Schneier on Security
A blog covering security and security technology.
« Security Theater on the Wells Fargo Website |
| On Secrecy »
March 14, 2013
Nationalism on the Internet
For technology that was supposed to ignore borders, bring the world closer together, and sidestep the influence of national governments, the Internet is fostering an awful lot of nationalism right now. We've started to see increased concern about the country of origin of IT products and services; U.S. companies are worried about hardware from China; European companies are worried about cloud services in the U.S; no one is sure whether to trust hardware and software from Israel; Russia and China might each be building their own operating systems out of concern about using foreign ones.
I see this as an effect of all the cyberwar saber-rattling that's going on right now. The major nations of the world are in the early years of a cyberwar arms race, and we're all being hurt by the collateral damage.
A commentator on Al Jazeera makes a similar point.
Our nationalist worries have recently been fueled by a media frenzy surrounding attacks from China. These attacks aren't new -- cyber-security experts have been writing about them for at least a decade, and the popular media reported about similar attacks in 2009 and again in 2010 -- and the current allegations aren't even very different than what came before. This isn't to say that the Chinese attacks aren't serious. The country's espionage campaign is sophisticated, and ongoing. And because they're in the news, people are understandably worried about them.
But it's not just China. International espionage works in both directions, and I'm sure we are giving just as good as we're getting. China is certainly worried about the U.S. Cyber Command's recent announcement that it was expanding from 900 people to almost 5,000, and the NSA's massive new data center in Utah. The U.S. even admits that it can spy on non-U.S. citizens freely.
The fact is that governments and militaries have discovered the Internet; everyone is spying on everyone else, and countries are ratcheting up offensive actions against other countries.
At the same time, many nations are demanding more control over the Internet within their own borders. They reserve the right to spy and censor, and to limit the ability of others to do the same. This idea is now being called the "cyber sovereignty movement," and gained traction at the International Telecommunications Union meeting last December in Dubai. One analyst called that meeting the "Internet Yalta," where the Internet split between liberal-democratic and authoritarian countries. I don't think he's exaggerating.
Not that this is new, either. Remember 2010, when the governments of the UAE, Saudi Arabia, and India demanded that RIM give them the ability to spy on BlackBerry PDAs within their borders? Or last year, when Syria used the Internet to surveil its dissidents? Information technology is a surprisingly powerful tool for oppression: not just surveillance, but censorship and propaganda as well. And countries are getting better at using that tool.
But remember: none of this is cyberwar. It's all espionage, something that's been going on between countries ever since countries were invented. What moves public opinion is less the facts and more the rhetoric, and the rhetoric of war is what we're hearing.
The result of all this saber-rattling is a severe loss of trust, not just amongst nation-states but between people and nation-states. We know we're nothing more than pawns in this game, and we figure we'll be better off sticking with our own country.
Unfortunately, both the reality and the rhetoric play right into the hands of the military and corporate interests that are behind the cyberwar arms race in the first place. There is an enormous amount of power at stake here: not only power within governments and militaries, but power and profit amongst the corporations that supply the tools and infrastructure for cyber-attack and cyber-defense. The more we believe we are "at war" and believe the jingoistic rhetoric, the more willing we are to give up our privacy, freedoms, and control over how the Internet is run.
Arms races are fueled by two things: ignorance and fear. We don't know the capabilities of the other side, and we fear that they are more capable than we are. So we spend more, just in case. The other side, of course, does the same. That spending will result in more cyber weapons for attack and more cyber-surveillance for defense. It will result in more government control over the protocols of the Internet, and less free-market innovation over the same. At its worst, we might be about to enter an information-age Cold War: one with more than two "superpowers." Aside from this being a bad future for the Internet, this is inherently destabilizing. It's just too easy for this amount of antagonistic power and advanced weaponry to get used: for a mistaken attribution to be reacted to with a counterattack, for a misunderstanding to become a cause for offensive action, or for a minor skirmish to escalate into a full-fledged cyberwar.
Nationalism is rife on the Internet, and it's getting worse. We need to damp down the rhetoric and-more importantly-stop believing the propaganda from those who profit from this Internet nationalism. Those who are beating the drums of cyberwar don't have the best interests of society, or the Internet, at heart.
This essay previously appeared at Technology Review.
Posted on March 14, 2013 at 6:11 AM
• 39 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The first Cold War was won by outspending the opponent...
