A big part of world leadership, to which the US aspires, is that when things go awry, as they do, like wars and stuff, it's always somebody else's fault, often personalized if possible, especially for non-obedient countries (Tojo, Hitler, Hussein, Maliki, Putin, Assad, etc.).
China (and Chinese) has always been a special whipping-boy for the US, never looked upon positively, Chinese Exclusion Act, etc., and now it's worse because China actually wants to be recognized as a world power! Imagine that! Bunch of malcontents, if you ask me. /s
it's pretty good information and my pleasure to read this type of article. The main advantages of this article is giving good information to every readers and even impressing to write this type good article. So if any plan to write any future article and they can assist this writing service for getting enough guidelines.
11:50 PM
Color me skeptical about the Sunday Times report that Edward Snowden’s
archive got cracked. Not saying it
couldn’t happen despite 256 bit encryption, accidents do happen, but the story
as presented reeks of psyops bullshit unloaded by the NSA-GCHQ team with the help
of obliging media in the UK.
What I think is happening is that the United States is upping its game…in public
cyberattribution.
Honestly parsing and presenting a cyberattribution dossier is a thankless
job. Remember how the Obama
administration looked foolish on the Sony hack?
Sure you don’t. That was so…four
months ago.
Here’s what I wrote back then on the occasion of the rollout of the US government’s Cyber Threats
Intelligence Integration Center:
According
to AP (actually, according to AP’s Ken Dilanian, the notoriously
obliging amanuensis to the US
security establishment ):
White House cybersecurity coordinator Michael Daniel has
concluded that cyberintelligence at the moment is bedeviled by the same
shortcomings that afflicted terrorism intelligence before 9/11 — bureaucracy,
competing interests, and no streamlined way to combine analysis from various
agencies, the official said.
The hack on Sony's movie subsidiary, for example, resulted in a variety of
different analytical papers from various agencies. Each one pointed to North
Korea, but with varying degrees of confidence.
…
As
I argued in various venues recently with reference to the Sony hack, for
purposes of semiotics (clear messaging, positioning, blame avoidance, and
signaling of US government intentions) if not forensics (proving whodunit),
painting a convincing, action-worthy cyberbullseye on the back of some foreign
enemy is a major challenge for governments these days.
When
some high-profile outrage like Sony occurs, the US government has to make a
prompt show of control, capability, and resolve. Letting a bunch of data nerds chew over the data
for a few weeks and spit up an equivocal conclusion like “It looks like the
same guys who did this did that, and maybe the guys who did that were…” doesn’t
quite fill the bill.
Which
is pretty much what happened on Sony.
Various private sector and government actors all stuck their oar in,
contradictory opinions emerged, messaging was all over the map.
… By establishing a central clearing house for
relevant information, the US government is on the right side of the information
symmetry equation. “You say you think
this, but you don’t know this, this, and this, or the stuff we can’t tell you
because it’s classified above your clearance.”
And
even if the real takeaway from the investigatory process still is “It looks
like the same guys who did this did that, and maybe the guys who did that
were…” it comes out as “The Cyber Threats Intelligence Integration Center has
attributed this cyberattack to North Korea with a high degree of confidence. By Executive Order, the President has already
commanded CyberCommand to make a proportional response.”
You
get the picture.
So
I expect jobs one and two and three for CTIIC will be to generate persuasive
dossiers for backgrounding, leaking, whatever on the PRC, North Korea, and the
Russian Federation, to be deployed when some mysterious alchemy of evidence,
circumstance, and strategy dictate that one of them has to get tagged as The
Bad Guy for some cyberoutrage.
Fast-forward, to employ a quaint VHS-era term, to June 5. Ellen Nakashima lays out the administration position
on the OPM hack in a Washington Post article remarkable for its completely categorical
no-two-ways-about-it statement that “China” had dunnit:
With a series of major hacks, Chinabuilds a database on Americans China is building massive databases of
Americans’ personal information by hacking government agencies and U.S.
health-care companies, using a high-tech tactic to achieve an age-old goal of
espionage: recruiting spies or gaining more information on an adversary, U.S.
officials and analysts say.
