Have We Attacked China Yet?

No sooner was it publicly revealed that the United States would now treat damaging cyberattacks by other nations as an act of war, threatening retaliation with conventional weapons, the new, bold, some say foolish, policy, was immediately put to the test.

China Google hackers’ goal: Spying on U.S. Govt.

It’s the second time Google has blamed a major computer hacking scheme on China, reports CBS News correspondent Wyatt Andrews.

This time Google says unknown hackers from Jinan, China, a city with a military command center, stole the personal Gmail passwords of hundreds of senior U.S .government officials.

Google said the hackers’ “goal” was to eavesdrop on the officials — “to monitor the content of the users’ emails.”

That suggestion — of spying — rang alarm bells in the Administration.

“These allegations are very serious,” said Secretary of State Hillary Clinton. “We take them seriously. We’re looking into them.”

See also:
Clinton: Google’s China Hacking Claims ‘Very Serious’
Hillary Clinton says FBI will probe Gmail hacker attack
US Investigating Google Claim of China Hacking
FBI Investigating Google Claim that China Hacked Them
Google breach gives way to diplomatic, high-tech tensions
China Denies Accessing High Profile Gmail Accounts
Google’s groundless accuses hurt global trust on Internet
The Google-China Saga Continues
Admin: Gmail phishers stalked victims for months
Gmail Hack Targeted White House
Cyber war: Google, China in fresh spat over email hacking
Google, what exactly is the China connection for the phishing scare?
Is Google an agent of the US Government? It certainly gives that impression

So far, the U.S. has uncovered a successful espionage phishing expedition, against top level U.S. Government officials, tracked back to a specific Chinese city. Why aren’t we bombing China, isn’t this a perfect situation to show how our new military policy will treat hacking intrusions like this as acts of war? Unfortunately for us, China denies the attack and, as I pointed out yesterday, it’s extremely difficult to be absolutely sure as to the origins of cyberattacks like this, so we do nothing and our brand new policy looks foolish and radiates national weakness.

/instead of making toothless threats to send missile strikes in response to hack attacks, why don’t we just send the Chinese back a nice Stuxnet worm or take down Baidu with a complimentary DoS attack

Night Dragon Strikes

How many intrusions by Chinese hackers does it take and how much technology data has to be stolen before U.S. companies start seriously defending themselves?

‘Sloppy’ Chinese hackers scored data-theft coup with ‘Night Dragon’

Chinese hackers who were “incredibly sloppy” still managed to steal gigabytes of data from Western energy companies, a McAfee executive said today.

“They were very unsophisticated,” said Dmitri Alperovitch, vice president of threat research at McAfee, speaking of the attackers. “They were incredibly sloppy, made mistakes and left lots of evidence.”

The attacks, which McAfee has dubbed “Night Dragon” and had tracked since November 2009, may have started two years earlier. They are still occurring.

Night Dragon targeted at least five Western oil, gas and petrochemical companies, all multinational corporations, said Alperovitch, who declined to identify the firms. Some are clients of McAfee, which was called in to investigate.

According to McAfee, the attacks infiltrated energy companies’ networks, and made off with gigabytes of proprietary information about contracts, oil- and gas-field operations, and the details on the SCADA (supervisory control and data acquisition) systems used to manage and monitor the firms’ facilities.

See also:
McAfee: Night Dragon Cyber-Attack Unsophisticated but Effective
‘Night Dragon’ Attacks From China Strike Energy Companies
Oil Firms Hit by Hackers From China, Report Says
Chinese hackers targeted energy multinationals, claims McAfee
Night dragon attacks petrol companies
China-based hackers targeted oil, energy companies in ‘Night Dragon’ cyber attacks, McAfee says
Hackers in China have hit oil and gas companies: McAfee report
Chinese hackers steal “confidential information” of five global oil companies: McAfee
Chinese Technician Denies Knowledge of Hacking
China Hacks Big Oil
Chinese hackers break into five oil multinationals
Chinese hackers ‘hit Western oil firms’

Repeat after me, China is not our friend. They don’t create innovative technology, they steal it. Hacking in China is a state-sponsored industry. Furthermore, the oil and gas industry is critical infrastructure, vital to our national security.

/these were unsophisticated attacks, meant only to steal data, and these energy companies couldn’t defend against them, what will happen when Chinese hackers unleash much more sophisticated attacks against our energy infrastructure, with the intent to inflict maximum damage and destruction?

Keeping Up With The Bad Guys

I don’t see any problem with this at all. Law enforcement is still going to need a search warrant and if they have enough evidence to get a warrant, they should be able to listen in. Why should criminals and terrorists be given an advantage just because they’re smart enough to communicate using the internet?

U.S. seeks ways to wiretap the Internet

The Obama administration is planning to seek legislation that would require social networking companies and voice-over-Internet service providers to adapt their technology so law enforcement agents can monitor users’ communications during criminal and terrorism investigations.

The proposal arises out of a concern that technology and social customs have outpaced the law and that authorities lack the means to monitor new methods of communication, administration officials said. But the initiative has also revived a more than 15-year-old debate over the proper balance between national security and personal privacy as well as what industry can reasonably be asked to do without stifling innovation.

“This is about lawfully authorized intercepts,” said Valerie E. Caproni, FBI general counsel. “This is not about expanding authority, but about preserving the ability to carry out existing authorities in order to protect the national security and public safety.”

See also:
FBI Drive for Encryption Backdoors Is Déjà Vu for Security Experts
Report: Feds to push for Net encryption backdoors
Feds want backdoors built into VoIP and email
Obama Administration Internet Wiretap Plans Dredge Up Old Debate
White House, FBI Seek Legislation to Expedite Online Wiretapping
Internet Wiretapping: Snoop or Safety Tool?
U.S. Wants to Wiretap the Internet
Internet Privacy Advocates Concerned Over Wiretap Plans
US rights group concerned by Web wiretap plans
Wiretap Law & Internet Freedom

I think the best rule of thumb is to just assume that a government, U.S. or otherwise, is monitoring all your communications, across the technology spectrum, and behave accordingly.

/if you’re not engaged in anything illegal, you shouldn’t get into any trouble