What does "European companies [being] worried about cloud services in the U.S" have to do with nationalism? There's an obvious reason: concern over being sued for breaking their own national laws which implement the Data Protection Directive.
As George Santayana famously said, "Those who cannot remember the past, are condemned to repeat it."
We've been here before during the "Cold War." This is how people lived through the 1950s and 1960s. There was a bomber gap and then a missile gap. Eventually Russia fell apart under the weight of trying to keep pace with the US arms race that turned out to be very one sided.
Now we supposedly have a cyber-warrior gap. No one positively knows how many cyber-warriors Russia and China have or even if these people are associated with those governments. It's assumed they are associated with those governments because we're actively creating an Army for cyber-warfare.
But as my Mother used to say, "If someone says something about your character, it is usually a reflection on the character of the person making the statement." Under that premise, we're creating an Army because the Russians and Chinese are supposedly creating Armies. I'm sure if you asked the Russains and Chinese, they would tell you that they are creating their Armies because the US started creating an Army.
The NSA/CIA/DIA are evidently convinced that the US does not have enough cyber-warriors - hence the "gap." I'm guessing that we're likely on par with the other two, but we'll be fed the propaganda and paranoia that we're behind the curve until proven wrong long down the road.
none of this is cyberwar
Stuxnet and Flame, however, are.
Luckily for Kevin Mitnick that he lived in the right country and had the right passport.
They're also worried about US-centric practices such as warrantless searches and seizure of foreign-owned assets. Not only privacy for their customers but their own trade secrets, dealings, and intellectual assets.
Interesting paper on Chinese nationalism and hacking: "Hacktivism: a Theoretical and Empirical Exploration of China’s Cyber Warriors"
Agreed that this has been going on for a while and is espionage not war.
The things that differentiate the Chinese from other actors in my mind are:
1. They're very good at it
2. The dominance of state owned enterprises, with information specifically being targeted on their behalf. This is bleeding into broader sectors of the economy that China has determined are strategic (started with defence, but grown into high tech, resource sectors, etc).
While I have no doubt other nation state actors are pursuing similar espionage aims (albeit in different ways) this ecosystem of state owned enterprises benefitting from IP is somewhat more aggressive in China. While there is history of similar activity in the US (Airbus/Boeing Echelon scandal, for example) our adherence to international law makes this less likely to occur in the same way to the same volume, in my mind.
And then there's the idea of disinformation applied to combat cyber-espionage. The CIA is suspected of having accidentally caused a large gas explosion via feeding bad design info to the KGB. I wonder if the same thing is being done to the PRC?
i'm guessing "Remember 2001" should be 2010
There is one fact though repeatedly overlooked in these discussions. How many times has it been said "these attacks have taken place before, nothing new here?" The huge difference now is, attacks are taking place in spite of all the technology that was promised by the know-it-all's to prevent them. And now they have the nerve to swoop in after the fact and claim "oh here's the problem- you overlooked a single molecule, so it's really your own fault." That's why everybody is pissed and that's why they're scared.
Regrettably, nationalism with respect to the Internet merely mirrors nationalism in every other phase of government and politics.
There is no hope for eliminating the "first-world problem" of Internet censorship and authoritarian control until the more profound global problems of war, corruption, intolerance, and tyranny are taken care of around the world.
It's a bit more complicated than nationalism. One thing that makes it complicated is that multinational corporations are major "non-state actors" that have interests that are separate from those of various nation-states. Most Chinese state-owned enterprises are have strong business relationships with Western multinationals which means that both Chinese SOE's and Western multinationals have interests that are separate from those of their governments.
Also, it's not surprising to me that we have entered a period of nationalism since there isn't any other obvious ideology. Something important about the Cold War was that it wasn't about nationalism. It was "capitalism versus communism" so it was quite possible for a patriotic Russian, German, Korean, or Chinese to work in American interests because they really weren't fighting for the United States but rather fighting for democracy. If it was a battle between communism and capitalism, then it doesn't take a genius to figure out what side most multinational corporations would support. But today, the battle is between various forms of capitalism (China has a state sponsored capitalist system, but it's still basically a capitalist system) and so there's no obvious side for an MNC to support.
