back to article China thrilled it captured already-leaked NSA cyber-weapon

China claims it has obtained malware used by the NSA to steal files, monitor and redirect network traffic, and remotely control computers to spy on foreign targets. The software nasty, dubbed NOPEN, is built to commandeer selected Unix and Linux systems, according to Chinese Communist Party tabloid Global Times, which today …

  1. ecarlseen

    Every country does this. Every country whines about it.

    What's worse than nation-states not being able to keep their cyberweapons under control?

    The endess self-righteous pearl-clutching over other contries doing it (especially here in the US).

    Selling the bizarre fantasy that this will ever stop being a thing.

    Pretending that solutions other than better security exist.

    1. Blazde

      Re: Every country does this. Every country whines about it.

      I doubt any of that is the motivation for such announcements. It always feels more like:

      - Our own counter-intelligence is awesome, we're on top of this stuff

      - We've captured their thing (go us)

      - We're watching what they're up to, so they better watch out!

      - Average Joe don't panic

      - Law-makers keep giving us the resources to do our jobs

      - Security pros help us by looking out for these attack signatures

      - And now here's a 30 second message from our partner Symantec

    2. Anonymous Coward
      Anonymous Coward

      Re: Every country does this. Every country whines about it.

      Was just going to say... This article was written as if to illustrate China's hypocrisy in doing what they say the US is doing.... But the US and other allied countries do the same...

  2. Anonymous Coward
    Anonymous Coward

    Great

    I like a bit of cyber-espionage. It's exciting.

    I do wonder though, at what point do we decide we're at war with a country in the cyber space?

    It's kinda easy to determine a war in Ukraine (I'm not trivializing this, I am appalled by it) because there are tanks rolling down the street.

    But is there a classification for 'war' when it's happening in cyber space? Is there a point that must be reached, is there an research on this?

    1. Jellied Eel Silver badge

      Re: Great

      We'll probably get there soon. If I bomb a power plant as an individual, I'd be a terrorist. If as instructed by a nation, it could be a causus belli, or act of war. If I use a cyberattack, it's all good.

      I think it's the same for economic warfare. We've frozen the assets of Russia's central bank, which is pretty hostile. We've frozen or seized assets of other civilians, which is pretty hostile. Especially given that's arguably collective punishment, and against Article 3 of the Geneva Convention. Which is probably why Russia insists this is a 'special' operation. Rules change once it's an officially declared war.

      But for a long time, we've had wars that looked like wars, were described as wars, but legally were not. No war declarations for Gulf War 1 or 2, the Afghan War, the Syrian War. Or the general 'War on Terror'. But then wars are between nations.

      Sorting the mess out and modernising the Geneva Convention to cover stuff like economic and cyber warfare is probably long overdue, and find out the hard way. But then economic warfare has been extremely profitable, so countries might be reluctant to give that up.

      1. RPF

        Re: Great

        Russia cannot have it both ways. The Geneva Convention would only apply if they declared war, surely.

        1. Jellied Eel Silver badge

          Re: Great

          If a nation is a signatory, or 'High Contracting Party', then it should be expected to follow Convention or Treaty rules. So between nations, Article 2 applies, Article 3 if it involves non-state actors, eg during Ukraine or Syria's civil wars. But if war hasn't been declared, nations seem to bend the rules.

          If something walks like a war, quacks like a war and explodes like a war, it probably is. Most people would probably agree that Russia v Ukraine is war, even if undeclared. New forms of warfare are getting more complex and risky. So say NATO or Russia state that cyberattacks will be considered hostile attacks, ie a cause for war. NATO could then retaliate. But other nations, if they're attacked by a NATO member, could reasonable hold NATO members to the same standards. For NATO, I guess it gets more complicated, ie if a member unilaterally invokes war by cyberattack, Article 5 mutual defence may not apply because the member started it.

          1. John Brown (no body) Silver badge

            Re: Great

            "If something walks like a war, quacks like a war and explodes like a war, it probably is. Most people would probably agree that Russia v Ukraine is war, even if undeclared."

            Sleazy lawyers looking for loops holes so it can be claimed to be "not a war". There are probably earlier examples, but it goes back to at least the Korean "Police Action" in 1950's.

