tag:blogger.com,1999:blog-4088979.post6502178912260440697..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Joint Strike Fighter -- Face of Cyberwar?Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger14125tag:blogger.com,1999:blog-4088979.post-78499901422982896342010-07-08T12:37:53.742-04:002010-07-08T12:37:53.742-04:00Apologies for the multiple repeat comment posts. G...Apologies for the multiple repeat comment posts. Google had responded with an error. On the material I obviously still disagree with your opinions. However, I didn't intend to spam the page with repeats of the same comment.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-85700020256554791642010-07-07T16:31:12.078-04:002010-07-07T16:31:12.078-04:00I see your point but think it's important to s...I see your point but think it's important to separate espionage from war. Espionage/intelligence is a critical part of winning a war, but it is not war by itself.<br /><br />We definitely need to do a better job of protecting our systems from espionage.<br /><br />-DanDMurph11https://www.blogger.com/profile/16827214192488282106noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-26749938648024600242010-07-07T14:06:04.088-04:002010-07-07T14:06:04.088-04:00mwollenw: I'm afraid the more you say the less...mwollenw: I'm afraid the more you say the less inclined I am to bother responding. Maybe you should stay on your own blog?Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-10476148652433552392010-07-07T12:35:38.453-04:002010-07-07T12:35:38.453-04:00Richard if you have specific evidence lay it out. ...Richard if you have specific evidence lay it out. I've worked with the DoD. I wrote network sensor software there. Currently I monitor 2 class B networks. I've also reversed several custom toolkits that appear to be from China in the last couple of months. I think I'm quite informed in regards to Chinese malware. <br /><br />Perhaps GE has access to US intelligence that the rest of us don't? If so, are you using that intelligence here - wouldn't it be a security violation if you were confirming classified intelligence that you actually have?<br /><br />Sorry your "trust me there's more" type attitude doesn't do it for me. If you have evidence present it. If not lets not pretend like you do.<br /><br />My first hand experience with China is that most of their systems are unlicensed, unpatched, pieces of crap that are infected with ungodly amounts of malware and are constantly scanning and probing every network they can touch. Every piece of Chinese malware I've seen in the public space has been consistent with every other piece of criminal malware - mild data stealers, IRC botnets, spammers, and tools to drive traffic to porn. <br /><br />Everything about the above I would characterize as criminal. There's nothing about it that seems like a military operation. Sure, the Chinese might have a public toolkit for deniability, but that's just a weak argument one uses for a lack of evidence. <br /><br />I'm confident the Chinese government has at least a decent computer network exploitation capability. But it doesn't help anyone to continually hype the threat or by classifying criminal malware coming from china as cyber war. <br /><br />As to the weapon system argument are you serious? You're right, I'm not a weapon systems expert. However, I think one can reasonable assume that in a war fighter planes get shot down in enemy territory. You can then assume the enemy will dissect every piece of the plane. If you believe some documents from unclassified internet systems yield more insight into a fighter than taking a few of them apart I don't buy it. And if that is enough information to effectively mitigate a multibillion dollar system in the matter of months it's craziness. <br /><br />Finally, when did classic espionage become warfare? If spies broke into the contractors offices and got the documents it would be espionage. But if it's done through a computer it's warfare?Matthew Wollenweberhttps://www.blogger.com/profile/08462281652941920773noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-3849236856020229972010-07-07T12:35:12.597-04:002010-07-07T12:35:12.597-04:00Richard if you have specific evidence lay it out. ...Richard if you have specific evidence lay it out. I've worked with the DoD. I wrote network sensor software there. Currently I monitor 2 class B networks. I've also reversed several custom toolkits that appear to be from China in the last couple of months. I think I'm quite informed in regards to Chinese malware. <br /><br />Perhaps GE has access to US intelligence that the rest of us don't? If so, are you using that intelligence here - wouldn't it be a security violation if you were confirming classified intelligence that you actually have?<br /><br />Sorry your "trust me there's more" type attitude doesn't do it for me. If you have evidence present it. If not lets not pretend like you do.