APT10 and Cloud Hopper

There’s a new report of a nation-state attack, presumed to be from China, on a series of managed ISPs. From the executive summary:

Since late 2016, PwC UK and BAE Systems have been assisting victims of a new cyber espionage campaign conducted by a China-based threat actor. We assess this threat actor to almost certainly be the same as the threat actor widely known within the security community as ‘APT10’. The campaign, which we refer to as Operation Cloud Hopper, has targeted managed IT service providers (MSPs), allowing APT10 unprecedented potential access to the intellectual property and sensitive data of those MSPs and their clients globally. A number of Japanese organisations have also been directly targeted in a separate, simultaneous campaign by the same actor.

We have identified a number of key findings that are detailed below.

APT10 has recently unleashed a sustained campaign against MSPs. The compromise of MSP networks has provided broad and unprecedented access to MSP customer networks.

Multiple MSPs were almost certainly being targeted from 2016 onwards, and it is likely that APT10 had already begun to do so from as early as 2014.
MSP infrastructure has been used as part of a complex web of exfiltration routes spanning multiple victim networks.

[…]

APT10 focuses on espionage activity, targeting intellectual property and other sensitive data.

APT10 is known to have exfiltrated a high volume of data from multiple victims, exploiting compromised MSP networks, and those of their customers, to stealthily move this data around the world.
The targeted nature of the exfiltration we have observed, along with the volume of the data, is reminiscent of the previous era of APT campaigns pre-2013.

PwC UK and BAE Systems assess APT10 as highly likely to be a China-based threat actor.

It is a widely held view within the cyber security community that APT10 is a China-based threat actor.
Our analysis of the compile times of malware binaries, the registration times of domains attributed to APT10, and the majority of its intrusion activity indicates a pattern of work in line with China Standard Time (UTC+8).
The threat actor’s targeting of diplomatic and political organisations in response to geopolitical tensions, as well as the targeting of specific commercial enterprises, is closely aligned with strategic Chinese interests.

I know nothing more than what’s in this report, but it looks like a big one.

Press release.

Tags: China, cyberespionage, espionage, malware

Posted on April 5, 2017 at 10:42 AM • 50 Comments

Comments

Carl Byoir • April 5, 2017 11:23 AM

The press release claims that this op is “thought to be one of the largest ever sustained global cyber espionage campaigns in an operation.”

The breathless quality is hardly surprising.

But what should raise questions is why Mr. Schneier is so quick to amplify this message by repeating it on his own site with very little skepticism outside of a perfunctory qualification: “I know nothing more than what’s in this report”

But, hey, it’s could public relations for a security company to get their name spread around. Who cares if it’s true or not?

John Smith • April 5, 2017 12:05 PM

@Carl Byoir

The quality of the program commissioned by the greatly loved leader of such a mighty and glorious nation does indeed remove one’s breath from within the rib cage. Just saying.

keiner • April 5, 2017 12:25 PM

Cloud = IoT for business 😀

information wants to be free • April 5, 2017 12:25 PM

A big reminder of why setting up back doors to encryption systems is such a bad idea. The same tool that would allow the NSA to spying on innocent citizens, would allow state actors like China’s or Russia’s to screw up data everywhere.

John Galt • April 5, 2017 12:27 PM

Sounds like the authors are scamming for another big Black Budget paycheck.

I call BS.

(I never thought about using network mapping software to automatically generate scam budgeting material for cyber-psychos.)

Tatütata • April 5, 2017 12:38 PM

The report relies a lot between a correlation between various time stamps and the UTC+8 time zone. The authors point their finger to the PRC, without appearing to consider any other possibilities, or disproving them. (The recent CIA coding guidelines spring to mind). What about other factors such as summer time?

A bit circumstantial IMO; John LeCarré mentioned something about the different standard of proof which distinguishes spy from police work.

