Tag Archive for China

The secret reason behind the Chinese hacking

For quite some time I’ve been puzzled by the alleged Chinese hacking of our databases. I could understand if they hacked our advanced research and development– that would save them time, effort and money. But why the databases? Then it dawned on me: it’s a savvy business strategy.
We routinely encounter problems with our databases. One organization can’t find our file, another somehow has the wrong information about us, and all too often they certainly can’t get their act together, and we see classic cases of the left hand not knowing what the right one is doing . The pre-9/11 non-sharing of intelligence is a good illustration. In other words, we have a somewhat messy general situation with our databases; we’re used to taking this in stride; and we just sigh when we have to deal with some organization that accuses us of something we aren’t guilty of.
The Chinese understood the problem, but they just never got used to it. For many centuries they had a much bigger population than other countries, but somehow they always managed to know exactly who is who, who is related to whom, and what he/she is doing.
So naturally they wanted to have the same level of knowledge about the rest of the world. To their dismay, in the US they found disorganized databases and mismatching records. So they had to process all that information to make sense of it for themselves. And suddenly they saw a perfect business opportunity: they would develop a gigantic and very efficient database of the US, and then sell this data back to us piecemeal, retail. This would give them full and exact knowledge of the US, and the US would pay for the project, with a significant profit for the Chinese. For us this would be a very valuable service, a kind of of involuntary outsourcing where we (both the Government and the private sector) can get relevant and reliable data at a modest price. Makes perfect business sense.
This approach has a special bonus for the US Government: when buying data abroad they won’t have to deal with privacy restrictions imposed by the US Constitution and constantly debated by Congress. The logic is impeccable: we bought it abroad, and if the Chinese know it, we are entitled to know what they know about us.

Kaspersky and Symantec Kicked Out of China – For a Reason

The great cyber triangle of US-Russia-China seems to be shaping up in a definitive way. For a while China was technologically and skill-wise behind the US and Russia, the two early leaders in cyberspace, but it’s catching up, and fast.

It was announced last week that Kaspersky Lab and Symantec have been taken off the list of approved vendors in China’s government cybersecurity software market.  Reuters recently reported one example: http://www.reuters.com/article/2014/08/03/us-china-software-ban-idUSKBN0G30QH20140803

Traditionally very polite, the Chinese did not cyberwhine, did not make any fuss, did not lay any blame, but simply took the pair off the list. Some Western and Russian analysts were very quick to assume and announce  that this was a trade protectionist move to favor China’s national cybersecurity companies. That’s definitely wrong. If that were true, China would bar foreign companies from the country altogether – their private market is huge and very profitable. But they didn’t; they specifically only addressed their government cyberspace security. Apparently Chinese cyber experts found some extracurricular activities in products from both companies, which is not terribly surprising. Furthermore, they probably realized that detecting all the malware in modern software is practically impossible, and correctly decided to keep the foreign security well-wishers away, at least from their government.

The Chinese perception of individual privacy is different from the Western, and they don’t seem to be very concerned about the privacy of the regular common users, at least currently. However, they will probably watch Kaspersky’s and Symantec’s products sold to the Chinese private sector very carefully from now on. If they detect any sizeable collection of data from customers’ computers they will probably bar Kaspersky, Symantec, or both from doing business in China altogether.

The great cyber triangle is definitely becoming more and more equilateral. Interestingly, for the first time that I can recall, China is taking the lead in a trend that is logical and most likely to continue.

Why do Russia and China not cyberwhine?

Usually in my posts I try to provide answers. This time I can only manage a question, but it’s an interesting one.

We constantly hear complaints, if not outright whines, about the US being attacked in cyberspace, either by China or Russia. We’ve gotten used to these attacks, and our response is becoming more and more like “what else is news?”

But there’s an interesting angle here: in the more-or-less symmetrical US-Russia-China great cyber triangle we rarely if ever hear about Chinese or Russians being hacked. Is it that they are not being attacked? Not at all. For example, recently Russia detected a five-fold increase in powerful DDoS attacks over the last year, the longest one lasting ninety days. That one was by any standard a major cyber security event. Was it a big media deal in Russia? Not really– it was barely mentioned.

Initially I thought this difference was mainly a cultural thing. In Russia boys grow up in a culture where if you’re beaten up, you don’t cry “Mommy, he hit me!”, and for sure you don’t complain to teachers or the police. Just heal your bruises and learn to defend yourself. I believe that in China the culture in this respect is somewhat similar. The reaction to cyber attacks on the US is just the opposite. Instead of developing a really effective technology of cyber defense and immediate counterattack, we whine loudly time after time and waste our credibility with vague threats, when everyone knows there will be no real response.

However, cultural difference is probably not the reason for Russia’s and China’s  mute response. As an example of the opposite response, we can recall frequent border disputes between Russia and China in 1960s (over the areas where nobody was present for many miles except a few occasional border guards). During those clashes there were extensive media coverage on both sides, with many diplomatic notes saying something like “This is the 104th serious warning.”

So, the question remains: compared to our constant whining, what is the reason for the very muted Russian and Chinese responses to cyber attacks?