Preparing for Retaliation Against Russia, US Confronts Hacking by China (nytimes.com) 126
The proliferation of cyberattacks by rivals is presenting a challenge to the Biden administration as it seeks to deter intrusions on government and corporate systems. From a report: Just as it plans to begin retaliating against Russia for the large-scale hacking of American government agencies and corporations discovered late last year, the Biden administration faces a new cyberattack that raises the question of whether it will have to strike back at another major adversary: China. Taken together, the responses will start to define how President Biden fashions his new administration's response to escalating cyberconflict and whether he can find a way to impose a steeper penalty on rivals who regularly exploit vulnerabilities in government and corporate defenses to spy, steal information and potentially damage critical components of the nation's infrastructure. The first major move is expected over the next three weeks, officials said, with a series of clandestine actions across Russian networks that are intended to be evident to President Vladimir V. Putin and his intelligence services and military but not to the wider world.
The officials said the actions would be combined with some kind of economic sanctions -- though there are few truly effective sanctions left to impose -- and an executive order from Mr. Biden to accelerate the hardening of federal government networks after the Russian hacking, which went undetected for months until it was discovered by a private cybersecurity firm. The issue has taken on added urgency at the White House, the Pentagon and the intelligence agencies in recent days after the public exposure of a major breach in Microsoft email systems used by small businesses, local governments and, by some accounts, key military contractors. Microsoft identified the intruders as a state-sponsored Chinese group and moved quickly to issue a patch to allow users of its software to close off the vulnerability. But that touched off a race between those responsible for patching the systems and a raft of new attackers -- including multiple other Chinese hacking groups, according to Microsoft -- who started using the same exploit this week.
The officials said the actions would be combined with some kind of economic sanctions -- though there are few truly effective sanctions left to impose -- and an executive order from Mr. Biden to accelerate the hardening of federal government networks after the Russian hacking, which went undetected for months until it was discovered by a private cybersecurity firm. The issue has taken on added urgency at the White House, the Pentagon and the intelligence agencies in recent days after the public exposure of a major breach in Microsoft email systems used by small businesses, local governments and, by some accounts, key military contractors. Microsoft identified the intruders as a state-sponsored Chinese group and moved quickly to issue a patch to allow users of its software to close off the vulnerability. But that touched off a race between those responsible for patching the systems and a raft of new attackers -- including multiple other Chinese hacking groups, according to Microsoft -- who started using the same exploit this week.
Block at the router. (Score:4, Insightful)
Well we could geoblock Russia and China. Cut down on a lot of the noise.
Re:Block at the router. (Score:4, Insightful)
Yeap. America is going to be pretty quiet when it doesn't have kitchen appliances, TVs, radios, cars, and many other comforts. That's because they are all made in China. The current products that are well known and only produced in America are planes that crash because government agencies and business executives have been corrupted. Oh, I mean there is that whole SpaceX thing too which is pretty dope but Tesla is already making factories in China and Starship is planned to do point-to-point travel around the globe, so I don't think Musk is going to care too much if he starts doing more work in China.
The gist, aerospace might be the one industry the US has an edge and it probably won't last long.
Re:Block at the router. (Score:5, Insightful)
Americans should start making their own shit again. We didn't have all of these income inequality issues when the economy was geared towards producing goods.
Re:Block at the router. (Score:5, Insightful)
Re: (Score:2)
The funniest/saddest part of it is that the thing that lowered shipping costs and allowed overseas manufacturing is the shipping container, an American invention.
Re: (Score:2)
So you want standards of living like China has? Have fun with that!
Re: (Score:1)
An admirable goal and possibly worth pursuing to some extent, but at best it will take decades to build up the supply chains.
Re: (Score:2)
Bingo. All while "geoblocking" the largest part of the current supply china. Literally the most important thing for any war is supply chain. What's being proposed in economic war of an unprecedent scale which could perhaps be the only thing to really lead to actual serious skirmishes with these nations. Yet people want to eat this dog shit up... instead of considering the real pathway to any such battle.
It's sad, not because it isn't a "worthwhile" endeavor but because it's just stupid -- doomed to fail and
Re: (Score:2)
> We didn't have all of these income inequality issues when the economy was geared towards producing goods.
