Forgot your password?
typodupeerror
China Security United States

The Undeclared "Cyber Cold War" With China 260

Posted by samzenpus
from the consider-yourself-off-my-friends-list dept.
First time accepted submitter lacaprup writes "Chinese-based hacking of 760 different corporations reflects a growing, undeclared cyber war. From giants like Intel and Google to unknowns like iBahn, the Chinese hackers are accused of stealing everything isn't nailed down. Simply put, it is easier and cheaper to steal rather than develop the legal way. China has consistently denied it has any responsibility for hacking that originated from servers on its soil, but — based on what is known of attacks from China, Russia and other countries — a declassified estimate of the value of the blueprints, chemical formulas and other material stolen from U.S. corporate computers in the last year reached almost $500 billion"
This discussion has been archived. No new comments can be posted.

The Undeclared "Cyber Cold War" With China

Comments Filter:
  • by Synerg1y (2169962) on Wednesday December 14, 2011 @04:28PM (#38374962)

    Yep pretty sure us Yankees invented the concept, along w the personal computer and the internet, shame some of us are getting schooled on it, a glimpse into American decay? Or the start of a security renaissance?

    • by LordLucless (582312) on Wednesday December 14, 2011 @04:57PM (#38375428)

      Also, patent violations were an American concept back in the day (see Hollywood). Countries (and companies) on the way up view patents as a hindrance, shackling their energy and creativity. Countries on the way down view them as a benefit, holding on to their accumulated wealth and power even once they're no longer earning it.

      • by poity (465672)

        I don't know how the mix-up of patents with copyright in the first sentence didn't trigger mods' troll alarms. Add to that the fact that Chinese patents applications have grown massively in recent years to nearly equal US patent filing rates, making parent's premise entirely wrong.

        No, countries on the way up don't view patents as hindrance -- they view patents by established competitors as a hindrance, while patents by them are advantageous and pursued emphatically.

        Only responding because 1) conflating Hol

    • by moderatorrater (1095745) on Wednesday December 14, 2011 @05:05PM (#38375558)
      Digital security only reached great public consciousness in the past decade and a half, after much infrastructure was already built up in the US. China is modernizing in a much more security conscious time, so they have a bit of an advantage there. The US is also further along in digitizing things (whether they should be or not), which puts them at a disadvantage.

      Also, and this is probably the biggest one imho, the government has privatized everything. All other considerations aside, if you have digital and classified documents in a lot of third parties' hands, you're going to open yourself up to a lot of attack vectors. All in all, it's a nightmare thinking about keeping a network that includes every military contractor secure.
  • by Marxist Hacker 42 (638312) * <seebert42@gmail.com> on Wednesday December 14, 2011 @04:28PM (#38374972) Homepage Journal

    It's a hot trade war, with one side believing the rules don't apply to them, and the other side letting them get away with it.

    • by fsckmnky (2505008)
      Looks like the US gets to add $500 billion worth of tariffs to imported Chinese products now.

      If only life operated on the sunny side and politicians had spines.
    • by Skewray (896393) on Wednesday December 14, 2011 @04:45PM (#38375262) Homepage
      If you hang you underwear out to dry, the neighbors will see it. Same with trade secrets. In order to be protected by law, one is required to make reasonable efforts to protect trade secrets. Obviously nowadays, when $500 billion worth of trade secrets are being stolen, these trade secrets are not being adequately protected. These secrets are, in effect, out on the line in plane sight, just like the aforementioned underwear. Too bad our government is more interested in stopping movie downloads.
      • by PickyH3D (680158) on Wednesday December 14, 2011 @05:12PM (#38375652)

        What?

        That's the exact same thing as saying, because your safe can be cracked, then your trade secrets that you held in it are in plain site. In other words, because someone was able to steal them, then they are not covered.

        Requiring a spy to steal your details, or for you entire computer system to be hacked in certainly a reasonable-enough effort at protecting your trade secrets.

        People should be stopped from illegal downloads as it is stealing, but the level of focus definitely makes no sense in comparison to other issues facing the nation. The entire entertainment industry has a nonsensical amount of power, but that does not change the lunacy of the rest of your--hopefully--sarcastic point.

      • Do you work for my insurance company?

    • by TWX (665546) on Wednesday December 14, 2011 @04:59PM (#38375464)

      It's been that way for a very long time, long before computers were penetrated to gather trade secrets. For a long time the two major Communist nations in this world, the USSR and the People's Republic of China, did not have the resources to develop many advanced things. The Russians cloned our bombers that landed in Soviet territory, with the only differences being switching to metric units for things like sheetmetal gauge as opposed to SAE units. The US government tried very hard to keep particularly sensitive, new weapons out of Russia's hands during World War II, and out of China's hands during Korea and Vietnam.

