China rubbishes cyber-espionage claims

PT Barnum

"The Information Warfare Monitor project"

Tell me, would the information warfare monitor project ever find that there isn't a real war on info? The agenda kind of dictates their conclusion don't you think?

"1. You receive a spoofed email with an attachment"

Everyone gets these.

"2. The email appears to come from someone you know"

The friend who has your email has already has his PC hacked and they have your name from the address book. They also often have previous documents from his PC & or email.

"3. The contents make sense and talk about real things (and in your language)"

Self selecting Barnum statement. You actually get many in many different languages. So does everyone else. Your spam filter finds it easier to take out the foreign language ones. Mine removes the Russian ones, but tends to leave in the French and English ones.

"4. The attachment is a PDF, DOC, PPT or XLS"

Yep, the known vulnerabilities.

"5. When you open up the attachment, you get a document on your screen that makes sense"

Nope, it's typically a PDF from your hacked friends computer or email automatically chosen at random with the exploit added.

"6. But you also get exploited at the same time"

Yep, that's the point.

"7. The exploit drops a hidden remote access trojan, typically Poison Ivy or Gh0st Rat variant"

Yep.

"8. No one else got the email but you"

Rubbish, you get an email based on a algorithm with a pdf from a hacked computer associated with you, from which your email details were obtained, you may not understand the algo, but this attack relys on bulk algorithmic attack, and it is not manually done.

"9. You work for a government, a defense contractor or an NGO"

You are anyone, anywhere, anytime. This is a self selecting Barnum statement: You are special, unique, you present a facade to others to cover your inner vulnerability.... no you are not, but if I tell you that you will self select yourself! They have describe a common known algo attack and added a Barnum statement to it.

Back in the real world. Keep your *secret* PCs connected to *private* networks and not the public internet. Do not assume you are special in any way, or that their is some sort of cyber war going on, that is the crap of companies involved in cyber security who want to sell you something. Better to not buy their crappy firewalls and keep your network totally private and off the net. Do not connect your private security PCs to the public internet, even through their crappy firewalls.

Pot and kettle

I'm sure China is doing its best to spy on everyone else, just as Russia is and the USA is, and any other country who thinks it can. China as the Evil Empire is true when it comes to human rights, but hardly a stand-out when it comes to dirty dealing. (In fact, when it comes to human rights, Russia and the USA aren't that far behind it...)

Elements

Yes, one would indeed think that if a national government were spying on peoples' computers, they would use techniques much more sophisticated than those used by hackers. One would expect, for example, a spy to slip a hardware bug into the Dalai Lama's keyboard - or his router.

However, it does not seem too strange to me that among all the infections of computers caused by run-of-the-mill malware, a government might be foolish enough to try using the large pool of infected machines as a tool to place another infection in specifically targeted machines. If China is indeed using this technique, as the report would seem to indicate, it is foolish because, as the report shows, it is all too easy to get caught.

UK state sponsored terrorism

You do know that Bin Laden trained in Scotland, not in Pakistan?

http://news.bbc.co.uk/1/hi/scotland/1546995.stm