Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Australia China

Retaliatory Cyber Attacks Are Only Way To Stop China, Says Former FBI Director (afr.com) 105

Targeted cyber attacks and a strong deterrence capability are the most effective way of preventing China and other countries continuing to steal Australian commercial secrets, according to a former director of the Federal Bureau of Investigation. From a report: Louis Freeh, who ran the FBI for almost eight years until 2001, said the threat of criminal charges or jail time would do little to prevent state-sponsored hackers from continuing to steal valuable intellectual property. "It's like trying to serve a subpoena on [Osama] Bin Laden -- it's not very effective," Mr Freeh said on the sidelines of a speech in Sydney on Monday night. His comments come as the federal government considers how best to respond to a surge in cyber attacks directed by China's peak security agency over the past year. An investigation by The Australian Financial Review and Nine News confirmed China's Ministry of State Security (MSS), was responsible for the recent wave of attacks on Australian companies. These formed part of what is known in cyber circles as "Operation Cloud Hopper", which was detected by Australia and its partners in the Five Eyes intelligence sharing alliance.
This discussion has been archived. No new comments can be posted.

Retaliatory Cyber Attacks Are Only Way To Stop China, Says Former FBI Director

Comments Filter:
  • It's a good thing it's not possible for hackers to spoof their origin to make it look like it's their competitors doing the hacking.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      It's a good thing it's not possible for hackers to spoof their origin to make it look like it's their competitors doing the hacking.

      Are you trying to claim China DOESN'T have an organized, state-sponsored dedicated cyberwarfare unit? [wikipedia.org]

      And that the intelligence and law envforcement agencies of the US, UK, Australia, Canada, and others can't track at least some of that unit's activities?

      If you can't credibly claim all that, you're just an ignorant blowhard trying to confuse things.

      • Not at all.

        Are you trying to claim that it's not possible for Russian, Indian, American, etc. hackers to make it look like their attacks on Australia are coming from China? Or vice-versa?

        • by Anonymous Coward
          He is being sarcastic; it is pretty well known that CIA routinely use IP spoofing as it can be trivially done when you control the telcos.
        • by Ogive17 ( 691899 )
          It's as likely as you being paid by the Chinese government.
    • However connecting to an other system requires 2 way communication. If the computer knows how to send back its response back to your system saying it had connected and that the packets didn't get lost or didn't collide. Then we can track it back. Most of the time spoofing is good enough, just because the effort on tacking back is higher then what the damage of the hacking is, and the value of finding the hacker.

      However if you piss of the right person or government with some real money to track you back.

      • A more natural way would be to hack into a computer in China then from there hack into the US. If you are hacking serious targets, go through multiple proxies. Never hack directly from your own computer.
  • by sycodon ( 149926 ) on Tuesday November 20, 2018 @09:47AM (#57673704)

    China is not really our friend in any sense.

    They steal intellectual property

    They use state subsidies and subpar working conditions to undercut our products

    Their, "students" are usually tools of the Government.

    While it is doubtful the US and China will ever engage in some kind of ground war, it is probably inevitable that some kind of air/sea conflict occurs. Given the tremendous economic entanglements, it will be a very bizarre conflict.

    • by Virtucon ( 127420 ) on Tuesday November 20, 2018 @09:58AM (#57673780)

      You didn't mention the BGP attacks [theregister.co.uk] they've been conducting lately. They're a bad actor in terms of Internet trust and it's time to cut them off.

      • by sycodon ( 149926 )

        Ya...I completely neglected to include the very thing the story is about.

        I have Turkey and Dressing on the brain.

    • Given the tremendous economic entanglements, it will be a very bizarre conflict.

      It's already a bizarre. Soon, China, Russia and the US will hold the world hostage: pay huge taxes on over-seas shipping, or WW3.

    • by Anonymous Coward

      China is not really our friend in any sense.

      They steal intellectual property

      They use state subsidies and subpar working conditions to undercut our products

      Their, "students" are usually tools of the Government.

      While it is doubtful the US and China will ever engage in some kind of ground war, it is probably inevitable that some kind of air/sea conflict occurs. Given the tremendous economic entanglements, it will be a very bizarre conflict.