This is also one of the consequences of the US war in Iraq or Afghanistan. In 1995, it was possible for some who was patriotically Chinese to support US foreign policy on the idea that American democracy was the best possible system, and to put it crudely that Americans could run China better than the current Chinese government could. I don't think that after Iraq or Afghanistan that many people in either China or the US think that a US-run China would work better than the current government, and given that to be the case, there's no general ideology that the US can use to justify its actions other than national self-interest.
It's not just cloud storage and apps that are worrying various parts of the EU. The US especialy it's various law enforcment agencies have a very cavalier attitude to where other peoples boarders and jurisdictions are.
For instance the US effectivly has a prohibition on Internet gambliing for it's citizens (a rather pointless activity as the prohibition on Alcohol showed). However it does not have a prohibition on US citizens writting software for foreign companies quite legitimatly carrying out online gambling.
However as one US software writer found the NYC DA provided information to their equivalents in Arizona who sent a fully armed SWAT team to his house and then attempted to blackmail him into putting backdoors into his software...
This sort of behaviour of US LEAs forcing backdoors in US originated software puts EU companiies into an awkward position, as they are then in effect in breach of EU regulation, which the US Gov is only to well aware of but obviously have no qualms about doing...
I really don't think that the major SOE's are benefiting from massive IP theft. Ironically in the field of software it's usually the reverse. Western software companies face massive consumer pirating, but the odd things is that most large state-owned enterprises and government agencies have paid up software licenses. This is because SOE's are usually cash-rich so they find it easier to just pay for the licenses, and in exchange they get support and the really important pieces of IP in the form of know-how.
One thing that makes commercial secrets different from military secrets is that there isn't a single commercial secret that a for-profit company wouldn't be willing to hand over if given the right amount of money. So the aim of preserving a commercial secret is to merely implement rules that maximizes the amount of money that someone (like the Chinese government) finds it necessary to pay.
The other thing is that the entire US educational and technology system depends on cheap Chinese and Indian graduate students. Most of the Politburo have relatives in the US and kids in Harvard and Yale, and Obama's brother lives in Shenzhen and has a Chinese wife. So nationalism is important but there are also interconnections that make this more than a simple us versus them.
Also it's *NOT* in the interest of the either the US or Chinese militaries or corporations to have a war or even bad relations between the US and China.
It's perhaps in the interests of the military to play up the possible *threat* of war, but the worst thing for anyone is to actually start shooting at each other. One of the worst things for a peacetime general is to see all your toys go up in smoke in a real war.
I actually see a lot of effort on the part of the US government to bury the cyber-hacking story. (Hint: When you say you want a dialogue that means that you don't want anything to happen), and even more effort on the part of major corporations to do so. The amount of money that your average corporation loses through cyberhacking is pocket change in comparison to the loses if US-China relations go bad.
There is a ton of posturing because there are going to be budget cuts, and everyone wants to be in a position to justify why their program shouldn't be cut. China is one target, but I think that there is a realization that it doesn't make sense to point to China as the main target, because China could stop loaning the US money, at which point defense budgets cut gets even worse than they are.
One other weird thing is that I suspect that Beijing would actually prefer if the US stay a major military power which is perhaps why China keeps funding the US military.
If the US just decided to leave East Asia tomorrow, then within a year, both Japan and South Korea would likely go nuclear and Taiwan would be trying to declare independence, and Beijing would be stuck with trying to figure out what it's new role was, which would be a major distraction from domestic issues. Also, if the US just called it quits then the Middle East goes up in smoke which then cuts the supply of oil that China depends on.
Yes, the US is annoying, but people are used to it, and it's been ages since any US administration really did anything like a human rights lecture.
One thing that is interesting is that the US has put the focus on corporate IP which is the issue that China probably cares the least about. The initial story was when someone broke into the New York Times, and I doubt whoever did this was trying to steal the software. So its quite interesting that the initial trigger for this was likely a domestic security operation which is something that the US government interestingly has not objected to. The problem is that if the US objects very loudly for China doing a domestic security operation overseas, then the US can't do the same thing, even if the target is not China, but say Yemen or Pakistan.
Simon: The huge difference now is, attacks are taking place in spite of all the technology that was promised by the know-it-all's to prevent them.
No. The difference is that someone broke into the New York Times, and they were able to do that because the NYT had truly crappy security. One the NYT got broken in to, they got all huffy and annoyed. I wouldn't be surprised if the NYT had been throughly hacked for years and they just noticed now.
