The Obama administration on Monday explicitly accused China’s military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map “military capabilities that could be exploited during a crisis.???
While some recent estimates have more than 90 percent of cyberespionage in the United States originating in China, the accusations relayed in the Pentagon’s annual report to Congress on Chinese military capabilities were remarkable in their directness. Until now the administration avoided directly accusing both the Chinese government and the People’s Liberation Army of using cyberweapons against the United States in a deliberate, government-developed strategy to steal intellectual property and gain strategic advantage.
“In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military,??? the nearly 100-page report said.
The report, released Monday, described China’s primary goal as stealing industrial technology, but said many intrusions also seemed aimed at obtaining insights into American policy makers’ thinking. It warned that the same information-gathering could easily be used for “building a picture of U.S. network defense networks, logistics, and related military capabilities that could be exploited during a crisis.???
Whether or not these Pentagon statements on Chinese cyberespionage are “remarkable in their directness,” as New York Times reporter David Sanger writes, is open to interpretation.
Chinese cyberwar/cyberespionage capabilities comprise somewhat less than two pages in the entire thing. More space is devoted to China’s conventional warfare capabilities and hardware, its ballistic missiles programs, it’s preliminary moves into aircraft carrier aviation through the refurbishment and equipping of the old Varyag — now renamed the Liaoning, its naval modernization and other subjects.
In fact, the Pentagon can say little about Chinese cyberespionage other than it exists and much material, from the US private sector devoted to supporting the US military, is being copied.
What benefit this has been the Pentagon does not know and cannot or will not say. No one knows. It’s impossible to put a finger on the value of it to China, or precisely what losses this country directly suffers. It is an argument that has no meaning for the majority of Americans, something only the top most cares about.
And that’s because they can only be made to care about things they suspect may make them slightly less wealthy.
In terms of what’s actually happening, for example, China has not made any obvious great leap in generating a carrier battlegroup-centered navy.
On the other hand, we certainly do know that the US private sector, our multi-national corporations, are intimately involved in business relations with China.
Indeed, it is safe to say that the strapped American middle class would have next to nothing if all its household consumer electronics and dry goods of Chinese origin were taken away.
If, for example, Chinese cyberwarriors are stealing Apple’s secrets, what does it matter? Is Apple stopping its majority manufacturing through China?
America’s electric guitar and rock amplifier companies make the majority of their mainstream goods in China. If Chinese cyberwarriors have stolen plans from Fender Musical Instruments or many other American companies, so?
The entire American industry of pop music instrumentation manufacturing, excepting custom shop artisan work, was sent to China to increase profit margins and decrease labor costs.
American business ceded its property to the Chinese industrial base for immediate profit in pursuit of the very cheapest unprotected manpower. This was long before Chinese espionage became an issue the national security megaplex decided to exploit for the purpose of parasitic rent-seeking.
Who are you going to find on the street who cares if Chinese cyberwarriors from a building in Shanghai are into American businesses? They’ve already lost their jobs or much of their earning power. And their access to the Internet is a smartphone made in China.
Take a day off from the memes. Corporate America isn’t hiring, haven’t you heard? It’s not because of mass Chinese cyber-spying.
One last figure, furnished to again put Chinese cyberespionage/cyberwar efforts in perspective, as they relate to the American experience …
You can really tell how Chinese cyberespionage/cyberwar is taking away our futures, right?
National cyberdisaster described in less than 120 words: We’ll lose power, then we’ll drown:
U.S. intelligence agencies traced a recent cyber intrusion into a sensitive infrastructure database to the Chinese government or military cyber warriors, according to U.S. officials.
The compromise of the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) is raising new concerns that China is preparing to conduct a future cyber attack against the national electrical power grid, including the growing percentage of electricity produced by hydroelectric dams …
The database contains sensitive information on vulnerabilities of every major dam in the United States. There are around 8,100 major dams across waterways in the United States.
Since this incident there has been a growing realisation that various elements of a critical national infrastructure are similarly vulnerable. They use similar, if not identical, embedded computer systems as were used at Natanz. The initial thought was one of defending the realm against foreign aggressors. After all, it was an obvious way to cripple a country without firing a physical shot. Why launch missiles if you can switch out the lights and turn off the water. It’s cheaper too. So much so that this form of attack has become a great leveller, allowing small nations to potentially punch well above their weight.
