NYT covers China cyberthreat

• Previous message (by thread): NYT covers China cyberthreat
• Next message (by thread): NYT covers China cyberthreat
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 20, 2013, at 1:33 PM, valdis.kletnieks at vt.edu wrote:

> On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
>> boys and girls, all the cyber-capable countries are cyber-culpable.  you
>> can bet that they are all snooping and attacking eachother, the united
>> states no less than the rest.  news at eleven.
> 
> The scary part is that so many things got hacked by a bunch of people
> who made the totally noob mistake of launching all their attacks from
> the same place....


This strongly suggests that it's not their A-team, for whatever value of
"their" you prefer.  (My favorite mistake was some of them updating their
Facebook pages when their work took them outside the Great Firewall.) They
just don't show much in the way of good operational security.

Aside: A few years ago, a non-US friend of mine mentioned a conversation
he'd had with a cyber guy from his own country's military.  According to
this guy, about 130 countries had active military cyberwarfare units.  I
don't suppose that the likes of Ruritania has one, but I think it's a safe
assumption that more or less every first and second world country, and not
a few third world ones are in the list.

The claim here is not not that China is engaging in cyberespionage.  That
would go under the heading of "I'm shocked, shocked to find that there's
spying going on here." Rather, the issue that's being raised is the target:
commercial firms, rather than the usual military and government secrets.
That is what the US is saying goes beyond the usual rules of the game.  In
fact, the US has blamed not just China but also Russia, France, and Israel
(see http://www.israelnationalnews.com/News/News.aspx/165108 -- and note
that that's an Israeli news site) for such activities.  France was notorious
for that in the 1990s; there were many press reports of bugged first class
seats on Air France, for example.

The term for what's going on is "cyberexploitation", as opposed to "cyberwar".
The US has never come out against it in principle, though it never likes it
when aimed at the US.  (Every other nation feels the same way about its
companies and networks, of course.)  For a good analysis of the legal aspects,
see http://www.lawfareblog.com/2011/08/what-is-the-government%E2%80%99s-strategy-for-the-cyber-exploitation-threat/




		--Steve Bellovin, https://www.cs.columbia.edu/~smb

• Previous message (by thread): NYT covers China cyberthreat
• Next message (by thread): NYT covers China cyberthreat
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]