2010 January 22 Friday
Operation Aurora China Attack Very Sophisticated
A bit of a diplomatic flap has developed out of the China internet attack on Google, Adobe, and other companies.
WASHINGTON — Tensions between China and the United States over Internet policy deepened Friday, with the Chinese government accusing Secretary of State Hillary Rodham Clinton of jeopardizing relations between the two countries with her criticism of Chinese censorship.
The Obama administration said it stood by Mrs. Clinton’s words and repeated its demand that Beijing provide a more detailed response to Google’s allegations that its computer network had been infiltrated by hackers based in China. But the United States held off lodging a formal diplomatic protest, suggesting that administration officials were still uncertain about how hard to push China on the matter.
Criticizing China amounts to jeopardizing relations. Attacking American companies to steal their intellectual property? Nothing new here. Move along.
“Operation Aurora” indicates to me that the Chinese government is willing to attack large numbers of Western (mostly American) corporations to steal their technology and otherwise mess with them. This isn't really new news except for the method used. China's all about intellectual property theft. But the scale of the attack ought to make Westerners pause and think about a mid 21st century dominated by China.
Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by the anti-virus firm McAfee.
“We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack,” says Dmitri Alperovitch, vice president of threat research for McAfee. “It’s totally changing the threat model.”
This article from Wired is worth a full read.
Employees out surfing the internet ought to be viewed as akin to tools of corporate spies. Corporate firewalls can be defeated by a hole in a browser (like the one Chinese hackers used in MS Internet Explorer which Microsoft took over 5 months to close or the Adobe Acrobat zero day vulnerability also used) or one corrupt employee. Inner firewalls for servers are at risk because even the PCs of admins (who have extensive rights for getting into servers) can be compromised. How can corporations with very valuable intellectual property protect that IP from the Chinese government?
By Randall Parker at 2010 January 22 07:36 PM
Either companies are going to have to not allow employees to surf the net at work, or employees are going to have to bring in a laptop at home for web-browsing (that they shouldn't be doing on company time anway#.
Here we are in America, entertaining notions of letting hundreds of thousands of Haitians #half of them are illiterate above 15) into our nation, while facing threats like this from China. Does anyone think that China would even consider letting any Haitians in?
Ive posted here before, and some people disagreed with me, that China's biggest advantage over us is their ethnic unity. Could it be any more in evidence? Their leadership prefers its own people over "the other". In my opinion, just to prove how un-racist we are, a bunch of stupid kids helped elect one of "the other" as our damned president here, a man still hell-bent on nationalized health-wreckage and amnesty for 12 million illegals, all at a time when we owe 30K per person in debt.
I dont even know if another Great Depression could get this country's attention. This place is ruinable, really. It can be done if we are stupid enough.
this calls for more cultural sensitivity lessons for... err, never mind, how about keeping computers for internet browsing separate from those for source code? If they bribe employees to hand over the code that's pretty scary (and reputedly some Chinese Americans were caught doing that), but letting it all to be easily accessible through hacked machines just sounds dumb.
It's been noted that the Chinese attack was about hacking and I.P. theft, while Google's (and Secty Clinton's) response has focused on censorship. Let's replay the familiar argument, because if we focus on what's actually going on, they might get mad at us.
The US is much less capable of countering these attacks that before because the brightest of Americans, who created the system software, e.g. Unix, see the folks hired by Google, such as Ken Thompson, no longer enter computer science because the H1B have lowered wages and given the image that being a software guru is suitable only form minority immigrants.
The US is much less capable of countering these attacks than before because the brightest of Americans, who created the system software, e.g. Unix, see the folks hired by Google, such as Ken Thompson, no longer enter computer science because the H1B have lowered wages and given the image that being a software guru is suitable only form minority immigrants.
The US is much less capable of countering these attacks than before because the brightest of Americans, who created the system software, e.g. Unix, see the folks hired by Google, such as Ken Thompson, no longer enter computer science because the H1B have lowered wages and given the image that being a software guru is suitable only for minority immigrants.
If you're smart enough to attract China's attention to steal your intellectual properties - then make a better firewall that could protect your things from some monkeys.