China denies hacking claims, says it doesn’t need US tech The Chinese Defense Ministry has rebutted claims in a US government report that it is systematically stealing American military secrets, and points out that China is producing enough of its own. "We believe that the US remarks are a misjudgment. First it underestimates the Pentagon's security capabilities, and second it …
China is overrepresented in the illicit connection attempts against the servers I administer.
We've got to explain this somehow:
1) Chinese folks are fundamentally more prone to criminal behavior than anybody else
2) Chinese folks are fundamentally less competent as system administrators (and thus are themselves hacked and the hacked computers are used in greater proportions to launch attacks against others than anywhere else).
3) Hacking is at best, less prosecuted by the Chinese government than anywhere else, which is at least TACIT State sponsorship, and at worst, ACTIVE state sponsorship.
Explanation number 3 is the only one I've come up with which doesn't rely on racist presumptions.
So, saying that China doesn't NEED US tech is a little like Paris Hilton saying she doesn't NEED to be bad. True enough, but....
Had you considered that :-
4) China has a population of 1.3 billion, 20% of the worlds total population?
By sheer odds then you'd think that they would be represented pretty well, to be honest. 3 is near certainly true though. Tacit state sponsorship is quite likely though, it's China's best bet to deal with the west in a conflict. They know they don't stand a chance against us in an all up war and this is an asymmetric form of warfare that they stand a good chance at doing plenty of damage against us with.
Wrong. The PRC has been caught inside of both US commercial institutions, in particular corporations involved in trade negotiations with PRC firms and caught up to its elbows inside of US military networks from IP's well documented for being part of the PRC military cyberwarfare units.
Indeed, for US DoD networks, there were two well reported network wide breaches that cost in the billions of dollars to remediate.
The PRC was caught with their cyberwarfare folks connected to ITT's nightvision labs. The PRC also solicited contracts to build sensitive components for ITT nightvision labs. Strangely enough, they already knew how to build those components, which tipped off the US DoD. ITT ended up paying a record fine for unlawful export of technologies that are restricted for export.
The PRC has had a long history of isolationism. That failed them when the British Empire invaded and subjugated China. Hence, the thousands of years of retaining satellite buffer states is not as effective in protecting their nation. The PRC still lacks an effectively sized blue water navy, indeed, they only have a few blue water capable ships currently. Hence, they use a smarter defense, network centric. That is especially effective now, as the US and NATO are operating in a network centric mode themselves, so disrupting networks is a highly effective defense. Meanwhile, information can also be obtained to learn techniques and tactics, as well as intentions of the national leadership.
Since the PRC has the largest national population in the entire world, they can field far, far, far more cyberwarfare soldiers than any other nation can.
Enough to even give Russia pause.
And network disruption was well proved with the scuffle between Russia and Georgia. Or did you forget that South Ossetia invasion? It began with cyber attacks on the Georgian government networks, dropping them and preventing communication.
I remember it well, as we monitored what was being done, as well as juggled troops into position, should it be decided that we should intervene.
Calling that aircraft a copy of the F15 is absurd. The layout is obviously utterly different just from looking at a photo of both. The engines are in a different layout for a start (more like the MIG29) and it's has different arrangements for ailerons and even sodding cannards. How different does it needs to be?
Secondly, "stealth" as a descriptor needs to be taken out and shot since it's so comicly misunderstood as being like a cloaking device. Possibly lower RCS (Radar Cross Section) on certain aspects if the paint hasn't work thin doesn't sound quite as snappy though does it? If your just looking at RCS reduction measures below a certain point then the Eurofighter is a Stealth Aircraft from the front aspect given the effort put into frontal RCS reduction...
I must have missed the part where the article claimed the pictured aircraft is a copy of the F-15. I did however notice the photo of the Chinese F-15 taking off from one of their new aircraft carriers. I suspect you're confused by the name, but believe it or not, the chinese can name their planes whatever they please. It also seems to me that a 40-year old aircraft that requires 4000+ ft of runway is not the ideal starting point for a modern naval aircraft.
Good theory--and true that they can call an aircraft whatever they want--but I think the statement, "As for stocking the ship, the Chinese F-15 multi-role aircraft is in testing for carrier landings," simply has a typo. The aircraft shown is the Shenyang J-15 ( http://aircraft.wikia.com/wiki/Shenyang_J-15 ). Note how J and F are both typed with the same finger--but using different hands (at least for those of us who are touch typists).
The J-15 "Flying Shark" was structurally based on the Russian Sukhoi Su-33 design, but was not built under license. The Russians even called it a "clone" of the Su-33. The J-15's predecessor, the J-11 ( http://aircraft.wikia.com/wiki/Shenyang_J-11 ), however, was built by Shenyang under a production agreement with Russia from 1995 until 2006, when Russia cancelled the agreement 2 years after Shenyang started development of their own variant, the J-11B, which they are still building unlicensed.
