NYT covers China cyberthreat

Thu Feb 21 10:25:54 UTC 2013

The focus on platform here is ridiculous; can someone explain how
platform of attacker or target is extremely relevant? Since when did
people fail to see that we have plenty of inter-platform tools and
services, and plenty of tools for either platform built with the
express purpose of interaction with the other? Just because you
learned to code/operate on/for/with/from a *nix doesn't mean that
teams of Chinese coders can't make a tool that gets the job done
on/for/with/from a Windows box. Many people write many softwares of
diverse purpose and use for many platforms. Platform is, as far as I
can tell, moot in this discussion. Feel free to enlighten me.

Consider the US's indignation over the targeting of civillian or
corporate intellectual property and the shifting of reality from
preconceived expectation. I have had it explained to me as a purely
ideological difference between the US and China. Simply put: just
because we might find it immoral for state-sponsored espionage to feed
stolen IP into the private sector, doesn't mean that China will feel
the same; to some, it is perceived as nationalistic, another way the
government helps to strengthen the nation.

For another example of this, an acquaintance once told me about the
process of getting internationally standardized technologies approved
for deployment in China; the process that was described to me involved
giving China the standards-based spec that had been drafted and
approved, being told that for deployment, they would have to improve
upon it in a laundry list of ways to bring it some 5-10 years ahead of
the spec, and THEN it would be allowed to be deployed.

Whenever you have enough new players, or the game goes on long enough,
the rules end up changing.

On Thu, Feb 21, 2013 at 12:28 AM, calin.chiorean
<calin.chiorean at secdisk.net> wrote:
>
> ::This all seems to be noobie stuff. There's nothing technically cool
> ::to see here
>
> You mean the report or the activity?
>
> You seem "upset" that they are using M$ only(target and source). They steal data!!! From whom to steal? From a guru that spend minimum 8 hours a day in from of *nix?
> Why to put so much effort to steal information from that guy, when there are thousands of people out there with vulnerable and easy to break M$.
>
> They aren't looking to do something cool, but just a regular, plain old thief stuff.  Targeting M$ users if easy, involve less resources and it's "business" profitable. You need to look at this action from business perspective.
>
> IMO, why to spend hours to break something (like *nix systems) that you don't even know if it contains valuable information. This is more like sniffing around to find something useful and not targeting exact system.
>
> Somebody here mentioned that this unit is not their top unit. I'm sure that it's not. Maybe it was meant to be found.
>
> Cheers,
> Calin
>
>
> ---- On Thu, 21 Feb 2013 01:29:48 +0100 Scott Weeks  wrote ----
>
>>
>>
>>--- Valdis.Kletnieks at vt.edu wrote:
>>The scary part is that so many things got hacked by a bunch of people
>>who made the totally noob mistake of launching all their attacks from
>>the same place....
>>------------------------------------------------
>>
>>
>>This all seems to be noobie stuff. There's nothing technically cool
>>to see here. All they do is spear phishing and, once the link is
>>clicked, put in a backdoor that uses commonly available tools. As
>>I suspected earlier it's M$ against M$ only.
>>
>>The downside is nontechnical folks in positions of power often have
>>sensitive data on their computers, only know M$ and don't have the
>>knowledge to don't click on that "bank" email.
>>
>>Technically, it was 74 pages of yawn. Don't waste your time unless
>>you're interested in how they found out where the attack was
>>originating from and how they tied it to the .cn gov't.
>>
>>scott
>>
>>
>
>

-- 
Kyle Creyts

Information Assurance Professional
BSidesDetroit Organizer