hands of whomever they willingly or unwittingly sell you out to. As for me, I value my health and wealth enough not to leave my data lying around for others to partake of.
Not because I worry that I will be hacked or my clients will sue me... no, I do this out of RESPECT for those with whom I've done business or with whom I've exchanged information. I respect them enough NOT to sell their info or treat them like trash. As a result, they return the favor. And if they do not, they won't long remain on my contact list. I make it a point not to associate with the stupid or the insane. I safeguard even my tavern mates' information, not because it is financially valuable, but because I respect those individuals and would not subject them to undue privacy violations (other than what the DHS and other spy in the sky types will subject them to regardless of their guilt or innocence in any particular subject). Respect is one of those things that is not valued as much in this world, even if it, along with TRUST are still the most valuable and among the few things one should consider "assets".
Do the government goons and politicians in various countries respect those whose information they access on their computing equipment? Apparently, the answer is not exactly one that encourages me to wish to associate with these individuals, regardless of how much money they make or what titles they are bestowed with.
Parent
Re: (Score:3, Insightful)
The government has more secure systems for people's laptops, like Bastile Linux, and should be using them instead of a consumer grade OS that was never intended to store anything more important than Solitair. When insecure systems are used to access secure systems, security falls to the level of the weak system.
But as we see in the business world, even though there are technologies that are 10000X superior to what you are currently using and may even cost less, those in upper management will complain that it isn't familiar and they might have to learn something new. I wouldn't see anything different in this case.
Re: (Score:3, Interesting)
Re:Windows Again! (Score:5, Informative)
From the line you quoted, it sounds like they had physical access to the machine to do the copying. Any and every OS will fall if you have the thing in your hands.
Parent
No, we can't. And we shouldn't, either. (Score:5, Insightful)
No, we can't. And we shouldn't.
People in the government are putting life-critical and national-security-critical information on computers driven by a software system that is notorious for a multi-decade history of being riddled with security holes, some of which are architectural and unfixable.
Doing this - and CONTINUING to do this when they should know better - is a major part of the issue under discussion.
In this case it has resulted in the disclosure of the identities of dissidents to the intelligence agencies of foreign governments who wish them eliminated. This will probably result in a number of incarcerations, tortures, and deaths.
In other cases it may even lead to outcomes as serious as the US losing a war, being conquered, or being destroyed.
This is an important issue. Failing to fix it may result the deaths of multiple millions of people and creating a future consisting of a jackboot on humanity's neck for generations to come.
For us to refrain from discussing it because you're sick of "OS wars" would be beyond criminal. It only lacks a declaration of war to qualify as treason.
Parent
Re:Windows Again! (Score:4, Insightful)
It's not at all hard to use whole disk encryption with a Windows laptop. The complaint here should be "why wasn't the laptop encrypted", not "why was it running an unfashionable OS".
Parent
Re:Windows Again! (Score:5, Insightful)
In any case, they had physical access to the machine, so unless you're encrypting the HDD, it's game over. Your stock Debian laptop would have been compromised as quickly as the one with Windows XP. Bastille Linux is just the same type of protection that can be had for Windows if you want or need it, and I'm guessing in this case they do want and need it. But it's not Windows' fault, and it's not Microsoft's fault, no matter how much you want that to be the case.
Parent
Re:Windows Again! (Score:5, Insightful)
Parent
Sorry! Physical access! (Score:4, Insightful)
If they were able to get the laptop long enough to copy the system, you're screwed either way.
Parent
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:3, Informative)
Unlike his claim that anyone who disagrees with him must work for Microsoft, I don't actually believe that. But the fact that someone would actually consider it is bad enough.
Instead of changing his behavior though, he
Re: (Score:3, Informative)
Unfortunately there seems to be a Fight Club-like rule that talking about twitter in a thread where he's posting with five different accounts is a big no-no. You're a troll and offtopic if you dare do that. But twitter's OK, he just replies to himself with as many accounts as he can an
Well some parts of the US make a lot of money (Score:2, Insightful)
Re: (Score:3, Insightful)
I just wish some people other than us left-wing nutjobs would actually start looking at this and thinking about it.