      Unfortunately now, we've decided to send our processes themselves to China. Since they're not interested in maintaining respect for intellectual property, we're giving them the very tools they need to best us.

      In short, or own short-sighted greed is actively leading to our downfall as we speak.

      • Are you seriously comparing USSR to what China was 30 years ago? I'm asking because it's like comparing South and North Korea.
        USSR couldn't develop... bombers on its own?
        Dear God, how did they fight in WWII, may I ask?
        Why did they say no to the glorious "Shermans" and used their own T-34 instead (34 stands for year, mind you).
        How come they were the first to send Sputnik then Gagarin into space, despite US having German rocket genie, von Braun?
        Where did they get "Mig"s that caused so much trouble in Vietnam

        • by Phrogman (80473) on Wednesday December 14, 2011 @07:02PM (#38377176) Homepage

          That's because of the myth that Communism wasn't able to function at all. It did function but it didn't lead to a lot of happy people, nor a lot of variety or quality in products (I recall seeing an ad for "The Fridge" on Soviet TV, so advertised because it was the only fridge they made and it was in surplus at the time), The USSR managed to rebuild the Soviet Union from its decimated state after WWII back to being an industrial powerhouse, world power, etc. It did so at a massive human cost of course (measured in millions of people), and I am not saying it was a good thing but dismissing them and their version of the communist system casually out of hand is a mistake.
          The US basically outspent the USSR and active sought to destroy its economy, leading to the failure of Communism in the end. Some of the economic problems you face today in the US likely stem from that massive overspending in fact as it no doubt contributed heavily to your national debt.
          I think its a mistake to dismiss China in the same way. They are huge, they have a growing economy, they have massive manufacturing capabilities, and they are capable of independent research and discovery. The fact that they are playing catchup to the US at the moment, doesn't mean they might not surpass you at some point. Imagine how the US citizenry's morale is going to crash when the leading innovations in science and technology start coming from China instead of the US. What if the first mission to Mars comes from China instead of the US?
          Complacency and Hubris come at a cost.

    • by ackthpt (218170)

      Serve them right if they harm the US economy and all those bonds held by Chinese banks become worthless. China isn't much without trading partners. Seems they'd recognise this and lay off.

  • ... to Chinese Gold Farmer.

  • by MetricT (128876) on Wednesday December 14, 2011 @04:32PM (#38375044) Homepage

    I'm sure the Chinese government has their crack team of hackers, just like we do. Having said that...

    I run a honeypot at work. 70% of the attacks do come from Chinese machines, but I suspect that's because the Chinese buy those $2 pre-hacked warez'd Windows CD's at the market and don't install security updates.

    Of the actual living, breathing hackers that log into my honeypot, 1/3 of them come from Romanian IP's, and another 1/3 come from other eastern European countries, but the text files/strings in their utilities are Romanian. Wired has a good article which partly corroborates this.

          http://www.wired.com/magazine/2011/01/ff_hackerville_romania/all/1 [wired.com]

    I see two modes of attack. 98% are single machines launching 100's of attacks. 70% of those are in China. The other 2% are distributed attacks. These are more likely to be major power intelligence agencies, and don't have anywhere near the geographic concentration as the single-machine attacks (Chinese IP's are 15% of distributed attacks, same as Brazil).

  • by GameboyRMH (1153867) <gameboyrmh&gmail,com> on Wednesday December 14, 2011 @04:32PM (#38375052) Journal

    Every black hat is probably running their operations through proxies in China these days so that the Western companies they break into will just say "damn dirty Chinese!" and never suspect someone in Europe or maybe just a few blocks away. China is a jurisdictional black hole.

  • Undeclared? (Score:5, Insightful)

    by Oxford_Comma_Lover (1679530) on Wednesday December 14, 2011 @04:34PM (#38375078)

    Undeclared my ass. It's in the media, it's widely known, and pretty much the only rule is not to do something to the other side's infrastructure that kills people directly or gets too much of the population upset. That's like calling the intelligence war undeclared because the sides don't admit that they try to get plans of the other side's military hardware--only more so. We don't declare war, and this isn't a physical war, and there are certain proportionality requirements--and we argue for a pretension of deniability, but not plausible deniability.

  • by Anonymous Coward on Wednesday December 14, 2011 @04:37PM (#38375128)

    This is probably going to sound racist, when I don't really intend it to. It's more "culturist" than anything else.

    I work for a post-secondary institution with a large international student program. Most of our international students come from China, and when we break down the stats, the Chinese students are the most likely students to plagiarize others work, both in our online learning management system and in our face to face classroom environments.

    What's more, they make no effort to hide their "enhanced group work" skills from their instructors. We've asked several of the students about this behaviour and have been told "that's how things work in China. It's commonplace there."

