China suspected of breaching U.S. Postal Service computer networks
washingtonpost.comStill, “it’s perfectly appropriate for us to do everything we can to embarrass and punish the Chinese if they’re in our systems, whether or not we’re in theirs,” said former National Security Agency general counsel Stewart A. Baker. “It’s the case that the U.S. and Russia and other countries are much more cautious about getting caught because they think there are going to be consequences. It’s only the Chinese that think there are no consequences to getting caught.”
Stewart Baker making himself look foolish again! Last time he popped up on HN:
https://news.ycombinator.com/item?id=8559454
I really wonder how someone can come out with stuff like this. I doubt the PRC feels one iota of embarrassment for even one split second, and if senior US officials really bring up Chinese state sponsored hacking "every time they meet with their counterparts in Beijing" then the US Government is living up to its reputation as plumbing the depths of hypocrisy. They embarrass only themselves.
Obama is heading to China again, time to publish a story about them hacking again? This quote was interesting because it seems to confirm that the whole story is smoke and mirrors for some political agenda.
Before Snowden I actually bought into this whole 'the Chinese are hacking us' refrain. I don't see how they can keep up with it with a straight face anymore.
I think the US has zero credibility pointing the finger here. Spend 1/10th as much on defense as offense and then maybe complain your system protected by default passwords and zero encryption got "hacked".
The PRC doesn't feel embarrassment about this, but not because of anything the US is or isn't doing. The way they see it, espionage is a fair method of catching up to (and then exceeding) the US, and if it keeps working then maybe the US should actually do something about it. After all, it's not like the Chinese ever voted for strong "intellectual property" protection, they see it as a rule imposed on them by the rest of the world instead of some universal behavioral norm.
The US complaining about their hacking just proves to them how effective it is.
Now, the US engages in strategic espionage for different reasons (just as China actually engages in strategic espionage, which the US doesn't complain about in public). But US representatives should be embarrassed here just because their whining proves the point to the PRC.
> Chinese
> voted
Might be the first time I've ever seen those two words together in a sentence.
You should pay attention to the UN more then, even if they do usually abstain from voting.
The US doesn't engage in economic espionage, and then turn around and give/sell intellectual property to US companies.
In fact their pals at CSEC were found to be doing exactly that. http://www.theglobeandmail.com/news/world/brazil-spying-repo...
Which private US company received this information in an attempt to boost that company's economic power?
I can't find that information in the article.
There are several mentions of this in the Snowden papers. I think the most well known is Boeing, in their dealings against Airbus.
That's not in the Snowden papers, and the actual source for that is highly suspect.
I forget the name of that project, but the Wikipedia page's reference are all terrible. Not a single one stands up to scrutiny.
How are you sure of this? I wouldn't be.
And you're saying it's somehow a different class of ethical conundrum to engage in espionage to kill people, or to engage in it for economic advantage, and killing people is more ethical?
I am not surprised the state-capitalist Chinese see it differently, and are okay with both.
I'm about as sure of this as I am of unicorns not existing.
As to the ethical dilemma, I'm only noting a difference.
Brazil is less sure. http://www.theguardian.com/world/2013/sep/09/nsa-spying-braz...
The NYT says it's a "fine line"
> But the government does not deny it routinely spies to advance American economic advantage, which is part of its broad definition of how it protects American national security. In short, the officials say, while the N.S.A. cannot spy on Airbus and give the results to Boeing, it is free to spy on European or Asian trade negotiators and use the results to help American trade officials — and, by extension, the American industries and workers they are trying to bolster.
http://www.nytimes.com/2014/05/21/business/us-snooping-on-co...
That's an editorial, so it's the view of one guy who works at the NYT, and not an all-that-well backed up view, to boot.
And I think fine lines are important lines.
Cause at this point everyone knows the US is trying to get into _everyone's_ systems, so it probably sounded hypocritical to himself for him to say it's a big deal when China does it. He's got to come up with something.
It's too late for "gentlemen do not read each other's mail".
They buried the lede a bit -- since I doubt organized attackers are after the personal information of postal service employees:
"It is also possible that the Chinese were after other types of data, analysts said. For instance, the U.S. Postal Service, at the request of law enforcement officials, takes pictures of all addressing information from envelopes and parcels."
http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mai...
IMO the real goal is HUMINT, getting access to a list of people with security clearance (including all of their personal information) meaning China can now easily target them individually. Blackmail or pay them off, convert them to informants/spies within the postal system. A postal system now flush with tons of data about every American citizen.
It's much easier to have people embedded in the system, long term, extracting data... than it is to exfiltrate data remotely from China via hacking.
The data these people have access to is quite an important intelligence asset:
> the Chinese may be assuming that the U.S. Postal Service is more like theirs — a state-owned entity that has vast amounts of data on its citizens, said James A. Lewis, a cyber-policy expert at the Center for Strategic and International Studies. Second, he said, the trend in intelligence is the same as in the commercial sector: amass big sets of data that can be analyzed for previously unknown links or insights.
>>>>> The data these people have access to is quite an important intelligence asset:
My question would be why it took them so long to go after the postal service if they've thought it was such a high value target??
Everything is relative, including time. Nothing tell us how long they were trying to attack USPS or even how they were trying. This is just a case were they tried to do it one way, they succeeded and they got caught. There's probably multiple incident that public doesn't know or even that intelligence services doesn't know.
So the US spying made Chinese spying easier (as expected). Wonderful.
That's an effect of certain poorly-made security decisions.
