back to article China denies hacking claims, says it doesn’t need US tech

The Chinese Defense Ministry has rebutted claims in a US government report that it is systematically stealing American military secrets, and points out that China is producing enough of its own. "We believe that the US remarks are a misjudgment. First it underestimates the Pentagon's security capabilities, and second it …

COMMENTS

This topic is closed for new posts.
  1. Bucky 2
    Paris Hilton

    My server logs say different

    China is overrepresented in the illicit connection attempts against the servers I administer.

    We've got to explain this somehow:

    1) Chinese folks are fundamentally more prone to criminal behavior than anybody else

    2) Chinese folks are fundamentally less competent as system administrators (and thus are themselves hacked and the hacked computers are used in greater proportions to launch attacks against others than anywhere else).

    3) Hacking is at best, less prosecuted by the Chinese government than anywhere else, which is at least TACIT State sponsorship, and at worst, ACTIVE state sponsorship.

    Explanation number 3 is the only one I've come up with which doesn't rely on racist presumptions.

    So, saying that China doesn't NEED US tech is a little like Paris Hilton saying she doesn't NEED to be bad. True enough, but....

    1. Anonymous Coward
      Anonymous Coward

      Re: My server logs say different

      Had you considered that :-

      4) China has a population of 1.3 billion, 20% of the worlds total population?

      By sheer odds then you'd think that they would be represented pretty well, to be honest. 3 is near certainly true though. Tacit state sponsorship is quite likely though, it's China's best bet to deal with the west in a conflict. They know they don't stand a chance against us in an all up war and this is an asymmetric form of warfare that they stand a good chance at doing plenty of damage against us with.

    2. nuked

      Re: My server logs say different

      @Bucky 2

      Lunatic.

    3. Wzrd1 Silver badge

      Re: My server logs say different

      Wrong. The PRC has been caught inside of both US commercial institutions, in particular corporations involved in trade negotiations with PRC firms and caught up to its elbows inside of US military networks from IP's well documented for being part of the PRC military cyberwarfare units.

      Indeed, for US DoD networks, there were two well reported network wide breaches that cost in the billions of dollars to remediate.

      The PRC was caught with their cyberwarfare folks connected to ITT's nightvision labs. The PRC also solicited contracts to build sensitive components for ITT nightvision labs. Strangely enough, they already knew how to build those components, which tipped off the US DoD. ITT ended up paying a record fine for unlawful export of technologies that are restricted for export.

      The PRC has had a long history of isolationism. That failed them when the British Empire invaded and subjugated China. Hence, the thousands of years of retaining satellite buffer states is not as effective in protecting their nation. The PRC still lacks an effectively sized blue water navy, indeed, they only have a few blue water capable ships currently. Hence, they use a smarter defense, network centric. That is especially effective now, as the US and NATO are operating in a network centric mode themselves, so disrupting networks is a highly effective defense. Meanwhile, information can also be obtained to learn techniques and tactics, as well as intentions of the national leadership.

      Since the PRC has the largest national population in the entire world, they can field far, far, far more cyberwarfare soldiers than any other nation can.

      Enough to even give Russia pause.

      And network disruption was well proved with the scuffle between Russia and Georgia. Or did you forget that South Ossetia invasion? It began with cyber attacks on the Georgian government networks, dropping them and preventing communication.

      I remember it well, as we monitored what was being done, as well as juggled troops into position, should it be decided that we should intervene.

  2. Peter2 Silver badge

    Calling that aircraft a copy of the F15 is absurd. The layout is obviously utterly different just from looking at a photo of both. The engines are in a different layout for a start (more like the MIG29) and it's has different arrangements for ailerons and even sodding cannards. How different does it needs to be?

    Secondly, "stealth" as a descriptor needs to be taken out and shot since it's so comicly misunderstood as being like a cloaking device. Possibly lower RCS (Radar Cross Section) on certain aspects if the paint hasn't work thin doesn't sound quite as snappy though does it? If your just looking at RCS reduction measures below a certain point then the Eurofighter is a Stealth Aircraft from the front aspect given the effort put into frontal RCS reduction...

    1. Anonymous Coward
      Anonymous Coward

      I must have missed the part where the article claimed the pictured aircraft is a copy of the F-15. I did however notice the photo of the Chinese F-15 taking off from one of their new aircraft carriers. I suspect you're confused by the name, but believe it or not, the chinese can name their planes whatever they please. It also seems to me that a 40-year old aircraft that requires 4000+ ft of runway is not the ideal starting point for a modern naval aircraft.