No, no, no. You don't get it... we destroy American jobs and the American economy and then cry for UBI to save us.
Same result, the difference is:
- no pride in workmanship or self worth
- no self autonomy as country/economy
- no manufacturing base
- dependence on government hand outs
See, UBI is so much better...
Re: (Score:2)
Those destroying American jobs and the American economy are one set of people.
Those negatively affected by this destruction are another set of people.
Those calling for UBI is a third set of people ( acknowledged that there is some small overlap between those affected by destruction and those calling for UBI ).
Re: (Score:2)
Hahahaha, most clueless posting today! You are precisely not making goods anymore because if you still did, things would be _worse_ than they are now.
Re: (Score:2)
Worse for who? Certainly worse for the CEOs of the companies that outsource. Possibly worse for Wall Street parasites.
Not gonna happen (Score:2)
You can't do that when you're manufacturing consumer goods. You can have clean air/water and good wages and moderate profits or you can have dirty air/water and crap wages plug super high profits. We choose the latter.
Re:Block at the router. (Score:5, Insightful)
Yeap. America is going to be pretty quiet when it doesn't have kitchen appliances, TVs, radios, cars, and many other comforts. That's because they are all made in China.
It's possible to spin up factories pretty quick in Mexico and Canada. There are service companies that specialize in that. All the CNC, presses, drills and robots that make all that stuff are built in the US and Germany.
I worked for a company that moved production of circuit boards from China to Mexico. It was incredibly easy, and the engineers appreciated that trips to the factory took a few hours rather than a day.
Re: (Score:2)
What about spinning up factories in the U.S.A.?
Re: (Score:2)
All the same could be said about Canada, though. I'm questioning why JBMcB said "Mexico and Canada" as if they were more equivalent than "U.S.A. and Canada" for some unknown reason. If anything, AFAIK our environmental laws are more strict than those in the U.S.A.
Re: (Score:2)
Thanks for your insight. Frankly let's do it. I think some process in America would be nice too but frankly doing more legitimate business with building Mexico's economy is perhaps the most worthwhile long-term endeavor I can imagine Americans taking.
It's weird for me to imagine though that putting factories in Canada would be cheaper than putting them on US soil. Is there something I am missing?
We also have to consider sending products overseas too. I think and finding more partners in Europe would be a go
Re: (Score:1)
All the CNC, presses, drills and robots that make all that stuff are built in the US and Germany.
Apparently you are not aware of mountains of this type of equipment coming out of China. Give'em a year or two, you'll be able to order a complete factory from AliBaba (too lazy to check, might be able to do that now!)
Re: (Score:1)
Yeap. America is going to be pretty quiet when it doesn't have kitchen appliances, TVs, radios, cars, and many other comforts. That's because they are all made in China.
That will likely come as a big surprise to all those factory workers in Mexico and Canada making kitchen appliances, TVs, radios, and cars... wait, are you under the impression that America imports ANY cars from China? American auto plants in China are to produce product for consumption in China, not to ship them to America!
Re: (Score:2)
aerospace might be the one industry the US has an edge
The U.S. is a huge armaments exporter, especially opressive regimes like Saudi Arabia.
Re: (Score:2)
Yeah. I feel a little dumb for missing that one but you are totally right.
Re: (Score:1)
And fuck over thousands of US companies trying to do business with Russia and especially China in the process.
Not getting important emails from your manufacturing partner because your government decided to indiscriminately geoblock an entire country is something I don't really want to see.
It would also fragment the internet, and China would take the opportunity to push other countries to adopt the Chinese version by supplying them with cheap hardware and expertise.
Re: (Score:2)
Please, tell me about all the products we Americans rely on from Russia? My list begins with Tetris and ends with caviar, but I'm certain yours is much longer.
Re: (Score:2)
I think you are being funny, so does your list include models and vodka?
But to not be funny, have you heard of Kaspersky? If I am not mistaken they are considered one of the better industrial scale anti-virus solutions and geoblocking Russia would completely screw these customers from getting support. In fact, I think Kaspersky had some of the first people investigating Stuxnet and there researchers, as well as other Russian authorities, are a large part of the documentary "Zero Day".
