Stopping Chinese Cyber Theft

[Perknose]

Sorry, small guv guys and internet privacy advocates, but I believe that, on balance, this is a job for the Feds.

FOR the last two months, senior government officials and private-sector experts have paraded before Congress and described in alarming terms a silent threat: cyberattacks carried out by foreign governments.

[...]

Shawn Henry, who retired last Friday as the executive assistant director of the F.B.I. (and its lead agent on cybercrime), told Congress last week of an American company that had all of its data from a 10-year, $1 billion research program copied by hackers in one night. Gen. Keith B. Alexander, head of the military’s Cyber Command, called the continuing, rampant cybertheft “the greatest transfer of wealth in history.”

Yet the same Congress that has heard all of this disturbing testimony is mired in disagreements about a proposed cybersecurity bill that does little to address the problem of Chinese cyberespionage. The bill, which would establish noncompulsory industry cybersecurity standards, is bogged down in ideological disputes. Senator John McCain, who dismissed it as a form of unnecessary regulation, has proposed an alternative bill that fails to address the inadequate cyberdefenses of companies running the nation’s critical infrastructure. Since Congress appears unable and unwilling to address the threat, the executive branch must do something to stop it.

[...]

General Alexander testified last week that his organization saw an inbound attack that aimed to steal sensitive files from an American arms manufacturer. The Pentagon warned the company, which had to act on its own. The government did not directly intervene to stop the attack because no federal agency believes it currently has the authority or mission to do so.

If given the proper authorization, the United States government could stop files in the process of being stolen from getting to the Chinese hackers. If government agencies were authorized to create a major program to grab stolen data leaving the country, they could drastically reduce today’s wholesale theft of American corporate secrets.

Many companies do not even know when they have been hacked.

[...]

But by failing to act, Washington is effectively fulfilling China’s research requirements while helping to put Americans out of work. Mr. Obama must confront the cyberthreat, and he does not even need any new authority from Congress to do so.

Under Customs authority, the Department of Homeland Security could inspect what enters and exits the United States in cyberspace. Customs already looks online for child pornography crossing our virtual borders.

[...]

And this does not have to endanger citizens’ privacy rights. Indeed, Mr. Obama could build in protections like appointing an empowered privacy advocate who could stop abuses or any activity that went beyond halting the theft of important files.

If Congress will not act to protect America’s companies from Chinese cyberthreats, President Obama must.

 

[ElFenix]

if the bill does nothing as the highlighted sentence says, then i agree with mccain that it is unnecessary regulation

 

[nonlnear]

Sorry Perknose, the US government has not passed a single law on the pretext of internet security that was not a direct attack on its own citizens.

 

[dank69]

If someone breaks into my house and steals my stuff, should the government start regulating how I secure my premises? No, the government should attempt to catch and prosecute the offender. International cybercrime should probably be the jurisdiction of the UN, I would think.

Monitoring and intercepting data as it leaves/enters the country? Insane.

 

[Perknose]

if the bill does nothing as the highlighted sentence says, then i agree with mccain that it is unnecessary regulation

I agree with your point, but you miss the author's point, with which I also, on balance, agree. It is contained in the last three quoted paragraphs, which I will re-post below:

Under Customs authority, the Department of Homeland Security could inspect what enters and exits the United States in cyberspace. Customs already looks online for child pornography crossing our virtual borders.

[...]

And this does not have to endanger citizens’ privacy rights. Indeed, Mr. Obama could build in protections like appointing an empowered privacy advocate who could stop abuses or any activity that went beyond halting the theft of important files.

If Congress will not act to protect America’s companies from Chinese cyberthreats, President Obama must.

 

[Perknose]

Sorry Perknose, the US government has not passed a single law on the pretext of internet security that was not a direct attack on its own citizens.

Do you agree or disagree that Chinese cyber theft of our technological secrets is a real and present danger?

If you do, then how would you address this very real problem?

 

[nonlnear]

If someone breaks into my house and steals my stuff, should the government start regulating how I secure my premises? No, the government should attempt to catch and prosecute the offender.

I'm with you up to this point. Nodding furiously in agreement, actually...

And then:

International cybercrime should probably be the jusisdiction of the UN, I would think.

Please tell me this is a joke. Look at the make-up of the UNHRC and then ask yourself who would likely be on the UNICCC (International Cyber-Crime Council).

Monitoring and intercepting data as it leaves/enters the country? Insane.

Not if you are a DC bureaucrat secretly enamored with the great firewall of China.

 

[lothar]

The government should secure it's own programs first before telling businesses and homeowners to secure theirs.

This bill won't stop the Chinese or Iranians from hacking our UAV's.
This bill won't stop Iraqi insurgents from watching live US drone feeds using off the shelf parts.