The North Koreans have been blamed for interrupting websites run in South Korea by banks, newspapers and TV companies in “a show and tell??? warning about what they are capable of during a conflict, warns Sally Leivesley of Newrisk. The South Koreans have taken the warning seriously, upgrading security at their nuclear plants – including disabling every USB port in every computer at the plants lest they be used to breach defences.
States initially used internet hacking for espionage, or intellectual property thefts, but warns Prof Woodward, they are using it for “aggressive??? attacks: “This is the cool war, as some people have put it, not the cold war. Why invest in bombs and bullets when, potentially, in a shooting match you can turn out the lights, turn off the water. Some countries are really punching above their weight. They don’t need a huge nuclear weapons programme.???
Cyber terrorism. Terrorist groups and states will make use of cyber-war tactics, though government will focus on information-gathering than outright destruction. Stealing trade secrets, accessing classified information, infiltrating government systems, disseminating misinformation — traditional intelligence agency ploys — will make up the bulk of cyber-attacks between states.
Virtual statecraft. States will be wistful for the simpler days of foreign and domestic policy. Power in the physical world is no assurance of power in the digital world. This disparity presents opportunities for small states looking to punch above their weight …
Cyberwar allows small nations to punch above weight — brainless new received wisdom.
Usage: North Korea was really punching above its weight when it quietly took its missile off the launch platform this week turned off all the electricity in Los Angeles County with a secret cyberattack.
The difficulty of deterring such [Iranian cyber attacks] was also the focus of a White House meeting this month with Mr. Obama and business leaders, including the chief executives Jamie Dimon of JPMorgan Chase; Brian T. Moynihan of Bank of America; Rex W. Tillerson of Exxon Mobil; Randall L. Stephenson of AT&T and others.
Mr. Obama’s goal was to erode the business community’s intense opposition to federal legislation that would give the government oversight of how companies protect “critical infrastructure,??? like banking systems and energy and cellphone networks. That opposition killed a bill last year, prompting Mr. Obama to sign an executive order promoting increased information-sharing with businesses.
“But I think we heard a new tone at this latest meeting,??? an Obama aide said later. “Six months of unrelenting attacks have changed some views.???
Unrelenting attacks, in this case, meaning making banking websites occasionally run more slowly.
“Within [Cyberbunker’s] 15ft reinforced concrete walls are 175,000 cubic feet of office space, airlocks, a 750KW diesel generator, fuel reserves and a 2,500-gallon freshwater tank.
“Its inhabitants can allegedly survive for ten years without assistance from the outside world.
“CyberBunker’s website claims: ‘Dutch authorities and the police have made several attempts to enter the bunker by force. None of these attempts were successful.’”
Starting at about 2:40, Sherlock Holmes’ arch enemy, Jim Moriarty, blows a hole in the cyberwar meme:
You don’t really think a few lines of computer code are going to crash the world down around are ears, do you? I’m disappointed, I’m disappointed in you, Sherlock …
I knew you’d fall for it. That’s your weakness. You always want things
to be clever.
From the second season ending episode, The Reichenbach Fall, which I heartily recommend.
See the headline. It is truly about budgets: The president’s, ours — as a nation, and mine.
Implied in the wire service headline and text is one of the big lies of our time: The idea that cyberwar, waged by nations or groups, can switch off the United States.
It has grown and metastasized like an untreated cancer, spreading corrosive, deadening myths, frank lies and gross exaggerations. The financial system could be crippled, the power turned off, the water corrupted. Indeed, cyberwar has been packaged as an event, or series of them with destructive power in excess of natural disasters.
What it comes down to is money. There are no statistics on what cyberespionage or cyberwar costs (or could cost) the nation, just claims and wild estimates based on nothing.
By contrast, charts and graphs of hard statistics are published weekly on the horrifying state of the economy for the middle and lower class. They show that among western civilized nations, yawning inequality that dwarfs the rest has grown. They show that foodstamp usage has ballooned to an all time high because the American economy does not produce jobs that pay a living wage. They show that corporate profits have soared but that the great majority of people have seen nothing except shrinkage or, even, total collapse in their worth and fortunes.
Yet today we are saddled with an administration that has actively worked to create the impression that defense against cyberattack is one of the country’s most pressing problems.
And last year, in an attempt to get cybersecurity legislation through congress, it empowered people like the National Security Agency’s Keith Alexander to state that cyberattacks and espionage against the United States were constituting the “greatest transfer of wealth in history.”