Russia is not really a
Re: (Score:1)
In fact, I think Kaspersky had some of the first people INSTALLING Stuxnet and there researchers, as well as other Russian authorities, are a large part of the documentary "Zero Day".
fixed that for ya....;-)
Re: (Score:2)
My list begins with Tetris and ends with caviar, but I'm certain yours is much longer.
Please don't buy your caviar from Russia, it is likely poached. Buy sustainable caviar from Sacramento, it protects species (and imo tastes better).
Re: (Score:2)
The only solution that relatively "geoblocks" while still allowing some level of business functionality would be effectively to follow suit with what China has developed in the Great Firewall. I still think majority of people are confused about the real purpose of this design to national network infrastructure and why China took the approach.
Nonetheless, I think that's irony of the reality, is people are happy to give up on the idea of a free internet. I would love to see a member of a European Pirate party
Re: (Score:1)
we were always at war with eastasia
Bombs Away! (Score:1)
:(){ :|:& };:
Re: (Score:2)
"They are doing evil to us. Let's imitate them and do exactly the same thing to them. That'll teach them that that is wrong!"
Quite the strawman argument you've got there.
This seems more in the vein of announcing, "your bad behavior will have repercussions, so knock it off," which is a significant departure from the former administration were Russia could do no wrong.
Re: (Score:1)
Uh, "Jesus stories" are about 3,000 years old [bbc.co.uk], give or take, not 5,000, and they include a story about "an eye for an eye" [christianity.com] Which would appear to be the guiding principle here.
A decade ago. China and Russia asked the US... (Score:2)
China and Russia had asked the US to get together and start crafting an international convention to cyberwarfare, essentially regulating it, in the same way that chemical weapons, etc. would be regulated. US said NO to creating a convention, thinking they were superior in every way to China and Russia in their abilities. Now they are crying everyday about it.
Secondary Effects (Score:4, Insightful)
China and Russia had asked the US to get together and start crafting an international convention to cyberwarfare, essentially regulating it, in the same way that chemical weapons, etc. would be regulated.
They didn't just want to regulate the network warfare aspect, they also wanted full regulation of the internet as a whole, brought under the UN. So, censorship, persistent monitoring, encryption backdoors, etc... That's a nonstarter for any non-totalitarian government.
Re: (Score:2)
Those were later attempts. Previously they were just discussing mainly offensive capabilities. The US military were totally against curbing their abilities.
Here's an example of the earlier discussions.
https://www.nytimes.com/2009/0... [nytimes.com]
Re: (Score:2)
I think it's inarguable that we have maintained superiority but it's kind of like MAD. Simply having superior weapons is not enough to be able to persistently keep an antagonist at bay. MAD is to say if you hurt us enough than we both will burn in hell. Well if an attack only causes small amount of pain, than MAD is effectively self defeating. Thus what we are facing right now, is death by a thousand cuts -- internet remix.
Re: (Score:1)
Exactly, how would this "international convention" be organized, enforced? It's hard to truly hide stockpiles of land mines, chemical weapons, or nuclear weapons, but a building full of cyber hackers is easy to hide from regulators, and the attacks can be spoofed to appear to have come from anywhere.
Re: (Score:2)
Gateways. It's probably easier to maintain an internet convention than it is to maintain a convention about nukes. The internet is a connection of information systems. The bits can be tracked which would be the large objective of such a convention, that cyber attacks would be enforced international and outside the networks one would normally have any legal right.
It's something more like AI conventions which are harder to enforce because again you can just have a server farm training your weaponized AI you w
Typical (Score:4, Insightful)
They want to test Biden and his teams resolve. Happens with nearly every new administration one way or another.
Re: (Score:2)
If I am not mistaken, the attacks happened under Trump's administration. What's coming to light now is the equality of measure used between China and Russia for addressing these persistent attacks which have gone on for years through multiple presidents administrations. 4-8 years isn't very long in the grand scheme, so can we stop really putting this stuff in the context as anything happening differently under one administration or the other.
