Retaliatory Cyber Attacks Are Only Way To Stop China, Says Former FBI Director (afr.com) 105
Targeted cyber attacks and a strong deterrence capability are the most effective way of preventing China and other countries continuing to steal Australian commercial secrets, according to a former director of the Federal Bureau of Investigation. From a report: Louis Freeh, who ran the FBI for almost eight years until 2001, said the threat of criminal charges or jail time would do little to prevent state-sponsored hackers from continuing to steal valuable intellectual property. "It's like trying to serve a subpoena on [Osama] Bin Laden -- it's not very effective," Mr Freeh said on the sidelines of a speech in Sydney on Monday night. His comments come as the federal government considers how best to respond to a surge in cyber attacks directed by China's peak security agency over the past year. An investigation by The Australian Financial Review and Nine News confirmed China's Ministry of State Security (MSS), was responsible for the recent wave of attacks on Australian companies. These formed part of what is known in cyber circles as "Operation Cloud Hopper", which was detected by Australia and its partners in the Five Eyes intelligence sharing alliance.
Re: (Score:1)
Right... (Score:2)
It's a good thing it's not possible for hackers to spoof their origin to make it look like it's their competitors doing the hacking.
Re: (Score:2)
No such thing as intellectual property.
"If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself, but the moment it is divulged, it forces itself into the possession of everyone, and the receiver cannot dispossess himself of it. Its peculiar character, too, is that no one possesses the less, because every other possesses the whole of it. He who receives an idea from me, receives inst
Re: (Score:3, Interesting)
It's a good thing it's not possible for hackers to spoof their origin to make it look like it's their competitors doing the hacking.
Are you trying to claim China DOESN'T have an organized, state-sponsored dedicated cyberwarfare unit? [wikipedia.org]
And that the intelligence and law envforcement agencies of the US, UK, Australia, Canada, and others can't track at least some of that unit's activities?
If you can't credibly claim all that, you're just an ignorant blowhard trying to confuse things.
Re: (Score:2)
Not at all.
Are you trying to claim that it's not possible for Russian, Indian, American, etc. hackers to make it look like their attacks on Australia are coming from China? Or vice-versa?
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
However connecting to an other system requires 2 way communication. If the computer knows how to send back its response back to your system saying it had connected and that the packets didn't get lost or didn't collide. Then we can track it back. Most of the time spoofing is good enough, just because the effort on tacking back is higher then what the damage of the hacking is, and the value of finding the hacker.
However if you piss of the right person or government with some real money to track you back.
Re: Right... (Score:2)
View on China Needs to Change (Score:5, Insightful)
China is not really our friend in any sense.
They steal intellectual property
They use state subsidies and subpar working conditions to undercut our products
Their, "students" are usually tools of the Government.
While it is doubtful the US and China will ever engage in some kind of ground war, it is probably inevitable that some kind of air/sea conflict occurs. Given the tremendous economic entanglements, it will be a very bizarre conflict.
Re:View on China Needs to Change (Score:5, Interesting)
You didn't mention the BGP attacks [theregister.co.uk] they've been conducting lately. They're a bad actor in terms of Internet trust and it's time to cut them off.
Re: (Score:2)
Ya...I completely neglected to include the very thing the story is about.
I have Turkey and Dressing on the brain.
Re: (Score:2)
Given the tremendous economic entanglements, it will be a very bizarre conflict.
It's already a bizarre. Soon, China, Russia and the US will hold the world hostage: pay huge taxes on over-seas shipping, or WW3.
Re: (Score:1)
China is not really our friend in any sense.
They steal intellectual property
They use state subsidies and subpar working conditions to undercut our products
Their, "students" are usually tools of the Government.
While it is doubtful the US and China will ever engage in some kind of ground war, it is probably inevitable that some kind of air/sea conflict occurs. Given the tremendous economic entanglements, it will be a very bizarre conflict.
