I found this interesting. At the Washington Post Christian Shepherd, Cate Cadell, Ellen Nakashima, Joseph Menn and Aaron Schaffer report on the release of a sizeable cache of emails, chat logs, images, etc. documenting the Chinese government’s massive cyber-spying program against foreign governments, companies, etc.:
A trove of leaked documents from a Chinese state-linked hacking group shows that Beijing’s intelligence and military groups are attempting large-scale, systematic cyber intrusions against foreign governments, companies and infrastructure — with hackers of one company claiming to be able to target users of Microsoft, Apple and Google.
The cache — containing more than 570 files, images and chat logs — offers an unprecedented look inside the operations of one of the firms that Chinese government agencies hire for on-demand, mass data-collecting operations.
The files — posted to GitHub last week and deemed credible by cybersecurity experts, although the source remains unknown — detail contracts to extract foreign data over eight years and describe targets within at least 20 foreign governments and territories, including India, Hong Kong, Thailand, South Korea, the United Kingdom, Taiwan and Malaysia. Indian publication BNN earlier reported on the documents.
“We rarely get such unfettered access to the inner workings of any intelligence operation,” said John Hultquist, chief analyst of Mandiant Intelligence, a cybersecurity firm owned by Google Cloud. “We have every reason to believe this is the authentic data of a contractor supporting global and domestic cyberespionage operations out of China,” he said.
In one sense none of this is surprising at all. It has been widely believed that the Chinese government has been engaging in cyberattacks against foreign governments, companies, and individuals for years. In my own case I eliminated almost all of my unwanted traffic and intrusions into this blog by the simple expedient of blocking China-based IP addresses.
I’ll make a very clumsy analogy. The shocking part of Germany’s official murders of certain segments of its population in the 1930s and 1940s—Jews, homosexuals, communists, etc.—was not the fact of it. There had been massacres and pogroms for millennia. It was the sheer industrial scale of it and systematic approach to it.
Similarly with Chinese hacking. Countries have spied on each other for as long as there have been countries. We do it. The Brits do it. The Canadians probably do it for goodness sake. The scale and scope of Chinese cyberattacks is something else again. I see no way of having an even semi-secure Internet as long as that’s the case. I only see two alternatives. One of them is to prohibit by law access to the public Internet by any organization you want to avoid being hacked. That includes government offices, utilities, hospitals (as we in Chicago have learned lately) and many others. The other is to block Chinese access to the Internet.
Since both of those are deeply unpalatable, I suspect we’ll just accept an insecure Internet with periodic attacks and takedowns of government offices, utilities, hospitals, etc.
BTW in case anyone brings it up AFAICT the world’s heavyweight champion hackers are the Russians and the Israelis. However, as noted in the post, in my personal experience I reduced the hacking of this blog to something manageable by blocking China-based IP addresses.
I’m the absolute last person to look to for an informed (or intuitive) opinion, but here you go.
https://www.zerohedge.com/geopolitical/whos-behind-cyber-attacks
I guess its adequate to simply observe that our 3 biggest foes – China/Russia/Iran – take the prize.
What I find scary is the 50% unidentified.
Chinese and Russians run neck and neck in hacking. Why eliminate China and not Russia? Anyway, one of son’s 2 best friends does cybersecurity for a large bank. It’s not just the number of attacks but the sophistication. She claims N Korea attempts are pretty weak. Russia and China based attacks are pretty serious and done pretty well. Iran is just a step behind those two.
Steve
Off topic, apologies.
Anyone else watch Trump’s CPAC speech?