 

[dank69]

I'm with you up to this point. Nodding furiously in agreement, actually...

And then:
Please tell me this is a joke. Look at the make-up of the UNHRC and then ask yourself who would likely be on the UNICCC (International Cyber-Crime Council).

Not if you are a DC bureaucrat secretly enamored with the great firewall of China.

Yes, well I don't really know enough about the UN. My point really is just that the US doesn't have a way to go after perps in china, for example.

 

[Perknose]

If someone breaks into my house and steals my stuff, should the government start regulating how I secure my premises? No, the government should attempt to catch and prosecute the offender.

Then you and I and Richard Clarke, the author, are all in basic agreement here.

There is nothing in his proposal about regulating how a company secures it's premises. Your stated concern is a straw dog.

Your second sentence is exactly what Mr. Clarke proposes. Let me re-quote that part of the article:

General Alexander testified last week that his organization saw an inbound attack that aimed to steal sensitive files from an American arms manufacturer. The Pentagon warned the company, which had to act on its own. The government did not directly intervene to stop the attack because no federal agency believes it currently has the authority or mission to do so.

If given the proper authorization, the United States government could stop files in the process of being stolen from getting to the Chinese hackers. If government agencies were authorized to create a major program to grab stolen data leaving the country, they could drastically reduce today’s wholesale theft of American corporate secrets.

 

[EagleKeeper]

DHS can sniff what is going in/out. It does not have any teeth to intercept and stop electronically

What can Obama do that is independent from Congress.

And we all know how well Congress will react to anything that is critical/urgent?

 

[dank69]

Then you and I and Richard Clarke, the author, are all in basic agreement here.

There is nothing in his proposal about regulating how a company secures it's premises. Your stated concern is a straw dog.

Your second sentence is exactly what Mr. Clarke proposes. Let me re-quote that part of the article:

Yes, let me rephrase to eliminate the straw man.

'If someone breaks into my house and steals my stuff, should the government start 24/7 monitoring of who enters/leaves my premises?'

 

[blankslate]

Stopping Chinese Cyber Theft is nigh impossible we have slashed our education budgets such that even if our tech companies made an effort to hire only domestic graduates they wouldn't be able to find enough qualified people.

We've exported our manufacturing jobs, now we're dependent on foreign made parts even for our weapons systems.

We also celebrate idiocy and make fun of smart people in our media.

Now we also have to devote resources to analyzing electronic components imported from other nations to make sure that no backdoors are built into them.

http://www.hulu.com/watch/257903/cnbc-originals-code-wars

watch the segment starting at about 8 minutes and 40 seconds.

 

[nonlnear]

Do you agree or disagree that Chinese cyber theft of our technological secrets is a real and present danger?

What effect is it that you are hoping to achieve by using this jargon?

The Chinese do what the Chinese do. Same as the Russians and the Uruguayans.

If you do, then how would you address this very real problem?

General measures: I would start by lifting restrictions on cryptography, toss the DMCA and similar fusterclucks, end software patents.

As for the theft of IP, the US has a much larger IP problem domestically: the patent office is severely underfunded, is hamstrung by a process that makes the process expensive and slow, and overly incentivizes bad faith filings.

As for the hacks made on RSA, the pentagon, Lockheed Martin, etc. I think the stupidest thing to do is to buy into the notion that inadequate security in our military and otherwise high priority infrastructure justifies hiring the very same overpaid contractors to do more of the same. I mean seriously:

And this does not have to endanger citizens’ privacy rights. Indeed, Mr. Obama could build in protections like appointing an empowered privacy advocate who could stop abuses or any activity that went beyond halting the theft of important files.

Do you honestly believe the shit you are being shovel-fed? An "empowered privacy advocate" is all that's needed to protect individual privacy rights from the entire US government intelligence community and the military-industrial complex? The empowered advocate would never find their way past the digital lobby of the cyber-structures they are never told exist.

 

[Fern]

I recognize this as a very serious problem.

Personally, I have little-to-no idea how to solve it, I'm not expert in that sort of thing. And I believe that's huge part of the problem - those gimpy old fools in Congress have even less of a clue than I. (Then there's the whole Washington DC thingy where they see a necessary bill and then spend time finding unrelated garbage they can tack on to it that will make their lobbyists, er I mean 'constituents' happy.)

Instead of arguing about principals like 'fed versus state' etc., I would start out determining what procedures etc exist that can help. Only after finding the best solution(s) would I concern myself with political theory.

Fern

 

[Perknose]

I recognize this as a very serious problem.

Personally, I have little-to-no idea how to solve it, I'm not expert in that sort of thing. And I believe that's huge part of the problem - those gimpy old fools in Congress have even less of a clue than I. (Then there's the whole Washington DC thingy where they see a necessary bill and then spend time finding unrelated garbage they can tack on to it that will make their lobbyists, er I mean 'constituents' happy.)

