Is China Hacking Random Servers To Put Itself Into A Bad Light?
When I was an IT manager I never liked Mircosoft's Exchange email servers. Like many other Microsoft products it is overloaded with useless niche features and legacies from previous versions. I am thereby not astonished that it was seemingly quite easy to hack.
A currently ongoing hacking campaign that by now has effected hundred thousands of system was first found by Volexity, a cyber security company in Reston, Va.:
In January 2021, through its Network Security Monitoring service, Volexity detected anomalous activity from two of its customers’ Microsoft Exchange servers. Volexity identified a large amount of data being sent to IP addresses it believed were not tied to legitimate users. A closer inspection of the IIS logs from the Exchange servers revealed rather alarming results.
...
Through its analysis of system memory, Volexity determined the attacker was exploiting a zero-day server-side request forgery (SSRF) vulnerability in Microsoft Exchange (CVE-2021-26855). The attacker was using the vulnerability to steal the full contents of several user mailboxes. This vulnerability is remotely exploitable and does not require authentication of any kind, nor does it require any special knowledge or access to a target environment. The attacker only needs to know the server running Exchange and the account from which they want to extract e-mail.
The hackers used four different zero-day security holes in Exchange Server products. A zero-day security hole is one that was previously unknown and has never been used before. To find new zero-day security holes is difficult and expensive. But after they are found and made operational they are often easy to use. Whoever did this hack has invested quite some effort.
Besides extracting emails the hackers also installed backdoors that give them remote access to the hacked Exchange systems.
On March 2 Microsoft released patches for the four security holes. In its release it accused China of being behind the hack:
Today, we’re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor.Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.
Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. To date, Hafnium is the primary actor we’ve seen use these exploits, which are discussed in detail by MSTIC here. The attacks included three steps. First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what’s called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the U.S.-based private servers – to steal data from an organization’s network.
In a related blogpost Microsoft claims that the 'Chinese' hackers have state support:
Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.
Since Microsoft released the security patches the hackers have gone into overdrive. They scan the internet and infiltrate all Exchange Servers that have no yet been patched. It is now believed that more than 30,000 U.S. systems and hundred thousands internationally have been infiltrated with backdoors installed on seemingly all of them.
Such a widespread hacking campaign will certainly get major media attention. (Though the NYT and Washington Post have so far not reported on the campaign. They probably think that the Sunday edition front pages are the better placement for a new anti-China bash.)
Attribution of hacking campaigns is often extremely difficult. We know from the Wikileaks Vault 7 release that U.S. government hackers at the CIA’s Center for Cyber Intelligence have developed tools that let their hacks look like they came from different foreign actors:
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.
We can be quite sure that other governments have developed similar capabilities.
The CIA is also hoarding zero-day security holes and exploits for use in later campaigns:
The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware. This includes multiple local and remote weaponized "zero days" ...
The attribution Microsoft makes is in light of the above quite weak. The direct attacks came from rented virtual private servers within the U.S. These were, says Microsoft, operated through machines in China. But how does Microsoft know who has actually control over those machines in China? Could they not be hacked too? Couldn't the real actors sit anywhere on this planet and access them through the Internet?
Microsoft also says that its attribution is "based on observed victimology, tactics and procedures". The victims are described as "infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs".
For a state sponsored campaign, especially one that burns four expensive zero-days, that victimology is unusually wide. It practically guaranteed that the attack would be detected fairly soon.
"Tactics and procedures" are something that is even harder to attribute than the code used in the attack. Microsoft details some of these:
HAFNIUM has previously compromised victims by exploiting vulnerabilities in internet-facing servers, and has used legitimate open-source frameworks, like Covenant, for command and control. Once they’ve gained access to a victim network, HAFNIUM typically exfiltrates data to file sharing sites like MEGA.
This hack used legitimate open source tools that are widely available and are also used by many cybercrime organizations and secret services. What then are the specific 'tactics and procedures' which attribute this to China?
Microsoft won't say.
There is also the fact that the hackers have gone into overdrive as soon as Microsoft released the patches. They are now infecting any system they can find. That surely will result in an extreme amount of international publicity.
Why would a state sponsored hacking campaign, especially from China, actually want that? Why would China want to attract more negative news about its country?
Could there be some other country that has an interest in pushing public accusations against China by linking it to massive global hacking campaign?
Throughout the last years we have seen a massive anti-China press campaign run by the usual culprits. Recent polls show that it has achieved its purpose:
A new Gallup poll finds Americans' favorable rating of China has declined further in the past year, sinking to a record-tying low. For the first time in more than a decade, Americans regard the U.S. rather than China as the world's leading economic power. And with fewer Americans than in 2019 naming Russia as the United States' greatest enemy, Russia and China now tie for first on that list.
To which Peter Lee comments with his usual snark:
chinahand @chinahand - 19:05 UTC · Mar 5, 2021actually the most interesting stat was that in apparently direct proportion to China hate the number of people who said US is and will be world economic numero uno now and in 20 years rose. which means fear of china breeds both denialism and defiance.
final thought: this polling is kinda Mission Accomplished! for the press and its pentagon and spook services driven anti-PRC reporting. Next job is Sell the War!
Then the after action handwringing about how the real enemy wasn't PRC, it was climate change & income inequality and Indopacom's moronic defense contractor driven power grab in the Western Pacific but the PRC started it coz they were so darn mean!
"That sh*t in the sh*t sandwich we sold you? Some of it was Chinese!"
In my view Microsoft has so far shown nothing that plausibly attributes the hacks to China.
What we can see though is that this hacking campaign will put the country into a very bad light. That might indeed have be the real purpose behind all of this.
Posted by b on March 6, 2021 at 18:57 UTC | Permalink
next page »There are a lot of variables here. We should be careful:
1) it's no surprising at all that the USA is growing increasingly inimical to China. That's the nature of capitalist superpowers and it is not the first time it happens. That they use incessant propaganda warfare to unite their own peoples is merely the symptom of this underlying necessity. What I mean by this is: yes, the anti-China propaganda was successful - but it was only so because the correspondent material conditions are already in place; we should not overestimate the power of these propagandists (journalists), they are potent only insofar as the war machine that backs it up is capable of waging and winning the desired war;
2) it will be interesting to see how the capitalists will manage this, because China is not Vietnam, let alone Iraq. You can't just reinstate the draft and send 1 million American citizens to perish in the island of Taiwan. Besides, most of America's material wealth and comfort only exist because of China: how will the POTUS explain to its people why their Walmarts are with empty shelves? During the 1930s, the French MSM waged a brutal anti-Soviet propaganda warfare, to the point a preventive alliance became untenable by the end of the decade. What resulted from this is that once Germany broke through the Sedan-Paris line, the entire French people from the rural areas welcomed the Nazis without resistance, and Hitler was able to easily install the so-called Vichy France. France was only able to enter the alliance because its government evaporated and was rebuilt in exile from London, which had to put a new Prime Minister in place to only then make an alliance with the Soviets. Long story short, once the masses are unleashed, they can't be put back to their cage;
3) Wall Street has already stated with all words it won't break up with China, for obvious reasons: it is because of China that the USA has something resembling a First World nation since 2008, so you can't bite the hand feeding you. How is the USG going to make both sides happy?
4) The laws of capitalism preclude the USA from significantly reindustrializing, because of its falling profit rates. Yes, you can destroy China and, with it, the last socialist bastion in the world. But the deindustrialization process would continue, as the USA is the financial superpower. Capitalism would probably earn another 200+ years of existence. But then you would open a flank for a world revolution, as the nation-states would gradually dissolve into a single centralized capitalist HQ, under which the entire world would be commodified and standardized, therefore unifying the condition of all the working classes. You would be expelling Stalin only to invite Trotsky.
As a working cyber security professional, I am constantly amazed at the stupidity of my colleagues. There has yet to be an unambiguous attribution of "state-sponsored" hacking, but this line of shit sure does pay for an awful lot of hotel rooms and expensive catering come CPE time.
Posted by: Covergirl | Mar 6 2021 19:30 utc | 3
It is certain that the USA and Israel are hacking China, Russia and Iran.
The difference is that instead of playing the victim and alerting the MSM press to accuse 'the usual suspects" without proofs, these countries stay discreet, accept that there are security loopholes in their systems and work to correct them, all silently.