    So it doesn't surprise me that Chinese hackers are trying to steal information from western companies.

  • So where is the physical retaliation you were speaking of?

  • by DriedClexler (814907) on Wednesday December 14, 2011 @04:41PM (#38375202)

    Stole informational assets worth $500 billion over the past year? Um, does anyone bother to do basic reality checks?

    $500 billion is about 1/3 of the US's GDP for all of 2010 [cia.gov].

    So ... no, just ... just no.

    • Re: (Score:3, Informative)

      by Desler (1608317)

      You're an order of magnitude off. US GDP is $15 trillion so that's only 3.3%. Learn2maths.

    • by Andy Dodd (701) <[ude.llenroc] [ta] [7dta]> on Wednesday December 14, 2011 @04:50PM (#38375326) Homepage

      It's RIAA/MPAA math.

    • If I made a dollar 3 years ago and had it stolen this year how much did I have stolen this year? $0 because I didn't make that dollar this year?

      I don't believe the $500 billion estimate either but refuting it based upon how much money was made in the US in 2010 doesn't sound right to me.

      Like say Google's source code for their search index was stolen how much is that valued at? Does the value only count for parts that were developed in the past year or could it have just been made MORE valuable in th
      • by omnichad (1198475)

        True, the IP's value isn't based on the sales it generates this year. It's at the very least spread over the number of years of a patent.

    • by ph1ll (587130)

      No, you did your maths wrong. $500 billion is 1/30th of the US's annual GDP (that is, about 3%).

      From your own link:


      GDP (official exchange rate):
      $14.66 trillion (2010 est.)

    • Isn't the GDP 14 trillion? I think you mean 1/3 of the exports, which its 1.3 trillion
    • by bkmoore (1910118)

      Stole informational assets worth $500 billion over the past year? Um, does anyone bother to do basic reality checks?

      The reality check is it's impossible to put a monetary value on "stolen" data, because data only has value if it contains useful information. If I stole the production plans for the Boeing 747, it wouldn't be of value because I do not have the means to build 747s. Or in the '90s, the RIAA claiming that everyone who illegally downloaded an mp3 would have bought the album it it weren't available on Napster.

      • by fsckmnky (2505008)

        If I stole the production plans for the Boeing 747, it wouldn't be of value because I do not have the means to build 747s.

        The story, and the world, don't revolve around you.

    • by hawguy (1600213)

      Stole informational assets worth $500 billion over the past year? Um, does anyone bother to do basic reality checks?

      $500 billion is about 1/3 of the US's GDP for all of 2010 [cia.gov].

      So ... no, just ... just no.

      These are "assets", not revenue so aren't tied to GDP. If someone stole all of the gold out of Ft Knox, they'd have $200B worth of assets that would have no relation to GDP. Likewise, if they steal a secret chemical formula valued at $1B, that has no relation to GDP. (though the valuation is related to how much revenue it could earn).

      In any case, the numbers are very suspect. No one knows who exactly is stealing the data, what data is stolen, or what they are doing with it, yet somehow they came up with a s

    • $500 billion is about 1/3 of the US's GDP for all of 2010.

      Damn. The US should just download 8 million chinese-produced songs to even all that out!

  • It's more than time for the poor little American-based multi-nationals to think about seriously investing in real security. If your stuff is so valuable (don't believe that figure for an instant) how come it's so easily snatched?
  • have put lot's of poor security in place now if trained to people to do IT work and not let a theory based class room do the training and payed for the hardware needed to do the job right vs trying to get by with the old stuff for a very long time.

  • as what can they do about it?

  • Well, we wanted it (Score:4, Interesting)

    by Anonymous Coward on Wednesday December 14, 2011 @04:58PM (#38375462)

    We wanted the "information economy", we got it. We ignored material progress and persisted in keeping an antiquated notion of "work" going for what? The work week was about 100 hours in the 19th century and was closer to 50 by the beginning of the 20th century. Despite all the "progress" I keep hearing about and how "productive" we all are sitting at our computers, the work week hasn't reduced, and it still takes 25 years to pay for a house built out of standard parts in six weeks.

    We insist on performing theater for each other while farmers feed us, instead of really analyzing what gets done by who and FOR who.

  • Not stolen, shared (Score:3, Insightful)

    by Rogerborg (306625) on Wednesday December 14, 2011 @05:06PM (#38375582) Homepage
    A little consistency, please. Making a copy doesn't deprive anyone of anything, right? It's all just math anyway, 1s and 0s. Corporations bad, tree pretty.
    • More importantly, why focus on China? I have no doubt that the Chinese are doing this sort of thing, but so is every other major world power. Have people really forgotten ECHELON?
  • But then we'd be secure against them too.