Instead of arguing about principals like 'fed versus state' etc., I would start out determining what procedures etc exist that can help. Only after finding the best solution(s) would I concern myself with political theory.

Fern

:thumbsup:

 

[cubby1223]

Regarding cyber theft like this - I will agree that it is a job for the feds. But it is also my opinion that congress is too inept to handle this in any fashion that is even reasonably acceptable.

 

[Stayfr0sty]

The feds are n00bs when it comes to PCs. I met a rl fed PC tech and he was a total n00b. Dont even know how he got the job, would game with wifi....

Its the 3 letter agency that begins with an N that are talented.....

 

[Juddog]

I love how the government is slow to act when it comes to cyber security, meanwhile they continue to enact all of these laws that the RIAA pushes for.

What has this country come to?

 

[Mursilis]

Do you agree or disagree that Chinese cyber theft of our technological secrets is a real and present danger?

I agree, and the sooner we as a nation understand that we're in a new cold war of sorts with China, the better. It seems like we're just wallowing in our blissful ignorance while they're building up their forces (military and otherwise).

 

[nonlnear]

Do you agree or disagree that Chinese cyber theft of our technological secrets is a real and present danger?

I agree, and the sooner we as a nation understand that we're in a new cold war of sorts with China, the better. It seems like we're just wallowing in our blissful ignorance while they're building up their forces (military and otherwise).

There is a massive onslaught of electronic attacks going on, and a lot of high value secrets are being taken. I don't dispute this. It's all over the security news. I also don't dispute that it is likely that a huge proportion of this theft is happening from China with [possibly unofficial] government approval.

I don't see that framing it as warfare is necesarily the most helpful lens to use. China is undergoing a political and economic transformation that is pushing the limits of what history can inform. They are building a society that isn't quite like anything that has existed before it. It enforces laws capriciously and discriminately, but not quite in the blatant thug style of, say, Russia. It is largely with a central focus in mind: building China.

They are engaged in open warfare on the Western system of commoditized, enforceable intellectual property. I can't say I blame them. Their alternative, embracing the patent system as currently practiced, would place them at a huge disadvantage. The American IP ship has been overrun with lawyers and is a major impediment to innovation. Any startup needs to consider its legal strategy pretty much right from the start assuming it will need to go to war to defend its IP. No country in its right mind would engage in a massive technological "leap forward" while dealing with the American rats' nest on its own terms.

At its heart, this is a trade issue (apart from military secrets). Sure it's fun for demagogues to frame everything as a war, but I don't know who that helps other than vendors of $500 toilet seats. As for trade, the WTO really doesn't address the issues that international trade is being shaped by today. (In many ways the WTO was part of what created today's problems, by keeping trade policy focused on tarriffs and costs and prohibiting broader consideration of government systems. It was one of the major catalysts of the rise of trans-national megacorporations.) The treatment of IP needs to be brought much more to the forefront of how the terms of trade are set. China really REALLY needs its export markets.

For funzies, an alternative strategy might be to attempt to creat a balance of power. What China needs is a rival country that is in a similar phase of development to itself. Perhaps we could just CC India whenever the Chinese steal something. That's a little bit outside the box, but it's an amusing thought exercise.

 

[Moonbeam]

Perhaps we could just CC India whenever the Chinese steal something. That's a little bit outside the box, but it's an amusing thought exercise.

What does CC mean?

 

[1prophet]

"If Congress will not act to protect America’s companies from Chinese cyberthreats, President Obama must."

So these corporate whores that sold out America and its technological secrets, its workers, bought off the Democrats who silenced the Unions,

are now crying to Papa Obama how unfair they are being treated by their former friends the Chinese who made them rich.

BOO FUCKING HOO

Sorry, America is reaping the rewards for its greed, at least the Soviet Union had to work for the secrets they wanted to steal,

unlike the Chinese who where handed the tools and money to get to the place they are today so corporations could increase their profit margins,

while brainwashing the American consumer by telling them how much money they will save as opposed to American made goods.

Just remember the Chinese did not wake up one day and go from this

To this on their own.

 

[ussfletcher]

Yes, let me rephrase to eliminate the straw man.

'If someone breaks into my house and steals my stuff, should the government start 24/7 monitoring of who enters/leaves my premises?'

A more apt analogy here would be if the man breaking into your house had an invisibility cloak. Now because of this you can't see him or any thing he is doing. The only way you can stop him is by removing the doors to your house (disconnecting from the internet). The government on the other hand has the technology and resources to see and stop the activities of these invisible thieves and would do so on everyone's behalf.

 

[nonlnear]

What does CC mean?

carbon copy