It was and is a lie stupefying in its audacity.
All for the sake of toxic legislation and the expansion of money for cybersecurity services from in the national security megaplex.
As the sequestration slowly starts to grind at the sick, the poor, the elderly and the other parts of the middle class, the cyberwar-is-coming campaign is all about realignment of taxpayer dollars for the preservation and expansion of security jobs and services, a transfer of wealth from the bottom and the middle of American society, to the top.
And this is immoral. It is just that simple. Because we’ll never benefit from it. Only the recipients of the contracts do.
I have never argued that the daily securing of the world network is not a significant problem. It is global in size. The job has grown with the times but it continues to be a matter of risk management and amelioration by everyone involved, not an excuse to spread fear and misinformation in the cause of making the cybersecurity arms of America’s defense industries more wealthy.
As a writer, journalist, author and expert on the issues, I’ve been on the beat since 1994. That’s almost twenty years and I’ve grown old doing it.
During the time, serious journalism and writing on the subject — which was always scarce, just withered away and died to be replaced by stenography of whatever is the current official or private sector word on the matter. It went away for the same reason serious journalism has collapsed on just about everything. The net destroyed the model by which journalism supported itself and replaced it with nothing, only the illusion that the same thing could be carried out by websites like grains of sand on the beach, and free labor.
These days I’m interviewed about once ever two weeks, almost like clockwork, for minor comment or background on transiently newsy matters on cybersecurity or some cyberattack.
And in the past ten years of this there have been no big questions addressed, or encompassing stories issued.
What is all this about? What’s the history? Why does this go on?
No one asks and very few, less than the fingers to be counted on one hand, even attempt to talk or write on it. To my knowledge, no one has ever dug into the moral component which is not that hard to understand and briefly describe.
It’s the story of modern America in the last twenty years, corporate capture of government for the sake of extracting as much public money as possible for the coffers at the top.
Another way to refer to it is “rent-seeking” for the corporate and government national security complex.
Rent-seeking behavior is the abandonment of providing a good product or service to customers (or one of even slightly minor social benefit) for the sole pursuit of wealth through private sector/government collusion.
The headline at the top of page is national corporate computer security rent-seeking.
And that is exactly what is happening inside the topic of cyberwar and the alleged peril of digital attack on the national infrastructure.
And this is sold on the back of the corporate and national computer security sales pitch that this is the only way to protect the United States from the potentially disastrous consequences of cyberwar.
I’ll make a prediction. In 1994, I said “electronic Pearl Harbor” wasn’t likely. It was a good one.
Here’s another.
In the next five, or even ten years, Pasadena — or all of southern California — will lose electrical service from an earthquake before any cyberwar. And an earthquake in Los Angeles and the surrounding counties will give the federal government a much bigger emergency problem to deal with.
Anyway, to sum up, the idea of cyberwar and cyberespionage cutting down the United States is nonsensical. It’s been inflated into one of the major bullshits of the country of the USA.
I’d like to continue my work and I plan on it. But I need your help. The last year’s been a hard one and that’s my humble plea.
The regime’s next move could be to break into US computer networks to steal information and spread viruses, Jang Se-yul, who defected to the South in 2008, told the Observer. North Korea’s hackers are suspected of being behind recent cyberattacks that paralysed computer networks at several South Korean banks and broadcasters.
“It would demonstrate that North Korea is a strong cyberpower,” Jang said. “Their prime target is the US, and they’ve been preparing for something like this for years, including when I was there in the 1990s. I can’t say how successful they would be, but it’s a possibility.”
The barrage of threats have failed to unnerve people in Seoul …
The House Intelligence Committee is warning that “time is running out??? before the next major cyberattack: The Russians, Iranians, Chinese and others are likely already on your computer.
“You have criminal organizations trying to get into your personal computer and steal your personal stuff. And by the way, the Chinese are probably on your computer, the Russians are probably on your personal computer, the Iranians are already there,??? House Intelligence Committee chairman Mike Rogers (R.-MI). told Fox News.
The Revolutionary Guard on my computer?! Is it too late to remind everyone that I always thought the Ayatollah Ruhollah Khomeini was the greatest man, ever?
The Pentagon early Monday restored the U.S. Forces-Korea website, following a nearly weeklong outage.
