Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google Security United States

US Inadvertently Enabled Chinese Google Hackers 103

Phrogman writes "In this CNN article by Bruce Schneier, he states that the US Government inadvertently enabled Chinese hackers access to Google's Gmail. The article states 'Google made headlines when it went public with the fact that Chinese hackers had penetrated some of its services, such as Gmail, in a politically motivated attempt at intelligence gathering. The news here isn't that Chinese hackers engage in these activities or that their attempts are technically sophisticated — we knew that already — it's that the US government inadvertently aided the hackers.'" Update: 02/22 20:26 GMT by S : As readers have noted, Schneier said not long after he wrote this article that he no longer thinks this is what happened.
This discussion has been archived. No new comments can be posted.

US Inadvertently Enabled Chinese Google Hackers

Comments Filter:
  • Proud computer experts of China,

    We were made aware of your recent exploits concerning Google and a number of other Western corporations. We know that you have the facility to go after bigger and better targets, so why not go after the U.S. government itself? Instead of hacking Gmail to read average citizens' e-mail, you could go after congress and deliver to us their damming communiques. We want to know all about their marital affairs, business dealings, money streams, and even their bowel movements. We
    • by Anonymous Coward on Monday February 22, 2010 @01:13PM (#31232522)

      Nice sentiment, but Capitalism isn't the problem. Crony Capitalism is the problem. The wealthy gamble with the people's money. If they win, they keep all the profits. If they lose, politicians make sure the taxpayer bails them out. This needs to stop.

      • by Itninja ( 937614 )
        It will never happen unless it physically hurts otherwise. Governments have had centuries of practice at, and have thus become exceedingly good at, keeping the populace docile and compliant. Panem et circenses and all that.

        If one really wants to change the way things are done, try bringing down the cable TV system(s). There would a freaking armed revolt.
      • by node 3 ( 115640 ) on Monday February 22, 2010 @02:00PM (#31233266)

        Nice sentiment, but Capitalism isn't the problem. Crony Capitalism is the problem. The wealthy gamble with the people's money. If they win, they keep all the profits. If they lose, politicians make sure the taxpayer bails them out. This needs to stop.

        That's not "Crony Capitalism", that's just Capitalism. Capitalism done poorly, but still, plain old vanilla Capitalism.

        Crony Capitalism is when you get the contract because of who you know (which is still plain old vanilla Capitalism, actually, just done poorly in a different way).

        The problem isn't with Capitalism per se, the problem is with worshipping Capitalism as the highest ideal form of economic system. It's not. It's really good, but to blindly follow a rule of "Capitalism or bust" is doomed to failure.

        The banking system fiasco is a perfect example of pure Capitalism at work. The banks got your money voluntarily. They then "invested" it voluntarily. They then lost it, all completely voluntarily. Although it should have happened much sooner, *that's* when the government finally stepped in to halt this perfectly valid form of Capitalism. Had they not stepped in, we would very likely be in a depression right now, instead of being in an actual state of economic improvement.

        They should have stepped in sooner, and disallowed the high-risk gambling of something so precious as the savings and checking accounts of the American people. But the ruling party at the time has the motto of "Capitalism or Bust". The problem is they actually got both.

        Now, the standard Capitalist response would be that, sure, *some* banks will gamble, and they will fail, but the smart banks will not and they will outcompete their competition and rise to the top, making the market even *better* than before.

        The problem with that is that in some configurations, that doesn't really work. If it takes a long time for failure to occur. This is what happened with the banks, where it took about a decade for the house of cards to collapse. In the mean time, all the smart banks (of any significant size) *had* to follow suit with the risky practice for two reasons:

        1. They *were* being outcompeted by their competitors. Those that took the risks were seeing the higher rewards immediately. Those that were playing it smart were not, and their boards and shareholders where at their throats if they didn't also see similar earnings.
        2. The cancer of these bad investments where making their way all throughout the system. It's difficult to invest in anything without having it be involved, in some way, with this house of cards illusion.

        Sure, there were a few small institutions that weren't a part of this scheme, but they were hardly capable of taking over the financial burdens of the US.