Tong in cheek • April 5, 2017 2:08 PM

This is hilarious. All the same baked Virginia Tech goobers who fell for Russiadidit now stampede to Chinadidit. Here are their IOCs:

//Add foreign languages
//Chinese
WARBLE wcChinese[] = L”汫汭沎煘煓瑐廘榙榾誙钃麷, 鶭黮齥逯郹崸嵀惉滭滹漇緳踶輵浶洯浽螭蟅謕嵉愊惵橀趏跮, 嵥垼娕蟷蠉蟼鏀顝饇, 壾鞈頨跣鉌鳭郺鋋錋綒嗛嗕塨灊灅甗礌簨繖轒醭醆鋍鞎糲蘥蠩炾笀耔嵷螭蟅, 駍駔鳿簻臗藱棳棔欿嵷揳揓”;

Ching Chong! Ching Chong! Yum yum chicken feet!

https://wikileaks.org/ciav7p1/cms/page_14588467.html#efmCOoCS7

http://www.veteranstoday.com/2017/03/21/neo-the-danger-of-underestimating-the-cias-web-of-control/

Professional dupes.

Anura • April 5, 2017 2:23 PM

@Tong in cheek

Please explain what that code does for the reader. Once understand it enough to do that, you will realize that wikileaks is spinning specifically to cast doubt on the Russia investigation.

There is absolutely nothing interesting in that document to anyone who doesn’t have an academic interest in malware.

de La Boetie • April 5, 2017 2:31 PM

What we DO know is that x-eyes have been “sharing” the fruits of mass surveillance between themselves, and this is certain to include copious and extremely economically valuable information, ripe for institutional (central banks and the key banking players) and individual “freelance” insider dealing for example. The claims that they will not use this information “against” other countries in the pact are simply not credible.

I’d much rather businesses focused on this known threat of intellectual property and business secret theft rather than the threat from non-Western nations (who will obviously be seeking to do the same things).

Scissors • April 5, 2017 2:41 PM

Am I the only one noticing that commenters here immediately suspect and question a Western report saying “China did it”? If Wikileaks posted a report from China saying “NSA did it”, would it be taken with the same suspicion?
Please don’t ignore smaller bullies because it’s fashionable to attack the big ones.

albert • April 5, 2017 2:52 PM

@Tatütata,

At least they assign probabilities to their assessment terms*. That’s something you’ll never see in our MSM. China and Russia are the bogeymen du jour. Any metaphysical certitude about their hacking of US targets keeps them there. The danger is, as always, the psychopaths in the State Dept (and the military) fanning the fires in the Executive Branch, who may decide to ‘pull the trigger’ on them at some point. Sometimes the Corporate Lapdogs forget who’s really running the show.

That said, it’s pointless Political Theater to worry about attribution, but it’s exactly what they want you to do. Pissing and moaning about state actors cyber-attacks is much cheaper than fixing the problems. A micro-example is the ongoing BS being spewed by the Democrats re: the DNS hack: vilify the messenger and ignore the data.

Where’s the public outrage?
Where are the voices calling for a massive overhaul of our Internet?

Face it, ‘computer security’ is a joke, and it’s biggest enemies are the LE/IC and their corporate co-conspirators.

@Scissors,
It’s -safer- to attack the big ones, because we can’t bomb them into submission. The CIA can, and does, take care of the little ones.

see the Appendix in the paper cited.
. .. . .. — ….

Tõnis • April 5, 2017 3:39 PM

@albert,

“That said, it’s pointless Political Theater to worry about attribution, but it’s exactly what they want you to do. Pissing and moaning about state actors cyber-attacks is much cheaper than fixing the problems. A micro-example is the ongoing BS being spewed by the Democrats re: the DNS hack: vilify the messenger and ignore the data.”