Officials declined to say who or what prompted what they described as “a hardware failure” that crashed www.usfk.mil early last Tuesday morning …
Information security experts questioned why the site remained down for nearly seven days. George Smith, senior fellow with the think tank GlobalSecurity.org, said the length of the disruption could reflect a lack of resources or little consideration for the site, in general. He noted U.S. Forces-Korea’s Facebook page displays a photograph of a waterfall on an island where troops will be vacationing. Also, the command’s Twitter feed is outdated. “They don’t appear to care much about social media messaging. Maybe they don’t care about their website, either, really,” Smith said.
On the other hand, the Pentagon could have been taking time to investigate what went wrong, he said. “The last possibility is [a North Korean] cyberattack, which would be unsurprising, all things considered, but still childish,??? Smith said.
“In my opinion, it’s the greatest transfer of wealth in history,” said general Keith Alexander, he of the National Security Agency, on cyberattacks launched at our great country. — SITREP
See the greatest transfer of wealth in history? Blue is what Americans earn. Red is profits in non-financial corporate America.
I should give a shout-out to Larry Mishel’s note showing that the share of corporate-sector income going to profits has soared to levels not seen in more than 40 years …
There doesn’t seem to be much trickle-down going on.
The difficulty of deterring such [Iranian] attacks was also the focus of a White House meeting this month with Mr. Obama and business leaders, including the chief executives Jamie Dimon of JPMorgan Chase; Brian T. Moynihan of Bank of America; Rex W. Tillerson of Exxon Mobil; Randall L. Stephenson of AT&T and others.
Mr. Obama’s goal was to erode the business community’s intense opposition to federal legislation that would give the government oversight of how companies protect “critical infrastructure,??? like banking systems and energy and cellphone networks. That opposition killed a bill last year, prompting Mr. Obama to sign an executive order promoting increased information-sharing with businesses.
“But I think we heard a new tone at this latest meeting,??? an Obama aide said later. “Six months of unrelenting attacks have changed some views.???
Keep in mind that Obama administration and the US Cult of Cyberwar have been fingering Iran in attacks that make US banking websites run slow for months. (Secondarily, for a virus that crashed hard drives belonging to Saudi oil company, Aramco.)
The recent history, free of propaganda, is that the Obama administration, defense contractors and leaders of the cyberwar lobby in the intelligence agencies took out a vigorous public relations campaign to get cyber-information sharing legislation passed last year.
This has been followed by a rising second and identical spin effort to identify cyberattacks on the United States as a catastrophic threat, one capable of more harm to the nation than natural disasters, and more costly than 9/11, and possibly the subsequent wars.
All this has played out methodically over the last couple of months. And all of it has been touched on at DD blog.
It’s a continuing effort to get bad legislation passed, law that would immunize corporate America from any legal retaliation that might result from malfeasance revealed in information sharing. Secondarily, it is to beat the drum regularly for more spending in cyber-defense. None of this is of any social value. The US of A will not now or soon fall to cyber-attackers. It is a ludicrous scenario to entertain.
[The] US is in a lousy position to make arguments, or even recommendations, on proper conduct in cyberspace. This is because it is an untrustworthy international partner, one which will not be held to standards of conduct it publicly demands from others. (The majority in American power find this of no consequence under the rationale that as the preeminent and transcendent world power, the United States can always act any way it wants and that hypocrisy or an establishment of untrustworthiness does not apply.)
Ours is a country that routinely uses feeble actors in cyberspace — like Iran — as bogeymen in public statements on the dangers of cyberwar without including in the narrative the fact that we provoked them …
This means anything to 99 percent of Americans. Nor should it. Pasadena, or the town where you live, will not cease to function in your lifetime because of cyberwar.
Mega US bank websites that run slow because they’re being hit by denial-of-service attacks are of no consequence in the astronomically bigger picture of the American economy.
The US government and the national security megaplex, which includes large private computer security players and arms manufacturers with expanding, grasping wings devoted to the same business, relentlessly peddle the script that cyber-attacks on the US financial system could bring the country to its knees.
Americans have experienced the opposite. The average family now earns seven percent less than it did at the start of the Great Recession, an economic downturn brought on by this country’s financial system.
This is not because of cyberwar, near cyberwar, Chinese cyber-espionage, or Iranian attacks on banking websites and corporate America.