The American media act like drama queens to feed resentments against any country that is not under its control
Posted by: Virgile | Mar 6 2021 19:30 utc | 4
If you hide something under a rock in a field
and there is only that one rock in that field
how hidden is it?
Hide something under a rock in a field containing
thousands of rocks; well, that is better hidden,
certainly.
Which server(s) were the real targets?
What will the Five-eyes do with all the emails they siphoned?
Were they looking for something specific and masked their operation
by attacking other servers?
Could the reverse of siphoning have taken place? Thinking out loud.
Alter or add email msgs to servers that can later be used for extortion?
Is Five-eyes seeking "slave" servers that can later be put to use by Five-eyes
Posted by: librul | Mar 6 2021 19:31 utc | 5
Countries other than five-eyes wanting to bring China down plus grab a bit of info - India would be the first country on the list. Most likely though its just part of the five-eyes demonization campaign.
Posted by: Peter AU1 | Mar 6 2021 19:44 utc | 6
As a working cyber security professional, I am constantly amazed at the stupidity of my colleagues. There has yet to be an unambiguous attribution of "state-sponsored" hacking, but this line of shit sure does pay for an awful lot of hotel rooms and expensive catering come CPE time.
Posted by: Covergirl | Mar 6 2021 19:30 utc | 3
Thanks. Much appreciated. I think it mainly gives the false impression they are doing something about it.
Posted by: Bemildred | Mar 6 2021 19:47 utc | 7
That the hacker or hackers were targeting infectious disease researchers, universities (some of which employ these researchers), law firms, defence contractors, NGOs and think-tanks surely suggests that a well-known intel agency is up to its old tricks again, using the very tools the CIA employs to hack other websites and attach stolen metadata to these websites to throw off cyber-investigators onto a wild goose chase, as revealed by Wikileaks' Vault 7 email releases.
That intel agency does not have to be the CIA itself as the CIA would have shared or been compelled to share its hacking methods and stolen metadata with other intel agencies.
Posted by: Jen | Mar 6 2021 19:48 utc | 8
@Posted by: librul | Mar 6 2021 19:31 utc | 5
Could the reverse of siphoning have taken place? Thinking out loud.
Alter or add email msgs to servers that can later be used for extortion?
Amend that to "Alter or add or **delete** email msgs"
Posted by: librul | Mar 6 2021 19:51 utc | 9
Hackers discovered some of the backdoors that Microsoft installed in their products for the CIA and other American "intelligence" agencies to use? That should not surprise anyone. Like Bezos and Brin and Zuckerberg and Dorsey, Gates and his minions are patriots who will do whatever they can for the empire. That empire exists specifically for people like them after all. That doesn't mean they will do that very competently.
Posted by: William Gruff | Mar 6 2021 19:59 utc | 10
@Covergirl #3
It shouldn't surprise anyone.
Every time there is such an announcement - the stock prices (and sales) of the big cybersecurity companies increase. So do defense contracts.
As for the details known so far: the MO is actually quite consistent with BEC attackers.
Posted by: c1ue | Mar 6 2021 20:00 utc | 11
@Posted by: Jen | Mar 6 2021 19:48 utc | 8
Also
When the CIA/NSA/FBI/DIA discover something through spying/hacking/intercepting
and the act of spying/hacking/intercepting pushes the boundaries of US law,
they can request another member of Five-Eyes to pretend to discover that
same specific item and then pass it back to the CIA/NSA/FBI/DIA.
Posted by: librul | Mar 6 2021 20:02 utc | 12
It's a good question why they're bothering with accusing the Chinese. They're not actually planning to attack China, because impossible. The Chinese are a very internal people. A large country like the US, they don't have that much interest in the outside world, except as a deliberate foreign policy act of the government. Trade and selling their products abroad though is traditional. I'm not sure what effect US aggressivity is going to have. They may just take no notice. The point of course is internal domestic in the US. MIC and frightening Americans.
Posted by: Laguerre | Mar 6 2021 20:03 utc | 13
One only needs to take a cursory look at the commercial hacking ermm.. i mean security offerings to know Israel is the leader. Pretty much all of the data extractors and mobile phone espionage gear sold to police and security services worldwide originates there.
(sidenote - this is another reason why China must not lead the mobile devices sector)
Commercialized tailing, monitoring packages are offered up like McD happy meals. If you are willing to pay for it, they will even do targetted narrative injection via social media for your mark. They will not publicize but during sale pitch meetings will boast about their experience and expertise from past gigs in lettered agencies.
The US national security apparatus also outsources many sensitive contact there. Allowing foreign nationals to handle privileged personal data of US individuals. Taking about selling out.
Its a massive revolving door for a lot of dual Israeli nationals to become contractors with clearances or highly placed in big data corps to "commercialize" their knowledge and expertise back "home", its an open secret and a big business. And it's all about the benjamins...
The US public has been brainwashed for the last 20 years with pretty much every high-budget military/crime TV serials to feature a mossad agent somehow getting embedded into it, they are always heroes with sunshine and rainbows gushing out of their asses.
What the hell does all these have to do with the topic at hand?
Well the mud with the solarwind hack didn't stick well enough and some leads are pointing to Israel itself as the instigator, countries other than the US are starting to look and ask the right questions...
Ergo, its time for another, bigger headline to bury the "old news" for everyone to chew on.
p.s.
Anyone even remembers when the NIST got caught dorpping a backdoor into the dual elliptic curve pseudorandom number generator for NSA?
.....something about glasshouse and stones.
Posted by: A.L. | Mar 6 2021 20:11 utc | 14
@Posted by: William Gruff | Mar 6 2021 19:59 utc | 10
American "intelligence" agencies to use
I appreciate your use of italics and quotes.
Remember Paul Wolfowitz leading architect of the Iraq War?
https://www.flickr.com/photos/samdrukr/907151309/
Posted by: librul | Mar 6 2021 20:11 utc | 15
Posted by: A.L. | Mar 6 2021 20:11 utc | 14
So what is the israeli interest in China? Merely commercial?
Posted by: Laguerre | Mar 6 2021 20:16 utc | 16
Posted by: Laguerre | Mar 6 2021 20:16 utc | 16
No I'm saying Israel has been hacking USA since date dot and China (Russia and NK) are often the fall guy.
The US administration will never acknowledge their "special friend" is running its own hustle.
Posted by: A.L. | Mar 6 2021 20:21 utc | 17
State-sponsored hacking is no different from other forms of international misbehavior, like election-interference, weapons-of-mass-destruction, killing-civilians, weaponizing-international-finance. The US foreign policy people have been the world leaders for decades, so I see no reason to get worked up about this story.
Posted by: ptb | Mar 6 2021 20:22 utc | 18
vk @ 2 said; " Yes, you can destroy China and, with it, the last socialist bastion in the world. "
On China's experiment with controlled Capitalism; https://www.ft.com/content/180005ca-5d74-11ea-8033-fa40a0d65a98
Soooo maybe China isn't the " last socialist bastion in the world". Maybe they're working toward a MIXED economy, like most of the 1st world nations.
We'll see.....
Posted by: vetinLA | Mar 6 2021 20:26 utc | 19
My money's on this being the result of an NSA training exercise for advanced recruits. China's busy having a relatively easy time of kicking the Outlaw US Empire's geoeconomic butt and its growing soft power is based on its honesty and credibility. So, China has absolutely no motive to engage in this sort of behavior while the Outlaw Empire has mucho reasons, most of which have already been commented upon. I'll again bring up the following point. China's real GDP is projected to grow 6% in 2021 while the Empire's GDP has shrunk at about 2% Y/Y since 1990 with 2021 likely to be similar if not worse. Thus, the rapidly growing geoeconomic gap that's far more important than the pseudo missile gap JFK pushed. It is possible to alter this economic course but only with the total rejection of the last 40+ years of policy, an immediate end to the vast amounts of corruption and instituting policies that make it possible for the US labor force to be competitive globally.
There's a very big ongoing domestic battle within the Outlaw Empire over economic policy that the 1% would like to mute as much as possible, and the promotion of international scandals for distraction is part of that--particularly since the Ds are reneging on many of their campaign promises. Lastly, there's lots of excellent success being reported from China that the Empire would like to drown, and this is one way to do that.