You also have a major budget battle in which everyone is trying to not get their program cut, and a cybersecurity company that saw a chance to get free publicity.
The important thing here is that no one here wants a war. People just want to collect a few billion in cash and then we have business as usual.
@joequant - yeah, it was truly crappy software AFTER the fact. After it failed then it was crappy. Not by design, but by results. And I guess you'd know how it was designed. I'm thinking of a doctor who can't diagnose a damn thing to save anyone, but likes to show up at funerals saying "they should have done this, they should have done that." LOTS of companies get hacked and don't know it - that's a problem. Can we just stop the mindless repetition of the same sound bytes over and over again, like "it's scare mongering because they just want billions of dollars bigger budgets." I guess the next time there's an influenza outbreak you'll claim the CDC fabricated the whole thing just to get more money for shiny new labs.
The thing about analogies is that they prove nothing. Yes, it may be a bad thing if the CDC ignores an influenza outbreak, but we are talking about computer security and not about an influenza outbreak.
And based on the information that has been provided, the NYT computer security was crappy. One curious thing is that getting hacked by the Chinese government is like getting your pockets picked in NYC. Anyone that does anything remotely related to China is going to get a phishing attachment and the attitude that most people that do anything China related toward the NYT is like someone falling for a Nigerian scam. On the one hand, you feel sympathetic for the victim, but on the other hand, you are thinking "what idiots."
One thing about Chinese hacking is that it's so common in Washington that it's not news. It's news to the NY Times, but they are in NY. The idea that the PLA is behind the NYT hacking is pretty laughable, and from my vantage point it looks like the NYT just doesn't want to admit to itself how crappy their security was, and claiming that you were hacked by an uber-hacker rather than by an amateur is part of that.
Simon: mongering because they just want billions of dollars bigger budgets.
It happens to be true. It's not a necessarily a bad thing, because part of the job of any politician (and this applies both to Beijing and Washington) is to manage the press and to influence public opinion, and people think emotionally. A lot of public relations is to get people to focus (or not to focus) on something, and those are basically emotional decisions. There are some well known tricks for doing that. One trick is that if you want someone to not think about A, you get them to think about B. If you want to get someone to think about A, you tell a story with high emotional content.
If you look at the recent newspaper articles in the US press, it's pretty clear that someone has an agenda. The most recent stories are on how important homeland and cybersecurity is, and how much of a waste of money the F-35 is. Reporters are dependent on politicians for information, and politicians have agendas. They aren't necessarily a *bad* agenda. If you honestly believe that issue X is important, then "scare mongering" is part of the political toolkit.
One fortunate thing is that no one in Washington is looking for an excuse to have a war with China and no one in Beijing is looking for an excuse to have a war with the United States. This is not like the situation in 2001 when lots of people were just looking for any reason they could for invading Iraq. Also, the agenda of whoever is feeding stories to the Washington Post doesn't seem to be in conflict with Beijing's agenda. If the US spends more money on homeland security and less money on the F-35, then I think that Beijing would think that this is just dandy.
If you look at the way that the US government is handling the situation, you see the standard procedure for burying a story (i.e. high profile actions that are intended to do nothing.) I've been a little surprised (and somewhat relieved) at how little China-bashing there has been.
I see this as an effect of all the cyberwar saber rattling that's going on right now
And the train keeps running...
Apparently US Senators are asking questions as to if China's ICBM's and other nukes could be launched by a cyber attack,
I sometimes wonder if I've fallen asleep and followed a white rabbit...
The more we believe we are "at war" and believe the jingoistic rhetoric, the more willing we are to give up our privacy, freedoms, and control over how the Internet is run.
This reminds me of the famous quote:
"… Naturally, the common people don't want war; neither in Russia nor in England nor in America, nor for that matter in Germany. That is understood. But, after all, it is the leaders of the country who determine the policy and it is always a simple matter to drag the people along, whether it is a democracy or a fascist dictatorship or a Parliament or a Communist dictatorship ….. voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country."
If you're really interested in Chinese cyber-nationalism, take a look at "Chinese Cyber Nationalism: Evolution, Characteristics and Implications" by Xu Wu (Lexington Books, 2007).
I also quarrel with the assertion that the US is conducing just as much industrial espionage against China as China is against the US (thus China is justified). I'd suggest reading T. L. Thomas's books beginning with "Dragon Bytes" for perspective.