This is a highly dangerous viewpoint. Like saying that war with Mexico and Canada are inevitable because we have serious unresolved border, trade and even national security disputes with them... War with China is not inevitable just because the US and China are two of the biggest most powerful nations on Earth. Nor is war inevitable with the EU or India just because they are so big and powerful. Even a limited war between major powers is extremely undesirable and could result in millions of deaths and de
Re: (Score:1)
They steal intellectual property
Put "steal" between quotation marks, please. IP is a legal construct that creates government-assisted artificial scarcity. A relatively recent concept, with non-existing or shaky scientific foundation. For that reason, ignoring IP is not by definition immoral. One can have different views on that:
IP supporters base their p.o.v. on some unproven theory that IP has a net benefit to society. Even though it's obvious it is not serving its original purpose, IP law is largely written by a powerful lo
Re: (Score:3)
Re: (Score:2)
China was the biggest and most powerful nation in the world for many centuries before the USA was created. Its rulers made the apparently unwise decision not to develop their firearms, bombs, rockets, etc. because such weapons could lead to dreadful slaughter and destruction.
They did not expect foreigners from the other side of the world to do what they had chosen not to, allowing them to conquer China - at least some of the coastal regions and Beijing. That, followed by the US-encouraged Japanese invasion,
Re: (Score:3)
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
If this is the case then why did we build China into the behemoth it is today? China used to be a poor, backwards country until our elites decided to let it into the WTO. Afterwards our factories died and our working class fell into poverty as China became a force to be reckoned with.
Que bono.
We generally accept that we're ruled by rich sociopathic oligarchs, yet still wonder why foreign policy does not align with our stated ideals or interests.
It's almost as if an organization ran by globalist bankers and lawyers would see both China and the U.S. as resources to exploit. You're asking for a reason, look for the most self-serving, short sighted, profit motive driven one you can imagine.
Re: (Score:2, Insightful)
"to undercut our products"
have you been paying attention to how globalisation works?
it wasn't China's fault that America outsourced their entire manufacturing base to them.
it was the fault of greedy corporate CEO's who wanted to maximize profit for shareholder gains (loss of American jobs be damned), plus the mindless consumerist working folk who valued getting a good deal above all else (loss of American jobs be damned).
so yes, it was all your own fault.
Re: View on China Needs to Change (Score:1)
Sure they are (Score:2)
Now, as a member of the working class the Chinese government is about the worst thing ever. They massively drive down wages and standards of living across the globe. But good luck doing anything about that. It's hard to say no to a 50" TV for $200 bucks.
Re: (Score:2)
Actually I'm worried about China too, but don't your points are also valid for the "U.S.A."
- I mean intellectual property (NSA / Enercon)
- State subsidies vs. Custom Duties
- students tools of the government (and if students go on and work for NSA and CIA and implement things like egoistic giraffe).
Well, only those who are without sin should throw the first stone.
Except critisizing the government will not land you in internment camps or prison in the U.S. that's the difference.
Better Idea (Score:5, Insightful)
It gives our guys practical experience and helps protect American citizens and businesses. It even affords a good job opportunity for the kind of mischievous minds that might otherwise cause some of that trouble.
Re: (Score:3)
Using our talent to increase our security sounds a lot better than an ever escalating cyber feud, that will have more impact on our businesses, the people that work there, and the people that depend on services they provide than the governments that started the feud.
Re: (Score:2)
Seems like China already has much better cyber defences (the Great Firewall) and that the US couldn't match them even if it wanted to, because the US government doesn't have that kind of contralized control and people would never stand for it.
So on the face of it starting open cyberwar with China doesn't sound like a good idea. Securing US systems seems like a better strategy.
Re: (Score:2)
That also doesn't mention that it would only serve to strain relations and create a continuing rivalry that would cost the people and businesses. Rivalries like that don't serve anything but resentment and elevated hostility.
Re: (Score:2)
the US government doesn't have that kind of contralized control and people would never stand for it.
Hahahahahahahahahahahahahahahahahaha!
Re: (Score:3)
the US government doesn't have that kind of contralized control and people would never stand for it.
Hahahahahahahahahahahahahahahahahaha!
