[160983] in North American Network Operators' Group
Re: NYT covers China cyberthreat
daemon@ATHENA.MIT.EDU (Richard Porter)
Thu Feb 21 02:29:58 2013
From: Richard Porter <richard@pedantictheory.com>
In-Reply-To: <CAArzuouo9Ypts9uu2DzCTvz5c6f0TUrV_8oSeJZ6+-Tn0u-JJA@mail.gmail.com>
Date: Thu, 21 Feb 2013 00:29:45 -0700
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
When you really look at human behavior the thing that remains the same =
is core motives. The competition makes sense in that it is human nature =
to aggresse for resources. We are challenged in the "fact" that we =
'want' to belong among the other five. This will never change but=85=85=85=
=85.
What is really a travesty here is that most of us have been saying "hey =
this is critical" and can now shift to "I told you so"=85 in that if you =
did what we said to do 1 =85 5 =85. 10 =85 years ago .. you would have =
"mitigated" this risk..
Basically, genetically we have not changed, so what behavior would =
suggest that (even with the introduction of faster calculators).. why =
would we change? Just means we would do X faster =85=85.
This is my first comment to the list.. please flame me privately to save =
the list :) *** or publicly who think I should really be spanked!!! ***
Regards,
Richard
On Feb 20, 2013, at 7:27 PM, Suresh Ramasubramanian =
<ops.lists@gmail.com> wrote:
> Very true. The objection is more that the exploits are aimed at =
civilian
> rather than (or, more accurately, as well as) military / government /
> beltway targets.
>=20
> Which makes the alleged chinese strategy rather more like financing =
jehadis
> to suicide bomb and shoot up hotels and train stations, rather than =
any
> sort of disciplined warfare or espionage.
>=20
> --srs (htc one x)
> On 21-Feb-2013 7:40 AM, "Steven Bellovin" <smb@cs.columbia.edu> wrote:
>=20
>>=20
>> On Feb 20, 2013, at 1:33 PM, valdis.kletnieks@vt.edu wrote:
>>=20
>>> On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
>>>> boys and girls, all the cyber-capable countries are cyber-culpable. =
you
>>>> can bet that they are all snooping and attacking eachother, the =
united
>>>> states no less than the rest. news at eleven.
>>>=20
>>> The scary part is that so many things got hacked by a bunch of =
people
>>> who made the totally noob mistake of launching all their attacks =
from
>>> the same place....
>>=20
>>=20
>> This strongly suggests that it's not their A-team, for whatever value =
of
>> "their" you prefer. (My favorite mistake was some of them updating =
their
>> Facebook pages when their work took them outside the Great Firewall.) =
They
>> just don't show much in the way of good operational security.
>>=20
>> Aside: A few years ago, a non-US friend of mine mentioned a =
conversation
>> he'd had with a cyber guy from his own country's military. According =
to
>> this guy, about 130 countries had active military cyberwarfare units. =
I
>> don't suppose that the likes of Ruritania has one, but I think it's a =
safe
>> assumption that more or less every first and second world country, =
and not
>> a few third world ones are in the list.
>>=20
>> The claim here is not not that China is engaging in cyberespionage. =
That
>> would go under the heading of "I'm shocked, shocked to find that =
there's
>> spying going on here." Rather, the issue that's being raised is the =
target:
>> commercial firms, rather than the usual military and government =
secrets.
>> That is what the US is saying goes beyond the usual rules of the =
game. In
>> fact, the US has blamed not just China but also Russia, France, and =
Israel
>> (see http://www.israelnationalnews.com/News/News.aspx/165108 -- and =
note
>> that that's an Israeli news site) for such activities. France was
>> notorious
>> for that in the 1990s; there were many press reports of bugged first =
class
>> seats on Air France, for example.
>>=20
>> The term for what's going on is "cyberexploitation", as opposed to
>> "cyberwar".
>> The US has never come out against it in principle, though it never =
likes it
>> when aimed at the US. (Every other nation feels the same way about =
its
>> companies and networks, of course.) For a good analysis of the legal
>> aspects,
>> see
>> =
http://www.lawfareblog.com/2011/08/what-is-the-government%E2%80%99s-strate=
gy-for-the-cyber-exploitation-threat/
>>=20
>>=20
>>=20
>>=20
>> --Steve Bellovin, https://www.cs.columbia.edu/~smb
>>=20
>>=20
>>=20
>>=20
>>=20
>>=20
>>=20