Re: (Score:2)
Even so, the country was in transition. Your 4-8 year comment makes no sense whatsoever. Do you anticipate us sitting on our hands since you say it's not long enough? No, and they know that we likely won't, but want to know if we're going to act like Churchill or Chamberlain when it comes to things like invading Ukraine, or Afghanistan, or what we'll do about man made islands in the south Pacific.
Re: (Score:2)
The point wasn't to say we should sit on our hands, rather that presidential terms in relation to international policies are not that influential considering the brevity of them. Other factors often push international policy more, such as corporate interests which can be more consistent for decades or longer.
China is not really invading anywhere and it seems a bit of a poor comparison to compare artificial islands to invading sovereign countries. This being said, the whole Ukraine situation still seems comp
Re: (Score:2)
I'll agree on Ukraine, and disagree on the islands. China is trying to project military force to protect claims they're making on territory that they've been told in the World Court isn't theirs.
https://www.cfr.org/global-con... [cfr.org]
I'm not putting these things on an equal footing, only using them as examples of actions used to test our resolve.
Re: (Score:2)
I don't think we disagree and I agree with everything you are saying.
The disputable aspects are does the World Court matter? As an American, it seems clear we ignore international rulings from time to time and likewise break treaties over relatively short periods.
Post WW2, there were consider 4 nations which were world police and one of those is China. They are trying to push their role as a regional authority in this regard, similar to how the US has pushed this agenda in other regions of the world. So I d
Thanks of the heads up (Score:2)
We will be alert.
-Vladimire
I'm just going to come out and say it (Score:5, Insightful)
Having competent people in charge over at an adversary is never a good thing
Re: (Score:2)
...though curiously did nothing with the Russian bounties...
It's only curious if you believe that Trump wasn't told to ignore it.
Re: (Score:2)
Indeed. Apparently the Russians did not manage to hack the elections this time, so Trump did not win. There really is nothing better than an opposing country lead by a complete moron that thinks he is the second coming.
Re: (Score:2)
Re: (Score:2)
Trump had the right diagnosis, but the wrong cure.
China *is* a competitor, and they really take unfair advantage of the current rules.
However the solution is not unwinnable trade wars, nor strong arm tactics. It is plain old diplomacy, and re-authoring existing framework of international regulations.
Re: (Score:2)
Being deep in the pockets of the Chinese.
The Russian economy is smaller than Italy. I'm going to say that China is a bigger long term threat.
Re: (Score:1)
China wants to sell you the rope to hang yourself with it. Russia wants to see the its ultimate rival fucked.
Re: (Score:1)
Because you're not making it much of a choice asking that question as China has orders of magnitudes more of the world's economy by it's balls.
Biden's stance on China and Russia remains to be seen in his actions.
In Trump's case we've had 4 years to observe his actions and ideology. Critical of China, which was good. But apologetic towards Russia and other authoritarian shit holes like Turkey. W
Please, (Score:2, Funny)
The China threat is nothing new, stop trying to pretend it is - doesn't anyone here remember the Office of Personnel Management hack a few years ago? And let's not forget the Countless corporate hacks all attributed to China.
Need a reminder: https://www.wired.com/story/ch... [wired.com]
This administration has a surprising tendency to think we all have the attention spans of house flys. For example, Biden claimed the vaccine didn't exist when he took office, despite his getting his vaccine shots a month before taking of
Re: (Score:2)
I completely agree with everything you are saying but you do seem to take a poke at Joe Biden.
I seem to remember this phrase "Keep your friends close and your enemies closer". It may not be hip these days but I think this could be Biden's ultimate approach. Politicians are suppose to be friendly to other nations. It's generals you use when you need sticks to hit each other with.
half measures half good? (Score:1)
Expect typical biden half measures. These will serve as a "warning" to Putin. Right, a warning that they need to plug those holes right now, making future measures ineffective. These people are morons.
Re: (Score:2)
Well, you've got to admit, even a half measure is better than the approach of the previous administration, which seemed to believe offering to blow Putin would discourage him from launching cyberattacks against the US.
Start building the Battlestars (Score:2)
And keep em airgapped.
Baked right in (Score:1)
Cybersecurity for the USG is something of a gag.
Not so much for the expertise or the dedication of those responsible.
Though the human component is still likely still the softest target the government continues to use what is likely compromised hardware.