        And once everything fell apart, *HUGE* amounts of American capital instantly disappeared. This left a huge vacuum, and as the *rest* of the economy began to collapse, the government, and specifically, the Federal Reserve, did the only thing it could to prevent full catastrophic failure. They filled in some of those gaps with printed money. This slowed the collapse and is in fact reversing it as we speak. But at a cost, a huge cost. The cost is inflation. With more dollars in existence, each dollar is worth less.

        This is all thanks to Capitalism. Not Crony Capitalism, not Any-Other-Qualifier Capitalism. Just plain old Capitalism. Some things should not be allowed to happen. *Not* because government knows better than you or I, but because some things are traps. Traps where a profit seeking Capitalism, done completely correctly, has no choice but to fall into. Some traps may be acceptable, if they get us to a better state of affairs, and maybe it means horse and buggy dealers have to lose out to the automobile industry, or electric cars replace gasoline cars, or the Internet topples the current music industry configuration.

        But some traps are far too devastation to be allowed to be sprung. And *any* trap which will inevitably lead to the decimation of our banking system one such trap. For the government to put into place restrictions protecting such a thing is *NOT* Communism. It's the government protecting the very fundamental building blocks of Capitalism.

        • by Dog-Cow ( 21281 )

          Near as I can tell, Capitalism should involve capital. Perhaps that's just me being silly. What the banks did had nothing to do with capitalism. They had NO capital. That was exactly the problem -- they made stuff up and then spent money on it.

          • That wasn't the problem: the problem is fiat currency to begin with. Banks create money via the fractional-reserve banking system [wikipedia.org]. This can work okay (the fact that the US dollar is actually debt, not wealth put aside for sake of argument) if you have good risks. The problem is with Fannie Mae and Freddie Mac guaranteed riskier loans, some banks were required to lend to people who had no means to pay it back, and others jumped on the bandwagon as it was a good way to make a quick buck; show some strong "gai

          • by node 3 ( 115640 )

            Near as I can tell, Capitalism should involve capital. Perhaps that's just me being silly. What the banks did had nothing to do with capitalism. They had NO capital. That was exactly the problem -- they made stuff up and then spent money on it.

            To claim that banks have no capital is to say down is up.

        • At the basis of Capitalism is a Free Market. There are at least two conditions that must be present for a Free Market to meet its definition:
          * barriers to entry must be close to zero (exactly zero is impossible)
          * perfect information about all products/services in the market is available to all customers

          Unfortunately, no markets truly satisfy this condition. Instead, what we have are markets that fall in a spectrum: some have low barriers to entry and information is broadly available (carpentry), others have

          • I think we're confusing the free market for the perfect market. In a perfect market:
            A. everyone knows everything about the state of the market,
            B. there are no barriers to entry or exit, and
            C. everyone has equal access to the means of production.

            as a result of this,

            D. No one person has the power to set or fix prices

            because anyone can notice a disproportionate margin (A), and start their own company overnight to take advantage of it (B and C). All of this is of course, impossible.

            In a free market,
            • You're correct on one sense - a perfect market is a free market, but a free market doesn't necessarily have to be a perfect market. However, what you're missing is that the rationale behind people supporting a free market is that it is supposed to operate like a perfect market - hence all this talk about "the free market will fix any problem on its own."

              To take your example, a free market would work if people would have the means to find out about the mercury dumping. If people don't have access to that inf

          • The basis of capitalism is capital. Period.
        • None of that is capitalism, it is all cronyism.

          The problem is not your economic system, it is your political system, which allows itself to be corrupted by the wealthy.

          Wealthy should try and corrupt the political system because it is a cheap way to get free money. It is the attribute of a failed political system that allows a process, where the wealthy are successful at this.

          You are mixing quite a few things in your lengthy post, most importantly this: free money provided by the fed allowed the banks to ga

          • by node 3 ( 115640 )

            None of that is capitalism, it is all cronyism.

            No, it's most definitely Capitalism.

            Cronyism plays a role, to be sure, but the underlying substrate is Capitalism. Specifically, those with the money doing what they want with it, regardless of the effects on others.

            Cronyism is just the players. Are they giving each other deals based on friendships and connections? Or are they engaging in deals based purely on objective financial decisions.

            Cronyism is a problem, but it's an inextricable part of Capitalism. So long as you have capital, and you have the right

            • Nope. Capitalism is not about playing with other people's money. It is about investing money that you save and using it to create more wealth, it is not about taking free money given to you by the government and then gambling with it because you have no repercussions - the government will step in and save you and you ensure this by being in very close and good relationship with it.

