mailing list archives
Re: Chinese Hacking, Mandiant and Cyber War
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 20 Feb 2013 10:49:45 -0500
On Wed, Feb 20, 2013 at 9:34 AM, Gary McGraw <gem () cigital com> wrote:
No doubt all of you have seen the NY Times article about the Mandiant report that pervades the news this week. I
believe it is important to understand the difference between cyber espionage and cyber war. Because espionage
unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some
certainty. During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind of
forensic work that Mandiant did would not be possible. (In fact, we might just well be "Gandalfed" and pin the
attack on the wrong enemy as explained here:
Sadly, policymakers seem to think we have completely solved the attribution problem. We have not. This article
published in Computerworld does an adequate job of stating my position:
Those of us who work on security engineering and software security can help educate policymakers and others so that
we don't end up pursuing the folly of active defense.
I'm somewhat surprised a report of that detail was released for public
consumption. The suspicion in me tells me its not entirely accurate or
someone has an agenda. There's too much information in there that
would be cloaked under "national security" given other circumstances.
There also appears to be a fair of FUD-fanning going on:
"Additionally, there is evidence that Unit 61398 aggressively recruits
new talent from the Science and Engineering departments of
universities such as Harbin Institute of Technology." The US
equivalent would be like saying the NSA actively recruits
Mathematicians and Computer Scientists.
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates