I think the most telling observation available into the matter of the Acts not passing, was delivered by the White House, “Despite the President’s
repeated calls for Congress to act on this legislation, and despite pleas from numerous senior national security officials from this Administration
and the Bush Administration, the politics of obstructionism,
driven by special interest groups seeking to avoid accountability, prevented
Congress from passing legislation to better protect our nation from potentially catastrophic cyber-attacks.” (Italic emphasis is mine.) In other
words, corporate shenanigans wishing to remain clandestine.
Then along comes a report on the specific Chinese hacking of various American enerprises. For those of you who don't know the details of Mandiant's
report, I'll briefly summarize. Mandiant is a cyber-security company specializing in digital forensics. (Meaning, they follow the trail of digital
breadcrumbs to “the witches house.” They also do mitigation, but are often hired after the hack.) They generally work for large corporations that
have cyber-security concerns and who wish to keep those concerns private. (As opposed to, for instance, reporting any offences to authorities, who are
not as likely to keep mum on what they find. This, in and of itself, is very telling of these corporations: They don't want their dirty laundry aired
and are willing to pay private firms like Mandiant, on average, four hundred dollars and hour, to ensure it isn't.) This, of course, implies there is
a degree of corporate shenaniganism going on, but this is not news and as it turns out, is well within their rights, for now. (This is not a comment
on the rightness or wrongness of this ability, but rather an exemplification of the status quo, at least in America.)
www.cnbc.com... This is a link that summarizes the Mandiant report in a reasonable amount of detail. You can read the
report yourself if you like, but it's a little dry and hackers have already started sending out fake, malicious reports. So if you're going to get the
report, get it from a reputable source. Basically the report, which has been correlated from data gathered by Mandiant, and others over the last few
years, names key instances of cyber-espionage that have been traced back to a particular group of hackers in China. The Peoples Liberation Army of
China Unit 61398. Mandiant believes these hackers are the very same known as “the Comment Crew,” (called so because they like to leave comments
behind.) They have cool hacker names like Angry Gorilla, and are known to Mandiant as Advanced Persistent Threat 1.
There is, however, some criticism about Mandiant's report: obviously from the Chinese
www.informationweek.com...
(This article, by the way, lists six facts that everyone who cares about this story, should read.) Furthermore, there has been some criticism from
other American security firms
www.businessinsider.com... Both the Chinese government and domestic security
firms have the same concerns with the report: It doesn't address other nations' hacking, such as France, Russia, Israel, etc. It also doesn't explain
how Mandiant was able to narrow down their trace to the specific building in Shanghai, nor attach the People's Liberation Army to that particular
building. A competitor of Mandiant's went so far as to say, “You could narrow it down to a smallish group, say Shanghai's downtown core, which would
provide a range from several hundred thousand, to a few million computers.” Mandiant itself is coy about how the correlations were made. I suspect
there are boots on the ground, or they know how to do something their competitors don't, or they are lying, but I'm not an expert, nor a hacker. I can
only go with what others tell me, and therein lies the problem. So often what we are told is expletive bovine excrement.
We're being told that the Chinese government is paying people to hack our computers, stealing our trade secrets. Secrets of commerce, invention,
defence, formulation, data, records, all of it, everything. It's costing businesses millions of lost revenue, putting us in danger and belittling our
very purpose. We are being told this as means to an ends, this much is as clear as is the collaboration of the messengers. The degree of truth in any
socially engineered intention has its place in our understanding, but often we can learn more from the lie or the omission.
edit on 24-2-2013 by briantaylor because: adding links to huge post