Precisely. It’s like the whole blame the President thing. No matter which administration, whether democrat or Republican, “liberal” or “conservative,” “the President” is the convenient scapegoat for every bad act the criminals acting in the name of our government commit, as if there weren’t hundreds of other culprits in Congress who are complicit when it comes to the wars, invasions, spying on citizens, illegal alien presence, TSA’s depraved acts, etc. Citizens might actually have some access to the Senate and House representatives from their respective states, but if you blame everything on a figurehead who 99.9% of people don’t have access to you effectively neutralized people when they develop a “can’t fight city hall” mentality.

“Face it, ‘computer security’ is a joke, and it’s biggest enemies are the LE/IC and their corporate co-conspirators.”

Agreed. That’s like the complete joke of Verizon bringing up Yahoo’s data breaches … as if Verizon isn’t one of the NSA’s biggest collaborators.

Tong in Cheek • April 5, 2017 3:44 PM

Don’t worry, anura, your host’s IBM corporate snowflakes have already stuffed those nasty ol’ documented facts down the memory hole as a deliverable product for Big Brother RFP 8498/15G(2). There is absolutely nothing interesting in that document for patriotic dupes who fall for Dzerzhinsky’s patronymic as digital pocket litter. There, fixed it for ya. IOC obfuscation policies confirm what every sentient observer tells you, that attribution is crap when your government exploits it for illegal war propaganda. Nonetheless, when your designated enemies adduce documents, they’re spinning. When they release massive cryptographically-authenticated archives, they’re spinning. Your Fearless Leaders say so. …quick, stand up, they’re playing the Star-Spangled Banner!

Still an Anon Coward • April 5, 2017 4:11 PM

Does anyone know which Managed Service Providers were hit? Does it matter or are they all hopeless against pick-a-country’s best attackers?

Are companies rethinking the MSP model or does it save money that they invest in better cyber-defense? /nosarc

Thanks.

Anura • April 5, 2017 4:28 PM

@Tong in Cheek

Sorry, but being an ass and making accusations doesn’t make up for your ignorance. That tool has absolutely nothing to do with faking attribution. It’s just a string obfuscation tool that supports multiple languages; that’s it. Do you think that attribution is done by finding the strings and determining if they are English or Russian? No, they compare to other malware, looking at the techniques and whether it appears to be developed using the same tools. Sharing code like this makes attribution to the CIA easier – although this has features designed to protect against that such as randomization but that makes attribution more difficult, it does not make faking attribution easier.

Besides that, if there was Russian text in the malware, I would expect it to be targeted at Russia, not targeted at the United States. I can’t think of any actual reason to have Russian or Chinese strings in malware if it is targeted at US computers.

John Galt • April 5, 2017 4:44 PM

@ Still an Anon Coward

Does anyone know which Managed Service Providers were hit? Does it matter or are they all hopeless against pick-a-country’s best attackers?

Are companies rethinking the MSP model or does it save money that they invest in better cyber-defense? /nosarc

Google, Microsoft, and iCloud. LOL

They need more DOD Black Budget money because nobody is buying their cloud crap — except the govt.

Google for Govt. MS O365. etc. Not only do they have all that govt data, they demand that Americans pay an annual tribute of $20 Trillion to defend it from the boogieman.

That’s effective cost savings for govt, isn’t it?

If they don’t get the money, Google/MS/iCloud will release the passwords to Trump’s, Ryan’s, Feinstein’s and Schumer’s email accounts on the Tor network for CIA ops to cause havoc.

People are finally waking up. Unfortunately, we may run out of nukes taking out all those boogiemen.

Obviously, the solution is NOT put your data in “the cloud” … cuz all you are doing is creating a “big target” that justifies the cost/benefit ratio of such an “attack.”

Meanwhile, I recommend you stock up on potassium iodide — in case you survive the first volley.

Tong in Cheek • April 5, 2017 4:57 PM

Anura. You are clearly unaware of the yeoman work linking purported Russian malware to githubs used by Russia’s Georgian adversaries. You are also clearly unaware of the fine points of the Crowdstrike hackwork. Linguistic artifacts figured prominently in each case, for better or worse.