The President cannot get the minimum wage raised. He cannot do anything to reverse the austerity policies the Republican Party, from its minority position, has imposed on the country. He cannot or will not enact any measures as chief executive that might begin to make economic life in the country better for the majority of its citizens.
So what is he doing? Partially busying himself meeting with Wall Street’s master bankers and ginning up news on the daggers of cyberwar, attributed to China, Iran and North Korea, aimed at America’s heart.
It is maddening and pathetic.
One of the named sources for the Times’ piece is James Lewis of the Center for Strategic and International Studies, one of the major “think tanks,” the function of which is to furnish national enemies lists, affirmations that named enemies are up to no good, and what, in the way of war, ought to be done about them at once.
The Duchy of Grand Fenwick, aka the Republic of CyberBunker, was said to have attacked SpamHaus and the Internet this week. And most people missed it except for the New York Times and Ars Technica.
I’ve repeated it countless times. Ten years ago the mainstream press just unilaterally quit doing its job on security matters. Serious journalism and critical thinking, as opposed to propagandizing and stenography, simply blew away and was never replaced.
It’s a theme I’ve carped on for years, going all the way back to anti-virus king John McAfee’s manipulations on the Michelangelo virus in 1992.
This is the danger of the “dark age of journalism”, as it has been called. The training of the old Reuters reporter is replaced by one of political and corporate collusion. The separation between newsrooms and public relations agencies growing ever thinner as reporters rush to fill space at all costs, regardless of truth.
Even after she’d written the piece in the New York Times, tech reporter Nicole Perlroth tweeted how she was still getting targeted by corporate PRs to cover the “story”: “Hi Nicole, News is just breaking on the biggest cyber-attack in history. Are you planning on covering?”
The collapse of journalism combined with complex, fast-changing technology offers a wealth of opportunity for propagandists. In the soil of ignorance, fear can easily be sown. So it is with cyberwarfare.
The writer, Heather Brooke, probably didn’t have the space to get deep into the rise of web shoeshine news publishing, the fact that sensation, exaggeration and corporate tech fictions and trivialities are about all they exist for.
In charge at CyberBunker is Sven Olaf Kamphuis, who styles himself the ‘Minister of Telecommunications and Foreign Affairs’ of the ‘Republic CyberBunker’ …
Within its 15ft reinforced concrete walls are 175,000 cubic feet of office space, airlocks, a 750KW diesel generator, fuel reserves and a 2,500-gallon freshwater tank.
Its inhabitants can allegedly survive for ten years without assistance from the outside world.
CyberBunker’s website claims: ‘Dutch authorities and the police have made several attempts to enter the bunker by force. None of these attempts were successful.’
[The] US is in a lousy position to make arguments, or even recommendations, on proper conduct in cyberspace. This is because it is an untrustworthy international partner, one which will not be held to standards of conduct it publicly demands from others. (The majority in American power find this of no consequence under the rationale that as the preeminent and transcendent world power, the United States can always act any way it wants and that hypocrisy or an establishment of untrustworthiness does not apply.)
Ours is a country that routinely uses feeble actors in cyberspace — like Iran — as bogeymen in public statements on the dangers of cyberwar without including in the narrative the fact that we provoked them …
From an article in the Reg, on the “NATO manual on cyberwar,” one that argues that acts of force in cyberspace are [likely] illegal (primary author “Michael Schmitt, professor of international law at the US Naval War College in Rhode Island):”
Schmitt said the legal experts who drew up the manual agreed that Stuxnet was an act of force but were divided on whether the malware constituted an armed attack. And even if it was an armed attack it might still be justified as self defense in the form of striking back at the aggressor in the face of imminent attack, as a paragraph on page 58 of the manual explains:
“In light of the damage they caused to Iranian centrifuges, some members of the international group of experts were of the view that the attack had reached the armed attack threshold (unless justifiable on the basis of anticipatory self defence) [our emphasis].”
In other words, Stuxnet was not illegal because it was by the United States (and/for Israel), the preeminent world military and economic power, against Iran — because they’re bad, small, don’t like us and have a nuclear program.
Such legalisms in any manual thus rendered meaningless because the precedent is to claim the US is the special nation among all, always able to determine itself to be striking from a position of self-defense.
Taken to one logical conclusion, it renders all US participation in the establishment of international codes of conduct as easily abrogated as changing underwear, using the order and procedure established as the result of 9/11.