Remember: Motive, Means, Opportunity. Only the Outlaw US Empire qualifies under this time tested metric.
@ Posted by: vetinLA | Mar 6 2021 20:26 utc | 19
I wouldn't trust the FT for this kind of stuff.
Besides, the concept of mixed economy is not new in History: the Portuguese and Spanish Empire were mixed economies in the technical concept of the word, and even in England there's a strong argument it was a mixed economy between feudalism and capitalism for at least two centuries before going full capitalist.
If that's the sense of the word you're using, then you're basically agreeing with me (and the Chinese) that China is socialist, as socialism is the transitory period between capitalism and communism.
Sorry about the paywall on my link, try this;
https://roarmag.org/2020/08/24/economic-update-is-china-capitalist-socialist-or-what/
Posted by: vetinLA | Mar 6 2021 20:33 utc | 22
@ 21; Point is, mixed economies are prevalent because they work. Economies don't have to be either or.
https://roarmag.org/2020/08/24/economic-update-is-china-capitalist-socialist-or-what/
Posted by: vetinLA | Mar 6 2021 20:37 utc | 23
Posted by: Covergirl | Mar 6 2021 19:30 utc | 3
I tend to observe many cybersec professionals to have drunk the full kool-aid narrative and does actually belive russia, China, nk and Iran were behind every hack. Even though time and time again it was later proven to be otherwise.
It makes them seem more "cool" and in the "know"
Care to comment from your perspective?
Posted by: A.L. | Mar 6 2021 20:39 utc | 24
Speaking of going into overdrive after having been discovered, the US has been going into overdrive with its regime change efforts (Ukraine, Belarus, Georgia, Syria, Iraq, Iran, Libya, Turkey, Hong Kong, Taiwan, Xinjiang, Honduras, Nicaragua, Venezuela, etc.) It constantly tries to "hack" the "operating systems" (governance systems) of other countries by subverting their elections, their media organizations, their ethnic minority groups, their elites, their expat communities, their NGO's, etc.
Seen this way, perhaps the NED (National Endowment for "Democracy") and company should be considered the biggest and most active state-sponsored hacking groups in the world.
To prevent this, other countries are forced to shut down vulnerabilities constantly scanned and exploited by the US, to harden their defenses - hence China's stricter measures ("patches") in Hong Kong (the "One Country, Two Systems" could be thought of as a "backdoor" installed by the West, and actively exploited in recent years.) US-targeted countries are forced to release patches and security measures (thinking Belarus, maybe even Myanmar, for all we know, as other possible, recent examples) - unfortunately having to curb openness that they might otherwise like to have.
Posted by: Canadian Cents | Mar 6 2021 20:44 utc | 25
That didn't take long...
MSM mockingbirds were at first saying "alleged", now they already and predictably moved the goalposts.
The Biden administration is moving to address a global compromise by Chinese government-sponsored hackers of Microsoft email servers affecting at least 30,000 public and private entities in the United States alone, according to U.S. officials and people familiar with the matter.
Vanishing trick, no longer saying "alleged".
Tomorrow they will drop the words "sponsored by". Count on it.
Also, read the article. It sounds as though we are going to be losing more freedoms c/o "our" government.
And also, the article mentions “Unified Coordination Group”. I did a search and learned that on Wednesday, March 3rd
the FBI was holding a conference. This conference had been planned ahead, yet, not so strangely, the day before, March 2nd
Microsoft announced the breach of thousands of Microsquish Exchange Servers.
This is the FBI’s fifth year co-hosting the conference on cybersecurity with Boston College. This conference has grown into a unique partnership of cyber experts, innovators, and policy makers across all levels of the private sector, academia, and law enforcement. And we at the FBI are extremely privileged to be a part of it.
Impeccable timing
Posted by: librul | Mar 6 2021 20:53 utc | 26
Right now China is a rampant capitalist market with socialist overrides in the system (the do called Chinese characteristic). It works largely as intended for now.
Sadly i do believe, until we are in the post-scarcity world which the human race will be lucky to see, but cannot come soon enough, individual greed will eventually trump all and China will morph into full capitalists on the same trajectory as vk described, that this phase is merely transitionary between communism and capitalism.
Maintaining that balance will be the challenge, this job will be even harder once all the basic wants and needs of the populace are largely satisfied, as more egotistical demands will surely start to bubble thru.
In a perverse way an adversarial relationship with the hegemon might not be all bad. At least China don't have to have 800 bases worldwide to find the next enemy to unite its people. That is if it can keep selling stuff abroad. Another balancing act and a bit of having your cake and eating it but i digress...
Posted by: A.L. | Mar 6 2021 21:01 utc | 27
My comment above is in response to VetinLA @ 23
Posted by: Canadian Cents | Mar 6 2021 20:44 utc | 25
Great analogy.
Posted by: A.L. | Mar 6 2021 21:16 utc | 28
@ Posted by: A.L. | Mar 6 2021 21:01 utc | 27
According to the Marxist theory of History, you can only transit from capitalism to communism, not vice versa. The superior mode of production never devolves to the inferior mode of production. No sane mind today advocates for the return of feudalism (feudalism the economic system, not the pejorative meaning Americans use today to designate sweatshop capitalism).
Leftists in the West like to self immolate with these pessimistic definitions of "utopia", "China is degenerating back to capitalism", "the best we can achieve is a mixed economy" etc. etc. But observe the early writings of the neoliberals: they are desperate with many facts of life we take for granted today (universal suffrage, universal healthcare, universal education, labor rights, welfare state etc.) that they outright classify as socialist. And indeed, many things we consider capitalist today would certainly be considered full-fledged socialist during the Second Industrial Revolution. Entities we take for granted today such as Cuba, North Korea, the USSR, the PRC etc. would promptly be classified as aberrations directly come from the Communist Manifesto 150 years ago. The October Revolution shocked the entire world when it happened; it completely shaped human thought and affects us until nowadays (e.g. the mania that we have of calling every revolt a "revolution", because we're anxious to know from where the next blow to capitalism will come from).
According to the CPC's official diagnosis, the PRC has a "Market Socialism with Chinese Characteristics" system. I believe this definition is historically precise.
We're in the middle of the road. The question is: are we going back or are we going all in forward?
Posted by: A.L. | Mar 6 2021 21:01 utc | 27
China is already following a fully capitalist model, just not the US model. China is following traditional Chinese models. Export to the max. Use foreign policy to support export programmes. Send Chinese students abroad to learn foreign techniques. Apparently British universities may collapse if they lose Chinese students. Rather nationalist.
Posted by: Laguerre | Mar 6 2021 21:23 utc | 30
Isn't this story merely about deflection by MS?
I've heard lots of people complain that successive upgrades of MS Windows could have been better than they were. Most large corporations are run by NeoLiberal Right Wing Cranks. The main characteristic of RWC personalities is that they KNOW they're smarter than everyone else. Therefore, when something goes wrong it's ALWAYS someone else's fault.
MS creates less-than-perfect software. Someone exploits a built-in flaw and then MS needs to blame someone. Who better to blame than China?
Apart from practical considerations, blaming China creates the impression that only super-smart hackers can exploit MS software.
QED - reputation enhanced. Myth preserved.
Posted by: Hoarsewhisperer | Mar 6 2021 21:28 utc | 31
servers hacked by China? .. Marvel movie degree of substance. Which is sufficient for the purpose.
Posted by: mijj | Mar 6 2021 21:32 utc | 32
Posted by: vk | Mar 6 2021 21:22 utc | 29
Thankyou for the schooling (genuinely) though I'm having some difficulties in my head accepting "you can only transit from capitalism to communism, not vice versa" though i suspect its more to do with my lack of formal reading and understanding on Marxism.
Thank you again.
Posted by: Laguerre | Mar 6 2021 21:23 utc | 30
I largely agree though i would argue (with real experiences and knowledge) the current crops of Chinese undergraduate students going overseas are not as good as they used to be. Most are there simply because they couldn't get accepted into top domestic universities, that and also mummy and daddy could afford it with the explosion of the chinese middle class.
They're not research lab material and most will have a great time. It's like a gap year (or a few). Gone are the days where the Chinese students juggle 3 part time jobs while flatting with 3 others in a rental attic. These days they drive mercedes, live in chic apartments and dine on Michelin stars.