I’m not surprised you can’t think of any actual reason. But CIA can. CIA certainly thinks you’re stupid enough to fall for Russian or Chinese strings in malware targeted at US computers. Their Ukronazi cutouts lay it on with a trowel. And if you don’t think CIA illegally targets domestic computers, wait till you see what they spin you in Vault 7 Part 6. Your patriotic head will spin.

Anura • April 5, 2017 5:31 PM

@Tong in Cheek

That’s nice, and has absolutely nothing to do with anything I wrote. It seems like you are so desperate to latch onto anything to “prove” the CIA attacked the DNC that you are missing the forest for the trees. If the CIA wanted to fake attribution to Russia, they would simply reverse engineer Russian malware. They would not create their own using their own internal tools.

Either way, the point is that we can safely say that wikileaks commentary is straight-up propaganda that exploits confirmation bias and the ignorance of the technologically challenged. It’s a boring leak of a boring tool that someone quite obviously and deliberately lied about the nature of, solely for the sake of advancing their own agenda.

Baseless accusations just make you look desperate; it doesn’t make your argument any better. If anything, making accusations of partisanship in response to technical arguments just proves you lack the knowledge to be able to refute the points made.

John Galt • April 5, 2017 6:15 PM

@ Tong … @ Anura

That’s nice, and has absolutely nothing to do with anything I wrote. It seems like you are so desperate to latch onto anything to “prove” the CIA attacked the DNC that you are missing the forest for the trees. If the CIA wanted to fake attribution to Russia, they would simply reverse engineer Russian malware. They would not create their own using their own internal tools.

I have news for you:

1) The DNC was hosted at AppRiver using Hosted Exchange.

2) The DNC did not have their own servers.

3) Cloudstrike is Full of Caca.

4) The DNC is full of wacko psychos that would rather burn down your city than admit the truth.

5) I’ve done my own forensics.

Wanna know how the emails were really acquired? The answer is SIMPLE. There are only two possible answers: And, neither has anything to do with Russians or any other third party.

Tong in Cheek • April 5, 2017 6:20 PM

Don’t be silly. Why would CIA need to attack the DNC? The DNC leaked like a sieve.

I didn’t call you a partisan, I called you a patriot, which is worse. Now that you mention it, though, your curious animus toward Wikileaks makes you sound like a victim of Dem party propaganda. Putting in trending media snippets of pop epistemology like ‘confirmation bias’ reinforces that impression. If you actually knew your inductive logic, you wouldn’t be trying to slip in NPR pap like, ‘We can safely say.’

Anyway, the point is CIA systematically eavesdrops on VIPs and fabricates illegal war propaganda, and you seem to be OK with that. Do you pretend you live in a free country?

http://www.veteranstoday.com/2017/03/21/neo-the-danger-of-underestimating-the-cias-web-of-control/

Wikileaks work their little fingers to the bone to show you just how it’s done, and you’re all Ho-hum. How dreadfully downtrodden you people have become. No wonder the Russians tie you in knots whenever they want.

You vocationally-trained individuals all seem to share the same mental tic of fixating on a single non-dispositive point and intently missing the Gestalt. That must be very helpful on the job.

Tong in Cheek • April 5, 2017 6:33 PM

@John Galt, Platte River Networks is indeed a comically phoney proprietary in the grand tradition of high-school teacher Jeffrey Epstein’s billion-dollar minimum hedge fund. They vaunt the same mortifying ineptitude as Watergate plumbers taping and re-taping the latch. They are crucial.

John Galt • April 5, 2017 6:44 PM

@ Tong…

PRN was Hillary’s email provider after her Apple OSX setup.

PRN was not used by the DNC.

Anura • April 5, 2017 7:04 PM

@John Galt

Can you please point me to where anything you wrote addresses anything that I wrote?

