Hackere fra Kina bliver stadigt mere aktive, og nu har New York Times afsløret, hvordan avisen har været under angreb i fire måneder på grund af en kritisk artikel om ministerpræsident Wen Jiabao. Her er der opsamling og links.
Washington Post fortæller, hvordan Kina og den kinesiske regering måske er ved at eksportere etpartistatens metoder til cyberspace:
What would those rules of engagement be? In many ways, they’re the same rules that apply within China to Chinese citizens. Only now, with the apparent reach and strength of Chinese hacking, they may also apply to some of us who are outside of China, whether we want them to or not.
That first and foremost rule is that the preservation of the Communist Party and of single-party rule trumps everything else, including the inviolability of the Western media and any embarrassment Beijing suffers for appearing to violate it anyway. The party leadership has emphasized for years that top-level corruption is among the greatest threats to its popular legitimacy and thus its rule. The Times’ report on the Wen family’s wealth certainly gave the appearance of corruption in the highest ranks, which presumably explains why Chinese authorities may have thought that blocking the Times’ site and pointedly holding back visas for two of its reporters would be worth the risks.
Foreign Policy og Adam Segal skriver om, hvordan cyberangreb fra Kina har udviklet sig til en epidemi. Men hvad kan man gøre ved det?
What will also be dispiritingly familiar in the aftermath of the attacks is the discussion about what can be done. Over the last several years, U.S. government officials have mounted an increasingly public campaign of naming and shaming China. But this has had little effect, and the Chinese response has been one of denial, calling the accusations “irresponsible,” noting that hacking is illegal under Chinese law, and pointing out that China is also a victim of cyber crime, most of it coming from IP addresses in Japan, South Korea, and the United States.
So what can be done? Private security experts and U.S government officials say they are getting better at attributing attacks to groups and individuals. If that is the case, then the United States may begin to think about targeted financial sanctions or visa restrictions on identified hackers. What might cause the most difficulty for Beijing, however, are private and government efforts to ensure that reporting of the caliber of New York Times and Bloomberg is made widely available within China through translation and efforts to circumvent the Great Firewall of China. U.S. diplomatic cables posted online by WikiLeaks suggested that the hack on Google in January 2010 was ordered by a member of the Politburo who “typed his own name into the global version of the search engine and found articles criticizing him personally.” Wen Jiabao and Xi Jinping might have had the same reaction.
Guardian kommer ind på, hvem de kinesiske hackere er:
Cyber security companies suggest that the Chinese government and military employ a vast army of hackers, carrying out a covert spy campaign against organizations that it feels run counter to their interests. They operate in places like Shanghai and coastal Shandong Province, but usually avoid detection by tunnelling through easily-infiltrated computers at servers and universities in the United States. The New York Times investigation found that they typically begin working at 8am and adhere to a standard office schedule.
Their organizational structure is still unclear – the hackers could be on the People’s Liberation Army’s payroll, or just as easily be loosely-affiliated vigilante organizations operating with tacit government approval, like renegade consulting companies.
“If anything, the fact that these groups aren’t being run by the Chinese government makes the problem worse,” Bruce Schneier, a cybersecurity expert at a telecommunications company in London, wrote on the Discovery Channel’s tech blog last year. “Without central political coordination, they’re likely to take more risks, do more stupid things and generally ignore the political fallout of their actions.”
The New Yorker og Evan Osnos skriver, at angrebet også fortæller noget om, hvorvidt Xi Jinping er indstillet på politiske reformer eller ej:
The timing of all this is significant for anyone interested in the prospect of reform: this attack has unfolded at the very moment that the new Chinese leadership, under Xi Jinping, has pledged to root out corruption before it destroys the Party. Xi has been making so many gestures of reform that he has persuaded some longtime China-watchers to take him seriously.
Since Xi’s government and the Times seem to share a common objective—exposing corruption—how did Xi’s administration respond to news that hackers in China might be trying to thwart efforts to do just that? “Saying that China participates in relevant online attacks is totally irresponsible,” the Foreign Ministry spokesman Hong Lei said at a daily news briefing Thursday.
Wall Street Journal afslørede i går, at de også er blevet angrebet af kinesiske hackere, der forsøgte at indsamle informationer om avisens dækning af Kina:
The U.S. Federal Bureau of Investigation has been probing these media incidents for more than a year and considers the hacking a national-security case against U.S. interests, people familiar with the matter said.
“Evidence shows that infiltration efforts target the monitoring of the Journal’s coverage of China and are not an attempt to gain commercial advantage or to misappropriate customer information,” Paula Keve, chief spokeswoman for the Journal’s parent company, Dow Jones & Co., said in a written statement Thursday. Dow Jones is a unit of News Corp.
The infiltration of networks related to coverage of China is an “ongoing issue,” Ms. Keve said. “We continue to work closely with the authorities and outside security specialists, taking extensive measures to protect our customers, employees, journalists and sources.”
AP skriver, at den amerikanske regering nu overvejer, hvordan man skal svare igen på de kinesiske hackere:
Two former U.S. officials said the administration is preparing a new National Intelligence Estimate that, when complete, is expected to detail the cyberthreat, particularly from China, as a growing economic problem. One official said it also will cite more directly a role by the Chinese government in such espionage.
The official said the NIE, an assessment prepared by the National Intelligence Council, will underscore the administration’s concerns about the threat, and will put greater weight on plans for more aggressive action against the Chinese government. The official was not authorized to discuss the classified report and spoke only on condition of anonymity.
Secretary of State Hillary Rodham Clinton, in an interview with reporters as she wound up her tenure, said the U.S. needs to send a strong message that it will respond to such incidents.
Foreign Affairs har samlet en læseliste over bøger, der kan gøre dig klogere på cybersikkerhed. Her er beskrivelsen af Strategic Warfare in Cyberspace, der fortæller, hvordan cyberangreb har politiske mål:
For many, cyberattacks represent a strategic game changer — shadowy, long-range strikes occur at “net speed” and knock an adversary out before the fighting even begins. They are the distillation of Sun Tzu’s axiom that “The supreme art of war is to subdue the enemy without fighting.” Rattray and Libicki are skeptical. They believe that cyberattacks have tactical and operational implications, but do not have strategic ones (at least not yet). Someday, they might lead to widespread damage and destruction but, for now, they are most effective in distorting and manipulating the perceptions of decisionmakers. In short, Rattray and Libicki do not see virtual conflict as being completely distinct from physical conflict and they remind readers that, to be successful, cyberattacks have to serve political goals.