The post grads heading out are still usually top notch even though language and cultural difficulties might make some think otherwise.
I maintain that China has past the inflection point on domestic tertiary education. Its nice to still be able to send kids out there but not strictly necessary. The tide has turned and the quality of domestic institutions will continue to race forward and is too late for the west to stymie.
Posted by: A.L. | Mar 6 2021 21:54 utc | 33
This story is probably about deflection by MS.
I've heard lots of people complain that successive upgrades of MS Windows could have been better than they were. Most large corporations are run by NeoLiberal Right Wing Cranks. The main characteristic of RUN DMC personalities is that they KNOW they're smarter than everyone else, especially Aerosmith. Therefore, when something goes wrong it's ALWAYS someone else's fault.
Posted by: Peter AU1 | | Mar 6 2021 21:58 utc | 34
I remember reading somewhere(?) that these zero day vulnerabilities sell for something like a quarter of a million dollars. So times four that comes to a million bucks. But they get a discount on a four-pack. This same thing happens every few months. I think there are perhaps hundreds of thousands of new malwares. The hackers must be the most industrious ever.
They must have found it very hard to choose between China or Russia as where to lay the blame.
@31 Hoarsewhisperer
My thought also. No mention that Microsoft makes such crap product that even script kiddies have drunk deeply of its customers' blood.
Funny thing, only slightly off-topic, in this last year I never saw anyone connect Bill Gates, and his desire to re-program the world, with his shitty computer software - like his shit vaccines or his control-freak new world orders would work any better. I would have thought the connection obvious, but maybe MS has a campaign nowadays to persuade people its product is good? Would seem an uphill task.
Gates - the perfect representation of mediocrity across all fields. Even his 24-bathroom house looks ugly.
~~
@25 Canadian Cents
Agreed, that's a great analogy. Very useful way to think of the world. Many thanks.
Posted by: Grieved | Mar 6 2021 22:04 utc | 36
Here's something for inflection.
I'm a foreigner living in China for coming 8 years and hoping never to leave.
China has a communist govt using mix economy to generate wealth across all aspects of society. The CPC motto is a moderately prosperous society is very within its grasp.
The capitalists exist in China, free to make their wealth as per their rights as Chinese citizens.
However, as citizens of China, they must follow the laws.
In the west, the 0.01% grab the govt by the balls, in China it's the reverse.
Who do you cheer for.
https://www.globaltimes.cn/page/202103/1217433.shtml
https://www.globaltimes.cn/content/1079510.shtml
Posted by: Surferket | Mar 6 2021 23:02 utc | 37
Having more than 20 years of experience in the field, I can say that state actors are usually discovered 6 to 9 months after their successful attack. They won't use expensive zerodays on a thousand different targets to burn them out.
This seems like a one-day attack, i.e., one that second hand hackers launch using already burnt zero-days that are not yet properly patched. These second hand hacker groups can be completely unaffiliated with the original group and even with each other.
Posted by: A | Mar 6 2021 23:05 utc | 38
Breaking:
Latest hack has now been given a code name:
Solar
Windbag
Posted by: Paul Damascene | Mar 7 2021 0:07 utc | 39
Covergirl: "As a working cyber security professional, I am constantly amazed at the stupidity of my colleagues. There has yet to be an unambiguous attribution of "state-sponsored" hacking, but this line of shit sure does pay for an awful lot of hotel rooms and expensive catering come CPE time."
Your statement may make you feel smart, but it is totally on a wrong track if applied to anyone above a keyboard slave. I have attended several security conferences and presentations where Russia and China bashing, particularly by Microsoft, one of the biggest security weaklings, would start right after "Hello, my name is ...". But it was blatantly clear that this had nothing to do with reality. It was a planned story telling by people who know who is buttering their bread, adding their own "authority" and their own "credibility" to the campaign run by their most profitable customer - US establishment. There is no easier money in the World than the US "Defense" money, as long as US can continue printing money like confetty. Case closed.
PS It could be Chinese hacking the same as it could be the Chinese virus, but it could equally be US hacking and US virus. We will never know for sure, because we live in the domain of stories not of reality and truth.
Posted by: Kiza | Mar 7 2021 0:13 utc | 40
-// I have attended several security conferences and presentations where Russia and China bashing, particularly by Microsoft, one of the biggest security weaklings, would start right after "Hello, my name is ...". But it was blatantly clear that this had nothing to do with reality. It was a planned story telling by people who know who is buttering their bread, adding their own "authority" and their own "credibility" to the campaign run by their most profitable customer - US establishment... //-
I think Covergirl knows that. The US Security Cult pervades just about everything in the 'West'. Certainly everything technical. And the information technologies especially. Some of us have heard of the saying "We all work for...". Well 90% of the Western world does in fact work for the Security State. It's everywhere. They own us. Or they have us as vassals on behalf of the 700 or so ruling classmates.
Talking about a shit sandwich, this guy must be gagging on his brand new job:
Microsoft has named a young Chinese executive as its new chairman and chief executive for the Greater China region amid increasingly complicated tech relations between the US and China.
Hou Yang, a former executive at Qualcomm, will take the helm from Alain Crozier starting in July, according to the company’s announcement on Monday. Hou is the first Chinese-born executive appointed to the role in nearly a decade.
SCMP 02March2021.
Microsoft names Qualcomm executive Hou Yang as new Greater China chief
Apologies if link comes out all wrong, 1st attempt with a link. Thanks to b and the many brilliant commentors at this site. My favourite recent article was the Taiwan/chip war bs going on. The comment thread was the best reference for a simple wrap of the whole situation I could find anywhere.
Posted by: Dim sim | Mar 7 2021 0:56 utc | 42
Exchange as a product can be seen as a 'malicious BetaMax' type thing. MS attempted to subvert/replace longstanding open-source standards, indeed trying to buck ICANN, W3, other standards bodies. There is also the churn, a drive to replace 'aging' products to stay ahead of competition. There is an ugly graveyard of APIs and development frameworks, hyped and abandoned. They replaced an older culture of stability and progressive development (DEC, SGI, etc) with a frenzied marketing cycle.
I used to participate (~35 yrs ago) in DECUS. This was a huge end-user-driven symposium that gave the actual using users some say about how the OS - VMS - and products should develop. There were products in the DEC ecosystem that survived a couple decades with loving care. Despite being proprietary, the products were thoroughly documented, and a feller could actually write useful software on these machines. Amazing things were happening because of the existence of these machines! MS killed that. Not being content with the consumer market, they decided to attack the workstation/small server zone.
I've had the misfortune of being involved with a few failed products due to MS pulling the rug. I've also had the misfortune of being involved with (maintenance or installation) a few Exchange deployments, including yet another rebranded monstrosity, Lync rebranded optimistically as 'Skype For Business'. Their products are rife with attempts to re-jargonize the field, and everything is more baroque, 3 layers thicker than needed...and chock full of security holes!
Posted by: Dr Wellington Yueh | Mar 7 2021 1:18 utc | 43
Holy shit. Those indian scammers were right! There IS something wrong with my computer! Having perfected shitting OS, Gates moves on to shitty vaccines. What a world
Posted by: Jezabeel | Mar 7 2021 1:38 utc | 44
Let me start by playing devil's advocate, and say that Chinese (corporate and other) espionage is a thing. An argument "Why would China want to attract more negative news about its country?" is not very convincing to me; might as well say "Why would the US want to attract more negative news about itself by bombing the Middle East for no good reason?", but the latter nonetheless seems to happen now and then.
On the other hand, through "election security" operations, through planting NSA backdoors in its products, etc, Microsoft is so deeply in bed with the US Govt it's not even funny. Does all but accusing the Chinese state of these hacks, very publicly, serve a cybersecurity purpose, or are they just carrying water for the Dark Throne? They surely don't seem very concerned about offending China.