      This is a highly dangerous viewpoint. Like saying that war with Mexico and Canada are inevitable because we have serious unresolved border, trade and even national security disputes with them... War with China is not inevitable just because the US and China are two of the biggest most powerful nations on Earth. Nor is war inevitable with the EU or India just because they are so big and powerful. Even a limited war between major powers is extremely undesirable and could result in millions of deaths and de

    • They steal intellectual property

      Put "steal" between quotation marks, please. IP is a legal construct that creates government-assisted artificial scarcity. A relatively recent concept, with non-existing or shaky scientific foundation. For that reason, ignoring IP is not by definition immoral. One can have different views on that:

      IP supporters base their p.o.v. on some unproven theory that IP has a net benefit to society. Even though it's obvious it is not serving its original purpose, IP law is largely written by a powerful lo

    • If this is the case then why did we build China into the behemoth it is today? China used to be a poor, backwards country until our elites decided to let it into the WTO. Afterwards our factories died and our working class fell into poverty as China became a force to be reckoned with.
      • China was the biggest and most powerful nation in the world for many centuries before the USA was created. Its rulers made the apparently unwise decision not to develop their firearms, bombs, rockets, etc. because such weapons could lead to dreadful slaughter and destruction.

        They did not expect foreigners from the other side of the world to do what they had chosen not to, allowing them to conquer China - at least some of the coastal regions and Beijing. That, followed by the US-encouraged Japanese invasion,

        • Uh, did you respond to the wrong comment? China wallowed in poverty for decades before our elites admitted them to the WTO. This was what crushed our working class and enabled China to become wealthy beyond its wildest dreams. Their descent into poverty was not caused by the Japanese (WTF?) nor encouraged by the Americans (double WTF - America was China's staunch ally against the Japanese, something largely forgotten today). This tragedy was caused by Marxism.
          • by MikeMo ( 521697 )
            In the case of "our elites", it was Bill Clinton that signed the Most Favored Nation pact with China. It's that pact that gave them everything.
          • by jbengt ( 874751 )
            No, Archtech did not respond to the wrong comment. They just went farther back in history than you were talking about in your comment.
      • If this is the case then why did we build China into the behemoth it is today? China used to be a poor, backwards country until our elites decided to let it into the WTO. Afterwards our factories died and our working class fell into poverty as China became a force to be reckoned with.

        Que bono.

        We generally accept that we're ruled by rich sociopathic oligarchs, yet still wonder why foreign policy does not align with our stated ideals or interests.

        It's almost as if an organization ran by globalist bankers and lawyers would see both China and the U.S. as resources to exploit. You're asking for a reason, look for the most self-serving, short sighted, profit motive driven one you can imagine.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      "to undercut our products"

      have you been paying attention to how globalisation works?

      it wasn't China's fault that America outsourced their entire manufacturing base to them.

      it was the fault of greedy corporate CEO's who wanted to maximize profit for shareholder gains (loss of American jobs be damned), plus the mindless consumerist working folk who valued getting a good deal above all else (loss of American jobs be damned).

      so yes, it was all your own fault.

    • you're thinking like a member of the working class. The Ruling Class is global now, and they get along just fine with China. Sure, there's the occasional bit of back and forth, but it's all in good fun.

      Now, as a member of the working class the Chinese government is about the worst thing ever. They massively drive down wages and standards of living across the globe. But good luck doing anything about that. It's hard to say no to a 50" TV for $200 bucks.
    • by burni2 ( 1643061 )

      Actually I'm worried about China too, but don't your points are also valid for the "U.S.A."

      - I mean intellectual property (NSA / Enercon)
      - State subsidies vs. Custom Duties
      - students tools of the government (and if students go on and work for NSA and CIA and implement things like egoistic giraffe).

      Well, only those who are without sin should throw the first stone.

      Except critisizing the government will not land you in internment camps or prison in the U.S. that's the difference.

  • Better Idea (Score:5, Insightful)

    by alvinrod ( 889928 ) on Tuesday November 20, 2018 @09:51AM (#57673736)
    Instead of starting some kind of cyber war, why not have our guys act as white hats and target Anerican firms and government organizations. Find breaches and alert the concerned parties so they can get filled in.

    It gives our guys practical experience and helps protect American citizens and businesses. It even affords a good job opportunity for the kind of mischievous minds that might otherwise cause some of that trouble.
    • Using our talent to increase our security sounds a lot better than an ever escalating cyber feud, that will have more impact on our businesses, the people that work there, and the people that depend on services they provide than the governments that started the feud.

       

      • by AmiMoJo ( 196126 )

        Seems like China already has much better cyber defences (the Great Firewall) and that the US couldn't match them even if it wanted to, because the US government doesn't have that kind of contralized control and people would never stand for it.

        So on the face of it starting open cyberwar with China doesn't sound like a good idea. Securing US systems seems like a better strategy.

        • That also doesn't mention that it would only serve to strain relations and create a continuing rivalry that would cost the people and businesses. Rivalries like that don't serve anything but resentment and elevated hostility.

