Home page logo
/

securecoding logo Secure Coding mailing list archives

Re: Chinese Hacking, Mandiant and Cyber War
From: Ali-Reza Anghaie <ali () packetknife com>
Date: Wed, 20 Feb 2013 13:35:56 -0500

There is an agenda but it's also information that is long overdue - and
there is more of it Classified for what many ppl consider no good reason.
Also, other reports have indicated faculty and staff at the Unis too. None
of which I doubt terribly.

For me the bigger issue is that is simply doesn't matter - it's not like
this level of nation-state backing is ~required~ for  most cyber heists or
most security issues. If anything it furthers (on top of other bad
perceptions) that competitiveness is increasingly a function of secrecy vs
innovation.

Oh well - I'm repeating myself. ;-)

-Ali



On Wed, Feb 20, 2013 at 10:49 AM, Jeffrey Walton <noloader () gmail com> wrote:

On Wed, Feb 20, 2013 at 9:34 AM, Gary McGraw <gem () cigital com> wrote:
hi sc-l,

No doubt all of you have seen the NY Times article about the Mandiant
report that pervades the news this week.  I believe it is important to
understand the difference between cyber espionage and cyber war.  Because
espionage unfolds over months or years in realtime, we can triangulate the
origin of an exfiltration attack with some certainty.  During the fog of a
real cyber war attack, which is more likely to happen in milliseconds,  the
kind of forensic work that Mandiant did would not be possible.  (In fact,
we might just well be "Gandalfed" and pin the attack on the wrong enemy as
explained here:
http://searchsecurity.techtarget.com/news/2240169976/Gary-McGraw-Proactive-defense-prudent-alternative-to-cyberwarfare
.)

Sadly, policymakers seem to think we have completely solved the
attribution problem.  We have not.  This article published in Computerworld
does an adequate job of stating my position:
http://news.idg.no/cw/art.cfm?id=94AB4F98-9BBD-1370-154D49FAA7706BE9

Those of us who work on security engineering and software security can
help educate policymakers and others so that we don't end up pursuing the
folly of active defense.

I'm somewhat surprised a report of that detail was released for public
consumption. The suspicion in me tells me its not entirely accurate or
someone has an agenda. There's too much information in there that
would be cloaked under "national security" given  other circumstances.

There also appears to be a fair of FUD-fanning going on:
"Additionally, there is evidence that Unit 61398 aggressively recruits
new talent from the Science and Engineering departments of
universities such as Harbin Institute of Technology." The US
equivalent would be like saying the NSA actively recruits
Mathematicians and Computer Scientists.

Jeff

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc -
http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]