Posted by: Ma Laoshi | Mar 7 2021 2:23 utc | 45
@ Dr Wellington Yueh | Mar 7 2021 1:18 utc | 43 with the DECUS and VMS - OS reference...thanks...I started with RMS and then VMS for decades...sweet OS
The VMS operating system is an example of one built that could handle file number versioning that worked very well. Unfortunately backed by a visionary blinded by his own vision when it came to his response to the PC
The sad part about the PC "revolution" was how much it was controlled by big money that directed the evolution of hardware/software/OS and picked winners and loser not based on merit. This is another place where I think China can blow the socks off the West because I posit they will build infrastructure/hardware/software/OS all based on merit. It will make Apples's environment look like a haphazard pig=pen without transparency. Look at where China's collaboration is taking their country and its potential....by and for the people instead of a Darwinian form of barbarism.
Posted by: psychohistorian | Mar 7 2021 2:53 utc | 46
I won’t do it. I won’t fall for the hack. It is such an opaque subject that just cannot be quantified. It’s like saying maybe it happened maybe it didn’t.
On the other hand, b revealed a little more of himself: an IT manager? He previously told us he was an officer in the armed forces. Want more…
Posted by: Sakineh Bagoom | Mar 7 2021 3:25 utc | 47
...
On the other hand, through "election security" operations, through planting NSA backdoors in its products, etc, Microsoft is so deeply in bed with the US Govt it's not even funny. Does all but accusing the Chinese state of these hacks, very publicly, serve a cybersecurity purpose, or are they just carrying water for the Dark Throne? They surely don't seem very concerned about offending China.
Posted by: Ma Laoshi | Mar 7 2021 2:23 utc | 45
One suspects you're referring to the NSA's surveillance scheme known as PRISM. 4 Corners broadcast an episode some time ago in which was included a list of circa 9 hi-tech, hi-profile, co-operating participants.
Wiki has an article on PRISM (surveillance program). Here's a paragraph from the Media Disclosure part of the article..
The documents identified several technology companies as participants in the PRISM program, including Microsoft in 2007, Yahoo! in 2008, Google in 2009, Facebook in 2009, Paltalk in 2009, YouTube in 2010, AOL in 2011, Skype in 2011 and Apple in 2012.[22] The speaker's notes in the briefing document reviewed by The Washington Post indicated that "98 percent of PRISM production is based on Yahoo, Google, and Microsoft".[1]
Posted by: Hoarsewhisperer | Mar 7 2021 5:05 utc | 48
The documents identified several technology companies...
Gotta love the word-abuse in describing 9 tech rats as "several."
According to Online Dictionary, Several = "more than two, but not many."
Posted by: Hoarsewhisperer | Mar 7 2021 5:57 utc | 49
Way, way off topic but I think it is important.
Who duped Pope Francis into doing the neocon's bidding?
David Wurmser, neocon theorist and rehabilitated snake,
wrote an important theory paper for the neocons before the Iraq invasion.
It promoted the need for control of Najaf, Iraq.
Neocons believed that Najaf in Iraq would become the center-of-gravity
for the Shia world. The influence of Iranian clerics would diminish and
flow to the real center - Najaf. Thus, if the Neocons(Israel)/USofA
controlled Najaf then they could "turn" the Shia world towards the "good side" - us.
Easier said then done, easier to theorize than to realize.
Today I read that Pope Francis had traveled to Najaf.
https://www.zerohedge.com/geopolitical/pope-pleads-peace-historic-meeting-powerful-shiite-cleric-iraq
I was struck by this paragraph in the article:
The significance of the meeting is sure to reverberate across borders, given "The 90-year-old al-Sistani has been a consistent counterweight to Iran’s influence. With the meeting, Francis is implicitly recognizing him as the chief interlocutor of Shiite Islam over his rival, Iranian Supreme Leader Ali Khamenei. News of the meeting heightened long-standing rivalries between the Shiite seminaries of Najaf and Iran’s city of Qom over which stands at the center of the Shiite world," an AP report previously explained.
That paragraph is right out of the neocon playbook. I kid you not.
I think I have the original work by David Wurmser somewhere on some hard drive, have not found it yet.
In lieu of that here is a paragraph from a 2007 article that I just found. The paragraph is not what I am looking for but close enough.
https://prospect.org/features/shia-fellas/
Third, the neocons believed that moderate, nonpolitical Shia in Iraq would establish Najaf, the Iraqi shrine city that is the holiest place in Shia Islam, as a new center of gravity that would overpower Qom, the clerical powerhouse city in Iran. They believed that the "good Shia," supposedly "quietist" ayatollahs such as Ali al-Sistani, would emerge to present a frontal challenge to Iran's militant "bad Shia," followers of the Ayatollah Ruhollah Khomeini. A leading proponent of this theory was David Wurmser, a radical neocon who is currently Vice President Cheney's top Middle East adviser. "They deluded themselves into thinking that these links operated only one way -- with Najaf undermining Qom," says Nasr. "They assumed that it was Iraq that would influence Iran, not that Iran would influence Iraq."
Apologies for going way off topic. Maybe, though, I have given b a seed for his own next thread Pope Neocon the First
Posted by: librul | Mar 7 2021 6:15 utc | 51
Sakineh Bagoom #47
b has adequately revealed his IT knowledge. Read his posts on the Boeing technical stuff ups and their falling planes. He revealed that these rs hats were still using 80286 based flight computers.
He can also cook.
Posted by: uncle tungsten | Mar 7 2021 6:17 utc | 52
Russia does not use MS or Intel for its secure systems. The computers use domestic RISC chips and a domestic Linux type OS. All government agencies are switching from MS to Astra Linux. Much more difficult for US agencies to find backdoors.
Posted by: Cossack | Mar 7 2021 6:19 utc | 53
@Posted by: librul | Mar 7 2021 6:15 utc | 51
Found it !
It is a book (pdf).
Wow! Najaf is the Neocon dominoe to knock over and reset the entire Mideast !
Neocons dream big
And I really, really luv the title.
Tyranny's Ally
by David Wurmser
"Liberating the centers of learning in Najaf and Karbala in the
wake of Saddam’s demise would offer the region and the West a chance
to recover the Shi’ite political structure from the diktat of Khomeini’s
narrow Shi’ite revolution—and to reinstate the traditional dynamic
among Lebanon’s Shi’ites. Prying the Lebanese Shi’ites away from a
defunct Iranian Revolution and reacquainting them with the Iraqi
Shi’ite community could significantly help to shift the region’s balance
and to whittle away at Syria’s power. Without Iran’s ideological domination of the Lebanese Shi’ites, Syria would loosen its grip on them.
Syria’s continued military presence would be exposed as a wrapping
for the very same secular Arab nationalism so despised by these
Shi’ites. A collapse of Iraq’s Ba’thism could be the catalyst for the implosion of Assad’s regime in Syria and, through the Shi’ite community,
of the Islamic revolution in Iran as well."
There is much more in the book. If you locate the pdf yourself do a search on Najaf which appears 6 times.
I appeared to have downloaded it in 2005, unfortunately I probably got it from the aei.org website. I am not going there now
to see!
Posted by: librul | Mar 7 2021 6:45 utc | 54
Posted by: Dr Wellington Yueh | Mar 7 2021 1:18 utc | 43
Yes, thank you. I grew up digitally on PDP11-RSTS/E and Vaxen, and fond as I have become of Un*x I still miss the consistency, thoroughness and reliability of their products. I have a very high opinion of Solaris too. Everything worked like it was supposed to.
I remember in the 90s when they started using MS in miltary tech and not knowing whether to laugh or cry.
With any such quality platform in the commercial market, the hardware churn soon leaves them behind. No accident that, either.
Posted by: Bemildred | Mar 7 2021 6:49 utc | 55
...
b revealed a little more of himself: an IT manager? He previously told us he was an officer in the armed forces. Want more…
Posted by: Sakineh Bagoom | Mar 7 2021 3:25 utc | 47
If you look up b's post on the death of Steve Jobs, you'll discover that b, highly unusually, crossed swords in that thread with a Job's fan, eventually concluding that the fan was too rusted on to his POV to productively 'debate' with on Hi-Tech issues. So Hi-Tech is b's forte.
During the early days of the Syria Fake Civil War, b suggested that a tank commander facing an attack from a TOW missile should direct heavy fire in the direction of the launch site "Don't aim, just shoot."
Huh?
And then the penny dropped. If the person who launched the TOW has to keep his head down, he can't guide the TOW to the target.