For example, if a small organization such as a gym or school makes copies of all customer/user driver's licenses: They end up creating a small pile of gold that they can't afford to protect.
Don't ask for data you can't securely store. I think that's just common sense. If you keep the data on paper, you wouldn't leave it out in the open for anyone to take it would you?
My Grandmom's letters are pretty entertaining and I am happy they are getting wider distribution.
I worked for USPS. When I saw this title I immediately assumed that China was after the main database which contains information on basically every US citizen. As a developer I had access to some databases and was told that USPS had the third largest database in the world. This was before Facebook, but still, there is a lot to be had other than employee information.
Is there anyway to opt-out of that database?
Not really- while the USPS does take pictures of all mail, there is no specific evidence that the hackers were after or accessed that data- making it speculation and not news.
That is not the lede, it is an offhand comment by a unnamed analyst, but don't worry it will show up as the lede on the TechDirt blogspam version.
It was USSR before. It has been China since 1990's. An imaginary and powerful enemy has to be created. Iraq, Iran, Afganistan are too small for the title.
> It was USSR before. It has been China since 1990's. An imaginary and powerful enemy has to be created.
I agree that espionage is over-emphasized -- everyone does it. Also I agree that some like to imagine enemies; it fits their narratives. That doesn't make every enemy imaginary.
The USSR was a real enemy. Many Chinese leaders openly proclaim themselves our enemy and they take aggressive actions against us; among the public, aggressive nationalism is at least somewhat popular. Hopefully the relationship doesn't turn out that way, but it's a real risk that I don't think we should ignore.
> Many Chinese leaders openly proclaim themselves our enemy and they take aggressive actions against us
[who?] [citation needed]
Sorry that I'm not going to spend the time to look them up, but there are extreme nationalistic military officers who take this position. What I'm saying is not controversial in foreign policy literature, though perhaps the position is more often strongly implied than literally stated. Also, realize that the Chinese government seems to have less control over the statements of its military officers; I can't imagine U.S. officers making statements like these.
Try searching for 'kill a chicken to scare the monkeys'. A popular meme (at least popular enough that I've encountered it many times) is that China suffered a "century of humiliation" at the West's hands, that China is ascending and the U.S. is in decline, and now China will take what it wants as the great power of the world, including control of their region and territory from their neighbors (some of whom have security guarantees from the U.S.).
As far as actions, for example the Chinese military actively have harassed U.S. and allied nations' ships and planes, including causing a few serious collisions.
In today's NY Times:
http://www.nytimes.com/2014/11/12/world/asia/china-turns-up-...
Sadly, in the "right" hands (or after the "right" catastrophy), nothing is too small for the title. Or it can be just made up, like "they're throwing babies out of incubators". And just as sadly, this goes both ways, "the west" also served as an excuse for decades of atrocities in China and Russia.
Good thing we photograph every piece of mail, OCR and store that information indefinitely.
Got a source on "every"?
How about TFA?
"It is also possible that the Chinese were after other types of data, analysts said. For instance, the U.S. Postal Service, at the request of law enforcement officials, takes pictures of all addressing information from envelopes and parcels. [1]"
[1] http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mai...
“Acting too quickly could have caused more data to be compromised,” Partenheimer said.
This statement really confuses me
"For one thing, the Chinese may be assuming that the postal service is more like theirs — a state-owned entity that has vast amounts of data on its citizens, said James A. Lewis, a cyber-policy expert at the Center for Strategic and International Studies."
State-owned? That is true. "has vast amount of data on its citizens"? Please do some homework before speaking.
As a side note, I really hate article titles that use this kind of wildly inaccurate accusation. The nation of China did not breach the U.S. Postal Service, a Chinese government team did. Still inaccurate and vague, but there's a world of difference between the United States launching a drone strike and the CIA, an agent of the US, launching a drone strike.
Edit: I've read more than enough articles where the agent or actor is NOT a member of the government, yet still referred to as "China" or "America". However, even in situations where it is a member of the government or of a company, I still think the connotations conveyed by imprecisely labeling the actors totally throw off expectations and perceptions.
I am not sure if I agree with your rationale. An agent of a government acts on behalf of his or her government. According to your reasoning, a nation cannot breach a system or wage war because it is an agent that does the hacking or a soldier that does the firing.
Nevertheless, I liked this excerpt by the NSA's general counsel:
> Still, “it’s perfectly appropriate for us to do everything we can to embarrass and punish the Chinese if they’re in our systems, whether or not we’re in theirs,” said former National Security Agency general counsel Stewart A. Baker. “It’s the case that the U.S. and Russia and other countries are much more cautious about getting caught because they think there are going to be consequences. It’s only the Chinese that think there are no consequences to getting caught.”
Are they not agents of the nation of China?
I think it's accurate to describe NSA instrusion sets as the work of agents of the United States.
Or does it change context when it's an organization you don't like (NSA) ?
The actors are members of a larger system, the government, and act on its behalf and in most cases with its explicit approval and support. They're all parts of the same entity and by trying to distance the actor from the system would be to remove some level of responsibility that all parties share in.
Also, I don't think there's a world of difference between saying the CIA launched a drone strike and America launching a drone strike. I know the general public would like to believe they are not personally responsible for what our country does but as citizens, we collectively share in what we as a whole have decided to do or what those we've put in charge have decided to do.
Functionally, what's the difference? Supposedly a Chinese government team would be acting on behalf of the nation of China and at their orders. I don't think anyone would interpret that as saying that every single Chinese citizen was involved.
Are you trolling? What is the difference?