@Tong in Cheek

I didn’t call you a partisan, I called you a patriot, which is worse.

Based on what? Pointing out that you don’t know what you are talking about?

Now that you mention it, though, your curious animus toward Wikileaks

I have no love for the CIA, and my problem with wikileaks is purely the propaganda – if they were honest then I wouldn’t have a problem (of course, you wouldn’t be here spreading their BS either). I simply believe in democracy, and I believe that making sure the people are well-informed is the single most important part of democracy and thus those that work against informing the people are enemies of democracy.

Tapping Numero Uno Wires • April 5, 2017 7:06 PM

Think they will target Trumps highly secure Samsung smart-phone?
Hope the echo is not to loud when the two leaders talk.
Will his ISP also be legally listening in now too? Will they unmask (certainly at least his hairdo)?

Tong in Cheek • April 5, 2017 8:56 PM

I see.

Just to clarify, publishing authenticated documents withheld from public scrutiny in breach of state obligations and commitments detailing breaches of peremptory norms, is that working for or against informing the people?

Anura • April 5, 2017 10:47 PM

@Tong in Cheek

Lie about the details, knowing that by the time people have a chance to dig through and find out the truth, people will have already heard the lie which the story will then be old news when the truth comes out (and a lot less interesting), and most people who don’t choose to follow the story will only hear the lie? Wasn’t that like the SOP for right-wing propaganda outlets during the election season?

John Galt • April 5, 2017 11:50 PM

@ Anura…

YOU ASKED,…

Can you please point me to where anything you wrote addresses anything that I wrote?

IN SUMMARY, You and Tong are arguing about the “attribution” of the DNC ‘hack’ to the Russians.

WRONG. I said, The Russians (NOR ANY OTHER THIRD PARTY) had absolutely ZERO responsibility for the DNC leak.

I answered you with how it REALLY happened… setting YOU AND TONG both straight.

You should really check it out yourself. The proof is already available to you if you are technically competent.

YOU SAID…

That’s nice, and has absolutely nothing to do with anything I wrote. It seems like you are so desperate to latch onto anything to “prove” the CIA attacked the DNC that you are missing the forest for the trees. If the CIA wanted to fake attribution to Russia, they would simply reverse engineer Russian malware. They would not create their own using their own internal tools.

WRONG. If you are technically competent, then you will know that this entire subject is a straw man. It cannot be attributed to Russia. Only the media lies are propaganda. What I’m telling you will never appear in MSM — cuz the MSM-Russia sh!t is the biggest and most dangerous lie of the 21st Century.

I have no love for the CIA, and my problem with wikileaks is purely the propaganda – if they were honest then I wouldn’t have a problem (of course, you wouldn’t be here spreading their BS either). I simply believe in democracy, and I believe that making sure the people are well-informed is the single most important part of democracy and thus those that work against informing the people are enemies of democracy.

WRONG AGAIN. Not propaganda. Absolute unadulterated truths. Assange wasn’t lying.

Wikileaks said the Russians had nothing to do with it. I know the TECHNICAL REASONS why that is an absolute, provable fact.

And, the proof is already available to you if you are technically competent and you know what to look for.

YOU SAID, …

I simply believe in democracy, and I believe that making sure the people are well-informed is the single most important part of democracy and thus those that work against informing the people are enemies of democracy.

SO… the Question to you is: Are you going to be a truthful well-informed asset to democracy or an enemy of democracy… knowing what I just told you… and that you can verify for yourself???

YOU SAID, …

Baseless accusations just make you look desperate; it doesn’t make your argument any better. If anything, making accusations of partisanship in response to technical arguments just proves you lack the knowledge to be able to refute the points made.

My next question to you: Are you technically competent?

If so, you should already know that the Russians did not hack the DNC.

Just like me.

Figuring things out for yourself is the only freedom anyone really has. Use that freedom.