Yes there is supposed to be a standard for hardware used in a USG installation but they catch ships full of equipment with counterfeit approval every year and anyway since they are still assembled in the PRC a similar backdoor can be setup during production e
Re: (Score:2, Troll)
^ This. There should be a zero tolerance policy for attacks on the US regardless of what form they take.
Re:Just drop a bomb (Score:5, Insightful)
I assume you have a foolproof way to determine where the attacks are really coming from. It would be unfortunate if the US nuked Australia because someone used a proxy there.
Re: (Score:1)
> It would be unfortunate if the US nuked Australia because someone used a proxy there.
That's why I do all my hacking from VPNs terminating at oil refineries in the middle east. I like to think it's my way of helping the Biden deep state.
Next up, there's a daycare in Syria with an unpatched copy of Windows 98.
Re: (Score:2)
Biden already bombed that one.
Re: (Score:2)
You are not thinking far enough. If the violent morons ever take over in the US, simply hack some US servers and attack the US from there. Problem solved!
Re: (Score:3)
I assume you have a foolproof way to determine where the attacks are really coming from. It would be unfortunate if the US nuked Australia because someone used a proxy there.
To be fair, an amazingly large amount of Australia could be nuked and no one would notice. Some of it could be improved by nuking. The residual radioactivity is less deadly than all the poisonous spiders and snakes and frogs and bats and insects and assorted other creepy crawly things that got nuked.
Re: (Score:3)
Do you really want to create radioactive "poisonous spiders and snakes and frogs and bats and insects and assorted other creepy crawly things"?
I'm sure it will end well.
Re: Just drop a bomb (Score:2)
Wouldn't that just turn all of the Australians into spidermen?
Re: (Score:1)
Re:Just drop a bomb (Score:5, Insightful)
^ This. There should be a zero tolerance policy for attacks on the US regardless of what form they take.
In the event that you're not a troll...
1} Where should this bomb be dropped? China and Russia for instance are very large places. Would you like to drop this bomb on unoccupied land? A farm? A small city? A large city? A power plant? The capital of the country?
2} What sort of bomb do you have in mind? Conventional, biological, or nuclear? It's important to assign a measured response, so we need to be clear, especially as we consider what the reactions will be to that response.
3} What precedent does this set? While security experts "know" that these recent actions are coming from certain countries, and "know" that it's "got" to be state-sanctioned, they don't have actual proof of such. If you bomb a country because you "know" they're hacking you, doesn't that set the precedent that should a well-organized group of hackers appearing to come from your country hacks others, you get bombed? Doesn't this encourage false-flag attacks?
4} What about international opinion? Part of taking military action on other countries involves reciprocal protection pacts. In order to not immediately go to war with multiple nations, you'd have to prove - to their satisfaction - that your action is justified, measured, and an act of last-resort after diplomacy has failed. Do the recent events meet those criteria?
I guess, bottom line, assuming temporarily that you're for real, is... are you prepared to enter a global war over this? Because the moment you "drop a bomb", you've committed yourself to precisely that.
Re: (Score:2)
1,2) Questions for the pentagon
3) The precedent that eliminating such ambiguity rests with those nations. Determination of whether or not we were attacked and setting exact criteria isn't something I need to do to suggest a zero tolerance policy. The federal government has a zero tolerance no negotiation policy on hostage situations, to the point of stupidity, as a consequence nobody does that anymore. Given the kind of iron fist control these nations have over their networks in order to abuse their people
Re: (Score:1)
"I guess, bottom line, assuming temporarily that you're for real, is... are you prepared to enter a global war over this? Because the moment you "drop a bomb", you've committed yourself to precisely that."
Yes. That is exactly what the measure of our resolve should be and never should stop being. The lack of that kind of resolve with regard to this sort of attack is exactly what has gotten us here. If we resolve in kind we sideline our most powerful asset, our much more powerful force of arms and play their
Re: (Score:2)
A large portion of hacking attempts I see come from the US. I assume you're equally in favour of being bombed in response?
Re: (Score:2)
In favor of being bombed in response? I'm not concerned about these other nations adopting a similar policy if that is what you mean.