            1. batfink Silver badge

              Re: Great

              War was not declared in (for example) either Vietnam, Chechnya or Iraq, As I understand it, the lack of a declaration of war means that the combatants are not bound by the Geneva Convention.

              A nice avoidance mechanism, employed by governments of all stripes.

              1. Anonymous Coward
                Anonymous Coward

                Re: Great

                Then you understand wrong. Seriously, it beggars belief that such an obvious loophole would exist, and of course, it does not in fact exist. It's really, really easy to check that it does not exist.

                See "Geneva Convention relative to the Treatment of Prisoners of War", article 2:

                "the present Convention shall apply to all cases of declared war or of any other armed conflict which may arise between two or more of the High Contracting Parties, even if the state of war is not recognized by one of them."

                https://www.ohchr.org/en/instruments-mechanisms/instruments/geneva-convention-relative-treatment-prisoners-war

                The US or Russia are simply ignoring the Convention when it fits their needs, basically because there's nobody to enforce it against an hypocritical superpower, not because of any loopholes.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Great

                  So, as long as there's no armed conflict it's all OK?

                  Fine, we'll only engage in police actions.

    2. Anonymous Coward
      Anonymous Coward

      Re: Great

      Given my error.log files and any measure I'm apparently at war with OVH, Azure and DigitalOcean already, globally..

    3. Anonymous Coward
      Anonymous Coward

      Re: Great -

      Maybe “special operation”?

  3. VoiceOfTruth

    Wrong hands versus right hands

    -> NOPEN wouldn't be the first time that NSA-developed offense code landed in the wrong hands

    The usual nationalist western orientated (meaning USA) view that there are wrong and right hands, and of course the only 'right' hands are the USA's.

    It's OK for the USA to spy on the world, but if anyone does it back, it's considered a bad thing. Please stop this nonsense. It is the act which is bad in itself. Taken to the logical conclusion, it's OK for the USA to commit genocide but not for anyone else.

    1. fxkeh

      Taken to the logical conclusion...

      > Taken to the logical conclusion, it's OK for the USA to commit genocide but not for anyone else.

      The USA was literally formed by the genocide of the native peoples of north America and it was justified as OK by calling it their Manifest Destiny.

      1. Cliffwilliams44 Bronze badge

        Re: Taken to the logical conclusion...

        And the Europeans are innocent of any genocide through out their entire history! Yeah, spare us your sanctimonious bovine excrement!

        1. Anonymous Coward
          Anonymous Coward

          Re: Taken to the logical conclusion...

          Hey, we only did it to bring religion and civilization to unbelievers, thank you very muc!

    2. Alan Brown Silver badge

      Re: Wrong hands versus right hands

      Terry Pratchett's observation applies:

      People believe there are good guys and bad guys, however there are usually just bad guys on both sides, with differing motivations, both believe they're the good guys and most of the general population is merely caught in the crossfire

  4. Anonymous Coward
    Anonymous Coward

    Beijing Mischief?

    The U.S. is scared shitless of HuaWei, while embedding in Windows and Unix stuff that they claimed HuaWei is doing. By NSA, no less. The report did highlight the early detection by Shadow Brokers. When you are responding to articles from China, it will make more sense to read the Chinese version such as http://m.cyol.com/gb/articles/2022-03/14/content_wmyWACRVK.html

    instead of relying on translations that will inevitably lose the flavour and pulse of the original.

    1. JWLong

      Re: Beijing Mischief?

      行远程控制,既可以由攻击者手动植入,也可以由美国国家安全局的网络攻击武器平台自动植入受

      Who let the chickens out?

    2. Anonymous Coward
      Anonymous Coward

      Re: Beijing Mischief?

      not sorry, not scared, not making excuses for corrupt governments (name one that isn't) that do not represent the people of the nations they live in.

      Make no mistake, information war is waging between nations all the time and won't stop. Pick a side if you want, or live your own life, your call.

  5. joszik

    Janus is on !

    As long as we don't talk about integration into the architecture of processors, everything is fine in the best of worlds for Intel, IBM and Apple.

  6. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022