[caption]
China
hacked into the federal government’s network, compromising four million current
and former employees' information. The Post's Ellen Nakashima talks about what
kind of national security risk this poses and why China wants this information.
(Alice Li/The Washington Post)
…
U.S. officials
privately said China was behind it.
…
“This is an
intelligence operation designed to help the Chinese government,” the China
expert said.
Emphasis added, natch.
Either the US has spectacularly upped its forensics game
since Michael Daniel’s rueful reflections in February or (my theory)…
The great minds were sitting around a table in Washington
and concluded:
“We can’t prove this was a Chinese hack, but let’s turn this
around. Nobody can disprove this was a
Chinese hack, so nobody can prove us wrong when if we declare without
qualification it was a Chinese
hack. So let’s just go for it.”
Parenthetically, I might point out that one problem I see
is, If with categorically and openly identifying the PRC as source of the hack
is that we should immediately and openly retaliate at a commensurate level. Otherwise, where’s our national credibility
& deterrence? Still waiting for the
shoe to drop on that one.
The tip-off for me that the WaPo was carrying Obama
administration water with this totally backgrounded mostly anonymous scoop was
this:
The big-data approach
being taken by the Chinese might seem to mirror techniques used abroad by the
NSA, which has come under scrutiny for its data-gathering practices under
executive authority. But in China, the authorities do not tolerate public
debate over the proper limits of large-scale spying in the digital age.
The piece was written June 5, three days after the Obama
administration had put the Snowden unpleasantness behind it and totally
regained the moral high ground, in its own mind if nobody else’s, by replacing
the Patriot Act with the USA Freedom Act a.k.a. "Uniting
and Strengthening America by Fulfilling Rights and Ending
Eavesdropping, Dragnet-collection and Online Monitoring
Act."
Now, with the legalities of the US cyberprograms
re-established, it was time to stop playing defense and go on offense against
those public-debate-intolerant Chinese!
And that means relaunching the China cyberoutlaw product! With the story of a hack that had, if I
understand Nakashima’s account correctly, had occurred in December 2014!
Again, it is perhaps little remembered except by me that a
key US objective for the Xi Jinping—Barack Obama summit in Sunnylands in June
2013 was to cap an eighteen month public opinion campaign against PRC
cyberoffenses with a personal rebuke by President Obama and the presentation of
an embarrassing dossier to Xi Jinping.
If, as I did, one googled “Xi Jinping cyberwarfare” on June
3, 2013, the first four pages of results included hits like these, indicating
that the Western press was energetically singing from the same cyberwar hymnal:
China Doesn't Care if Its 'Digitalized' Military Cyberwar Drill Scares You
Atlanticwire
China Is Winning the Cyber War Because They Hacked U.S. Plans for Real War
Atlanticwire
Krauthammer to Obama: Launch cyber war on China
Fox News
China Is Our Number One National Security Threat
International Business Journal
House Intelligence Chairman: US “Losing” Cyber-War
Wall Street Journal
US Says China Is Stepping Up Cyber War
Financial Times
U.S. China Cyberbattle Intensifies
Politico
Just a reminder; these headlines are from June 2013, not
June 2015.
In this case, the China Matters serendipity engine was
firing on all cylinders; three days later the Washington Post and Guardian
newspapers published their first revelations from Edward Snowden, fundamentally
skewing the frame of the Chinese cyberwarfare story.
I’ve always wondered if the timing of Snowden’s revelations
had something to do with the hypocrisy of the world’s biggest cybersnoop trying
to stick that label on the PRC.
Anyway, the Obama administration has had two years to lick
its wounds, do damage control, and reboot the program.
And guess what! Xi
Jinping’s coming to the United States again in September! This time we’ll be ready for him fer sure! Snowden discredited! NSA on top! PRC in doghouse!
I must state here that I believe that PRC cyberespionage
program is massive, government-backed, full spectrum, and actively exploring
offensive capabilities. But I also think
that the US tactics are destabilizing and escalatory & have more to do with
maintaining the US cyberadvantage as part of the burgeoning and profitable
China-threat milsec business than they do with diminishing the threat to the
American people from PRC cybermisbehavior.
