A golden opportunity
Now would be the perfect time to whack the Chinese military hard.
The Wall Street Journal is the latest media titan after the New York Times to admit it was raided by Chinese hackers. The WSJ confessed on Thursday a day after the NYT similarly blamed intruders linked to China's military for a persistent four-month assault against its computer systems. The attack against the NYT used a …
Korean War actually. When it was looking bad for the North Koreans, the Chinese jumped in with over a million men. Gen, MacArthur wanted to use atomic bombs to stop the influx, but Pres, Truman sacked MacArthur instead - they never did get along, one a peacock and the other a haberdasher.
That;s the short version anyway - China is waaaay scarier today when you consider what usually follows a generational uneven male-to-female birth rate.
China is waaaay scarier today when you consider what usually follows a generational uneven male-to-female birth rate
Yup - you state what I have been mentioning for years. China is in an excellent position to become an active aggressor if it wants to, which is IMHO rather worrying..
>China is in an excellent position to become an active aggressor
Chinese culture by default tends to think long term though so they are still far less scary than say a nuclear armed Pakistan. Big difference between aggression and suicide. Any country with anything to lose (China has a whole lot to lose now) is less scary. With some Muslim countries though I can understand why the concept of heaven is so inviting considering what their daily reality is.
"Yup - you state what I have been mentioning for years. China is in an excellent position to become an active aggressor if it wants to, which is IMHO rather worrying."
Militarily?!
No, it's not. The composition of Chinese military forces is defensive in nature, and not capable of projecting force. Simply put: Thoughts of large-scale Chinese military aggression are unfounded. It will be at least a decade before they've properly integrated and new offensive elements, they lack a real 'blue water' navy and any long-range air-power. And there's not a lot of point in having a lot of people in uniform unless you can transport them all rapidly. Us accusing the Chinese as being military aggressive is like Rome telling the Phoenicians that they're vicious aggressors.
Economically, that's a different kettle of fish of course. China is playing a long game, and although not as outwardly aggressive or militaristic as us (Let's not forget which nations actively have boots-on-the-ground on foreign soil here: It's the US/UK FAR more than China/Russia), they are major players. China doesn't need weapons to become a superpower or maintain its status as such. Not for as long as we're all so eager to buy our stuff cheaply from there. Ultimately a (vaguely) communist nation is whipping our ass at capitalism, and using it against us.
This post has been deleted by its author
"Now would be the perfect time to whack the Chinese military hard."
Maybe that's the view that you're supposed to have. Interesting to note that in addition to the NYT coverage, I've seen a couple of editorials on US based tech sites demanding that the US government take a more agressive stance and attack the cyberfoes (electronically, of course). All at a time when the Pentagon is trying to increase severalfold the number of tech warfare specialists.
We're being led to believe by the press coverage that the US is being hacked, and that it is not doing any hacking in either defensive or agressive capacties. After Stuxnet that seems most unlikely. But this rather ill informed public debate can't be doing any harm as the Pentagon, DHS and other agencies negotiate future budgets.
Aurora and RSA I believe had links with the TDSS (TDL) rootkit? Which ironically, Russian-based Kaspersky were the first AV company to make a tool to 'fix'
Night Dragon sounds similar to stuxnet style according to a whitepaper by Mcafee?
Whilst TitanRain, ShadyRAT sound like they go hand in hand? -- Like bugware would or Kryptik (which even sounds like a little russian gimmic?)
The chinese might use honeypots in order to identify threats to their networks (Provided they have sufficient HIPS and IDS solutions) --- I guess the great firewall of china was built for this purpose, perimeter control? --- Oh wait, it was to censure the population?
Next will the Arabic nations be to blame? Since I've noticed a trend of turkish / arabic groups on Zone-H.org?
AV is only as good as the heuristics it uses, its not a fully comprehensive security package!
Either way, It'll all seem to go in circles? :-/
Vendors in this camp include those who advocate white-listing as an alternative to antivirus.
I have yet to encounter a convincing argument that AV should be replaced. Augmented, yes, but not replaced. I have had to monitor too many logs to put my trust in any one layer of defense. The biggest challenge to information security measures will always be the intended users of a given system. I do not have any stats handy, but my experience has been that despite all logic to the contrary, odds are pretty good that your standard user will happily press the big red button labelled DO NOT PRESS.
During the last two years or so, any obvious malware I've spotted - stuff pointed to by links in phishing emails and such - had an average detection rate of 25% or so on VirusTotal. Which means that if one is stupid enough to click on such links, odds are that he/she will end up with an infected machine despite running one of those resource hogs they call antivirus software these days.
On the other hand, Cisco has just pointed out that advertising on mainstream sites has now become the main vector of infection.
It follows that the single most effective countermeasure these days, is to use an ad blocker. Doing so will deprive online publications of ad revenue and has publishers scream bloody murder - but the publishers should direct their rage to the advertising industry rather than the users and purveyors of ad blockers.
STOP, 'cuz thats what the little icon in the status bar of my browser looks like.
Safe Browsing
Diagnostic page for articles.latimes.com
What is the current listing status for articles.latimes.com?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 4 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 4288 pages we tested on the site over the past 90 days, 336 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-02-04, and the last time suspicious content was found on this site was on 2013-02-03.
Malicious software is hosted on 3 domain(s), including ads.zitaholdings.com/, openx.org/, d1.rumbaypelo.com/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including openx.org/.
This site was hosted on 7 network(s) including AS36408 (PANTHER), AS31133 (MF), AS6854 (SYNTERRA).
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://articles.latimes.com/2013/feb/01/science/la-sci-living-crystals-20130202
"Covert military, espionage, or sabatoge operations designed to deceive in such a way that the operations appear as though they are being carried out by other entities may be described as being carried out by 'false flack'. Operations carried during peace-time by civilian organisation, as well as covert government agencies, may by extension be called 'false flack' operations if they seek to hide the real organisation behind an operation."
"The NYT electronic break-in was a catalyst for a debate about the effectiveness of antivirus software. There are broadly three camps to this discussion: Defenders of the continuing usefulness of the technology argue that it's necessary but insufficient. You need antivirus, and not just on the desktop, along with intrusion prevention, monitoring and other layers of protection".
What we need is for the integrated innovators to come up with a design for a 'computer` that doesn't execute code when the end-user clicks on a URL or opens an email attachment ...
I noticed a topic of people talking about China being scary today.
You are correct. But here is how the war would go.
China big a heck. U.S. big as heck. The U.S has the tech/war weapons to pull it off. But somewhere along the line I feel atomic weapons would be used. And thats the scary part.
So back in the olden days when I worked for a email security company I was shown a spreadsheet. This spreadsheet contained a list of companies who had been targeted with a number of different trojans (which we were stopping). So far all a bit normal. However, alongside the list of companies and the trojans we also had a list of the IPs being used to relay the malware.... This made things a little bit more interesting as we started to see patterns linking the IPs being used (yes I know that they were all open relays and compromised machines but they were the SAME open relays and compromised machines over and over again) and the target companies.
Cut a long story short we fiddled around a bit and came up with a list of companies we were pretty sure were being attacked by the same group of people. Obviously I can't name names but given the variety of targets including defence, governments, paint manufacturers (owned by chemical companies), and also media & certain charities it was pretty bleeding obvious who the bad guys were.
Its not a question of "have you been owned?" but more "How long did it take you to find out you had been owned????"