Figure it out. It’s right under your nose and you can’t even see it. Why? Have you looked? Stop regurgitating all of the lies.

Anura • April 6, 2017 12:39 AM

@John Galt

Given your poor reading comprehension, I seriously doubt your investigative skills.

John Galt • April 6, 2017 2:09 AM

@ Anura…

You gotta be another one of those snowflakes.

You are an “enemy of democracy”… your own words.

**sigh** • April 6, 2017 3:18 AM

Come on guys, take it easy here, you’re not at home. Don’t feed the trolls.

Wael • April 6, 2017 4:50 AM

@suugh,

you’re not at home. Don’t feed the trolls

Are you implying we have pet trolls at home? 😉

Must be the phase of the moon.

facts_footnotes_please • April 6, 2017 4:53 AM

from: bae systems and pwc pdf above (from appendix; edited by me)

“Probabilistic language
Interpretations of probabilistic language (for example, “likely” or “almost certainly”) vary widely, and to avoid misinterpretation we have used the following qualitative terms within this report when referring to the level of confidence we
have in our assessments. Unless otherwise stated, our assessments are not based on statistical analysis.

@John Galt

“Google, Microsoft, and iCloud. LOL”

Google references in the pdf are relativel old (2010-2011), Windows references, but no references, afaik, for iCloud or Microsoft.

facts_footnotes_please • April 6, 2017 5:29 AM

My scientific wild-assed guess (“‘swag'”) is that the timing of this cloudhopper release is related to the
president of the people’s republic of china, xi jinping’s, upcoming visit to a golf course resort, although i don’t think he plays golf.

i hope president trump doesn’t start a war with north korea.

https://www.democracynow.org/2017/4/4/full_interview_noam_chomsky_on_democracy
[lengthy text deleted by moderator]

facts_footnotes_please • April 6, 2017 5:59 AM

more from democracy now
https://www.democracynow.org/2016/12/16/trump_has_appointed_more_generals_in
[lengthy text deleted by moderator]

Tatütata • April 6, 2017 6:10 AM

Is it really necessary to copy-and-dump a large amount of text to support your point? Wouldn’t have a link sufficed?

Tom Cullen • April 6, 2017 6:48 AM

@Anura,

You’ll find solace in the fact that Gannon got banned for pinning the recent chemical attack in Syria’s fashion on the CIA.

What phase are we in currently?

Wael • April 6, 2017 8:20 AM

@Tom Cullen,

What phase are we in currently?

Almost there. Give it a few more days and buckle up.

Anura • April 6, 2017 8:35 AM

@John Galt

The thread is up there, available for anyone to read. Either you are just a dishonest person in general, or you are so biased that you lack the ability to read something that disagrees with you without inventing your own narrative about what it says. Either way, you’re not worth my time.

Dirk Praet • April 6, 2017 8:37 AM

@ albert

That said, it’s pointless Political Theater to worry about attribution

I agree. I’m also not surprised about the timing, as someone else pointed out. The more pressing concerns here are which safeguards and incident response procedures were in place, to which extent they were effective, what countermeasures have been taken, and whether or not the customers of the affected companies have been correctly informed.

@ Tom Cullen

You’ll find solace in the fact that Gannon got banned for pinning the recent chemical attack in Syria’s fashion on the CIA.

I suppose you meant Bannon? It’s kinda obvious that McMaster was behind that, but he’s still on the WH SIG (Strategic Initiatives Group).

Although the explanation given by the Russians (“it would seem we hit a chemical weapons facility”) is simply poppycock, I cannot understand why Assad would do something as blatantly stupid as that just when everything started looking really good for him. It defies all reason. Without precluding anything, the logical explanation here is that whoever was behind this barbaric attack is a really determined and resourceful actor who wants both Assad gone and drive a wedge between the US and Russia. Which leaves precious few candidates.

@ Tatütata, @ facts_footnotes_please

Is it really necessary to copy-and-dump a large amount of text to support your point? Wouldn’t have a link sufficed?