I think that one obvious fact that has been missed is that somehow the Chinese security services and military have ended up with a working relationship with the Chinese hacker underground that just doesn't exist in the United States. You have communities of Chinese hackers that have ended up being rather nationalistic, and the Chinese government has managed to tap into this youthful enthusiasm and energy. Part of the reason that the Chinese government is at best turning a blind eye to patriotic hacking is the knowledge that if the Chinese government cracks down on hackers, then they'll turn all of that energy and knowledge against the Party.
One thing that concerns me is that if you start talking about things as if it were a "war" then it's pretty obvious that the US approach is a bureaucratic top-down approach that just is not going to work. The Chinese military came to power as a result of a guerrilla war, and so that sort of guerrilla thinking is part of Chinese national strategy and it works pretty well in cyberspace. We've just seen the consequences of fighting an insurgency with bureaucracy in Iraq and Afghanistan and the results weren't pretty. Just look at the US approach to cybersecurity. Meetings, budgets, and metrics.
The most important part of winning an insurgency is hearts and minds, and if the US military really wants to get serious about cybersecurity, then it needs to start getting the support (or at least non-opposition) of the Western hacker underground. Maybe dropping charges against Bradley Manning might be a start. China has it's share of Kevin Mitnick's and Aaron Swartz's, and at some point I suspect that the Party offered them a choice. They can either hack the Party and get a long prison term, or if they agree to direct their energies elsewhere, then the government is going to leave them alone. The thing is that the FBI isn't giving American hackers that sort of choice so waving the flag isn't an option.
Faced with this sort of choice, pretty soon you are going to have a lot of red hackers, and I can't help but think that at some point in the last month some group of hackers got a thank you note from the Ministry of State Security for a job well done and the more the NYT rails against hackers, the more of an ego boost that they have.
What I find bizarre is that the Obama administration is trying to get the Chinese government to sign on to a "corporate war against hackers" and I think that the people in Beijing realize what a stupid idea that is. If you don't keep lots of angry young men busy hacking corporate America, then they are going to start thinking of ways of overthrowing the Chinese government. If you are nice to angry young men eventually they become less angry middle aged men that end up starting high tech companies.
I think that one obvious fact that has been missed is that somehow the Chinese security services and military have ended up with a working relationship with the Chinese hacker underground that just doesn't exist in the United States.
There is a reason for this.
The Chinese political system is run as a series of fiefdoms via patronage.
Such a system rewards "chancers" rather handsomly provided their "luck" lasts. When it runs out they generaly end up without the security of the patronage and it's the end of the road for them.
The clever chancers know they are playing a numbers game and usually after an initial success or two to become "noticed" they build up their own fiefdom and pass patronage down (the so called trickledown effect) and take a percentage of the action without taking any risk.
What is becoming clear is that there are several tiers of hackers in the Chinese fold. The realy bright ones don"t get their hands dirty on the sort of low hanging fruit attacks that the NYT and similar have suffered they go in for the real low key very high value APT using zeroday attacks they have discovered and use very sparingly.
Those further down the food chain develop attack tools that are used by the neophytes who do the blanket coverage style attacks.
Clive: The Chinese political system is run as a series of fiefdoms via patronage.
Some of it, but most of it isn't. The trouble with patronage systems is that they allow the patron to act independently of the Party so the central government will move people around specifically to prevent patronage networks from forming.
It's better to compare the Chinese system to a birdcage. There are certain things that you are not allowed to do. As long as you don't cross those lines, you can do what you want. Hacking domestic computer systems is in the list of forbidden things. Hacking foreign systems isn't. The US government considers hackers evil. As long as they don't hack Chinese systems, the Chinese government doesn't.
One thing that worries me is that I think the US government is missing the big problem. It's not that the Chinese government is "stealing precious intellectual property", it's that the Chinese government has created an environment that shockingly is more friendly to people with computer and technological skills than the US has. For someone that can speak Chinese and work a computer, there are tons more opportunities in China than in the United States. I mean if the US is outsourcing technology jobs to China and India, then why would someone with computer skills want to immigrate to the US?
> we might be about to enter an information-age Cold War
The Cloud War?
I guess it's better than the risk of a Mushroom Cloud War us old timers grew up with.
One problem with describing this as a "war" is that in a real war, people die and people kill. People are willing to die and kill over freedom and democracy, and there are some resources (oil) that are important enough that people are willing to sacrifice their lives and the lives of their kids over. Intellectual property is not one of them.