              There is no capitalism when your friend - the fed steps in and saves you over and over. There is no capitalism when your frie

        • What we need is expedited recovery from a bank blunder.

          Put the federal reserve back in its place and let the banks get desperate enough to borrow from the fed. That's what they are there for, lender of last resort.

          Bailouts are a load of bullshit. Here's why:

          If a bank is in trouble due to a liquidity problem, they should go to the fed and take out a loan to cover their tills until the depositors calm down. If the crisis really is temporary, carrying a few points of interest on a fed loan for a month shoul

          • by node 3 ( 115640 )

            Bailouts are a load of bullshit. Here's why:

            The bailouts aren't for what you think they are for. They aren't to keep the banks afloat. They are to keep the economy from collapsing into a depression.

            It sucks that the bankers are making so much as a side-effect of this, but it's better than the alternative.

            But this will all fail again if we don't reign in the banks themselves with laws like Glass-Stegall. If we don't, they'll just do the same thing because *someone* will pull the same old shit again, and then everyone else will eventually have to follo

        • by moeinvt ( 851793 )

          "The banking system fiasco is a perfect example of pure Capitalism at work."

          It most certainly was not. In a system that even remotely resembles capitalism, businesses that make bad investments lose money and ultimately end up in bankruptcy. Furthermore, the whole Federal Reserve system, where we have a central bank that ARBITRARILY sets interest rates and expands the money supply on a whim is the absolute antithesis of capitalism and the free market.

          "Had [the government] not stepped in, we would very like

          • by node 3 ( 115640 )

            "The banking system fiasco is a perfect example of pure Capitalism at work."

            It most certainly was not. In a system that even remotely resembles capitalism, businesses that make bad investments lose money and ultimately end up in bankruptcy.

            Did you even read my post? I pointed out that this is the standard Capitalist response. Let the fail and the market with right itself. Unfortunately, as I pointed out in my post that you clearly didn't read, letting the banks fail would have sent the economy into a depression.

            Which brings us to the ugly truth of Capitalism. Unregulated Capitalism always leads to depressions. The Capitalist will say this is good, because it purges the economy of the failed businesses and allows the truly successful models to

        • Why was the solution a bailout? It seems to me we got into this mess because large numbers of people don't understand the concept of mortgages, especially principal and interest. Why wasn't the solution more math education?

          Every student should have to answer this question to graduate:

          "A teacher makes $40,000 per year. Her house costs $500,000. What interest rate can the teacher afford for her house?"
          Answer: Nothing. The teacher can never afford a $500,000 house.

          If capitalism was really working then the gove

        • They're "reversing" the collapse? It's more like they're digging themselves into a deeper grave even as we speak. The double-dip recession and pending Depression are still to come...

        • Well written, but I think not the root of the problem.

          One of the ideas behind capitalism is that if you have money, that investing it gives you a reward, but also a risk that you loose your money. Usually the reward is proportional to the risk.

          What is wrong with the current banking system, is that the bankers and traders got huge rewards while the risks where not theirs but homeowners/pensioners/shareholders.

          The problem is that if a banker/trader takes a big risk and it pays off, he gets a big bonus, if he

        • "1. They *were* being outcompeted by their competitors. Those that took the risks were seeing the higher rewards immediately. Those that were playing it smart were not, and their boards and shareholders where at their throats if they didn't also see similar earnings."

          There's the crux of it right there - the Get Rich Quick mentality. This is the real cancer; slow and steady increases in wealth should be the norm, but investors have come to expect to be enriched overnight.

          Unfortunately the overall effect of

      • That is exactly correct.

        Unfortunately, too many people see this as a reason to prevent the wealthy from "gambling" (ie: investing). It's not the gambling/investing that is the problem.

        Example: If General Motors can not pay it's bills, then it should file bankruptcy just like any other company in the world. The unions are the reason it got bailed out and they are the pinnacle of cronyism.
  • Ahem. (Score:5, Insightful)

    by Pojut ( 1027544 ) on Monday February 22, 2010 @01:11PM (#31232456) Homepage
  • I don't see how doing what is required to not be put in prison, is "inadvertently aiding" anything.