      1. sphery

        Good theory--and true that they can call an aircraft whatever they want--but I think the statement, "As for stocking the ship, the Chinese F-15 multi-role aircraft is in testing for carrier landings," simply has a typo. The aircraft shown is the Shenyang J-15 ( http://aircraft.wikia.com/wiki/Shenyang_J-15 ). Note how J and F are both typed with the same finger--but using different hands (at least for those of us who are touch typists).

        The J-15 "Flying Shark" was structurally based on the Russian Sukhoi Su-33 design, but was not built under license. The Russians even called it a "clone" of the Su-33. The J-15's predecessor, the J-11 ( http://aircraft.wikia.com/wiki/Shenyang_J-11 ), however, was built by Shenyang under a production agreement with Russia from 1995 until 2006, when Russia cancelled the agreement 2 years after Shenyang started development of their own variant, the J-11B, which they are still building unlicensed.

        Does that count as "hacking" to get Russian military secrets?

    2. NomNomNom

      Hmm notice how Chinese planes have wings...American planes have wings too. Think that's a coincidence?

    3. Wzrd1 Silver badge

      Stealth. It is a badly understood thing.

      Stealth does rely upon lower radar cross section and absorbent components. However, as was proved in Bosnia, retuning the radar to a different band or different part of the band changes the return to potentially an effective detection zone.

      In short, what is effective for one radar technology may not be effective for another or when one retunes it, as the stealth technologies concerned are tuned to defeat certain "enemy" radar technologies.

      Still, the PRC has been caught many, many times inside of US corporate networks and US government networks. Their IP's resolving to military cyber warfare organizations. That said, one wonders how often the US is also doing such things to the PRC, hence a tit for tat ration?

  3. Anonymous Coward
    Anonymous Coward

    "First it underestimates the Pentagon's security capabilities"

    This seems to imply that they have a very good understanding of the Pentagon's security

    1. ACx

      And the US seems to want to openly admit that it's security isnt up to much.

      1. Anonymous Coward
        Coffee/keyboard

        f*c*e*s probably want their budget increased

        y?

      2. Wzrd1 Silver badge

        "And the US seems to want to openly admit that it's security isnt up to much."

        At least in the past. It's improved by a bit since some really embarrassing incidents. Well, embarrassing and horrifically expensive to repair.

        Such as one incursion of PRC written malware that reported direct to their military, which infected, NIPRnet, SIPRnet, JWICS and CENTRIX. Fortunately, it was unable to "phone home" on the classified networks. But, it identified some incorrect procedures that were in use at the time.

    2. Don Jefe

      I think it was supposed to mean security in reference to explody things, not IT security. That's what I gathered anyway.

    3. Wzrd1 Silver badge

      "This seems to imply that they have a very good understanding of the Pentagon's security"

      Yes, they have intimate knowledge of not only the Pentagon, but pretty much all of the US NIPRnet. Some incursions were eventually traced in traffic logs as lasting over eighteen months before being detected.

      I can't say much more than that, as I don't desire to be, rightfully, sitting in the cell next to Manning.

  4. Cliff

    It's an open secret that blueprints are logged by the state

    Want to make a new car part? The official 'liaison' will make sure all your plans get copied for party files. Manufacturers expect it because that's the option. You get cheap Labour and the global market, China knocks off what they like for the domestic market, and screw you very much.

    And they're clearly not going to say 'yes, it was us', now, are they?

  5. ElReg!comments!Pierre

    US tech, and server logs

    Honestly a lot of "US tech" is rebadged chinese sweatshop work; that DOES include most of software developpment work, at least the serious stuff.

    As for the server log thing, on my North-America-based servers I do get a lot of ping "from China" trying to reach Baidu through my servers. Heh. As you may have guessed already, even he most cursory look reveals that none of it actually comes from China. All (and I do mean all, as in 100%) of the "Chinese" attempts on my servers actually come from south of the border (i.e. the US of A). Clumsily disguised as Chinese, script-kiddie style (badly spoofed IPs, what-US-people-think-chinese-people-visit sites, and disastrously-faked user-agent strings; formatted american-style, of course, none of the script-kiddies know what Chinese traffic actually looks like).

    Booh, bad "Chinese", bad.

    1. Chris T Almighty

      Re: US tech, and server logs

      What sort of hacking attempts use a spoofed IP? To hack, don't you need to server to send data back to you?

      Any clues as to why America is attacking Canada while doing very bad Chinese impressions?

    2. Don Jefe

      Re: US tech, and server logs

      Hahahaha. WTF are you on about?