<br /><br />My first hand experience with China is that most of their systems are unlicensed, unpatched, pieces of crap that are infected with ungodly amounts of malware and are constantly scanning and probing every network they can touch. Every piece of Chinese malware I've seen in the public space has been consistent with every other piece of criminal malware - mild data stealers, IRC botnets, spammers, and tools to drive traffic to porn. <br /><br />Everything about the above I would characterize as criminal. There's nothing about it that seems like a military operation. Sure, the Chinese might have a public toolkit for deniability, but that's just a weak argument one uses for a lack of evidence. <br /><br />I'm confident the Chinese government has at least a decent computer network exploitation capability. But it doesn't help anyone to continually hype the threat or by classifying criminal malware coming from china as cyber war. <br /><br />As to the weapon system argument are you serious? You're right, I'm not a weapon systems expert. However, I think one can reasonable assume that in a war fighter planes get shot down in enemy territory. You can then assume the enemy will dissect every piece of the plane. If you believe some documents from unclassified internet systems yield more insight into a fighter than taking a few of them apart I don't buy it. And if that is enough information to effectively mitigate a multibillion dollar system in the matter of months it's craziness. <br /><br />Finally, when did classic espionage become warfare? If spies broke into the contractors offices and got the documents it would be espionage. But if it's done through a computer it's warfare?Matthew Wollenweberhttps://www.blogger.com/profile/08462281652941920773noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-2505059426514186372010-07-07T12:34:31.739-04:002010-07-07T12:34:31.739-04:00Richard if you have specific evidence lay it out. ...Richard if you have specific evidence lay it out. I've worked with the DoD. I wrote network sensor software there. Currently I monitor 2 class B networks. I've also reversed several custom toolkits that appear to be from China in the last couple of months. I think I'm quite informed in regards to Chinese malware. <br /><br />Perhaps GE has access to US intelligence that the rest of us don't? If so, are you using that intelligence here - wouldn't it be a security violation if you were confirming classified intelligence that you actually have?<br /><br />Sorry your "trust me there's more" type attitude doesn't do it for me. If you have evidence present it. If not lets not pretend like you do.<br /><br />My first hand experience with China is that most of their systems are unlicensed, unpatched, pieces of crap that are infected with ungodly amounts of malware and are constantly scanning and probing every network they can touch. Every piece of Chinese malware I've seen in the public space has been consistent with every other piece of criminal malware - mild data stealers, IRC botnets, spammers, and tools to drive traffic to porn. <br /><br />Everything about the above I would characterize as criminal. There's nothing about it that seems like a military operation. Sure, the Chinese might have a public toolkit for deniability, but that's just a weak argument one uses for a lack of evidence. <br /><br />I'm confident the Chinese government has at least a decent computer network exploitation capability. But it doesn't help anyone to continually hype the threat or by classifying criminal malware coming from china as cyber war. <br /><br />As to the weapon system argument are you serious? You're right, I'm not a weapon systems expert. However, I think one can reasonable assume that in a war fighter planes get shot down in enemy territory. You can then assume the enemy will dissect every piece of the plane. If you believe some documents from unclassified internet systems yield more insight into a fighter than taking a few of them apart I don't buy it. And if that is enough information to effectively mitigate a multibillion dollar system in the matter of months it's craziness. <br /><br />Finally, when did classic espionage become warfare? If spies broke into the contractors offices and got the documents it would be espionage. But if it's done through a computer it's warfare?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-73298561991397183652010-07-06T21:29:38.571-04:002010-07-06T21:29:38.571-04:00I'm personally trying to strike the word/prefi...I'm personally trying to strike the word/prefix 'cyber' from use at my job... I'm a govie and it's one of my missions in life... I think once we stop using stupid terms like this, the better we are for legitimizing the field and sounding less like a set of comic book characters.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1315697856091509682010-07-06T18:41:38.513-04:002010-07-06T18:41:38.513-04:004. China rejoices as American military officials ...4. China rejoices as American military officials rethink their plans for the JSF.<br /><br />5. The U.S. military, having fed disinformation and useless, antiquated, decades old technology to the gullible Chinese (and American populace), now continue, uncontested, with their ultra-secret Manhattan project, remote-controlled pilot-less drone fighters, and attack satellites, the much publicized JSF having been an elaborate smoke-screen and government bail-out program.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-42129798139912146692010-07-06T17:45:23.265-04:002010-07-06T17:45:23.265-04:00I agree, Cyberwar is real. Unfortunately, the pub...I agree, Cyberwar is real. Unfortunately, the public is complacent, what with all the "chicken littles" running around with War on Terror, War on Drugs, War on Illegal Immigrants and Borders, War on Christmas, War on You name it, that, like the boy who cried wolf too many times, no one cares. <br />This seems a typical modus operandi of the Chinese (or any enemy) - copy the IP of others. Thus, I disagree with the DoD Adviser. Defend against the aircraft? Pshaw. The Chinese will build an exact replica, like the Concorde. Like the MiG. Only better.