RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
Someone in the CIA is looking for funding... Just my 2¢. -Al -----Original Message----- From: Steve Goldstein [mailto:sgoldste@nsf.gov] Sent: Thursday, April 25, 2002 5:40 AM To: nanog@merit.edu Subject: CIA Warns of Chinese Plans for Cyber-Attacks on U.S. I have no idea how real the implied threat may be. Just passing this along. --SG ---------------------------------------------------------------------------- ------------------------------------------------------ Defense: Analysts fear government and private efforts to sabotage federal Internet sites. By ERIC LICHTBLAU Times Staff Writer April 25 2002 WASHINGTON -- U.S. intelligence officials believe the Chinese military is working to launch wide-scale cyber-attacks on American and Taiwanese computer networks, including Internet-linked military systems considered vulnerable to sabotage, according to a classified CIA report. The complete article can be viewed at: http://www.latimes.com/la-042502china.story
Gosh, oh golly-gee, do you really think that they would do something like that (planting a story)? ;-) --Steve At 7:16 AM -0700 4/25/02, Rowland, Alan D wrote:
Someone in the CIA is looking for funding...
Just my 2¢.
-Al
--
Is it really hard to believe that the Chinese government would actively fund cyberterrorism? Deepak Jain AiNET -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Steve Goldstein Sent: Thursday, April 25, 2002 5:55 PM To: Rowland, Alan D Cc: nanog@merit.edu Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S. Gosh, oh golly-gee, do you really think that they would do something like that (planting a story)? ;-) --Steve At 7:16 AM -0700 4/25/02, Rowland, Alan D wrote:
Someone in the CIA is looking for funding...
Just my 2¢.
-Al
--
Once upon a time, Deepak Jain <deepak@ai.net> said:
Is it really hard to believe that the Chinese government would actively fund cyberterrorism?
Why not? Our government does, although they don't call it that: they call it Microsoft. :-) -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
On Thu, Apr 25, 2002 at 06:01:50PM -0400, deepak@ai.net said:
Is it really hard to believe that the Chinese government would actively fund cyberterrorism?
The ratio of useful traffic to spam/attacks from APNIC space is already so low as to be nearly non-existent. A little active help from a governmental body couldn't make it much worse than it already is. -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
--- On Thu, Apr 25, 2002 at 06:01:50PM -0400, deepak@ai.net said:
Is it really hard to believe that the Chinese government would actively
fund
cyberterrorism?
The ratio of useful traffic to spam/attacks from APNIC space is already so low as to be nearly non-existent. A little active help from a governmental body couldn't make it much worse than it already is. --- Also a good point. :) I think the media makes a big deal about gov't sponsored cybermischief because I think the implication is that they'd do it better than a few kiddies. While a gov't sponsored group may use information illegally gotten better, I have never seen evidence that they are more effective or more sinister in their successes. YMMV, Deepak Jain AiNET
I put nothing past them, of course theyre not alone, as we all must assume by now. Theyve threatened to nuke LA if we interfere with their plans to take Tiawan by force, and smile and say, kill 300 million of us, do us a favor. Kinda hard to deal with an enemy like that. At 18:01 4/25/02 -0400, you wrote:
Is it really hard to believe that the Chinese government would actively fund cyberterrorism?
Deepak Jain AiNET
Rounding up 1 significant figure would reduce their combat effectiveness measurably. The threat to LA is the best available because I don't think they have a missle delivery vehicle capable of reaching any East Coast cities. We're off-topic, but I'd say that cyberterrorismis far less expensive to create than invasion or nuclear weapons. Deepak Jain AiNET -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of blitz Sent: Thursday, April 25, 2002 6:33 PM To: nanog@trapdoor.merit.edu Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S. I put nothing past them, of course theyre not alone, as we all must assume by now. Theyve threatened to nuke LA if we interfere with their plans to take Tiawan by force, and smile and say, kill 300 million of us, do us a favor. Kinda hard to deal with an enemy like that. At 18:01 4/25/02 -0400, you wrote:
Is it really hard to believe that the Chinese government would actively fund cyberterrorism?
Deepak Jain AiNET
Rounding up 1 significant figure would reduce their combat effectiveness measurably.
The threat to LA is the best available because I don't think they have a missle delivery vehicle capable of reaching any East Coast cities.