I complimented b on a piece of BRILLIANCE that I'm sure I wouldn't have stumbled upon and he confessed that he'd been trained as a tank commander. I assumed that it was a temporary spell in what Oz used to call National Service - a Civilian Military Readiness policy, and that b's Real Life Skills made him a prime candidate for Leadership.
Posted by: Hoarsewhisperer | Mar 7 2021 7:23 utc | 56
@psychohistorian and Bemildred...thanks! Great to know we haven't all died off yet.
In my "I know a guy..." schpeil, my boss in those days (master, for I truly was an apprentice!) is colleagues with a guy who invites folks like Larry Niven to parties. Guy has a living museum of every conceivable kind of storage device, computing module, interfaces, cabinets.
Gawd, I miss those days! (And, Gawd, how I've fallen since!)
Posted by: Dr Wellington Yueh | Mar 7 2021 7:30 utc | 57
As a working cyber security professional, I am constantly amazed at the stupidity of my colleagues. There has yet to be an unambiguous attribution of "state-sponsored" hacking, but this line of shit sure does pay for an awful lot of hotel rooms and expensive catering come CPE time.
Posted by: Covergirl | Mar 6 2021 19:30 utc | 3
CPE - is it one of these? https://acronyms.thefreedictionary.com/CPE
Posted by: tucenz | Mar 7 2021 8:13 utc | 58
@William Gruff | Mar 6 2021 19:59 utc | 10
Hackers discovered some of the backdoors that Microsoft installed in their products for the CIA and other American "intelligence" agencies to use?
I do not accept the unproven claim that "china" or anyone else "hacked" random servers or even targeted specific ones. This just falls into the pattern of unsubstantiated claims like "russiagate", "novichok", "Covid" etc.
However, if I was managing a country targeted by the US I would set up a research group with the specific goal of identifying the backdoors that CIA has installed in Windows and the software running under it. I would not make public any findings, but use it to observe what the CIA did with those backdoors.
Also, I would ban the use of Windows in government and other national institutions and establish a local linux distribution under government control.
Astra Linux is a Russian Linux-based computer operating system developed to meet the needs of the Russian army, other armed forces and intelligence agencies. It provides data protection up to the level of "top secret" in Russian classified information grade. It has been officially certified by Russian Defense Ministry, Federal Service for Technical and Export Control and Federal Security Service.
Posted by: Norwegian | Mar 7 2021 8:48 utc | 59
Posted by: tucenz | Mar 7 2021 8:13 utc | 58
No the CPE you're referring to is of a telecom context.
Covergirl is referring to Continuing Professional Development / Education (CPD / CPE etc) depending on where in the world you are. one is required to attain a number of CPD points per year to maintain their qualification.
Initially seemed a good idea, it often devolved into conferences and junkets for most professions requiring such. I am of course generalizing.
Its to give the populace a illusion of quality on the advice they're buying. To wit, the rollers actually making investment decisions and making a tonne of money in the markets never put themselves in a position to require CPD as its a massive drag, whereas people who talk you into buying bad investments and loans you can't afford are all required to maintain CPD/E.
/sarc
Posted by: A.L. | Mar 7 2021 9:03 utc | 60
@Canadian Cents | Mar 6 2021 20:44 utc | 25
I agree with your post, this is exactly how it should be seen. The US/Israel is "hacking" government systems of other countries, installing backdoors and selling "protection".
Incidentally, this is also the business model in MS Windows where "viruses" are fought forever, but never eradicated, you must buy new "anti virus software" all the time to "stay safe". The companies earning millions on such "protection" obviously also have the motivation to produce the problem in the first place. And they do.
Rings a bell? This business model is now being attempted in the "world operating system" and who is pushing it? Bill Gates? The "Covid" stuff is literally the virus in the world operating system, and Bill Gates is once again promoting himself as the savior by pushing "anti virus" inoculations. And just like the inoculations under Windows, they don't actually work but must be "upgraded" forever and ever, making the providers richer and richer and at the same time installing an autocratic tyranny everywhere.
What's not to like about this?
Posted by: Norwegian | Mar 7 2021 9:10 utc | 61
@Dr Wellington Yueh | Mar 7 2021 1:18 utc | 43
Thank you for the memory flashback to DEC and VAX/VMS! I used VMS from ~1982 until the late 1990s. VMS was rock solid and a fond memory, sadly missed. It was 32bit in 1982 and it took MS Windows a couple of decades to catch up on that. There was also 64bit VMS on Aplha machines in the mid 1990s. I think its only remnant of VMS in Windows today is the MSVC Debugger which is a descendant of the great VMS debugger.
Posted by: Norwegian | Mar 7 2021 9:25 utc | 62
Dim sim #42
Thank you for that link to the scmp. It looks pretty clear from that report that Microsoft is pulling out of China asap and is claiming that China hacked it and they are not nice and wah wah wah. That way they don't have to honour any contracts - I guess that is business as usual for microsoft.
Posted by: uncle tungsten | Mar 7 2021 10:29 utc | 63
vk
"That they use incessant propaganda warfare to unite their own peoples is merely the symptom of this underlying necessity. What I mean by this is: yes, the anti-China propaganda was successful - but it was only so because the correspondent material conditions are already in place"
So a conspiracy is a symptom of an underlying necessity and its success depends on the material conditions. Does it follow from this that conspiracies should not be thought about?
Posted by: Johny Conspiranoid | Mar 7 2021 11:22 utc | 64
librul @ 54
Wow! Najaf is the Neocon dominoe to knock over and reset the entire Mideast !
Neocons dream big
Neocon dreams tend to be the wet variety...where you wake up somewhat unglued with a mess in your pajamas.
From the scattered pieces of Zbigniew Brzezinski's Grand Chessboard, to the deluded horseshit of Oded Yinon, to the defective reveries of the likes of Kristol, Perle, and Wolfowitz...
and now we get David Wurmser's musings?
You know what they say about playing chess with pigeons...
Never play chess with a pigeon.
The pigeon just knocks all the pieces over.
Then shits all over the board.
Then struts around like it won
Posted by: john | Mar 7 2021 11:46 utc | 65
list a number of monopoly powered USA corporations hiding in china
A. L. @ 33 accurately points out: "China has past the inflection point on domestic tertiary education. Its nice to still be able to send kids out there but not strictly necessary. The tide has turned and the quality of domestic institutions will continue to race forward and is too late for the west to stymie." Yes, education in Germany was essential for top American students until WWI..
I think Blue screen should be renamed the back company, Intel the door company, and Apple the network company. Put the suggested renames together you get backdoornetwork company (the BDN).
Dr Wellington Yueh @ 43 says "MS attempted to subvert/replace longstanding open-source standards, indeed trying to buck ICANN, W3, other standards bodies." <=to me, it looks like the large copyright and patent monopoly corporations are trying to replace open source perl and long standing c and C++ code written in text with copyrightable languages such as python and more and written in hex or some other obscure expression[instead of plain text with man explaination].. which to me looks like they are trying rewrite the open source in a code they can hide the open source technology in proprietary libraries and obscure modules or that allows them to gate user access by permission arrangements or fees. I wonder have others notice this trend, it is patently obvious in ubuntu?
Ma Laoshi @ 45 says: "Microsoft is .. deeply in bed with the US Govt. Does all but accusing the Chinese state of these hacks, very publicly, serve a cybersecurity purpose, or are they just carrying water for the Dark Throne? They surely don't seem very concerned about offending China. <= you got it backwards, the USA government is deeply in bed with Microsoft. BDN are copyright and patent powered feudal estates..they wag the government when it serves their interest.
Posted by: snake | Mar 7 2021 11:54 utc | 66
Re: A.L. | Mar 7 2021 9:03 utc | 60
Thank you
(but I was waiting for a reply from Covergirl ... the story of my life..!)
Posted by: tucenz | Mar 7 2021 12:31 utc | 67
Norwegian @59
Very true. A government would be negligent for not investigating and monitoring backdoors in tech infrastructure like operating systems, particularly if that infrastructure is sourced from hostile actors. It is not hacking, it is just a government doing its job.