And I take the current spate of news stories as part of an
effort to get us used to perpetual cyberwar, just as we were bombarded with
stories about malevolent Muslims in the last decade to reconcile us the the
Global War on Terror, the erosion of civil liberties, and expensive and
perpetual conflicts.
At this time, a trip down memory lane is warranted for
people who have forgotten how the Obama administration methodically rolled out PRC
Cyberthreat v. 1.0, the buggy pre-Snowden product, and are perhaps not
connecting the dots on the rollout of PRC Cyberthreat v. 2.0, Now Bigger and
Scarier! and how this might be a factor in the headlines blaring out of their
newspapers & TVs & tablets.
Below the fold, for the sake of posterity, a lengthy recap on the first abortive US
salvo in the China cyberthreat propaganda war.
What I wrote back in April 2012:
The Barack Obama administration went public with its case
against China in November 2011, with a report on industrial espionage titled
Foreign Economic Collection. It described China rather generously as a
"Persistent Collector" given the PRC's implication in several
high-profile industrial espionage cases and soft-pedaled the issue of official
Chinese government involvement. The report stated:
US corporations and cyber-security
specialists also have reported an onslaught of computer network intrusions
originating from Internet Protocol (IP) addresses in China, which private
sector specialists call "advanced persistent threats." Some of these
reports have alleged a Chinese corporate or government sponsor of the activity,
but the IC [intelligence community] has not been able to attribute many of
these private sector data breaches to a state sponsor. Attribution is
especially difficult when the event occurs weeks or months before the victims
request IC or law enforcement help.
[5]
A month later, in December 2011, US criticism of China
became a lot more pointed. Business Week published an exhaustive report on
Chinese cyber-espionage, clearly prepared with the cooperation of federal law
enforcement authorities as it named and described several investigations:
The hackers are part of a massive
espionage ring codenamed Byzantine Foothold by US investigators, according to a
person familiar with efforts to track the group. They specialize in
infiltrating networks using phishing e-mails laden with spyware, often passing
on the task of exfiltrating data to others.
Segmented tasking among various groups and sophisticated support infrastructure
are among the tactics intelligence officials have revealed to Congress to show
the hacking is centrally coordinated, the person said. US investigators
estimate Byzantine Foothold is made up of anywhere from several dozen hackers
to more than one hundred, said the person, who declined to be identified
because the matter is secret.
[6]
United States security boffin Richard Clarke had this to say
about Chinese cyber-espionage in an interview with Smithsonian magazine:
"I'm about to say something
that people think is an exaggeration, but I think the evidence is pretty
strong," he tells me. "Every major company in the United States has
already been penetrated by China."
"What?"
"The British government actually said [something similar] about their own
country."
Clarke claims, for instance, that the manufacturer of the F-35, our
next-generation fighter bomber, has been penetrated and F-35 details stolen.
And don't get him started on our supply chain of chips, routers and hardware we
import from Chinese and other foreign suppliers and what may be implanted in
them-"logic bombs," trapdoors and "Trojan horses," all
ready to be activated on command so we won't know what hit us. Or what's
already hitting us. [7]
Some big numbers are being thrown around to publicize the
Chinese threat.
Business Week's report, while admitting the woolliness of its methodology,
stated that losses to American companies from international cyber-espionage
amounted to US$500 billion in a single year.
Scott Borg, director of a non-profit outfit called the US Cyber Consequences
Unit told Business Week:
"We're talking about stealing
entire industries ... This may be the biggest transfer of wealth in a short
period of time that the world has ever seen."
Beyond these apocalyptic economic and military scenarios, we
might also descend to the personal and political and point out that Google, a
favorite target of Chinese cyber-attacks, is Obama's friend, indispensable
ally, brain trust and source of personnel in the high-tech sector.
Connect the dots, and it is clear that the Obama administration, in its usual
meticulous way, is escalating the rhetoric and preparing the public and the
behind-the-scenes groundwork for major pushback against China in the
cyber-arena.