Does that count as "hacking" to get Russian military secrets?
Stealth. It is a badly understood thing.
Stealth does rely upon lower radar cross section and absorbent components. However, as was proved in Bosnia, retuning the radar to a different band or different part of the band changes the return to potentially an effective detection zone.
In short, what is effective for one radar technology may not be effective for another or when one retunes it, as the stealth technologies concerned are tuned to defeat certain "enemy" radar technologies.
Still, the PRC has been caught many, many times inside of US corporate networks and US government networks. Their IP's resolving to military cyber warfare organizations. That said, one wonders how often the US is also doing such things to the PRC, hence a tit for tat ration?
"And the US seems to want to openly admit that it's security isnt up to much."
At least in the past. It's improved by a bit since some really embarrassing incidents. Well, embarrassing and horrifically expensive to repair.
Such as one incursion of PRC written malware that reported direct to their military, which infected, NIPRnet, SIPRnet, JWICS and CENTRIX. Fortunately, it was unable to "phone home" on the classified networks. But, it identified some incorrect procedures that were in use at the time.
"This seems to imply that they have a very good understanding of the Pentagon's security"
Yes, they have intimate knowledge of not only the Pentagon, but pretty much all of the US NIPRnet. Some incursions were eventually traced in traffic logs as lasting over eighteen months before being detected.
I can't say much more than that, as I don't desire to be, rightfully, sitting in the cell next to Manning.
Want to make a new car part? The official 'liaison' will make sure all your plans get copied for party files. Manufacturers expect it because that's the option. You get cheap Labour and the global market, China knocks off what they like for the domestic market, and screw you very much.
And they're clearly not going to say 'yes, it was us', now, are they?
Honestly a lot of "US tech" is rebadged chinese sweatshop work; that DOES include most of software developpment work, at least the serious stuff.
As for the server log thing, on my North-America-based servers I do get a lot of ping "from China" trying to reach Baidu through my servers. Heh. As you may have guessed already, even he most cursory look reveals that none of it actually comes from China. All (and I do mean all, as in 100%) of the "Chinese" attempts on my servers actually come from south of the border (i.e. the US of A). Clumsily disguised as Chinese, script-kiddie style (badly spoofed IPs, what-US-people-think-chinese-people-visit sites, and disastrously-faked user-agent strings; formatted american-style, of course, none of the script-kiddies know what Chinese traffic actually looks like).
Booh, bad "Chinese", bad.
Since 2001 I have hosted my own personal website on my own server but in that time I have had to progressively increase security. At first I only blocked addresses from china and eastern europe, but then I found most connections were coming in from europe and the US so I blocked them too. Then one of my "friends" defaced it so now I only allow connections from white listed IP addresses; it's safer that way. If you want to view my website you have to send me your IP address to put on the whitelist, not by email though because I will be blocking that, but by post. The address to post the request is on my website. Within a week you will receive a letter through the post that contains a handwritten captcha. This is to prevent cylons from accessing my site. If you can prove you are a human I will add you to the whitelist and you can enjoy the fruits.
"This is to prevent cylons from accessing my site. If you can prove you are a human I will add you to the whitelist and you can enjoy the fruits."
I'm no cylon, but I've had physicians tell me that I'm not human. ;)
Guess I'm SOL in getting access to your site.
Just as well, as I really don't care.
Seriously though, if you're not doing it at the firewall or router, your defense isn't highly effective, as some exploits can still be received.
"I now get infrequent hits from Brazil and eastern Europe."
A little over a decade ago, my biggest hits were attempts to find an open relay on my mail server. Most of the hits were from Brazil. Hence, I blocked all traffic from their IP space.
Beside nation states cyber warfare folks doing their thing, one also now has to contend with malware and worse, botnets.
Some of which, the only real defense is to have a quality IPS to recognize attempts of botnets to 'get in'.
as i think i understand it
a) everything is made up of 'parts'
b) these 'parts' are made in factories
c) most of the world's manufacturing is carried out in..China maybe...?
hacking? nah, just plain good old common sense use of cameras at flight trials, air displays, eyesight, brains and sheer manpower - (their population outnumbers UK 20:1)
anyone can hire a server anywhere in the world, so 'hacking' from China could mean that any countries 'manufacturers' and 'defence contractor' are hacking each other, or even their 'allies'!
True, but one cannot rent a server inside of the PRC military network.
As for old fashioned photography, everyone still does it.
I remember an embassy Chief of Mission getting caught shooting pictures of a stealth aircraft engine inlets some years back.
Wasn't worth a PNG, they simply took the film.
You also forgot one other trick that every nation does. Get one model, be it a MiG or other advanced technology device, break it down and reverse engineer it.
That is something the US, the Russians and now the Chinese are quite good at doing.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