        • the US government doesn't have that kind of contralized control and people would never stand for it.

          Hahahahahahahahahahahahahahahahahaha!

          • the US government doesn't have that kind of contralized control and people would never stand for it.

            Hahahahahahahahahahahahahahahahahaha!

            I think what Amimojo was getting at was that there is no American analogue to the Great Firewall of China. Japanese internment camps or Bay of Pigs or Area 51 can be searched without consequence in America; Tienanmen Square in China...less so.

            Yes, the federal government has enough tentacles that there's a decent amount of centralized control in an abstract sense, but when Net Neutrality was on the table for response, Americans flooded the DC switchboard and told them where to shove it. Americans aren't goin

    • You're entirely right on the merits - because the U.S. is the most connected society, in terms of economic dependence on telecommunications, every vulnerability that the NSA hoards for attacks, is a potential breach on corporate and personal information.

      However, if you think the type of people, largely sociopaths, who run the government are likely to just back down from a war they can foment, or really care about individuals' safety, you're entirely misunderstanding the mindset of someone who would go to wo

      • I don't think you could have anyone, but the government do this kind of work on the kind of scale that is necessary. First of all, it's almost all illegal without permission, so only the government could get away doing it to organizations that don't ask. It might be a bit more hairy even then doing it companies, but the government could at the very least attempt to hack or social engineer other parts of the government. The government meanwhile, is never going to let a non-profit or any private organization
    • by raymorris ( 2726007 ) on Tuesday November 20, 2018 @10:44AM (#57674062) Journal

      Finding vulnerabilities and warning the vulnerable companies is what I do for a living. What we do is in no way a substitute for deterrence.

      Instead of putting muggers in jail, why don't our good guys try mugging people and alert victims that they're vulnerable?

      Instead of killing bin Laden, why don't our good guys just ram planes into all the buildings and then we'll know which buildings are vulnerable?

      Having cops break into the people's houses won't make burglary stop.

      The main benefit of vulnerability assessment, what I do for a living, is that when we make Lockheed Martin a more difficult target, the attackers focus more on Northrop Grumman, because it's an easier target. That's an advantage to Lockheed.

      We will never come anywhere close to making our county impenetrable. If we magically did, which would require a police state, two days Microsoft would release a new version of some software and we'd all be vulnerable again. Every time somebody installs anything connected to a network, there are opportunities for it to be configured poorly, and that happens a million times a day. We will never be secure. We can only make YOU a harder target than your neighbor.

      "Instead of starting a cyber war" - LOL! We're *in" a cyber war. Pur adversaries spend billions of dollars every year attacking us, and we're losing. Ignoring it and pretending it's not happening won't make it go away. The way to make a country (or a person) stop attacking you is to make it hurt them to continue, to exact a high price. If someone is swinging a knife at me, knowing I'm vulnerable doesn't solve the problem. You stop their attack by shooting them. That's what solar the problem.

      • [Our] adversaries spend billions of dollars every year attacking us

        Evidence? Citation? Or is that just a wild paranoid guess?

        The US government spends about $1 trillion every year on its armed forces, weapons, ammunition, the many secret police "agencies", and paying vast numbers of head-chopping, heart-eating terrorists to attack everyone the US government doesn't like.

        The USA is far and away the world's biggest spender on "defence" - which of course, in true Orwellian fashion, really means "aggression".

        Because everything in the world belongs to Americans, but some damned

    • by MikeMo ( 521697 )
      I think this is virtually impossible. How many 10's of thousands of private companies are there in the US that need better security? Like all of them? You have to get them all - many of the hacks are via contractors, not just the main IP holders.
  • by gweihir ( 88907 ) on Tuesday November 20, 2018 @09:53AM (#57673748)

    Maybe have IT security that is not cheapest possible, but actually works? That would also have the advantage that China may actually be stopped. "Hacking back" is still the most stupid idea possible in this space. But especially for China, has this person forgotten that the Chinese have their whole country behind a big firewall?

    • This makes about as much sense as using a DOM object to cut the crusts of a peanut butter sandwich
    • by pr0fessor ( 1940368 ) on Tuesday November 20, 2018 @10:13AM (#57673872)

      This goes right a long with governments that want to have back doors to fight terror and crime but somehow magically it's only going to work for them and the bad guys will never be able to use it against us.

      In the end we have aloud the uninitiated to set policies for something they don't understand and the resulting mess is going to be hard to clean up.

      • by gweihir ( 88907 )

        Oh yes. Those that crave power, but are not even capable to ask experts on matters they do not understand, routinely make big, big messes. This is just one of them.