    I want my ad impressions back :P

    • Re: (Score:3, Insightful)

      by TubeSteak ( 669689 )

      I don't see how doing what is required to not be put in prison, is "inadvertently aiding" anything.

      You're an idiot if you can't understand how government backdoors into our (tele)communication infrastructure is at least as bad as backdoors resulting from coding mistakes.

      Hint: Both can be exploited by bad actors, but the government backdoors can also be exploited by anyone authorized to access the system.

      • by dissy ( 172727 )

        Nothing you say refutes my statement that everyone doing business in those countries are required by law to have such backdoors.

        Nothing I said implies good or bad either, only current legal state.

        • Nothing you say refutes my statement that everyone doing business in those countries are required by law to have such backdoors.

          Lol, that's because you didn't make that statement until just now.

          Maybe it was in your head all along, but it certainly isn't what your fingers posted.

          • by dissy ( 172727 )

            Nothing you say refutes my statement that everyone doing business in those countries are required by law to have such backdoors.

            Lol, that's because you didn't make that statement until just now.

            Riiiight... Because I clearly meant all those OTHER ways one ends up in prison without breaking any laws

            *rolls eyes* the trolls sure are out in force today

            • See, you did it again. What's in your head is NOT what you write.

              You wrote about "inadvertently aiding" as if following laws can't have unexpected results.

            • by treeves ( 963993 )

              "...all those OTHER ways one ends up in prison without breaking any laws"

              Well, we are talking about China here, aren't we ;-)

    • by zill ( 1690130 )
      I am running a mail server at home and I do not provide backdoor access to any US government agencies. I have not been "put in prison" for this yet.

      Please point out the piece of legislation that requires all email service providers to guarantee backdoor access to the US government. Otherwise please stop spreading FUD.
      • by dissy ( 172727 )

        I am running a mail server at home and I do not provide backdoor access to any US government agencies. I have not been "put in prison" for this yet.

        There is definitely a separation between providing 'personal' email, and being a full blown telecommunications carrier.
        I'm not exactly sure -where- that line is, but it's way above a personal email server.

        I suppose one might argue Google isn't a telecommunications carrier for email services...

        Please point out the piece of legislation that requires all email service providers to guarantee backdoor access to the US government. Otherwise please stop spreading FUD.

        Can't show anything that requires ALL email providers to do any such thing.

        However the law covering the likes of Google is the 1994 Communications Assistance for Law Enforcement Act

        It applies not just to the 'old style

  • Olllddd (Score:5, Informative)

    by Trailrunner7 ( 1100399 ) on Monday February 22, 2010 @01:12PM (#31232498)
    This is a month old, and Schneier has since backed off this assertion.
    • Link? I was surprised to see this show up on Slashdot so long after the fact, but I don't see any retraction on Schneier's blog.

    • Re:Olllddd (Score:4, Informative)

      by ratnerstar ( 609443 ) on Monday February 22, 2010 @01:19PM (#31232640) Homepage

      Exactly. See: http://www.schneier.com/blog/archives/2010/02/more_details_on.html [schneier.com]

      The rumor that China used a system Google put in place to enable lawful intercepts, which I used as a news hook for this essay, has not been confirmed. At this point, I doubt that it's true.

      Seriously slashdot, you're not even trying. Although, I have to say it was somewhat irresponsible of Schneier, who in general I have enormous respect for, to write an essay predicated on an unconfirmed rumor.

      • This is why I read the comments first, and then the articles. Thanks Slashdot, for coming through when I needed you. ;)

    • Yeah, especially since it's already made the front page of Slashdot. http://tech.slashdot.org/story/10/01/24/1518213/Surveillance-Backdoor-Enabled-Chinese-Gmail-Attack [slashdot.org]
    • Yes, he has mentioned several times that he now doubts the veracity of this account. Time to UPDATE the story to stop confusing people.
    • It would have been even better had he not used a rumor as the basic for accusations in the first place and waiting until the facts are in. But he's got an agenda to push, and like all pundits he's only important so long as he's got something worth publishing - the more controversial and likely to get eyeballs on the publisher the better. Facts are secondary to this the reality that agendas must be served.

    • This is a month old, and Schneier has since backed off this assertion.