I think what Amimojo was getting at was that there is no American analogue to the Great Firewall of China. Japanese internment camps or Bay of Pigs or Area 51 can be searched without consequence in America; Tienanmen Square in China...less so.
Yes, the federal government has enough tentacles that there's a decent amount of centralized control in an abstract sense, but when Net Neutrality was on the table for response, Americans flooded the DC switchboard and told them where to shove it. Americans aren't goin
Re: (Score:2)
You're entirely right on the merits - because the U.S. is the most connected society, in terms of economic dependence on telecommunications, every vulnerability that the NSA hoards for attacks, is a potential breach on corporate and personal information.
However, if you think the type of people, largely sociopaths, who run the government are likely to just back down from a war they can foment, or really care about individuals' safety, you're entirely misunderstanding the mindset of someone who would go to wo
Re: (Score:2)
White hat here - lol no. Cops breaking in doesn't (Score:5, Interesting)
Finding vulnerabilities and warning the vulnerable companies is what I do for a living. What we do is in no way a substitute for deterrence.
Instead of putting muggers in jail, why don't our good guys try mugging people and alert victims that they're vulnerable?
Instead of killing bin Laden, why don't our good guys just ram planes into all the buildings and then we'll know which buildings are vulnerable?
Having cops break into the people's houses won't make burglary stop.
The main benefit of vulnerability assessment, what I do for a living, is that when we make Lockheed Martin a more difficult target, the attackers focus more on Northrop Grumman, because it's an easier target. That's an advantage to Lockheed.
We will never come anywhere close to making our county impenetrable. If we magically did, which would require a police state, two days Microsoft would release a new version of some software and we'd all be vulnerable again. Every time somebody installs anything connected to a network, there are opportunities for it to be configured poorly, and that happens a million times a day. We will never be secure. We can only make YOU a harder target than your neighbor.
"Instead of starting a cyber war" - LOL! We're *in" a cyber war. Pur adversaries spend billions of dollars every year attacking us, and we're losing. Ignoring it and pretending it's not happening won't make it go away. The way to make a country (or a person) stop attacking you is to make it hurt them to continue, to exact a high price. If someone is swinging a knife at me, knowing I'm vulnerable doesn't solve the problem. You stop their attack by shooting them. That's what solar the problem.
Re: (Score:2)
[Our] adversaries spend billions of dollars every year attacking us
Evidence? Citation? Or is that just a wild paranoid guess?
The US government spends about $1 trillion every year on its armed forces, weapons, ammunition, the many secret police "agencies", and paying vast numbers of head-chopping, heart-eating terrorists to attack everyone the US government doesn't like.
The USA is far and away the world's biggest spender on "defence" - which of course, in true Orwellian fashion, really means "aggression".
Because everything in the world belongs to Americans, but some damned
How are things at Microsoft? Or is Adobe? (Score:2)
> We write 0 days
How are things at Microsoft these days? If you get bored there, Adobe is hiring zero-day creators.
That word doesn't mean what you think it does (Score:2)
Look up argument from authority, also called an appeal to authority, or argumentum ad verecundiam before you use yhe term again.
Michael Jordan endorsing tires is fallacious appeal to authority. Randomly movie star making statements about vaccines or politics is the same.
Learning physics by reading Stephen Hawking is called *civilization*. The other option is inventing your own physics, which is mysticism.
Re: (Score:2)
And here is a different idea (Score:3, Interesting)
Maybe have IT security that is not cheapest possible, but actually works? That would also have the advantage that China may actually be stopped. "Hacking back" is still the most stupid idea possible in this space. But especially for China, has this person forgotten that the Chinese have their whole country behind a big firewall?
Re: And here is a different idea (Score:1)
Re:And here is a different idea (Score:5, Informative)
This goes right a long with governments that want to have back doors to fight terror and crime but somehow magically it's only going to work for them and the bad guys will never be able to use it against us.
In the end we have aloud the uninitiated to set policies for something they don't understand and the resulting mess is going to be hard to clean up.
Re: (Score:2)
Oh yes. Those that crave power, but are not even capable to ask experts on matters they do not understand, routinely make big, big messes. This is just one of them.