        The only thing that will work in the end is better security, no backdoors, no holding back zero-day exploits, no "lawful" access, etc. Anything else will be suicidal. Of course, those with power are deeply afraid of citizens being able to hide things and communicate secretly, so it will take a while. But there really is no alternative.

  • How about the tech companies fixing their shit so this doesn't happen.
  • by Anonymous Coward

    Starting a cyber war with China will provide a justification for previous Chinese actions.We should try and work out something with the Chinese. The interests of China and the US and for that matter the rest of the world will be better served by dialog. If there is cyber war we will still need in the end to work out an agreement. So first dialog then if that is a failure move on to stronger measures.

  • Comment removed based on user account deletion
    • Yep, monsters. Not like America, which conducts their invasions honestly, with overwhelming military power against grossly outmatched opponents, who we falsely accuse of having "Weapons of Mass Destruction" and drag a bunch of other militaries into the fracas as well.

      Face it, all the global superpowers (and a lot of the minor ones) are all constantly throwing their weight around to try to take what they want from other countries - the big differences from a moral standpoint are mostly in how many people di

  • by Opportunist ( 166417 ) on Tuesday November 20, 2018 @10:12AM (#57673866)

    What do you want to attack? Want to steal back the trade secrets they got from us? How do you steal from someone who has nothing that you could possibly want? What kind of deterrent is it when you throw a nuke into a mostly void desert? It costs you a nuke and doesn't bother your enemy at all.

    Instead get your defense up to speed! The itsec situation in most companies is atrocious. And I'm not talking about irrelevant mom'n'pop shops, we're talking large and very juicy targets for international criminal actors. If anything, the FBI should start treating sloppy IT security as what it is: A criminal offense.

    But no, wait, we can't do that! Then our corporations would have to do something about their IT security! That could cut into their bottom line! No, let's instead wage a silly "cyber" war we can't win on taxpayer money. One silly, useless and unwinnable war that we get to foot the bill for more or less, who cares?

    • If the NSA and other agencies would give up thier secret list of vulnerablities to the vendors it would help quite a bit. Instead of increasing defense by patching and hardening against known issues we purposely leave ourselves open to anyone able to use these exploits to use against these same "enemies" for the same reasons which makes no sense when we have more to lose. It only makes sense when those keeping the secrets don't care about the nation/people as a whole and want to get these gains despite th
    • The Five Eyes have already attacked China [forbes.com]. Now, can the Five Eyes just tell us where the Weapons of Mass Destruction are in Iraq?

    • by Slayer ( 6656 )

      You can not defend 100% against dedicated attackers in IT space, just as you can't reasonably prevent all violent crime upfront. With violent crime, it is commonly accepted, that suspected offenders are prosecuted, and in many cases extradited to the country the alleged offense took place. If a country does not cooperate in such a prosecution, the country affected by the crime will at some respond with travel restrictions or with sanctions against individuals associated with the crime, c.f. Skripal assassin

    • Cyberwar isn't just about corporate espionage. Hack their oil pipelines, see what happens when the valves open and shut at 60Hz. See what Beijing traffic looks like when every traffic light is red, or worse, every one is green. Disable the Great Firewall, or better yet, mess with it. Block the official government sites, redirect them to a troll site. Unblock sites they really, really want blocked. Screw with the censorship on their social media - get "June 4th Incident" trending. Hack Xi Jinping's emails, s

  • ... be the smartest kid on the block and provide hardened entry points.

    Sounds like an excuse to fight fire with fire and then the US declares open season.

    I do not know why China doesn't get a branded credit card from Facebook, Apple, Google and Microsoft each.

    That way they could get points while buying all that stuff right off the shelves of the big box data stores.

  • Why don't companies create millions of fake sites with false tech info and documents to make it impossible to figure out what they are stealing?
  • by jd ( 1658 ) <`imipak' `at' `yahoo.com'> on Tuesday November 20, 2018 @01:45PM (#57675246) Homepage Journal

    Fighting a hot cyberwar against an entire nation that can be turned into a supersized botnet (and which probably runs half the existing major botnets out there), when your own country has grotesquely incompetent IT managers, virtually no cybersecurity, a bunch of Federally-required backdoors into mission critical systems and a vast number of SCADA-based critical servers on the public Internet, is such a good idea.

    I mean, what could possibly go wrong?

  • Nah, they're just kids playing. That's not a cyberattack, this (zhing!) is a cyberattack.

"Nuclear war can ruin your whole compile." -- Karl Lehenbauer

Working...