And in March 2013, a few weeks before Sunnylands, I wrote:
[National Security Advisor] Donilon came up with a nuanced
approach to Chinese cyber-mischief during his speech to the Asia Society…
Bypassing the issue of cyber-spying against military and government targets
that probably falls into the grey area of "everybody does it and why
shouldn't they", and defining and limiting the issue to a specific and
remediable problem - the massive state-sponsored PRC program of industrial and
commercial espionage against Western targets - Donilon's framing placed
"cyber-theft" in a category similar to the intellectual property
gripe, also know as systematic piracy of US software, as an info strategy
condoned by the Chinese government:
…
This rather unexceptionable and reasonable demand that the
PRC reign in its gigantic program of economic/commercial hacking, i.e.
cyber-enabled theft as Donilon put it, and give US businesses a break, was not
good enough for the Christian Science Monitor, which has apparently shed,
together with its print edition, the sober inhibitions that once characterized
its news operations.
The CSM's headline:
US tells China to halt
cyberattacks, and in a first, lays out demands
Obama's national security adviser, Thomas
Donilon, spelled out a more aggressive US stance on the cyberattacks, saying
China must recognize the problem, investigate it, and join in a dialogue. [4]
Note in the CSM story the effortless slide down the slippery
slope from cyber-theft to cyber-espionage to cyber-attacks (and for that
matter, "should" and "needs" to "demands"). Well,
fish gotta swim, birds gotta fly, and eyeballs have to be wrenched from their
accustomed paths and turned into click-fodder.
And don't get me started on the Pentagon:
A new report for the Pentagon concludes that the US military is unprepared for a
full-scale cyber-conflict with a top-tier adversary. The report says the United
States must increase its offensive cyberwarfare capabilities. The report also
calls on the US intelligence agencies to invest more resources in obtaining information
about other countries' cyberwar capabilities and plans.
The Washington Post reports that the
report says that the United States must maintain the threat of a nuclear strike
as a deterrent to a major cyberattack by other countries. The report notes that
very few countries, for example, China and Russia, have the skills and
capabilities to create vulnerabilities in protected systems by interfering with
components.
The report emphasizes that defensive cyber capabilities are not enough, and
that the United States must have offensive cyber capabilities which, when
needed, could be used either preemptively or in retaliation for a cyber attack
by an adversary. [5]
Security consultant Bruce Schneier addressed the threat
inflation issue (and the dangers of trying to design and justify retaliation in
the murky realm of cyberspace) in a blog post on February 21:
Wow, is this a crazy media frenzy. We should know better. These attacks happen
all the time, and just because the media is reporting about them with greater
frequency doesn't mean that they're happening with greater frequency.
But this is not cyberwar. This is not war of any kind. This is espionage, and
the difference is important. Calling it war just feeds our fears and fuels the cyberwar arms race.
In a private e-mail, Gary McGraw made an important point about attribution that
matters a lot in this debate.
Because espionage unfolds over months or years in realtime, we can triangulate
the origin of an exfiltration attack with some certainty. During the fog of a
real cyber war attack, which is more likely to happen in milliseconds, the kind
of forensic work that Mandiant did would not be possible. (In fact, we might
just well be "Gandalfed" and pin the attack on the wrong enemy.)
Those of us who work on security engineering and software security can help
educate policymakers and others so that we don't end up pursuing the folly of
active defense.
I agree.
This media frenzy is going to be used by the US military to grab more power in
cyberspace. They're already ramping up the US Cyber Command. President Obama is
issuing vague executive orders that will result in we-don't-know what. I don't
see any good coming of this. [6]
Not to worry, is the US attitude.
A head-to-head conventional war with China isn’t likely, despite the overheated
imagination displayed in the AirSea Battle scenario, and it is difficult to
identify any satisfying proxy battlefield in meatspace where the PRC and the
USA might be tempted to slug it out.
But cyberwarfare?...Bring it!
The Department of Defense has a “Cyber Command” which, it
revealed to the Washington Post, is muscling up from 500 staff to 4000
“cyberwarriors”.
The Post interviewed William J. Lynn III, identified as one
of the maestros of the DoD’s cyber strategy:
“Given the malicious actors that are
out there and the development of the technology, in my mind, there’s little
doubt that some adversary is going to attempt a significant cyber-attack on the
United States at some point…The only question is whether we’re going to take
the necessary steps like this one to deflect the impact of the attack in
advance or… read about the steps we should have taken in some post-attack
commission report.”
