China The Biggest Threat

[bwall]

I've been following China's actions for a few years now, and its become extremely obvious that China is looking to pull off a flash and awe kind of attack in order to secure their place as the dominant country in the world.

http://www.information-age.com/channels/security-and-continuity/news/2105468/security-backdoor-found-in-chinamade-us-military-chip.thtml

Can anyone else see what is going on? Couldn't we be ready to hold off an attack that was written in the Art of War, or at least setup a method of striking back?

[vdub]

Is it just me or is everyone else more upset that they are not disclosing the details.

Security though obscurity is like having no security at all. The whole point of security research is to disclose your findings otherwise you are wasting your time.

The fact that China is spying on us is not news. Its obvious. Of course China is spying on us and I would be suppressed if we where not doing the exact same thing. I honestly hope we are.

The problem is what is this chip used for?

Is it a key component in our infrastructure?

Or is it just a component in laser pointers that the pentagon uses?

They mention in the article that its used for military and commercial purposes. Does that include routers, cable boxes, Cell phones? How badly does this effect us and can it be exploited by anyone?

Its like saying that every copy of a specific server operating system has a manufacture built in back door but we are not going to tell you what OS or what the specifics are. That does not make it not exist it just takes away our ability to protect ourselves.

[bwall]

Is it just me or is everyone else more upset that they are not disclosing the details.

Security though obscurity is like having no security at all. The whole point of security research is to disclose your findings otherwise you are wasting your time.

The fact that China is spying on us is not news. Its obvious. Of course China is spying on us and I would be suppressed if we where not doing the exact same thing. I honestly hope we are.

The problem is what is this chip used for?

Is it a key component in our infrastructure?

Or is it just a component in laser pointers that the pentagon uses?

They mention in the article that its used for military and commercial purposes. Does that include routers, cable boxes, Cell phones? How badly does this effect us and can it be exploited by anyone?

Its like saying that every copy of a specific server operating system has a manufacture built in back door but we are not going to tell you what OS or what the specifics are. That does not make it not exist it just takes away our ability to protect ourselves.

Its not a question of spying, its a question of remote access. If its to machines controlling the power grid, it could shut down our ability to retaliate altogether, unless there is a plan.

Henry Kissinger talked about how China uses "shock and awe"/"rapid dominance" in various occasions throughout history. The whole point is attack out of the blue, leaving your enemy crippled to counter attack, winning the battle in one short carefully planned fight. The Art of War also puts a lot of emphasis on knowing your enemy, so spying does come into play, but like you said, they have been for years. I think the only way to prepare for an attack like this is what I refer to as a dead switch. A term taken from bomb making, the idea is that when something can no longer respond, an attack is triggered. Like if the bomber gets shot and dies, they let go of the dead switch, blowing everything up anyways. I realize this idea isn't very different from the Cold War nuclear war plans, but its not exactly dumb when all it does is stop our attacker from attacking and being able to coordinate their attack. The idea is that this would be a deterrent. If they attack us, they automatically get hit back.

By the way, please limit the War Games references.

[digip]

I know of an incident, where one of my Cisco instructors worked for a company that bought equipment made in France that was backdoored, so its not entirely impossible, but read this. http://erratasec.blogspot.com/2012/05/bogus-story-no-chinese-backdoor-in.html

It kind of takes a different approach, although, I don't doubt there are devices, that even our own government has some hand in, that has backdoors in the hardware or the operating systems.

[bwall]

I know of an incident, where one of my Cisco instructors worked for a company that bought equipment made in France that was backdoored, so its not entirely impossible, but read this. http://erratasec.blo...ackdoor-in.html

It kind of takes a different approach, although, I don't doubt there are devices, that even our own government has some hand in, that has backdoors in the hardware or the operating systems.

Good catch, but yeah, I'm sure there are tons of backdoor cases that haven't been found yet. I just hope NTKernel didn't put one in Winpkfilter...

[bobbyb1980]

Don't like how all the media paints the US as technologically behind.

Edited May 29, 2012 by bobbyb1980

[bwall]

Don't like how all the media paints the US as technologically behind.

China's military puts way more money/effort into hacking.

[vdub]

Don't like how all the media paints the US as technologically behind.

We are behind.

Just look at the number of Americans that have nothing but dial up or satellite internet access. We are way behind. I read a report a while back that we are in like 8th to 10th place when it comes to technology.

[KidBuu]

I remember seeing something online a few years ago that our government has engineers inspect the chips before they are installed if they are used for anything important like military uses and in infrastructure. However, we would be totally screwed if they decided to backdoor consumer PCs and/or smartphone chips to create an army of zombies. Think widespread DDOS attacks with a hundreds of million zombies (considering theres an estimated 200 million computers in the US alone).

[bobbyb1980]

China's military puts way more money/effort into hacking.

If you think we don't have huge amounts of resourced invested into "hacking" then you're very wrong. I also wouldn't pay too much mind to what the media says about American infosec, it's common knowledge that they sell a non existent "cyber war" so a handful of contractors can continue to leech DoD funds. A war will not be won or lost in cyberspace and computers play a very small part in actual warfare. Frankly it's just funny what some of these security groups talk about when they use the term "cyber war".

Edited May 30, 2012 by bobbyb1980

[digip]

We are behind.

Just look at the number of Americans that have nothing but dial up or satellite internet access. We are way behind. I read a report a while back that we are in like 8th to 10th place when it comes to technology.

I think dial up != to the amount of intelligence nor shows how technologically advanced a nation is. China does however have a strong hacking presence, government sponsored to some extent, but all governments engage into this sort of thing spying on one another, we just don't hear about what we do too much here in the US.

Broadband is not necessarily needed for a hack. While its a convenience, thats about all it is. As I recall, Gary McKinnon hacked into NASA over dial up, all be it he was a brit, but it works from anywhere, ie: he was in the UK, hacking into US networks. There are still data systems that can only be reached via dial up, and not just in the USA, and aren't completely internet based. There in may be their flaws though too, like power grids, water systems, etc, since they don't put these systems directly on the internet, dial up systems are still vulnerable to land line attacks that may even be physically tapped if someone knows the locations of their targets.