    3. Anonymous Coward
      Anonymous Coward

      Re: US tech, and server logs

      My servers (in the U.S.) used to get a regular probing from ip addresses assigned by APNIC to China. So I simply blocked them all. I now get infrequent hits from Brazil and eastern Europe.

      1. NomNomNom

        Re: US tech, and server logs

        Since 2001 I have hosted my own personal website on my own server but in that time I have had to progressively increase security. At first I only blocked addresses from china and eastern europe, but then I found most connections were coming in from europe and the US so I blocked them too. Then one of my "friends" defaced it so now I only allow connections from white listed IP addresses; it's safer that way. If you want to view my website you have to send me your IP address to put on the whitelist, not by email though because I will be blocking that, but by post. The address to post the request is on my website. Within a week you will receive a letter through the post that contains a handwritten captcha. This is to prevent cylons from accessing my site. If you can prove you are a human I will add you to the whitelist and you can enjoy the fruits.

        1. Triggerfish

          Re: US tech, and server logs

          Hold on am I getting this right to see your website someone needs to post their ip, to an address they can only see on your website. Hows that work?

          1. nuked
            Pint

            Re: US tech, and server logs

            "Hows that work?"

            Badly I should imagine.

            If the comment to which you refer didn't have a sarcasm badge slapped to its forehead, that is.

            1. Eradicate all BB entrants

              Re: US tech, and server logs

              I do remember way back when I used peer-guardian that there were constant attempts to access my system from an address that resolved as the Chinese Embassy in London. Not accusing in anyway, just stating what the logs reported.

            2. Triggerfish

              Re: US tech, and server logs

              Doh, my ability to detect sarcasm was hampered by ability at drinking wine first.

        2. Wzrd1 Silver badge

          Re: US tech, and server logs

          "This is to prevent cylons from accessing my site. If you can prove you are a human I will add you to the whitelist and you can enjoy the fruits."

          I'm no cylon, but I've had physicians tell me that I'm not human. ;)

          Guess I'm SOL in getting access to your site.

          Just as well, as I really don't care.

          Seriously though, if you're not doing it at the firewall or router, your defense isn't highly effective, as some exploits can still be received.

      2. Wzrd1 Silver badge

        Re: US tech, and server logs

        "I now get infrequent hits from Brazil and eastern Europe."

        A little over a decade ago, my biggest hits were attempts to find an open relay on my mail server. Most of the hits were from Brazil. Hence, I blocked all traffic from their IP space.

        Beside nation states cyber warfare folks doing their thing, one also now has to contend with malware and worse, botnets.

        Some of which, the only real defense is to have a quality IPS to recognize attempts of botnets to 'get in'.

  6. BornToWin

    If you believe China...

    ...I have some ocean front property in Arizona that you would be interested in.

  7. Anonymous Coward
    Anonymous Coward

    China denies hacking claims, says it doesn’t need US tech - anymore

    There. Title fixed ..

  8. El_Fev

    The aircraft taking off is the Chinese version of the Sukhoi Su-37

  9. Anonymous Coward
    Anonymous Coward

    factories and parts

    as i think i understand it

    a) everything is made up of 'parts'

    b) these 'parts' are made in factories

    c) most of the world's manufacturing is carried out in..China maybe...?

    hacking? nah, just plain good old common sense use of cameras at flight trials, air displays, eyesight, brains and sheer manpower - (their population outnumbers UK 20:1)

    anyone can hire a server anywhere in the world, so 'hacking' from China could mean that any countries 'manufacturers' and 'defence contractor' are hacking each other, or even their 'allies'!

    1. Wzrd1 Silver badge

      Re: factories and parts

      True, but one cannot rent a server inside of the PRC military network.

      As for old fashioned photography, everyone still does it.

      I remember an embassy Chief of Mission getting caught shooting pictures of a stealth aircraft engine inlets some years back.

      Wasn't worth a PNG, they simply took the film.

      You also forgot one other trick that every nation does. Get one model, be it a MiG or other advanced technology device, break it down and reverse engineer it.

      That is something the US, the Russians and now the Chinese are quite good at doing.

  10. Anonymous Coward
    Thumb Down

    ?Then why are they in my network?

    If they do not need our secrets, then why are they in my network?

    It is easy enough to kick their a$$es out, if only my "superiors" had the ball$.......but they don't. They just accept it as a fact of life. ......and the red carpet.

  11. jgarbo

    Copy of F15?

    More like an Su-30 (with canards), than a MIG 29 (no canards), which would give the venerable F15 a run for its money.

This topic is closed for new posts.

Other stories you might like