    And that's just unacceptable.
  • by bmo (77928) on Wednesday December 14, 2011 @05:15PM (#38375704)

    And it's perpetrated by every nation on the planet.

    It's no secret that the Industrial Revolution got a kickstart in the US via "stolen IP." The legend is that Samuel Slater memorized drawings across the pond in Blighty and came here with them in his head.

    Another example would be dumpster diving at your competitor's company. Cutting up start strips from stamping operations is not because you want them to fit in the recycling dumpster better. The same for shredding code printouts and printed spreadsheets.

    To suddenly be surprised that this is being done electronically on a systematic scale is to be utterly ignorant of history. And frankly, singling out China smells of hypocrisy, especially after two decades of US manufacturing companies willingly transferring their core manufacturing to China completely oblivious to the long term effects.

    Why reinvent the wheel from scratch when you can simply snag the wheel.dwg from your competitor's computer?

    --
    BMO

  • by gestalt_n_pepper (991155) on Wednesday December 14, 2011 @05:17PM (#38375734)

    What exactly did you expect? It's not just China, of course. We outsource to India, China, the Middle East and even Pakistan. We also educate foreigners here, and not in ethnomusicology or interpretive dance either. Do you think no theft will occur? No backdoors in hardware or software? No designs, models or code will be resold to competitors for a profit without your knowledge?

    First we sold our security to the Arabs for cheap oil. Then we sold our minds to China and India for some cost savings. Our children will be selling their bodies, I expect.

  • If there's one thing I've learned about IT security, it's that it's almost impossible to secure data anyway. Maybe it would make more sense to follow development models in which there's no such thing as stealing.

  • secure your stuff (Score:4, Insightful)

    by sl4shd0rk (755837) on Wednesday December 14, 2011 @05:25PM (#38375874)

    It's not that hard to find a balance between security and usability. At least try. When I read about:

        * un-encrypted data on portable devices getting lost[1]
        * tapes being swiped in people's cars[2]
        * servers with egregiously unsecured login portals[3]

    I'm not sure why people aren't just allowing google to index their entire infrastructure. Really. It would be cheap backup and really easy to find your stuff. Sure, 0-days happen, mistakes are made, admins are not infallible but I can't blame the Chinese (or whoever) for picking the low-hanging fruit when it's been places so close to the ground.

    [1] - http://www.phiprivacy.net/?p=6572 [phiprivacy.net]
    [2] - http://www.mysanantonio.com/news/military/article/Tricare-patient-data-lost-in-car-burglary-2195822.php [mysanantonio.com]
    [3] - www.dataprotectioncenter.com/antivirus/sophos/second-dutch-security-firm-hacked-unsecured-phpmyadmin-implicated/

  • by nimbius (983462) on Wednesday December 14, 2011 @05:32PM (#38375980) Homepage
    "it is easier and cheaper to steal rather than develop the legal way."
    this sentiment is emanating from a nation that has no credibility on 'the legal way' to develop anything in the 21st century. A nation comprised of just a few megacorporations that hover over an infinite sea of frivolous patents, casting them forth like pokemon at the slightest sight of national or international competition that cannot be bought, licensed, bribed, or outlawed by their pre-pay capitalist representatives in government.

    information assets amount to the brainfarts of talented engineers and scientists who are in many cases ostracized entirely from the most meaningful components of their work such as the revenue stream and general application.
    yeah, its an ideological battle that americans immediately jump around and compare to the cold war, but its the ideology of
    ideas come from people, and they must be nurtured and encouraged for the good of all humankind
    versus
    ideas come from people, and they must be incarcerated, exploited, litigated and profiteered until a group of old white men get another yacht.
  • "Air Gap, motherfuckers! DO YOU SPEAK IT?"

  • by ThePeices (635180) on Wednesday December 14, 2011 @05:51PM (#38376238)

    I mean come on guys, how hard is it to proof-read a submission before you post it to the front page?

    Is it really that hard to read it and see that the grammar needs fixing? Is it that hard to insert the missing word "that" in the second sentence?

    This reflects poorly on the quality of the people who work for Slashdot. This is 2011, basic spelling and grammar checks are just a few mouse clicks away.

    • We have editors? I thought items with enough votes in the firehose were auto-promoted to the front page.

  • by plopez (54068) on Wednesday December 14, 2011 @09:54PM (#38379168) Journal

    Recently they blocked ports from shipping in goods on the US West Coast. Most of those imports probably originated in China. So their actions were a blow against China, a repressive Communist regime.

    This is weird. The Republicans are supporting a Communist regime in China while left wingers are taking part in protests protecting the US from Chinese imports. We're through the looking glass people....

Only God can make random selections.

Working...