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-69924507418254492482010-07-06T17:42:44.986-04:002010-07-06T17:42:44.986-04:00Instead of stockpiling warheads in this new cold w...Instead of stockpiling warheads in this new cold war we will be stockpiling hackers.Unknownhttps://www.blogger.com/profile/05116576810860638691noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-63427155680373722482010-07-06T17:08:14.944-04:002010-07-06T17:08:14.944-04:00Ah... yes... DAMO... great guys... slow, but good ...Ah... yes... DAMO... great guys... slow, but good process...<br /><br />RIch, I think a lot of the folks posting here have not had the "pleasure" of dealing with live-fire response and also (power of) the press. <br /><br />Stated on the first day at CERT, I was asked... so why do you think stuff doesn't get reported out... well most of these companies are beholden to shareholders... shareholders loose faith in the company, drop the shares, then company goes under. I saw this working for my second Fortune 150... which was before time with CERT... it just drove the point home. By the time it get to the press, it's been vetted, cleaned and scrubbed, and become devoid of the real details. It's one of the reasons Mandiant never posts anything about their customers without their tacit approval as a reference... as would any other professional IR/IH company.<br /><br />I remember my last run in with "the press" and how what was published regarding an event wasn't the full picture and was blown out of proportion due to the lack of complete information. yes, the event was bad, really bad, but ignorance of the details made it sound much worse, and since most leaders only read re-digest drivel from the press to make decisions a lot of the time, the folks doing the investigation, like myself, had to spend cycles deflecting base-less questions that were blown out by the improper details in the story... so yeah, if you read and believe EVERYTHING you read on blogs and websites *wink* then you probably are prone to being skeptical... but if you (not you Rich, but the general readership "you") get a chance to spend some time on the front lines and do the deep digging, it'll be an eye opening experience.emilyhttps://www.blogger.com/profile/09020755221727566171noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-43397229368848296192010-07-06T12:37:44.416-04:002010-07-06T12:37:44.416-04:00mwollenw:
1. If you're limited to relying on...mwollenw: <br /><br />1. If you're limited to relying on newspapers for your info on the .cn threat, you're likely to be skeptical. Not my problem!<br /><br />2. Ibid.<br /><br />3. Do you think an attack reported in April happened in April? Do you think an attack reported in April was limited to a single event? Putting that aside, have you ever done damage assessment for an intrusion? DoD has an office that does nothing but that. They could easily see what was taken, project forward, and decide to alter policy. <br /><br />4. I don't think you understand weapons programs. Aircraft aren't crypto. You don't rate the value of a weapons system by how well it withstands scrutiny in the hands of the enemy.<br /><br />5. I said budget concerns were also a factor.<br /><br />6. Your point is irrelevant. I think it's a huge win for .cn to keep a weapon out of the skies due to a cheap cyber operation, rather than designing, building, and operating their own improved SAMs, missiles, radars, or aircraft.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-78220919913293293442010-07-06T11:29:07.142-04:002010-07-06T11:29:07.142-04:00"China rejoices as American military official..."China rejoices as American military officials rethink their plans for the JSF. China downs the JSF without firing a shot." <br /><br />Somewhere, SunTzu is smiling. I ain't however.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-17752613902923153252010-07-06T11:18:05.269-04:002010-07-06T11:18:05.269-04:00Foremost, if your analysis were correct I think on...Foremost, if your analysis were correct I think one would still label this activity as espionage not warfare. Governments do all sorts of things through any means possible to affect policy in other nations. You can't just label those things warfare. <br /><br />Digging into your analysis you claim<br />1. "China steals crucial information about JSF". Your only attribution is an unnamed former US official. Moreover an attack originating somewhere doesn't imply the attacker is Chinese or that it's state sponsored. <br /><br />2. I've heard no claims that the information stolen was "crucial". If we're talking about the incident that was acknowledged several months ago the contractors claimed the information wasn't sensitive - much less crucial. <br /><br />3. These attacks were reported in late April. It would be astonishing if China could obtain the said intelligence, scientifically review it, create plans for effective countermeasures, and then make sufficient development efforts to disuade international forces. On top of that, the US would then have had to shift policy on a major program in less than a month. That doesn't seem realistic. <br /><br />4. If the plane was countered by a little stolen information and made mostly ineffective that quickly it doesn't seem like a realistic weapon system. Jets are shot down and analyzed in real wars. The probability that non-friendly nations would get technology seems almost certain. <br /><br />5. The big news of the week is DoD budget concerns. It seems the best way to look at any shifts in purchasing the JSF is in the context of the overall DoD budget. <br /><br />6. "downing" a plane and not purchasing it are entirely different. For example, buying one less plane versus shooting one down, killing the pilot, and the US losing a $200M asset really doesn't compare.Anonymousnoreply@blogger.com