      Kind of reminds me of a certain interview in which Dvorak reveals that he would whip the mac users into a froth but leave himself an out, then a month later he'd have another column in which he'd take back the statement and claim that he never really meant it, and predicted the way things actually turned out all along, and he kept getting published because it meant many eyeballs.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Backed off? Looks more like he retconned it.

      In his original CNN article he stated it as hard fact, omitting any mention of rumour or speculation.

      In his revisited article it is suddenly an unconfirmed rumour that he used as a newshook.

      If he actually had backed off and said something along the lines of "I thought this, I was wrong" he would have lost a lot less respect in my eyes.

  • by Saint Aardvark ( 159009 ) on Monday February 22, 2010 @01:16PM (#31232562) Homepage Journal
    Bruce appears to have taken back this assertion here [schneier.com]:

    The rumor that China used a system Google put in place to enable lawful intercepts, which I used as a news hook for this essay, has not been confirmed. At this point, I doubt that it's true.

    The original essay, linked to in TFP, is dated January 23rd; the update I quote from is from February 8th.

    • by daveschroeder ( 516195 ) * on Monday February 22, 2010 @01:40PM (#31232974)

      ...is the fact that 30-some other companies -- companies without any such lawful surveillance facilities -- were also compromised as part of this Chinese operation, and all accounts indicate it was via 0-day vulnerabilities in IE and JavaScript-enabled PDF documents, not via any mechanism to enable surveillance intercepts.

      This was Schneier using the incident as a platform to grind a political axe (probably based on a bogus tip), from which he wisely backed off.

  • ..should be: "Repeal CALEA."

  • When it comes to data:
    To PROTECT it,
    Don't COLLECT it.
  • by SnarfQuest ( 469614 ) on Monday February 22, 2010 @01:35PM (#31232904)

    The chinese probably called up Googles secretary, and talked her into giving them their password (ChuckNorris).

  • In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

    Put on your tinfoil hats people!
    Not only is Google working WITH the government, they're doing a sloppy job of it!

    • Not only is Google working WITH the government, they're doing a sloppy job of it!

      Cause, effect?

  • Presuppositions. Or unstated assumptions [wikipedia.org].
    • you are too prejudiced. Evidence? Click the link given in the summary. In the CNN article that comes up, go to the paragraph that starts with "And surveillance infrastructure can be ...". Hover your mouse over the link labeled with the word "helped". Your browser's status bar will tell you that it links to yet another article about China's surveillance. You won't open an article that supposedly talks about such an "obvious" thing. But only when you click that link, you will know that it doesn't exist. Appar
    • The summary uses the phrase "we already knew". Who knew? and how did they know?
  • Opinion Section (Score:3, Insightful)

    by rm999 ( 775449 ) on Monday February 22, 2010 @01:57PM (#31233212)

    Every article I have read that explains who committed the hacking, how, and why has been an opinion piece, and ends with "the opinions expressed in this commentary are solely those of X". I have no problem with this per se, but we should all take it with a grain of salt; Slashdot should preface it's headline with "Theory:" or "Opinion:".

    I prefer my news to be my news, and my conspiracy theories to be my entertainment.

  • Why bother having a summary when it adds nothing to the headline?
  • This story was on /. a month ago. LINKED TO THE SAME ARTICLE. Come on guys.

    http://tech.slashdot.org/story/10/01/24/1518213/Surveillance-Backdoor-Enabled-Chinese-Gmail-Attack [slashdot.org]

    • And that submission actually explains what happened, unlike this one.

      US inadvertently enabled Chinese Google hackers - It turns out that the US may have inadvertently enabled the Chinese Google hackers. How? As CNN is reporting, the US enabled the Chinese Google hackers, but inadvertently.

    • by BhaKi ( 1316335 )
      The public is so prejudiced and so uncritical that even a million "Come on guys"s won't matter.
  • All this mess for an "undisclosed vulnerability in Internet Explorer 6".
    WTF! Still using it? Google employees or anyone else? You deserve it!
  • Yeah, right....

  • I'm sorry but Communism is IMHO a scourge and a threat and always will be!

    Anybody remember "Die Yankee dog, running dogs of imperialism!", I do.

  • here is that the affront to our freedoms here enables the Chinese to squash those advocating Chinese freedom.
  • guess this means I enable muggers by walking down the street with a cell phone and mp3 player.

The explanation requiring the fewest assumptions is the most likely to be correct. -- William of Occam

Working...