The Chinese had the shenzhou 2 capsule in orbit for 7 months in 2001... more recently shenzhou 3 went up with and safely returned nine eggs after 108 orbits... http://news.bbc.co.uk/hi/english/sci/tech/newsid_1948000/1948317.stm One would suspect that that they're far more interested in launching 12-14 ton commercial payloads with the long-march 2ea, then they are in blowing up the US.
We're off-topic, but I'd say that cyberterrorismis far less expensive to create than invasion or nuclear weapons.
Deepak Jain AiNET
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of blitz Sent: Thursday, April 25, 2002 6:33 PM To: nanog@trapdoor.merit.edu Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
I put nothing past them, of course theyre not alone, as we all must assume by now. Theyve threatened to nuke LA if we interfere with their plans to take Tiawan by force, and smile and say, kill 300 million of us, do us a favor. Kinda hard to deal with an enemy like that.
At 18:01 4/25/02 -0400, you wrote:
Is it really hard to believe that the Chinese government would actively fund cyberterrorism?
Deepak Jain AiNET
-- -------------------------------------------------------------------------- Joel Jaeggli Academic User Services joelja@darkwing.uoregon.edu -- PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E -- In Dr. Johnson's famous dictionary patriotism is defined as the last resort of the scoundrel. With all due respect to an enlightened but inferior lexicographer I beg to submit that it is the first. -- Ambrose Bierce, "The Devil's Dictionary"
We're off-topic, but I'd say that cyberterrorismis far less expensive to create than invasion or nuclear weapons.
Deepak Jain AiNET
(At the risk of sounding corny) A communications disruption could mean only one thing: invasion. - James
On Thu, 25 Apr 2002 17:54:44 EDT, Steve Goldstein <sgoldste@nsf.gov> said:
Gosh, oh golly-gee, do you really think that they would do something like that (planting a story)?
Well, officially, we've decided that we don't do disinformation: http://www.fas.org/sgp/news/2002/02/dod022602.html Of course, the tinfoil helmet brigade, and most even-more-reasonable people, would note that "we're closing down our Office of Disinformation" would be the last we'd hear of it...... On Thu, 25 Apr 2002 18:40:24 EDT, Deepak Jain <deepak@ai.net> said:
The threat to LA is the best available because I don't think they have a missle delivery vehicle capable of reaching any East Coast cities.
It's called a "barge". http://www.fas.org/nuke/hew/Usa/Tests/Castle.html See the Castle Romeo test, and many of the following ones. We now return to Junipers running Outlook and other semi-operational material.
Valdis.Kletnieks@vt.edu wrote:
On Thu, 25 Apr 2002 17:54:44 EDT, Steve Goldstein <sgoldste@nsf.gov> said:
Gosh, oh golly-gee, do you really think that they would do something like that (planting a story)?
Well, officially, we've decided that we don't do disinformation:
Sorry, I just had to comment on this pic from the article you pointed us to... http://www.fas.org/nuke/hew/Usa/Tests/Cshrimp.jpg In this picture of one of the most explosive nuclear bombs in US history, we find a small sign at the bottom: "DANGER -- NO SMOKING" :-/
Of course, the tinfoil helmet brigade, and most even-more-reasonable people, would note that "we're closing down our Office of Disinformation" would be the last we'd hear of it......
On Thu, 25 Apr 2002 18:40:24 EDT, Deepak Jain <deepak@ai.net> said:
The threat to LA is the best available because I don't think they have a missle delivery vehicle capable of reaching any East Coast cities.
It's called a "barge".
http://www.fas.org/nuke/hew/Usa/Tests/Castle.html
See the Castle Romeo test, and many of the following ones.
We now return to Junipers running Outlook and other semi-operational material.
How many PC's and components are 'Made in China'? In the dark ages, I worked for Williams Electronics. We made Arcade Games *blush*. Once we found our custom chip was reverse engineered in Taiwan, and they were shipping knockoffs six weeks after we started shipping the real product. If true, these are not script kiddie type threats. I hate to say it, but 911 is an example that the unthinkable isn't. Bruce Williams "A healthy paranoia is the beginning of sound operations policy"
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of blitz Sent: Thursday, April 25, 2002 3:33 PM To: nanog@trapdoor.merit.edu Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
I put nothing past them, of course theyre not alone, as we all must assume by now. Theyve threatened to nuke LA if we interfere with their plans to take Tiawan by force, and smile and say, kill 300 million of us, do us a favor. Kinda hard to deal with an enemy like that.
