NYT covers China cyberthreat

Thu Feb 21 07:35:14 UTC 2013

The only spanking that has been going on nanog lately is Jay using his
email to keep us up to date on current news. I am going to call it a
night, and look for a SCUD fired from Florida in the morning. ;)

On 2/20/13 11:29 PM, "Richard Porter" <richard at pedantictheory.com> wrote:

>When you really look at human behavior the thing that remains the same is
>core motives. The competition makes sense in that it is human nature to
>aggresse for resources. We are challenged in the "fact" that we 'want' to
>belong among the other five. This will never change butŠŠŠŠ.
>
>What is really a travesty here is that most of us have been saying "hey
>this is critical" and can now shift to "I told you so"Š in that if you
>did what we said to do 1 Š 5 Š. 10 Š years ago .. you would have
>"mitigated" this risk..
>
>Basically, genetically we have not changed, so what behavior would
>suggest that (even with the introduction of faster calculators).. why
>would we change? Just means we would do X faster ŠŠ.
>
>This is my first comment to the list.. please flame me privately to save
>the list :) *** or publicly who think I should really be spanked!!! ***
>
>
>Regards,
>Richard
>
>
>
>On Feb 20, 2013, at 7:27 PM, Suresh Ramasubramanian <ops.lists at gmail.com>
>wrote:
>
>> Very true. The objection is more that the exploits are aimed at civilian
>> rather than (or, more accurately, as well as) military / government /
>> beltway targets.
>> 
>> Which makes the alleged chinese strategy rather more like financing
>>jehadis
>> to suicide bomb and shoot up hotels and train stations, rather than any
>> sort of disciplined warfare or espionage.
>> 
>> --srs (htc one x)
>> On 21-Feb-2013 7:40 AM, "Steven Bellovin" <smb at cs.columbia.edu> wrote:
>> 
>>> 
>>> On Feb 20, 2013, at 1:33 PM, valdis.kletnieks at vt.edu wrote:
>>> 
>>>> On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
>>>>> boys and girls, all the cyber-capable countries are cyber-culpable.
>>>>>you
>>>>> can bet that they are all snooping and attacking eachother, the
>>>>>united
>>>>> states no less than the rest.  news at eleven.
>>>> 
>>>> The scary part is that so many things got hacked by a bunch of people
>>>> who made the totally noob mistake of launching all their attacks from
>>>> the same place....
>>> 
>>> 
>>> This strongly suggests that it's not their A-team, for whatever value
>>>of
>>> "their" you prefer.  (My favorite mistake was some of them updating
>>>their
>>> Facebook pages when their work took them outside the Great Firewall.)
>>>They
>>> just don't show much in the way of good operational security.
>>> 
>>> Aside: A few years ago, a non-US friend of mine mentioned a
>>>conversation
>>> he'd had with a cyber guy from his own country's military.  According
>>>to
>>> this guy, about 130 countries had active military cyberwarfare units.
>>>I
>>> don't suppose that the likes of Ruritania has one, but I think it's a
>>>safe
>>> assumption that more or less every first and second world country, and
>>>not
>>> a few third world ones are in the list.
>>> 
>>> The claim here is not not that China is engaging in cyberespionage.
>>>That
>>> would go under the heading of "I'm shocked, shocked to find that
>>>there's
>>> spying going on here." Rather, the issue that's being raised is the
>>>target:
>>> commercial firms, rather than the usual military and government
>>>secrets.
>>> That is what the US is saying goes beyond the usual rules of the game.
>>> In
>>> fact, the US has blamed not just China but also Russia, France, and
>>>Israel
>>> (see http://www.israelnationalnews.com/News/News.aspx/165108 -- and
>>>note
>>> that that's an Israeli news site) for such activities.  France was
>>> notorious
>>> for that in the 1990s; there were many press reports of bugged first
>>>class
>>> seats on Air France, for example.
>>> 
>>> The term for what's going on is "cyberexploitation", as opposed to
>>> "cyberwar".
>>> The US has never come out against it in principle, though it never
>>>likes it
>>> when aimed at the US.  (Every other nation feels the same way about its
>>> companies and networks, of course.)  For a good analysis of the legal
>>> aspects,
>>> see
>>> 
>>>http://www.lawfareblog.com/2011/08/what-is-the-government%E2%80%99s-stra
>>>tegy-for-the-cyber-exploitation-threat/
>>> 
>>> 
>>> 
>>> 
>>>                --Steve Bellovin, https://www.cs.columbia.edu/~smb
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>
>
>