Motion sustained. It also belongs in the Squid thread.

Putin is Definitely Not Gay, Not At All • April 6, 2017 8:46 AM

Looks like the Russian state propaganda machine has discovered Schneier and is polluting the comments here with disinformation. As their favorite idiot says, “Sad!”.

facts_footnotes_please • April 6, 2017 9:58 AM

@Tatütata, @Dirk Praet
motion passed, but no guarantees

current events department:
http://www.newyorker.com/news/evan-osnos/can-trump-match-xi-jinpings-game

possible background information on this weekend’s principals who meet at the mar-a-lago resort:
president xi jinping
http://www.newyorker.com/magazine/2015/04/06/born-red
president trump
http://www.newyorker.com/magazine/2016/07/25/donald-trumps-ghostwriter-tells-all?mbid=social_facebook

John Galt • April 6, 2017 11:41 AM

@ Putin…

Looks like the Russian state propaganda machine has discovered Schneier and is polluting the comments here with disinformation. As their favorite idiot says, “Sad!”.

My expose on the DNC non-hack has that affect.

I seriously recommend that you check out the Appriver system and the DNC emails. If you are competent, you will realize what I already realized. As I said, before, the DNC is willing to riot and burn the cities across America because they won’t admit the truth about the DNC hack — and they need a scapegoat(s).

Who got hacked? • April 7, 2017 8:42 PM

Lots of commentary about who did it, but nothing about which MSP’s got hacked? Surely someone has an idea?

Ben • April 7, 2017 10:24 PM

This is kind of sad, the commentary on this blog used to be something I looked forward to reading and gaining more insights and more things to read. This is just uninformed conjecture that somehow goes partisan when talking about a topic that is sufficiently separate. I feel sorry for Bruce.

John Galt • April 8, 2017 2:30 AM

@ Ben

[[[ This is kind of sad, the commentary on this blog used to be something I looked forward to reading and gaining more insights and more things to read. This is just uninformed conjecture that somehow goes partisan when talking about a topic that is sufficiently separate. I feel sorry for Bruce. ]]]

Here’s the real problem: It’s not the commentary. It’s the subject matter stories.

We are now away to all the BS propaganda topics-of-the-day. We now see the Wizard of Oz behind the curtain.

As to “uniformed conjecture”,… guess again. Personally, I am WELL informed.

Dirk Praet • April 8, 2017 7:15 AM

@ John Galt, @ Ben A.

Here’s the real problem: It’s not the commentary. It’s the subject matter stories.

John, for what it’s worth, I think the main issue is to refrain from taking absolutist positions, calling others idiots and their opinions felgerkarb. Which inevitably draws bad blood and derails every discussion.

Although I cannot but plead guilty to regularly going wildly off topic and acting politically incorrect too, it’s something we all need to at least try and avoid, especially when discussing subject matters with a strong (US) partisan angle. In general, it kinda works to delay posting for 5 minutes after you’ve written something, reread and revise your comments and only then click the submit button.

Call it a form of self-censorship if you like, but this forum is going down the drain if we keep up the current trend of letting our emotions get in the way of civil, educated and informed discussions. Which for every contributor here begs the question whether he wants to be part of the solution, or continue to be part of the problem.

Folks who disagree with you are not necessarily trolls or morons. They’re just people with other opinions, and they only become trolls when crossing the lines set forward by our host. And at which point you report them to @Moderator.

John Galt • April 8, 2017 3:54 PM

@ Dirk

John, for what it’s worth, I think the main issue is to refrain from taking absolutist positions, calling others idiots and their opinions felgerkarb. Which inevitably draws bad blood and derails every discussion.

First and foremost, I haven’t done any such thing.

Second, … this is a BLOG. Not a discussion. If you want a discussion, set up a meeting or I’ll see you on USENET. I articulated the difference between BLOGS and DISCUSSIONS under Bruce’s recent ‘etiquette’ article (earlier this week?)