Re: (Score:2)
This inability to distinguish between self-defense and aggression is astounding. For a hint that you are wrong, it follows having to do things like refer to aggressive nations committing acts of war resulting in mass death and national instability as 'competition.'
Re: (Score:2, Informative)
Why not. Biden already bombed Syria. Following in Obama's footsteps, who bombed more countries than any president since Roosevelt. Of course, the only president in the last 34 years who didn't start a war was Trump.
Re: (Score:2)
Facts are facts. People need to stop declaring everyone who points out facts they don't like as trolls.
Re: (Score:1)
People that point out facts are Trumptards. Facts are for racists.
Re: (Score:1)
Re: (Score:2, Insightful)
Lazy? He crushed ISIS and the Taliban so thoroughly that they were begging for mercy. Funny how we stopped hearing about ISIS in the news just about exactly January 20, 2017 [wikipedia.org]. And they're ramping back up already. As are the caravans across the U.S. - Mexico border.
Re: (Score:3)
Russia crushed ISIS, not Trump.
It's amazing what happens when your armed forces actually do what they're purportedly in the region to do, and not spend their time destabilizing Syria.
Re: (Score:3)
https://www.cnn.com/2019/08/06/politics/pentagon-report-isis-syria/index.html
The Pentagon issues a report saying that ISIS is “re-surging” in Syria, less than five months after Trump declared the terror group’s caliphate there had been 100% defeated.
-Aug 8th, 2019 (2-1/2 YEARS after his inauguration).
Re: (Score:2)
I didn't say he did it in a few days. I said we stopped hearing about it almost immediately. Which is true.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Trump did some bombing in Syria himself. Also drone strikes.
The last president to take no military actions in the world was Carter.
Re: (Score:2)
Spoken like a true cave-man! The US obviously has the best of those! MAGA!
Re: (Score:2)
Maybe you are too much of a coward to bleed or spill blood as the price for personal liberty and democracy. I'm not. It could be argued that these principles and governance are the greatest invention and achievement of mankind.
These hostile elements are making great inroads in their attempts to manipulate the people into voluntarily enslaving themselves throughout the democratic societies of the world. This causes death, enslavement, abuse, etc. Harming people through indirect means is NOT more kind than ov
Re: (Score:2)
Maybe you are too much of a coward to bleed or spill blood as the price for personal liberty and democracy. I'm not.
More like I can see other ways to deal with this, while the only approach you have is violence. Like a true primitive you will probably go for more violence if that does not solve the problem. What you do not see and likely cannot see is that it is exactly defectives like you on the other side that cause the problem in the first place.
Re: (Score:2)
Re: (Score:2)
News at 11. People who suggest defense are attempting to stop the actions of their enemies.
Self-defense is cowardice because it suggests 'fear' of the harm the aggressor is actively inflicting upon you... the only reason the person being beaten to death might want to strike back is they are 'afraid' of the next kick to the gut by the bully. That's just so incredibly insightful. I never thought of it that way. I've seen the light now. Your courageous strategy of rolling over and saying 'thank you sir may I h
Re: (Score:2)
Re: (Score:1)
The US is not the only country with bombs...
Re: (Score:1)
You want the US to be reduced to a radioactive crater? Cuz that's what you're asking for.
Re: (Score:2)
Re: (Score:2)
How about the "Zero Cool Force"?
Re: (Score:1)
you were doing ok until this:
"It's not Russia or China that has a desperate obsession with getting into every system and recording every conversation on the planet"
Many news sources show otherwise.
Re: (Score:2)
Show some that don't start with "an unnamed US intelligence official said" or that show China hacking the communications of close allies, like when Obama tapped Merkle's personal cell phone.
Re: (Score:2)
So you've been getting the CIA and NSA memos? Do tell, don't hold back, lay it on us!
Re: (Score:2)
Whattabouttery is the mewling cries of hypocrites butthurt at anyone pointing out how mind-blowingly full of shit they are. It's propaganda about propaganda.
Re: (Score:2)
Damn, imagine people just chomping at the bit to come to your country. Of course now that Americans are not generating new Americans to replace the ones that go tits up, maybe some more immigrant Americans can help fund the SS and Medicare for the Blue Haired.