China thrilled it captured already-leaked NSA cyber-weapon China claims it has obtained malware used by the NSA to steal files, monitor and redirect network traffic, and remotely control computers to spy on foreign targets. The software nasty, dubbed NOPEN, is built to commandeer selected Unix and Linux systems, according to Chinese Communist Party tabloid Global Times, which today …
What's worse than nation-states not being able to keep their cyberweapons under control?
The endess self-righteous pearl-clutching over other contries doing it (especially here in the US).
Selling the bizarre fantasy that this will ever stop being a thing.
Pretending that solutions other than better security exist.
I doubt any of that is the motivation for such announcements. It always feels more like:
- Our own counter-intelligence is awesome, we're on top of this stuff
- We've captured their thing (go us)
- We're watching what they're up to, so they better watch out!
- Average Joe don't panic
- Law-makers keep giving us the resources to do our jobs
- Security pros help us by looking out for these attack signatures
- And now here's a 30 second message from our partner Symantec
I like a bit of cyber-espionage. It's exciting.
I do wonder though, at what point do we decide we're at war with a country in the cyber space?
It's kinda easy to determine a war in Ukraine (I'm not trivializing this, I am appalled by it) because there are tanks rolling down the street.
But is there a classification for 'war' when it's happening in cyber space? Is there a point that must be reached, is there an research on this?
We'll probably get there soon. If I bomb a power plant as an individual, I'd be a terrorist. If as instructed by a nation, it could be a causus belli, or act of war. If I use a cyberattack, it's all good.
I think it's the same for economic warfare. We've frozen the assets of Russia's central bank, which is pretty hostile. We've frozen or seized assets of other civilians, which is pretty hostile. Especially given that's arguably collective punishment, and against Article 3 of the Geneva Convention. Which is probably why Russia insists this is a 'special' operation. Rules change once it's an officially declared war.
But for a long time, we've had wars that looked like wars, were described as wars, but legally were not. No war declarations for Gulf War 1 or 2, the Afghan War, the Syrian War. Or the general 'War on Terror'. But then wars are between nations.
Sorting the mess out and modernising the Geneva Convention to cover stuff like economic and cyber warfare is probably long overdue, and find out the hard way. But then economic warfare has been extremely profitable, so countries might be reluctant to give that up.
If a nation is a signatory, or 'High Contracting Party', then it should be expected to follow Convention or Treaty rules. So between nations, Article 2 applies, Article 3 if it involves non-state actors, eg during Ukraine or Syria's civil wars. But if war hasn't been declared, nations seem to bend the rules.
If something walks like a war, quacks like a war and explodes like a war, it probably is. Most people would probably agree that Russia v Ukraine is war, even if undeclared. New forms of warfare are getting more complex and risky. So say NATO or Russia state that cyberattacks will be considered hostile attacks, ie a cause for war. NATO could then retaliate. But other nations, if they're attacked by a NATO member, could reasonable hold NATO members to the same standards. For NATO, I guess it gets more complicated, ie if a member unilaterally invokes war by cyberattack, Article 5 mutual defence may not apply because the member started it.
"If something walks like a war, quacks like a war and explodes like a war, it probably is. Most people would probably agree that Russia v Ukraine is war, even if undeclared."
Sleazy lawyers looking for loops holes so it can be claimed to be "not a war". There are probably earlier examples, but it goes back to at least the Korean "Police Action" in 1950's.
Then you understand wrong. Seriously, it beggars belief that such an obvious loophole would exist, and of course, it does not in fact exist. It's really, really easy to check that it does not exist.
See "Geneva Convention relative to the Treatment of Prisoners of War", article 2:
"the present Convention shall apply to all cases of declared war or of any other armed conflict which may arise between two or more of the High Contracting Parties, even if the state of war is not recognized by one of them."
https://www.ohchr.org/en/instruments-mechanisms/instruments/geneva-convention-relative-treatment-prisoners-war
The US or Russia are simply ignoring the Convention when it fits their needs, basically because there's nobody to enforce it against an hypocritical superpower, not because of any loopholes.
-> NOPEN wouldn't be the first time that NSA-developed offense code landed in the wrong hands
The usual nationalist western orientated (meaning USA) view that there are wrong and right hands, and of course the only 'right' hands are the USA's.
It's OK for the USA to spy on the world, but if anyone does it back, it's considered a bad thing. Please stop this nonsense. It is the act which is bad in itself. Taken to the logical conclusion, it's OK for the USA to commit genocide but not for anyone else.
Terry Pratchett's observation applies:
People believe there are good guys and bad guys, however there are usually just bad guys on both sides, with differing motivations, both believe they're the good guys and most of the general population is merely caught in the crossfire
The U.S. is scared shitless of HuaWei, while embedding in Windows and Unix stuff that they claimed HuaWei is doing. By NSA, no less. The report did highlight the early detection by Shadow Brokers. When you are responding to articles from China, it will make more sense to read the Chinese version such as http://m.cyol.com/gb/articles/2022-03/14/content_wmyWACRVK.html
instead of relying on translations that will inevitably lose the flavour and pulse of the original.
not sorry, not scared, not making excuses for corrupt governments (name one that isn't) that do not represent the people of the nations they live in.
Make no mistake, information war is waging between nations all the time and won't stop. Pick a side if you want, or live your own life, your call.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
