Chinese Hackers

A carefully choreographed expose by a US security company Mandiant on Chinese military unit 61398 hacking critical US infrastructure hit the news recently

http://techcrunch.com/2013/02/19/video-released-of-shadowy-chinese-army-hacker-unit-in-action/

http://www.scribd.com/doc/126209983/Mandiant-APT1-Report

http://www.washingtonpost.com/business/capitalbusiness/mandiant-in-the-spotlight-as-cyber-attacks-on-companies-increase/2013/02/15/f067cb88-76d0-11e2-8f84-3e4b513b1a13_story.html

http://blogs.wsj.com/corruption-currents/2013/02/19/high-tide-from-unit-61398-to-hollywood-unnerved/

will refrain from writing about how clean the screen capture of remote login sessions of alleged Chines intruders experiment on US computers. I mean, without inflammatory audio, you’d think you were watching a prepared screen-cast of some installation instructions of some software. too clean, too easy to be fake.

I will refrain from writing about how it is unbelievable that the US, inventor and creator of all this technology. All those smart people recruited by Microsoft with money$$$, all those smart people who invented and wrote unixes, the super smart people who work on these best cryptographic algorithms, all those insanely sharp folks who do core networking infrastructure, who have Ph.D.’s and patents and all the fame and much money of the world, all those smart friends of mine who are so insanely intelligent and agile in thinking and comprehensive in technical knowledge–all those people, things, designs which is property of the USA fail to beat “military intelligence” of Chinese origin.

I just cannot believe this. Is there a punch line to this?[[[UPDATE: actually, there is. the punch line was a news drop two days later admitting that they only caught the low-end of Chinese hacking that there are more advanced hackers. Undoubtedly this is a call for blood of Chinese Americans. It is a call for racism and unsupervised pervasive monitoring of all people of Chinese origin. I am of Chinese origin and I know racism when I see it. As a Chinese American I feel threatened. I feel insecure. I feel that there eyes watching me every moment of my life with all neurons firing thinking of all the bad intents I have for America or my company or the economy or “critical infrastructures”]]]

Seriously. if this was real, it would have been from pride of design and ownership. I am sure all those people involved in the design and implementation of compromised systems also had this feeling of invincible American computer technology. For god sakes! it was invented here, designed here, and for the most part implemented on the USA proper.

I just cannot believe this story.

At best, given my current knowledge and believes, this story is a thorough fabrication. And it is not as hard as faking moon landing. I can probably do it, and if I can’t the coworkers who has actually done a remote desktop on MS window server can surely arrange for this to happen. (okay, okay, I didn’t actually go and download the md5 section of the report, perhaps it gives evidence that the session were really from China, I don’t see how tho.)

I will also refrain from writing about the lack of properly trained security professionals in the US. There some professional training in computer security, for example by the SCPD(http://scpd.stanford.edu/computerSecurity/), certainly one can obtain a PhD in computer security from the likes of CMU or MIT or Berkley.  I think a better story would have been: Those companies/critical infrastructure not guarded by trained professionals were compromised, but those that were guarded by trained experts were safe. If it was fake–and I think it was–Generating a large unknown enemy creates uncertainty that may crash the stock market or ruin the economy where as spreading positive message about serious organized effort promotes solidarity and confidence.

I will also refrain from writing about the main motivation for creating such stories: If China, a military state is doing all this shit to America then we need give more power to the US military to respond, to defend–it is a call for increase in defense budget. It is a call for even more powerful version of the de facto at-will monitoring policy–to mandatory monitoring policy.

I will also refrain from mentioning illegality of entrapment. given the amount of monitoring and manipulation of network that occur at my work place where I am there in person, and you know what I’m talking about, you will surely be giggling at this story about remote intrusion–it is impossible unless somebody not only opened/installed/designed the security holes and then leaked it to the Chinese.

crap! crap! this is total crap!

Also, wtf is up with China? Why not respond, in addition to “We don’t hack” with “And we will investigate this certain unit 61398” ? The civilian government(who is trying to strength Sino-US relationship and building the “Made In China” brand) should have the curiosity about this fact if it was happening autonomously. Would it not be better for it to discover a corrupt unit of the military and punish them? The Chinese loves reform and publication of corruption, it would make story that the US will have to respond to.

Alas, I am not the screen writer for the world of international hackery show.

Oh, hehehe, if the Chinese police show up at that building, surround it with choppers and tanks only to find a bunch of teenager subcontractors clicking on google ads. hahahahha and it gets caught on cell phone video and is leaked to youtube.. that would be a real hoot! hahahah the irony.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s