I am doubtful though that this particular incident that our host discusses is a state actor for the same reasons our host points out. The "scattershot" exploitation of the vulnerabilities makes no sense for any national interest unless that entity is attempting to force Microsoft to replace the existing vulnerabilities with new and undisclosed vulnerabilities. What seems more probable to me is that the vulnerabilities were not actually so difficult to exploit and that knowledge of those vulnerabilities was more broadly available among a more amorphous non-state hacker collective like "Anonymous" or some such. With the exploits revealed the focused efforts of the collective were abandoned and individuals from the collective then used the exploits to pursue their own varied interests. Microsoft insisting that a nation-state was involved is just them covering for their own incompetence.
Like Russia, China has largely transitioned off Windows for things that require security. One of the major replacements is a Linux-based OS called Kylin and NeoKylin. These are not only practically universal in China's government and SOE operations, but are widely adopted by consumers and the private sector in China as well. I've also heard that the government of Iran has also developed a domestic hardened Linux distribution as a response to the Stuxnet attack that Microsoft facilitated.
Closed-source code and standards bound by patents and copyrights running public infrastructure and services is impossible to justify in my view. Windows and closed-standard document formats and protocols should absolutely be banned from use by the public sector in every country where that public sector at least pretends to serve the public.
Posted by: William Gruff | Mar 7 2021 12:44 utc | 68
Posted by: snake | Mar 7 2021 11:54 utc | 66
Yes, Ubuntu has crapified itself, I stopped keeping up with their long-term releases because they are making such a hash of it. It is really very like the way MS has obscurified its products. Then that creates a whole new caste of mandarins who are expensively trained to cope with the mess, and they think it is great. Not unlike health care, now I think about it. So many ways you can apply it.
Posted by: Bemildred | Mar 7 2021 13:47 utc | 69
Could any of the technical multitude assembled here explain in English what the practical consequences of the subject hack might be?
To a non technical person this might mean anything from IT gets a lot of overtime to the sky falls.We read story after story about creaky computers hacked by evildoers and the sky does not fall.
Posted by: oldhippie | Mar 7 2021 13:49 utc | 70
Posted by: oldhippie | Mar 7 2021 13:49 utc | 70
Some folks got their emails read, that's all.
Posted by: A.L. | Mar 7 2021 14:08 utc | 71
oldhippie @70:
The ChiCom equivalent to the CIA (they don't actually have such an equivalent, but let us pretend that they do) will get the formula for the Moderna vaccine that you sent to your friends and family through email? Or perhaps they will be able to figure out what cat memes you like the most by seeing what you shared around, and thereby know how to covertly influence you through Facebook ads to vote for Trump in 2024?
IT people will get ulcers over this, and those in the general public who are prone to hysteria will freak out as they so enjoy doing, but back in the real world this, as you assume, won't amount to anything unless the hackers were non-state actors looking for some fertile dirt to leak to the public.
Posted by: William Gruff | Mar 7 2021 14:14 utc | 72
There is a shady Taiwanese company involved in the hack.
It was the first to find the zero-days and to prove their use.
Then came the 'Chinese' attacks and shortly before Microsoft released the patch (the Taiwanese company knew the date) The 'hacks' changed to amplify the issue:
Of the tens of thousands of organizations that have been infected by the webshell, it’s not clear how many victims have had emails siphoned. Several “high value” targets have seen such losses, said Steven Adair, president of Volexity, a cybersecurity firm that tipped Microsoft to two of the four exploits.Adair said his firm tracked the malicious activity back to early January, though researchers in Taiwan identified Exchange software bugs as far back as December.
For much of January and February, the Chinese theft of email seemed stealthy and targeted, Adair said. Then suddenly about a week ago, shortly before Microsoft issued its patch, the activity exploded. The hackers seemed to be dropping webshells on anyone running an Exchange server, he said. It was, he said, almost as if they suspected a patch was forthcoming.
@William Gruff | Mar 7 2021 12:44 utc | 68
Closed-source code and standards bound by patents and copyrights running public infrastructure and services is impossible to justify in my view. Windows and closed-standard document formats and protocols should absolutely be banned from use by the public sector in every country where that public sector at least pretends to serve the public.
Agreed. I work in a partially government owned company pretending to be very security aware. However, it is Windows 10, Microsoft Outlook, Microsoft Teams ++ all the way. Even when we work from home over VPN we get a "Microsoft code" over SMS to type in with our password. It is total insanity. They have basically given it all away, believing they have done the right thing. This is what incompetence leads to, and leaders are no longer selected from their level of competence.
As for linux distributions, yes I have heard of Ubuntu Kylin in China. North Korea have their Red Star OS, Cuba has Nova, India has BOSS, Indonesia has IGOS Nusantra Linux, Turkey has Pardus. Not sure what the latest is in Iran.
Posted by: Norwegian | Mar 7 2021 15:11 utc | 75
Posted by: Canadian Cents | Mar 6 2021 20:44 utc | 25
+
Posted by: b | Mar 7 2021 14:16 utc | 73
So it's a 'security researcher' if they serves freedom fries there and a 'hacker' if it's from a regime, got it.
Posted by: A.L. | Mar 7 2021 15:33 utc | 76
Posted by: William Gruff | Mar 7 2021 14:14 utc | 72
+
Posted by: b | Mar 7 2021 14:16 utc | 73
Come to think of it this wapo piece isn't exactly lying...
Chinese includes Taiwanese.
They don't have a viable local vaccine and are having trouble getting supplies.
Motives, means and opportunity as karlof1 pointed out.
Posted by: A.L. | Mar 7 2021 15:39 utc | 77
"The documents identified several technology companies...
Gotta love the word-abuse in describing 9 tech rats as "several."
According to Online Dictionary, Several = "more than two, but not many."
Posted by: Hoarsewhisperer | Mar 7 2021 5:57 utc | 49
I currently have 'several' at 3-11. I disagree.
Posted by: David G Horsman | Mar 7 2021 16:13 utc | 78
Microsoft has been extremely incompetent, arrogant and evil. Not only are their products becoming over-bloated and buggy (just look at their list of useless products, upgrades and services), their policy and marketing unfriendly and pushy, and their alignment with the deep state inexcusable, the latest "patch strategy" and accusation shows how out of touch they are.
The better way to repair such incompetent bug is to QUIETLY send out patches to all customers and help them to ensure the doors are all close before making such baseless and useless accusation publicly (even then, may not even be productively to make such accusation, at least not publicly - unless they are directed or motivated by some anti-China groups)
Posted by: d dan | Mar 7 2021 18:51 utc | 79
Who has a motive to frame China?
1. The U.S. intel services
2. Israel
The road to Tehran runs through Beijing. Gordon Chang said that without China, there is no Russia, N.Korea, or Iran because China bankrolls each of them. I forgot which Neocon host he was talking to but he/she nodded in approval. The anti-China fervor began in earnest when only China continued to buy Iranian oil after the U.S. imposed a trade embargo.
Posted by: Christian Chuba | Mar 7 2021 19:23 utc | 80
A.L. @28 @76, Grieved @36, Norwegian @61
Thanks! To extend that analogy in the other direction, many would say that the country (the US) that's constantly trying to "hack" and attack other countries' "operating systems" (governance systems) has its own own "operating system" (governance system) hopelessly-infected and corrupted with "malware" and "viruses" (special interest lobby groups, political campaign financing/corruption, corrupted media/legal/security institutions.)
Not sure that system can even just be "cleaned" anymore, with corruption down to the firmware level, so to speak - probably needs to be reset, reformatted, and rebuilt before it can become a non-harmful, constructive node in the network again.
Posted by: Canadian Cents | Mar 7 2021 19:27 utc | 81
@ Canadian Cents | Mar 7 2021 19:27 utc | 81 who wrote
"
Not sure that system can even just be "cleaned" anymore, with corruption down to the firmware level, so to speak - probably needs to be reset, reformatted, and rebuilt before it can become a non-harmful, constructive node in the network again.
"
I continue to come here and contend that the chip architecture is wrong to have a profit-for-few bias to the instruction set. The current system does not have a play-nice-with-others network mode....it more lie, cheat and steal,.... remember there are some proud of those values.
Posted by: psychohistorian | Mar 7 2021 19:52 utc | 82
psychohistorian from earlier in thread--
Wanted to commend you for your thinking that China's OS and other tech gear would be "meritocratic" instead of "donor" based, a trait I hadn't thought of and makes Dilbert even more sensible than before. With Quantum Computing soon to become a commercial reality, IMO your tech predictions are even more important.