The DoD is keen to emphasize that its cyberwarriors will be
primarily playing defense, understandable considering the vulnerabilities of
America’s immense, dispersed, highly integrated and—and the case of the power
grid, at least—rather decrepit national infrastructure.
But of course there will be “combat mission forces”:
The combat mission forces, one of the
three divisions of Cyber Command will launch cyber-attacks alongside
traditional military offensives.
“This new class of cyber warrior would be
responsible for penetrating the machines behind identified attack sources,
installing spyware to monitor connections to those machines, and following the
trail back to the desktop of the attacker. They would have to research and
exploit vulnerabilities, craft malware, operate honey pots, and even engage in
targeted Denial of Service attacks,” Richard Stiennon, chief research analyst
at IT-Harvest, told GlobalPost.
Contra Dr.
Stiennon’s assertions, I don’t think that the DoD really believes that the
scope of Cyber Command combat missions will be limited to delectable honey pots
and “even” targeted Denial of Service attacks.
Not when the cyberwar scenarios, according to Leon Panetta,
include our enemies derailing trains, contaminating water supplies, or shutting
down power grids. We’re going to be able
to do that, too.
The United States security/military apparatus apparently
feels that it can "win the Internet" by harnessing the power of the
invincible American technological knowhow to the anti-Chinese cyber-crusade.
In another of the seemingly endless series of self-congratulatory backgrounders
given by US government insiders, the godlike powers of the National Security
Agency were invoked to Foreign Policy magazine in an article titled Inside
the Black Box: How the NSA is helping US companies fight back against Chinese
hackers:
In the coming weeks,
the NSA, working with a Department of Homeland Security joint task force and
the FBI, will release to select American telecommunication companies a wealth
of information about China's cyber-espionage program, according to a US intelligence
official and two government consultants who work on cyber projects. Included:
sophisticated tools that China uses, countermeasures developed by the NSA, and
unique signature-detection software that previously had been used only to
protect government networks.
Very little that China does escapes the notice of the NSA, and virtually every
technique it uses has been tracked and reverse-engineered. For years, and in
secret, the NSA has also used the cover of some American companies - with their
permission - to poke and prod at the hackers, leading them to respond in ways
that reveal patterns and allow the United States to figure out, or
"attribute," the precise origin of attacks. The NSA has even designed
creative ways to allow subsequent attacks but prevent them from doing any
damage. Watching these provoked exploits in real time lets the agency learn how
China works.
And amid the bluster, a generous serving of bullshit:
Now, though, the
cumulative effect of Chinese economic warfare - American companies' proprietary
secrets are essentially an open book to them - has changed the secrecy
calculus. An American official who has been read into the classified program -
conducted by cyber-warfare technicians from the Air Force's 315th Network
Warfare Squadron and the CIA's secret Technology Management Office - said that
China has become the "Curtis LeMay" of the post-Cold War era:
"It is not abiding by the rules of statecraft anymore, and that must
change."
"The Cold War enforced norms, and the Soviets and the US didn't go outside
a set of boundaries. But China is going outside those boundaries now.
Homeostasis is being upset," the official said. [7]
A more impressive and evocative term than "upset
homeostasis" to describe the US cyber-war conundrum is "Stuxnet".
The Obama administration's cyber-maneuverings have been complicated and, it
appears, intensified, by the problem that the United States "did not abide
by the rules of statecraft" and "went outside the boundaries"
and, indeed, became the "Curtis LeMay of the post Cold War era" when
it cooperated with Israel to release the Stuxnet exploit against Iran's nuclear
program.
…
Not unsurprisingly, post-Stuxnet the Chinese government has
even less interest in the "Law of Armed Conflict in cyberspace" norms
that the United States wants to peddle to its adversaries but apparently ignore
when the exigencies of US interests, advantage, and politics dictate.
Instead, the PRC and Russia have lined up behind a proposed "International
Code of Conduct for Internet Security", an 11-point program that says
eminently reasonable things like:
Not to use ICTs
including networks to carry out hostile activities or acts of aggression and
pose threats to international peace and security. Not to proliferate
information weapons and related technologies.
