Very true. The objection is more that the exploits are aimed at civilian rather than (or, more accurately, as well as) military / government / beltway targets. Which makes the alleged chinese strategy rather more like financing jehadis to suicide bomb and shoot up hotels and train stations, rather than any sort of disciplined warfare or espionage. --srs (htc one x) On 21-Feb-2013 7:40 AM, "Steven Bellovin" <smb@cs.columbia.edu> wrote:
On Feb 20, 2013, at 1:33 PM, valdis.kletnieks@vt.edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable. you can bet that they are all snooping and attacking eachother, the united states no less than the rest. news at eleven.
The scary part is that so many things got hacked by a bunch of people who made the totally noob mistake of launching all their attacks from the same place....
This strongly suggests that it's not their A-team, for whatever value of "their" you prefer. (My favorite mistake was some of them updating their Facebook pages when their work took them outside the Great Firewall.) They just don't show much in the way of good operational security.
Aside: A few years ago, a non-US friend of mine mentioned a conversation he'd had with a cyber guy from his own country's military. According to this guy, about 130 countries had active military cyberwarfare units. I don't suppose that the likes of Ruritania has one, but I think it's a safe assumption that more or less every first and second world country, and not a few third world ones are in the list.
The claim here is not not that China is engaging in cyberespionage. That would go under the heading of "I'm shocked, shocked to find that there's spying going on here." Rather, the issue that's being raised is the target: commercial firms, rather than the usual military and government secrets. That is what the US is saying goes beyond the usual rules of the game. In fact, the US has blamed not just China but also Russia, France, and Israel (see http://www.israelnationalnews.com/News/News.aspx/165108 -- and note that that's an Israeli news site) for such activities. France was notorious for that in the 1990s; there were many press reports of bugged first class seats on Air France, for example.
The term for what's going on is "cyberexploitation", as opposed to "cyberwar". The US has never come out against it in principle, though it never likes it when aimed at the US. (Every other nation feels the same way about its companies and networks, of course.) For a good analysis of the legal aspects, see http://www.lawfareblog.com/2011/08/what-is-the-government%E2%80%99s-strategy...
--Steve Bellovin, https://www.cs.columbia.edu/~smb