China, Russia called out as cyberspy hotbeds Russia and China are using cyber-espionage to steal the US's tech and economic secrets, according to a government report. COLD WAR INTELLIGENCE REPORT (click to enlarge) The Office of the National Counterintelligence Executive (ONCIX) presented the report (PDF) to Congress on Thursday, which claimed that both "adversaries" …
If they could prove that said countries goverments had been doing cyber spying then they should deal with it by sanctions and possibly war as that is what countries do when they are attacked by another country.
Now of course the facts are that the attacking IP traced back to that country means nothing in this day and age of zombie machines.
Indeed only the other day Vauge Hague said that maybe tomorrow we willl be able to trace these criminals and then they will be in trouble so stop it now, pretty please with sugar on top. Whilst not an exact quote it does catch the flavour of the moment somewhat better I believe.
Facts are, anything on the internet is at risk and as such they should question what is linked to that network and what should not be. Indeed the goverment have there own so-called secure internet access for over 10 years, I say secure as its a managed firewall service iirc, but as we know when you give the bottom-feeder users email and the like with internet access then people will click what they should not click.
Real problem is company mentality to security and how many companies will pay hundreds of security guards to make sure you don't steal there items in there shops and have one person who has a 10-role job as in doing the job that should be 10 seperate people solely doing security of there IT if that at all. Most will go we brought X solution and that was it when X solution still needs to be managed and logs need to be audited etc etc. End result being you may not be able to steal that packet of tic-tac's but you can get there enture customer database of credit card nyumbers alot easiely and best of all route via russia or china knowing that the outfalling drama will get laid on there doorsteps. This is what happens folks.
By all means get people into the roles who can do the job and not suit HR paper pushers ideals of what is needed like an art degree. ut do it for the right reasons and not some knee-jerk reaction.
Also get organised in dealing with internet criminals; given there is no universal extradition process in place means that even for physical crime criminals can operate across borders with the safe knowledge they cant be taken to country Y for criminal charges even if true. That alone highlights that trying to do that for internet based crime across the World has by it's very definition a impossible hurdle to cross. Also factor in that say country Y does bring in some extradition process, whilst physical criminals will be immpacted and have to physcaly move the comparable internet criminals just have to route via another location Y if that.
What is realy needed is some balls added to the data protection act or the like and govermental auditing to make sure they comply instead of the usual after-the horse has bolted approach to security and data integrity. That and anybody who connects a computer to the internet has a resonsibility and currently they encourage irasposible people to get a computer and internet. I know ISP's need to take some responsibility and that alone could be enough to get those ignorant people with computers to become less ignorant and wise-up. But until then the team effort involved in resoloving security is not going to happen and more drama headlines will ensue and companies doing ultra experimantal research will still leave research machines attached to the internet when they have no need to be period.
Maybe the replacement for IPV6 will add in digitaly signed data packets, but until then you see the problems clearer every day that pass's.
Well, I work for a company that has the attention of the PRC; so much so that the amount of blocked traffic that comes from .CN address space outnumbers the sum total of all other traffic (blocked and allowed). That being said, it sure as hell doesn't help matters that my country, the DoD, other government agencies and a whole gaggle of defense contractors have shitty security policies and even worse incident handling procedures.
What I find so interesting about the whole thing is that IF the "great firewall" of the PRC is so effective at keeping the vast majority of its internet faring citizens from evil capitalist news outlets and other such imperialist and more nafarious websites, then where the hell is it all coming from, if it's not state sanctioned?''
I can see a small percentage of traffic being allowed out through a number of different anonymous methods, but the volumes of traffic I see and over the specific tcp/udp ports, you can't tell me that the Chinese user community are so clueless about infosec that every effing machine is infected.
In other news, sun rises once again in the east and the Pope remains Catholic.
Look at where your spam comes from. Yahoo Mail, Russia, and China. Now try to get the .RU and .CN hosting companies to enforce their AUPs. Try to get Yahoo Mail to accept a spam report. Ha ha ha. Tells you all you need to know about who's breaking the Internet.
Ring China with a series of firewalls and block everything in or out. They already do this themselves with their Great Firewall of China to a degree to keep their people ignorant and unaware of free speech and democracy.
If they want to be a bully in the playground; lock them out of the playground.
And who (or whose close ally in the Middle East) was the likely author of Stuxnet, the purpose of which was industrial/political sabotage?
And whose security agencies and major corporations were cosying up to Aaron "Epic Fail" Barr's HB Gary to buy tools and undisclosed zero-days to spy on labour unions and foreign competitors?
Never mind what the NSA, CIA, etc. have been up to that hasn't made light of day because those in possession of incriminating evidence have been extraordinarily rendered to places where they don't bother pretending that torture is "enhanced interrogation techniques".
Who is afraid of spam? Get yourself a good spamfilter and/or a mail account that has one, like gmail. Only very rarely you still get some mail from your friends that have unfortunately fallen victim to hacks ( I get it from the mail headers giving away the senders' foreign ip's. Homail lets you see it, yahoo and gmail don't). To be able to not get scared of unspammed spam either, download and install free GNU/Linux or *BSD. (You can even run them off a live CD/usb to handle critical stuff - so much are they good). Remember though that, no matter what system you use, if you use a bad password and, yet even worse, reuse it in many other places/accounts you have a good chance to suffer a hack some day.
Well, a Linux-based National Software Platform might be under way (nothing is certain). If it is really implemented, the RF could become less vulnerable to cyberespionage from the West. This would hopefully make the Western countries get more competitive in re and come off the monopolistic Microsoft's needle at once to start promoting IT education in schools.
Everyone would profit from it then .
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