It also says things like:
To cooperate in
combating criminal and terrorist activities which use ICTs [information and
computer technologies] including networks, and curbing dissemination of
information which incites terrorism, secessionism, extremism or undermines
other countries' political, economic and social stability, as well as their
spiritual and cultural environment. [11]
The United States, of course, has an opposite interest in
"freedom to connect" and "information freedom," (which the
Chinese government regards as little more than "freedom to subvert")
and has poured scorn on the proposal.
The theoretical gripe with the PRC/Russian proposal is that it endorses the
creation of national internets under state supervision, thereby delaying the
achievement of the interconnected nirvana that information technology
evangelists assure us is waiting around the next corner - and also goring the
ox of West-centric Internet governing organizations like ICANN.
So the Chinese proposal is going exactly nowhere.
The (genuine) irony here is that the Chinese and Russians are showing and
driving the rest of the world in their response to the undeniable dangers of
the Internet ecosystem, some of which they are themselves responsible for but
others - like Stuxnet - can be laid at the door of the US.
In response to hacking, the Internet as a whole has evolved beyond its open
architecture to a feudal structure of strongly-defended Internet fortresses,
with cyber-surfs free to roam the undefended commons outside the gates, glean
in the fields, and catch whatever deadly virus happens to be out there.
In recent months, the word "antivirus" has disappeared from the
homepages of Symantec and MacAfee as they have recognized that their reference
libraries of viruses can't keep up with the proliferation of millions of new
threats emerging every year, let alone a carefully weaponized packet of code
like Stuxnet, and protect their privileged and demanding users. Now the
emphasis - and gush of VC and government money - has shifted to
compartmentalizing data and applications and detecting, reducing the damage,
and cleaning up the mess after a virus has started rummaging through the
innards of an enterprise.
In other words, the Internet fortresses, just like their medieval analogues,
are increasingly partitioned into outer rampart, inner wall, and keep -
complete with palace guard - in order to create additional lines of defense for
the lords and their treasure.
In other words, they are starting to look like the Chinese and Russian national
internets.
…
Absolute cyber-safety, through defense or deterrence against an antagonist, is
a chimera. The best hope for the Internet might be "peaceful
coexistence" - the move toward cooperation instead of confrontation that
characterized the US-USSR relationship when it became apparent that
"mutually assured destruction" was leading to a proliferation of
dangerous and destabilizing asymmetric workarounds instead of "security
through terror".
Or, as the Chinese spokesperson put it in Demick's article:
"Cyberspace needs
rules and cooperation, not war. China is willing to have constructive dialogue
and cooperation with the global community, including the United States,"
Foreign Ministry spokeswoman Hua Chunying said at a briefing Tuesday. [14]
It looks like the Obama administration, by carefully and
convincingly placing the cyber-theft issue on the table, might be working
toward some kind of modus vivendi that leads to a joint reduction of
Internet threats - dare I say, win-win solution? - with the PRC.
It remains to be seen if this initiative can withstand the pressures of the US
military, security, and technology industries for a profitable threat narrative
- and the Obama administration's own inclination toward zero-sum China-bashing.
"US Getting Better at Cyber Blaming, Not Cyber Security"
4 Comments -
A big part of world leadership, to which the US aspires, is that when things go awry, as they do, like wars and stuff, it's always somebody else's fault, often personalized if possible, especially for non-obedient countries (Tojo, Hitler, Hussein, Maliki, Putin, Assad, etc.).
China (and Chinese) has always been a special whipping-boy for the US, never looked upon positively, Chinese Exclusion Act, etc., and now it's worse because China actually wants to be recognized as a world power! Imagine that! Bunch of malcontents, if you ask me. /s
2:39 PM
Excellent view of potus' and congress' inflammatory and actionable whinging. Thankyou.
Stop the Immoral and Illegal Wars!
8:25 PM
I am an avid reader who likes engaging content. That's why I am here. Your original views on this topic are refreshing and interesting. You've done a great job of expressing your views. Thank you.
tu 95| call of duty| clicker heroes| strike force heroes 2| kitten cannon
scooby doo games| scooby doo| brain games| braingames| brain
1:32 AM
it's pretty good information and my pleasure to read this type of article. The main advantages of this article is giving good information to every readers and even impressing to write this type good article. So if any plan to write any future article and they can assist this writing service for getting enough guidelines.
11:50 PM