The only thing that will work in the end is better security, no backdoors, no holding back zero-day exploits, no "lawful" access, etc. Anything else will be suicidal. Of course, those with power are deeply afraid of citizens being able to hide things and communicate secretly, so it will take a while. But there really is no alternative.
Or, you know, fix it. (Score:1)
Consequences (Score:1)
Starting a cyber war with China will provide a justification for previous Chinese actions.We should try and work out something with the Chinese. The interests of China and the US and for that matter the rest of the world will be better served by dialog. If there is cyber war we will still need in the end to work out an agreement. So first dialog then if that is a failure move on to stronger measures.
Re: (Score:1)
Re: (Score:3)
Yep, monsters. Not like America, which conducts their invasions honestly, with overwhelming military power against grossly outmatched opponents, who we falsely accuse of having "Weapons of Mass Destruction" and drag a bunch of other militaries into the fracas as well.
Face it, all the global superpowers (and a lot of the minor ones) are all constantly throwing their weight around to try to take what they want from other countries - the big differences from a moral standpoint are mostly in how many people di
Attack what exactly? Defense is what we need! (Score:5, Insightful)
What do you want to attack? Want to steal back the trade secrets they got from us? How do you steal from someone who has nothing that you could possibly want? What kind of deterrent is it when you throw a nuke into a mostly void desert? It costs you a nuke and doesn't bother your enemy at all.
Instead get your defense up to speed! The itsec situation in most companies is atrocious. And I'm not talking about irrelevant mom'n'pop shops, we're talking large and very juicy targets for international criminal actors. If anything, the FBI should start treating sloppy IT security as what it is: A criminal offense.
But no, wait, we can't do that! Then our corporations would have to do something about their IT security! That could cut into their bottom line! No, let's instead wage a silly "cyber" war we can't win on taxpayer money. One silly, useless and unwinnable war that we get to foot the bill for more or less, who cares?
Re: (Score:2)
Five Eye already attacked (Score:2)
The Five Eyes have already attacked China [forbes.com]. Now, can the Five Eyes just tell us where the Weapons of Mass Destruction are in Iraq?
Re: (Score:2)
You can not defend 100% against dedicated attackers in IT space, just as you can't reasonably prevent all violent crime upfront. With violent crime, it is commonly accepted, that suspected offenders are prosecuted, and in many cases extradited to the country the alleged offense took place. If a country does not cooperate in such a prosecution, the country affected by the crime will at some respond with travel restrictions or with sanctions against individuals associated with the crime, c.f. Skripal assassin
Re: (Score:2)
Cyberwar isn't just about corporate espionage. Hack their oil pipelines, see what happens when the valves open and shut at 60Hz. See what Beijing traffic looks like when every traffic light is red, or worse, every one is green. Disable the Great Firewall, or better yet, mess with it. Block the official government sites, redirect them to a troll site. Unblock sites they really, really want blocked. Screw with the censorship on their social media - get "June 4th Incident" trending. Hack Xi Jinping's emails, s
Re: (Score:2)
Ponder how interesting she is.
Now ponder how interesting anything she writes can be.
So no plans to ... (Score:2)
... be the smartest kid on the block and provide hardened entry points.
Sounds like an excuse to fight fire with fire and then the US declares open season.
I do not know why China doesn't get a branded credit card from Facebook, Apple, Google and Microsoft each.
That way they could get points while buying all that stuff right off the shelves of the big box data stores.
Honeypot of false info (Score:2)
Re: (Score:1)
I thought that was what the advertising industry basically was.
Because... (Score:3)
Fighting a hot cyberwar against an entire nation that can be turned into a supersized botnet (and which probably runs half the existing major botnets out there), when your own country has grotesquely incompetent IT managers, virtually no cybersecurity, a bunch of Federally-required backdoors into mission critical systems and a vast number of SCADA-based critical servers on the public Internet, is such a good idea.
I mean, what could possibly go wrong?
Channeling Paul Hogan (Score:2)
Nah, they're just kids playing. That's not a cyberattack, this (zhing!) is a cyberattack.