Third, you must be a policeman. Just remember, the “policemen” created the mess we have on the internet, today — in spite of my warnings (including some of Bruce’s too.) Bigger policemen created North Korea and Syria. DNC hacks, Podesta hacks, Hillary hacks, IRS hacks, ATT hacks, Target hacks… AN ENDLESS LIST.

Fourth, who hacked the DNC? Nobody. Prove it to yourself. It’s easy if you know how.

I’ve done my homework and I’m tired of listening to all the TV “discussions” about the lies and propaganda.

It’s time to get down to brass tacks.

Dirk Praet • April 9, 2017 6:52 AM

@ John Galt

I haven’t done any such thing.

And neither did I accuse you of doing so. It was my reply as to what I perceive to be the main problem on this forum is and as such addressed to whomever the shoe fits.

As to the “policing” bit, believe me that I have better things to do than smoking out (previously banned) sock puppets or asking people to show a little emotional restraint, especially when touching on particularly sensitive political issues. Revisiting the DNC hack in the context of Cloud Hopper attribution was probably not the smart thing to do.

Let me put it like this: our host has recently expressed his concern about where his blog is going, and many of the regulars (some of which also talk off-line) agree that the content to noise ratio has hit an all-time low. And which is visibly reflected in many of them posting far less than usual.

If we want to keep this blog relevant and alive, then that’s everyone’s responsibility, and I for one at this time would not object to very aggressive “policing” actions by both our host and @Moderator if that’s what it takes to get people back in line. And with which I do not single out anyone, and include comments of my own if deemed inappropriate.

John Galt • April 9, 2017 5:10 PM

@ Dirk.

Sorry, I misunderstood.

Let me put it like this: our host has recently expressed his concern about where his blog is going, and many of the regulars (some of which also talk off-line) agree that the content to noise ratio has hit an all-time low. And which is visibly reflected in many of them posting far less than usual.

Again, the real source of the problem is the “upstream news”… nothing every gets resolved, there’s bad politics involved, and many people (myself included) are pissed off about it.

Why? It’s like the issue with the DNC and Russia. It never goes away. Instead, as in the particular case of Schneiere…, he’s ‘closer’ to the source of the problem. Hence, that’s the reason I decided to partake in the festivities here.

However, I don’t see anyone ‘closer’ to the problem correcting the problem, either.

It took me an less than two hours to figure out what happened with the DNC crap. Yet, the powers that be are arguing about it for 4 months.

Why??? It’s by design, that’s why.

To repeat from the other thread regarding Comment Policy… This is what I said.

@ Schneier

1) I’ve found that today’s internet bloggers have very thin skin.
2) Moderated Blogs are designed for CONTROL … that is, preaching to the choir.
3) When a Blog “goes south”… the subject matter is deleted/buried for all of history.
4) In other words, I look at blogging as a forum for “venting”… you know what I mean.

TRANSLATION: Blogs were designed for the emotional vent. Not real discussion. Accept the reality of what I just said. Deal with it. It’s the nature of the newly created beast, “Blogs”… and your comments today will be gone tomorrow when the next “news article” is posted on the front page.

HOWEVER, Do you remember USENET??? NNTP????

Now, in THAT forum… heated debate (REAL debate) on whatever subject was a lot of fun… AND EDUCATIONAL.

We even had a name for it: FLAME WARS.

Remember them?

Ahhhhh… The good old days.

Robert Eisenhardt • August 9, 2017 3:02 PM

MSP providers, most recent attack venue for APT10, are paid by their clients to support servers, network infrastructure, firewalls. You name and most of them do it …. for a check. That is their business BUT working in effect foy nothing on their own in-house network? Different story. Some of them have more lax security IN-HOUSE than for their own clients, so this is a great way to hack out to various businesses on the cheap.