At 18:01 4/25/02 -0400, you wrote:
Is it really hard to believe that the Chinese government would actively fund cyberterrorism?
Deepak Jain AiNET
You know, "we" all my be the first to see and understand that such a attack is in progress...attacks against critical targets can come from anywhere with distributed computing. Even IF we detected it happening, the question is, who would you tell, and more importantly, "do you trust YOUR government" with that information? With whats gone on to neutralize the Constitution since 9.11, its hard to say just who IS the enemy. I know the whole process of turning the US into a police-state is un-nerving to say the least. But I digress.... That whole article thats in the LA times is a rehash of the article that was on C4I.org back when the US spy plane was held in China. Interesting to see some reporter dug it up and made it frontpage again. Why? At 18:25 4/25/02 -0700, you wrote:
How many PC's and components are 'Made in China'?
In the dark ages, I worked for Williams Electronics. We made Arcade Games *blush*. Once we found our custom chip was reverse engineered in Taiwan, and they were shipping knockoffs six weeks after we started shipping the real product.
If true, these are not script kiddie type threats. I hate to say it, but 911 is an example that the unthinkable isn't.
Bruce Williams "A healthy paranoia is the beginning of sound operations policy"
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of blitz Sent: Thursday, April 25, 2002 3:33 PM To: nanog@trapdoor.merit.edu Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
I put nothing past them, of course theyre not alone, as we all must assume by now. Theyve threatened to nuke LA if we interfere with their plans to take Tiawan by force, and smile and say, kill 300 million of us, do us a favor. Kinda hard to deal with an enemy like that.
At 18:01 4/25/02 -0400, you wrote:
Is it really hard to believe that the Chinese government would actively fund cyberterrorism?
Deepak Jain AiNET
First of all: Does it matter if the Chinese Govt' is launching the attack or the kid next door? Personally, I would think if the Chinese Govt' has any sense at all, they surely look into cyberwar. Which respectable government doesn't ? In my opinion the real problem/story is the uphauling state of internet security. I am running DShield.org and regularly try to talk to people that show up as 'top attackers' in our list personally on the phone. Just a quote from a guy that identified himself as "MIS Department" for a public interest group (from memory, not word by word): Me: "I think your PC with the IP address xxx.xxx.xxx.xxx is infected with the Nimda virus and also used as an IRC proxy" MIS-Dept: "Are there any more number to an IP address or is this it?" (later he kind of suspected that his boss's desktop may be infected. It is still scanning nicely so far.) Other identified Nimda infections included a little mortage broker/bank and an office from a large tax preparation company. And thats just Nimda, which is pretty much 'in your face' as it scans quite actively. Don't get me started on all the home PCs used for botnet, ircs proxies or whatever the backdoor d'jeur is. I don't think a government effort will change anything. Somehow, the 'net' has to find a mechanism to deal with this. The problem is way too international. I am experimenting with a 'block list' lately of netblocks that are very active scanners. (if anybody is interested: http://feeds.dshield.org/block.txt). It kind of shows the problem. Next to the all-time favorite CN networks, there is your usual mix of AT&T Broadband, Chello NL, and two german universities. Anyway... How many systems are 'backdoored' at any time? My personal guess is 1 out of 1000. maybe 5000. (and thats before I had my coffee). -- ------- jullrich@dshield.org Join http://www.DShield.org Distributed Intrusion Detection System
Has anyone noticed how the stories about insiders trading and selling airline and insurance company stocks short just before 9.11 disappeared real quick. Someone had plenty notice it seems.
If true, these are not script kiddie type threats. I hate to say it, but 911 is an example that the unthinkable isn't.
I'm waiting for the first worm that erases kernal32.dll and krnl32.exe and installs some other operating system...with my luck, it'll be cobol or fortran. heh..
On Thu, 25 Apr 2002, Deepak Jain wrote:
Is it really hard to believe that the Chinese government would actively fund cyberterrorism?
Deepak Jain AiNET
No harder than it is to believe that the US Govt would actively fund [cyber]terrorism... -- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
participants (13)
-
blitz -
Bruce Williams -
Chris Adams -
Deepak Jain -
James -
Joel Jaeggli -
Johannes B. Ullrich -
measl@mfn.org -
Rowland, Alan D -
Scott Francis -
Steve Goldstein -
Valdis.Kletnieks@vt.edu -
W. Mark Townsley