Actually you're in pretty good company here, none less than the illustrious Donald Rumsfeld has expressed his concern over China's growing influence in the world. Lot's of people agree that it's a problem, but the fact is, and this is important, there is nothing we can do to stop it. If the US doesn't trade with China, they will make money trading with Europe. If Europe doesn't trade with China, they will become strong by building their internal economy. Will it take longer? Yes. That is all we can d
People of China != Government of China (Score:5, Insightful)
Re: (Score:3, Interesting)
Harassing a human rights critic is the kind of thing a nationalistic script kiddie moron would do; the Chinese intelligence agencies have much higher-value targets to pursue.
Re: (Score:2)
It seems to me, that they (whoever they may be) are trying to start a war of sorts... pinning country against country on the internet... to what gain, im not really sure, perhaps ultimately to create a UN (United Network?) for the Internet, or simply just to create more business trying to out-do other countries security, intelligence (as in the passing of information), and control of their public.
Re:People of China != Government of China (Score:4, Insightful)
The fact that the US government seems to think that this doesn't apply to computers and the internet is what's appalling, not the fact that China has spies.
It's time that the government wake up and secure their systems. That the Chinese and every other government will look out for their own interests by whatever means they can get away with should simply be assumed.
Parent
the proper response by the us govt (Score:4, Insightful)
shouldn't be too hard to distribute, just hack in
So What? (Score:5, Insightful)
Perhaps... (Score:2)
Sheesh! Politicians these days. They don't know anything.
Anyone recommend an online Mandarin turorial? (Score:4, Insightful)
Because I think its going to be a useful skill given the way the wing is blowing.
Only a few years ago the eclipsing of the US by China was seen as a far off, ad even an unlikely, contingency. Now it is looking almost certain. They've quietly kept their heads down, developing their economy and their military, whilst the US has blown trillions of dollars on a pointless war, fumbled its economy and trashed its international reputation.
What kind of superpower can't do anything in response to such an open violation of its national security? It is the same kind of powerlessness that was demonstrated by the UK when the Russians openly murdered someone in the middle of London and we did nothing of consequence.
We in the west have squandered our soft power and shown our hard power to be just about adequate for securing two barely armed third world shitholes. This fact hasn't been missed by Russia and China.
don't shell out that cash yet... (Score:4, Interesting)
The same cultural factors that cause them to ship lead paint based toys and glycol laced toothpaste [nytimes.com] affects them too. It's called corruption. For one thing, the whole place is an environmental disaster. For another, if you look at building quality there it's the same thing -- buildings in China that have been made 15 years ago look like they were made 50 years ago, with water stains and poor quality maintenance. A good example of this? Look at the school buildings that fell down in the earthquake [timesonline.co.uk], bricks that fell apart like sand, rotten supports, etc. etc. etc. Classic corruption at work. This also extends to their military. [nytimes.com]
Let's put it this way, in the U.S. we have occasional overt corruption of politicians and government officials (notably the current administration and their no-bid contracts to Halliburton in Iraq, etc.), and some institutionalized corruption such as lobbying, but it's nothing like China. Imagine politicians like Bush and Cheney, or the democratic congressman with the $90k in his refrigerator were the norm. from the state to local level. Nothing would work, everyone would be promoted due to loyalty rather than competence. In the U.S. there's been tremendous damage just from seven years of the current adminstration, but think about what the country would look like after 50 years of it: that's China. So yeah, if the Chinese were to suddenly change their culture and make it dishonorable to be corrupt rather than just get caught, we'd have problems but as it is China is going nowhere fast.
Parent
Re:Anyone recommend an online Mandarin turorial? (Score:4, Insightful)
Parent
Targeting or firehose? (Score:5, Insightful)
The fact is, there is a metric shitload of Chinese hackers out there. Just because you think you are something special doesn't mean they are targeting you.
(of course the hacker may not be from China, they are just using a machine in China as the most recent hop.)
Re: (Score:3, Interesting)
That's a heck of a last hop from Beijing to Washington D.C. :-)
It probably is that straightforward. XO Communications, the U.S. ISP, apparently supplies a 2.5Gbps pipeline directly to the U.S. from China [convergedigest.com] The bastards are using this link to try and hack us.
I looked into this because my FTP server was getting the dictionary thrown at it (happens regularly to that and everything else). Using ARIN, APNIC traceroute etc, I kept coming up with XO local IP addresses with Beijing physical addresses.