Posted by: tucenz | Mar 7 2021 8:13 utc | 58
CPE - is it one of these?
Good question!
Posted by: foolisholdman | Mar 7 2021 20:35 utc | 84
Norwegian | Mar 7 2021 9:10 utc | 61
This business model is now being attempted in the "world operating system" and who is pushing it? Bill Gates? The "Covid" stuff is literally the virus in the world operating system, and Bill Gates is once again promoting himself as the savior by pushing "anti virus" inoculations. And just like the inoculations under Windows, they don't actually work but must be "upgraded" forever and ever, making the providers richer and richer and at the same time installing an autocratic tyranny everywhere.What's not to like about this?
Very good analogy! Well spotted!
Posted by: foolisholdman | Mar 7 2021 20:42 utc | 85
Mr. d dan
Nonsense.
Go to India and see for yourself how the old Intel-Microsoft Duopoly enabled computing for the masses, any script, any language. Unalloyed Good, in my book.
Posted by: Fyi | Mar 7 2021 21:34 utc | 86
psychohistorian @82, yes the West does seem to be founded on a plutocratic instruction set.
When the West requires other countries to "open up", it's so that their governance malware and viruses can be injected, with plutocracy indeed being a key vector (or MRNA or crown structure, to start mixing virus analogies ;)
Other countries need to treat their interactions with the US, which can't be avoided, the way you'd handle interaction with malware-infected server or system, on a strictly restricted/non-trusted/firewalled basis.
Norwegian @61, good point about the selling "protection" angle.
Hopefully people around the world also recognize that the US is like a mafia running a protection racket, another analogy that fully applies. Three in one comment ;)
Posted by: Canadian Cents | Mar 7 2021 21:48 utc | 87
...
I currently have 'several' at 3-11. I disagree.
Posted by: David G Horsman | Mar 7 2021 16:13 utc | 78
The only problem I have with allowing the meaning of 'several' to stretch as far as 11 is that one must whizz past 'a handful' which is roughly 5, and 'half a dozen' which is precisely 6.
Imo, those factoids limit 'several' to 3 or 4.
Posted by: Hoarsewhisperer | Mar 8 2021 4:23 utc | 88
Posted by: A.L. | Mar 7 2021 15:33 utc | 76 -- "So it's a 'security researcher' if they serves freedom fries there and a 'hacker' if it's from a regime, got it."
The Maidan, 'democracy protestors' were served Nuland cookies.
The Capitol, 'domestic terrorists' were served writs of arrest.
Three cheers for the vaunted 'Western values' !!!
Posted by: kiwiklown | Mar 8 2021 11:08 utc | 89
Canadian Cents @ 87 -- "When the West requires other countries to "open up", it's so that their governance malware and viruses can be injected, with plutocracy indeed being a key vector (or MRNA or crown structure, to start mixing virus analogies ;)"
Yes, to mix analogies even further, when the West required China to open up, they injected their malware -- opium.
China is still dealing with the consequences a century later.
Posted by: kiwiklown | Mar 8 2021 11:32 utc | 90
Canadian Cents @ 87 -- "Hopefully people around the world also recognize that the US is like a mafia running a protection racket...."
And just like the mafia, this 'protector' is not agreement-capable, not shame-capable, not honour-capable.
Just look at MBS despite 'investing' billions on US bombs and missiles.
Posted by: kiwiklown | Mar 8 2021 11:41 utc | 91
Posted by: A.L. | Mar 6 2021 21:54 utc | 33 -- "China has past the inflection point on domestic tertiary education. Its nice to still be able to send kids out there but not strictly necessary. The tide has turned and the quality of domestic institutions will continue to race forward and is too late for the west to stymie."
Very astute observation on China's education resources.
I do not understand the West's constant obsession (not yours personally) to stymie, to obstruct, to delay, to counter, to challenge China's progress towards her people's betterment.
Is stopping other nations' development the main function, or even one of the functions, of Western government?
If so, why is the US giving billions a year to a certain nation that must not be named?
And doing that while denying Main Street Americans a measly thousand dollars to pay rent?
Posted by: kiwiklown | Mar 8 2021 12:01 utc | 92
Posted by: kiwiklown | Mar 8 2021 12:01 utc | 92
Well, you have to understand, their enemies constitute the whole human race which is not them. The rich think of the non-rich as inferiors, not enemies, but it amounts to the same thing, since it easy to see that they lose their minds when challenged or their status is threatened. Nothing arouses more fear and anger in the "well-off" than being defensetrated into the masses again. So any government not under their control is a real or potential "threat".
Posted by: Bemildred | Mar 8 2021 13:48 utc | 93
@A.L. #24
It depends on the individual - in particular, their actual level of skill and knowledge vs. their job title/job description.
There are enormous numbers of drones who don't know anything but are more than happy to spout a line to protect their rice bowls.
The sad reality - which I have noted time and again - is that foreign actors don't need to execute fancy cybersecurity attacks to get the vast majority of what they're looking for, in terms of information collection.
OPM security was just sad.
Solarwinds was equally not secure in the least.
Furthermore the US intel and security agencies have historically been compromised at very high levels by outright foreign agents.
For this Microsoft one - I am still waiting to get a more complete list of the targets. One of the tricks used by PR/marketing types is to cull out government/military/defense names from a widespread hack to allege "nation-state" actors when an examination of the full list makes it clear that the attackers are purely criminal.
Again: a real nation-state attacker with a halfway competent risk/reward analysis will not abuse high-value 0days in a widespread manner. Every usage increases the likelihood of detection - for info gathering this might be acceptable but for actual operational capability, it is not.
Posted by: c1ue | Mar 8 2021 18:25 utc | 94
@Kiza #40
I agree with you on the cybersec conference material, but these conferences are to security what military trade shows are to military capability.
Which is to say, booze and babes to bamboozle clients outta big bucks.
I still chuckle when I recall the one aisle at RSA where 1st, 2nd, 3rd and 4th generation technologies for the exact same use case were all being displayed at booths...
Posted by: c1ue | Mar 8 2021 18:28 utc | 95
@kiwiklown #92
That's an easy one: said un-named nation kicks back tens to hundreds of millions to said politicians.
The hoi polloi in the US don't contribute enough to matter - and whatever is contributed is clearly considered just an ante.
Posted by: c1ue | Mar 8 2021 18:33 utc | 96
Posted by: c1ue | Mar 8 2021 18:33 utc | 96 -- "That's an easy one: said un-named nation kicks back tens to hundreds of millions to said politicians."
Well said, c1ue..... And that is why I despise with a vehemence said politicians in the West, and politicians in said un-nameable nation.
Posted by: kiiwklown | Mar 9 2021 6:15 utc | 97
Posted by: Bemildred | Mar 8 2021 13:48 utc | 93 -- "So any government not under their control is a real or potential "threat"."
I see.... and so that must be why Russia has given up 'relating' to the West on terms set by the West... and that must be why Putin emphasises science and youth and education in his major speeches to his nation.... and why Putin's people so openly brandish their marvellous new weapons which in times past, would have been state secrets....
Posted by: kiwiklown | Mar 9 2021 6:24 utc | 98
Posted by: kiwiklown | Mar 9 2021 6:24 utc | 98
Putin's people so openly brandish their marvellous new weapons which in times past, would have been state secrets....
Yes. Time to confront the bully now. You notice who is doing the confronting.
I want to agree with everything c1ue is saying about cyber-security conferences and how government procurement (nice choice of words, eh?) works too. In my experience they were rewards for the obedient rather than serious professional activities. All of these people would not have jobs if we actually cleaned up our software.
Posted by: Bemildred | Mar 9 2021 7:18 utc | 99
Posted by: Bemildred | Mar 9 2021 7:18 utc | 99 -- "Yes. Time to confront the bully now. You notice who is doing the confronting."
Yes, I see that Putin is bending over backwards to prevent war in announcing their hypersonics stuff, rather like showing your gun holster to a mugger who thinks he is in control because he is armed with a knife.
Posted by: kiwiklown | Mar 9 2021 8:20 utc | 100
The comments to this entry are closed.
Not only is there no evidence that the hack originated in China, but is there any reason even to believe that this series of hacks actually took place?
Posted by: foolisholdman | Mar 6 2021 19:25 utc | 1