Senior Chinese officers think that the People's Liberation Army (PLA) needs to make more of an effort on cyber warfare. Reuters reports on an essay written by PLA colonels Ye Zheng and Zhao Baoxian in the Party-run China Youth Daily. The two officers, who are strategists at the PLA's Academy of Military Sciences, argue that …
Well said El Reg
There's no doubt that in many cases the Chinese government and the PLA get blamed for attacks which were unofficial or didn't really originate in China. It's also surely true that much of the hype in the West is generated by those hoping to profit from increased government and corporate cybersecurity budgets.
Facts are important and what the lack of knowledge seems to say is: we don't really have a clue who attacked us. And that is more, even the more worrying?
(a) blame those people over there (we don't have any disclosable facts so let's just blame 'em anyway?)
(b) we don't have the technology or agreements in place to say for sure who attacked what and when
(c) in times of economic woe if we shout loud enough and encourage enough white hate attacks maybe, just maybe a huge pot of government funded contracts might arrive in our business post?
The lack of facts or disclosable facts is worrying.
The lack of means to establish where attacks started from is worrying
Blaming nations without disclosing hard facts is worrying.
Shot Across The Bows
The UK government knows exactly where the attacks are coming from, can name the bases and units involved within China. Do we want a trade or hot war over it? Or would we rather put out this 'we know what you're up to' haze?
How would Gov depts...
and Big Business get more money from tax payers if they admitted they know the who, what, and where and that they have the ability to shut this down? There is no incentive for them to do so as these attacks give the Gov another place to cast blame for economic issues, loss of intellectual property, and the private personal information of its citizens.
If the Chinese are stupid enough to launch network attacks from their own bases then they're fucking inept, and the West is even more inept for not being able to stop them.
military ensnarements have happened for years (cold war, colonial border disputes, ... ) and I'd guess that there are ways of handling those quietly but the public needs not to be fed "blame" without proof or justification (it just ain't British you know)? (Or is it?)
Reverse phishing engineering?
If so much is already known or suspected on who the originators of these types of attacks are, the equally, there can be some very ingenious attempts to lace the things that the phishers will find with
a) Stealth tell-me-who-and-where-you-are beacons and
b) Custom trojans of your own.
I guess the real goods on this are just too classified currently. Maybe in 10 years' time some journo will assemble the real facts and produce decent history of what really happened.
To be honest...
...maybe the PLA hasn't yet gotten into the game yet. Maybe other branches (dependent on the Party) have been doing the illicit data elicitation.
In the same way as in the US, a takes a few years until all the security agencies (17, was it?) have emitted statements that they are hopping on the latest bandwagon and asking for pork and expanded bureaucratic empires.
"on the losing end of what could be the largest illicit transfer of wealth in world history".
I don't think so. The Bushbama bailouts come to mind first and foremost.
17, was it?
Actually there are 18 but I am not allowed to tell you the name of the most secret one.
Anon and icon for obvious reasons.
Actually, the US started it..
.. by thinking about declaring a cyber attack an "Act of War".
To me that says two things.
1 - there are too many feeding from the taxpayer trough to stop waging war on all and sundry
2 - but they *are* running out of money to buy kit, so pressing buttons at home whilst awarding themselves medals looks like it'll give the gravy train some further rail to run on. Just imaging how much less fuel they'll need..
As for China, they have the problem that they can be accused of communism and a bit of terrorism alike and are thus easy scape goats for when a business doesn't take off (Google and Baidu) or when gov officials haven't done their job protecting what they are supposed to protect. That doesn't make them the culprit, just an easy group to blame..
As far as I can see China is too busy producing Apple kit right now..
Not just Apple
almost all the world's consumer electronics, tat and anything else that has fallen in price dramatically over the last 20 years.
Even the stuff made in Korea and Taiwan often contain significant numbers of components sourced in China!
Uncle Sam has discovered a chink in his armour...
...you might end up having to set up a slideshow with subliminal messages and buy them all a pint.
< Uncle Sam has discovered a chink in his armour... >
Three Cheers for the Chinese .....
Wow, that is great news for masters in the genre if their home nations do not engage with them in the shock supply and awesome development of virtual attack arsenals with ....well, IP Thinktank Busters and Novel Grenades are the Simply Complex Weapons of First and Leading Choice in that Fabulous Theatre of Operations.
Just out of a matter of professional and personal interest, who is the prime contractor/supplier of virtual and/or virtuous armaments to the UK? And what is their email address? Any idea, or is that something they have to make up yet and then hide away lest anyone contact them and send them a carefully crafted little package/bit packet which renders their services and systems exposed and fully compromised and practically useless/virtually incompetent?
It is hard not to think of anything which may be presently stood up and drawing any funding at all, being nothing other than another model of yore gravy train trying to protect old establishments and systems rather than ensuring that new ones are failsafe created and future proofed against SMART IP Promotions/Programs/Pogroms/Pirates/Privateers.
The army instead of the politicos
The army instead of the politicos so that they stop getting caught so easily.
'A US senator said in March that data raids had put America "on the losing end of what could be the largest illicit transfer of wealth in world history".'
This senator has presumably added up the "value for accounting purposes" of all the IP that has-or-might-have been pilfered. That's about as reasonable as the estimates of piracy losses trotted out by the RIAA, or indeed the accounts at Lehman's.
Hey guys, if you can't spend it, it isn't real money.
The Art of War
I should probably go through the book again and find the right passages but this could be along the lines of "Make your enemy think you are weak when you are strong" or "Make your enemy think you are strong when you are weak" or maybe it's... hmm can someone pass me a tsing tao?
Time to learn Mandarin
They are the next super power, they have managed their country pretty damn well - none of this namby pamby human rights and benefits culture over there. What doesnt kill them makes them stronger! But on a serious note, do you think they have forgotten about the opium wars yet? I hope so.
It is clear that the majority of computer equipment is made in China.
In excess of 70% of retired computer equipment is shipped to China for recycling.
The cost of embedded hardware key logging is trivial.
With these three facts combined, it is not beyond the realms of possibility for the PRC to subvert the manufacturing process to ensure ALL keyboards (or keyboard controller ICs on motherboards) to be manufactured with logging capabilities. It is only a matter of time before the vast majority of keyboards are returned to the PRC for log dumps, providing highly concentrated information, straight text, passwords, etc, for analysis.
Elementary! Although a tin hat icon MIGHT be more appropriate.
we'd better learn how to interpret Chinese names
It would help if Reg learned how to interpret Chinese names: the two people mentioned have been referred to by their given names in the report, when their family names are Ye and Zhao. The clue was the second person's given name of Baoxian: only very few any Chinese names are two-characters long, though there are a very few, easily learned exceptions (e.g., Sima, Ouyang, Zhuge, Situ - there are around 20 of them). There are some with multi-character names, such as the family name of the ruling Qing dynasty family, but these are almost always not Han Chinese in origin (Aisin Gioro was the Qing family name).
The Chinese military is like any other military -
always fighting the bureacratic war for more resources. Whatever other qualifications Messrs Ye and Zhao may possess, publishing their article in a journal specially devoted to young people seems to indicate both a knowledge of the terrain and strategic vision - if young Chinese geeks do, indeed, read the China Youth Daily and if they take this ball and run with it on the internet blogs and chat fora which are so widespread in China, the resulting public pressure could very well lead to extra funds for just their section. Congratulations !...
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs
- Spanish village called 'Kill the Jews' mulls rebranding exercise
- NASA finds first Earth-sized planet in a habitable zone around star