One big change over the last few years is that the United States has seriously lost a lot of its "soft power" and respect all over the world including China. In 1989, the youth of China looked at the US as standing for democracy, and democracy is something that people are willing to stand in front of a tank over. If the main issue now is corporate IP theft, then no one is going to stand in front of a tank over that. Until 2008, even if the US didn't stand for democracy, it stood for prosperity and a fair and non-corrupt economic system, but even that has blown up. If the US stands for advancing US national interests or helping US corporations do business, that's fine, but don't expect anyone in China to stand in front of a tank for you.
So before we talk about a war, you need to explain what the war is about. If it's not something worth dying for or killing for then it's not a war.
One other thing is that it's not surprising that the internet has been carved up because different nations have different interests. The primary interest of the Chinese government is political control, but that leads to some odd compromises.
For example, P2P is very strictly banned in China, but the government allows and even encourages file sharing sites. You can get pirated copies of the latest movies and music on all of the major Chinese search engines and file sharing sites, and the government allows this because they can and do monitor the sites for political content, and they know that if they close those sites, people will go to P2P which is harder to monitor. In addition, letting people download pirated music and movies is part of the "bread and circuses" strategy.
You don't hear much about this in the West, because the MPAA is not complaining, and the MPAA is not complaining because most of these sites block non-China connections, and require you to register with a Chinese cell phone number. The government likes this because by registering with a cell phone, they can monitor you and know that you are just downloading movies, and the MPAA likes this because this means that the Chinese file sharing sites are off limits to non-Chinese which means that they don't lose any money that they wouldn't have had anyway.
One other odd thing about China is that Chinese law is very strict about private sites sharing user information. Under a strictly enforced Chinese law it is illegal for a website to share user information with another site. There is also a strictly enforced Chinese law that prohibits spamming and private collection and sales of database. There are political considerations here. Basically the Chinese government does not want non-government institutions to have databases that the government cannot control.
Also, they want to reduce resistance to people providing personal data. If people think they are going to be spammed they are going to be more likely to hide themselves, whereas if they know that the only people that have access to the information are the police and the Communist Party, they are more likely to provide it. If you are a political dissident, yes you want to hide your tracks, but most people aren't political dissidents and find telemarketers more annoying than the Ministry of State Security, so they don't object to giving information to the MSS as long as the spammers don't get it.
(Something else that's different from the US is attitudes toward identification cards and national ID numbers. In China, asking someone to show you their identification card or give them your national ID number is like asking them to drop their pants. If you ask someone off the street to see their ID card, they will ask you to show them your police ID, and if you are not a police official or someone that has specific legal authorization to ask for ID (i.e. a bank, a medical doctor, a tax official, or getting a cell phone number), they'll tell you to get stuffed.)
Part of the political strategy of the Communist Party is "ease" and "convenience" so as it make it difficult for a political dissident to hide. If the Party makes music and movie file sharing easy, then if you start using P2P software, you stick out, at which point you get a invitation to chat with State Security to see what you are up to. Similarly if everyone routinely gives up their cell number to register online and that cell number can be traced an ID card, the few people that don't get noticed. Paradoxically, that can result in more privacy if you aren't a political dissident.
Getting back to ideas. Wars are about ideas. However, it's really difficult to present any current conflict between the US and China as a simple one between freedom (YAAAAHHHH!!!) and oppression (BOOOOOOO!!!!!). That might be a good thing because if it's just about nations rather than ideas then it starts looking like a conflict between sports teams, and if that's the case people are going to start having some serious thoughts as to whether it's worth it before pulling the trigger. Yes, Yankees and Red Sox fans will fight each other online, but no one sane is going to die or kill anyone over baseball.
It is a pleasure to congratulate Bruce Scheiner for this excellent contribution. To quote
"the more willing we are to give up our privacy, freedoms, and control over how the Internet is run------"
Let us face it: There is nothing like Privacy, Freedom and Control on the Internet anymore!!!
Every Country (including mine - India) subject to terrorist attacks is obliged to give up individual freedom for the greater good of the Country.
And so be it.
All evidence points to China doing the hacking. They have the motive, the capability, and the means.
I have to wonder at anyone saying China is not behind these things. What is their motive for saying this.
What is also true, however, is the hacking China is doing is setting up tense relations between the world's two closest superpower rivals. And for the US to have struck at Iran in the way they did... that is not good.