Does anyone know anything about this link? Does anyone else think it could
those morons should be impeached. (Score:2)
Those morons should be impeached.
OTOH, I am pretty much totally in favor of firewalling off all of China's IP address space...
As much as I think this is important... (Score:5, Insightful)
Just like suppose Windows were found to be running on most of the hacked computer, is our government going to to tough enough to demand replacing all our military computers with something more secure? Not when a multi billion contractor from Redmond has anything to say about it.
This raises another point. Surely our enemies with resource (and computer resource is cheap and abundant) are going to try to hack us. Shouldn't we be more focused on securing our system: something we can do pro-actively. Instead of blaming the attacker, over whom we have to jurisdiction (or unwilling) to punish, shouldn't we punish those people who leave us vulnerable here, at home, when we are paying them shit load of tax money to secure our infrastructure? And if the infrastructure is to blame, should we blame congress?
Re: (Score:3, Insightful)
Enemies. Yes, that's a good point. Security is all well and good, but frankly we should be more focused on the consequences of our economic ties to a hostile totalitarian state.
Probably malware, not hacking (Score:2)
Working out of China or working for China? (Score:5, Insightful)
Still going on (Score:5, Insightful)
If the US wanted it to stop they'd put up honey pots with credible but artificial data and then wait for it to get used. This is how you catch the intruder and protect the real data at the same time. And the US knows this. This is first semester psyops. Fact is, they're almost certainly doing it, making this announcement utterly meaningless. And it is, unless you stick around for second semester psyops. That's when they teach you how to craft a story that makes such a big splash that something more important but entirely unrelated gets missed.
The present administration rarely hides its efforts along these lines, or Jon Stewart wouldn't have nearly as much material to work with. It's when something is really threatening to them that they work in the grey. Just as a possible for instance, in how many sources can you find this story, and in how many can you find the story of Kucinich's reading of articles of impeachment? And which is the more important story?
When something gets way too much coverage than it deserves, look around and see what's not getting enough. It'll be there because they can't make it go away. All they can do is tie a bell around the media's neck and wait for the sheeple to follow it.
"Taking the gold"? Hardly. (Score:4, Insightful)
Posting as AC for obvious reasons, but (Score:5, Interesting)
"Even if we confront someone from the Chinese government they'll just look at us and deny it."
but we have the logs.
"They'll say we faked them."
but we'll let them pull the logs themselves.
"They'll say that we are staging the attacks to frame the chinese."
I didn't have a response to this.
"We've done this before. Don't feel bad. Everyone who gets assigned to monitoring thinks they will be the first person to prove the chinese government is allowing its employees to target us. You get used to it after a while. Next year come to the import meeting and we'll let you hear how we are obviously setting up insecure servers just to tempt moral citizens to hack us." said the PHB.
George Bush and his crew of incompetence have NOTHING on the chinese when it comes to flat out lying, ignoring evidence, and blaming the target of the attacks.
Re: (Score:3, Interesting)
It would be like if you had evidence your significant other was cheating on you, but rather than dumping them you just continued to ask them to acknowledge it. Of course they'll just keep denying it because you won't do anything about it.
Encryption? (Score:5, Insightful)
Title of the Original Article (Score:4, Funny)
Wolf planning legislation to protect his PC (Score:4, Interesting)
Scare mongering again, samzenpus (Score:3, Insightful)
Even I with my limited knowledge about how one can hide one's tracks on the internet, even I know that it is exceedingly easy. I'm sure if the Chinese government has a number of cyber-operatives hacking into American servers, they will be a bit more knowledgeable about these things than I am. In fact, wouldn't the most reasonable approach be to not do it from somewhere in China? Or even better, not be so clumsy that you leave dirty fingerprints all over a second-rate politician's Windows machine.
A much more likely scenario, if you ask me, is that this is either a simple, barefaced lie, or it is somebody who has spoofed his address to somewhere in China, which is not at all hard: Just hack into a machine in China, then go from there.
Domestic animals proposing getting rid of farmers. (Score:3, Interesting)
You are in much the same position as a cow or sheep proposing to get rid of farmers.
It's easy to conceive of getting rid of nation states. It's really hard to do it. The people in power raise, herd, milk, and slaughter the bulk of the population for their own benefit. Part of this process is culling from the herd those "rogues" who attempt to change t