Iran is known to be sneaky and very capable. They are also revenge focused. They do not have a problem with performing mass casualties through extensive undercover operations -- even if it means they have to pose as Sunnis.
The nations are much more easy to manipulate with modern technology.
Someone can attack another nation from afar with what appears to be their signature on the attack.
Before computers, this required human evidence.... spies being caught in the government, in top secret programs... missile bases in Cuba and Turkey....
Tangible things. Tangible evidence.
I have to wonder at anyone saying China is not behind these things. What is their motive for saying this.
China is behind some of it, BUT by no means all of it. Many nations,
have the motive, the capability, and the means
And quite a few Russia & Israel in particular are activly doing so.
So contrary to your statment of,
All evidence points to China doing the hacking
Only the evidence that has been specificaly selected to show only China is being given "air time".
Thus you should look a little deeper and ask in who's interest it is to rattle the saber in China's direction only?
And then ask why it's in their interest to hood wink as many people as possible into their view?
Because by not doing so you are "sleep walking" down a path that potentialy leads into a rather dangerous future for you...
Q: I have to wonder at anyone saying China is not behind these things. What is their motive for saying this.
A lot of it involves making sure that you drop the bombs on the right people (both figurative and literally). If you are interested in starting a war with China in the same way that people were interested in starting a war with Iraq, then the facts don't matter, but for everyone else, they do.
Personally, I'm of the very strong opinion that some part of the Chinese government was involved in hacking the NYT, and the Chinese government has been extremely persistent at information gathering for overseas human rights and secessionist groups.
But I don't see that the Chinese government has been behind the DDOS attacks on Western banks, or the intrusion into critical infrastructure. To what extent China has been involved in corporate spying seems to me to be an open question.
Also it matters if you deciding the level of security that you want to put up. If you are Lockheed-Martin, you probably aren't considered with information on Tibetan dissidents, whereas if you are a Tibetan dissident group you aren't worried about leaking high tech information. Since different parts of the Chinese government have different capacity, it matters a lot which part of the Chinese government is after you.
Q: What is also true, however, is the hacking China is doing is setting up tense relations between the world's two closest superpower rivals.
Relationships are always going to be tense. However, even with the hacking, US-China relations are a lot better than they've ever been. The fact that people are talking about cyberwarfare and not bullet-based warfare is a pretty large improvement.
One thing that I find interesting is the type of hacking that annoys the United States. No one US official has complained about the Chinese government targeting human rights groups. I find that quite interesting.
--Ok, I have to ask; do you like math? Anyway,
The fact that people are talking about cyberwarfare and not bullet-based warfare is a pretty large improvement.
--OK, good point. BUT, Would it be fair to say, one could possibly inflict some very serious (if not more) damage on you with just cyberwarfare? By cyber I mean electronic in the sense that some random is attacking you electronically. The ultimate attack by far is shutting down your power; w/o that, one can inflict SERIOUS damage on you.
So, those power lines and boxes by your houses; yeah those are critical. I personally would like to secure better power supplies for the apocalypse.
Obviously, from a strategic standpoint, eliminating a target's power is just so destructive; in layman's terms, you're f*cked.
--Sorry forgot to mention the kinda-large boxes around traffic lights. Yeah, they are collecting info on you (and transmitting it on the internet); so...smile for the cameras that are being added to the microwave radars.
If you feel like "freaking out", I know how you feel; and I'm sorry.
@Bruce & MOD
--Sorry for 3X post (I'm angry)
-There are other horrible attacks; but loss of power is just so crucial I see it as "GameOver".
-Disgusting PHYSICAL attacks could be worse (I shall never reveal, as no one else should reveal their secret attacks as it opens up prosecution of you)unless someone else has obviously thought of it); where someone is fingerprints tampering w/ areas you think to be "pristine".
--To make the "Hopeless" feel a little better, there are many holes; so you can still easily assert your power and respect, if you're discrete, which is easy and you can still have "power".
All the little "script kiddies" who think they can't be tracked; well they're in for a little surprise.
Hacking is Good, it exposes weaknesses, hackers should be applauded and rewarded not prosecuted by Govt, eg, crash or breach our security, earn £20,000.
We should be thanking the Chinese.
To outside the box thinking for any Government though.
No one noticed the typo? ermsmous?
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.