[HN Gopher] The FBI investigating hacking of Covid research by "...
___________________________________________________________________
The FBI investigating hacking of Covid research by "PRC-affiliated
cyber actors"
Author : kimi
Score : 219 points
Date : 2020-05-26 15:57 UTC (7 hours ago)
(HTM) web link (www.fbi.gov)
(TXT) w3m dump (www.fbi.gov)
| narrator wrote:
| If the PRC gets a workable vaccine first, they can gain influence
| to get everyone to use a WHO run global vaccine passport instead
| of separate national systems. They can then tie the WHO's
| databank into their global surveillance system and franchise out
| China's surveillance state and social credit score system
| throughout the world.
| caseysoftware wrote:
| Those are good points, I'd add two more:
|
| - "If you want to buy our vaccine, you need to buy Huawei
| equipment for all your communications systems" - we've already
| seen that in France with PPE
|
| - What would that do for investment in vaccine research if you
| know China can drop in theirs at any time and address the
| entire market? Investments dries up, China pulls back, go back
| to 1.
| orbifold wrote:
| Just for additional context several super computing sites in
| Europe were attacked a few weeks ago and are still down, among
| them PizDaint at CSCS, which ranks 6th in the world, several
| super computing sites in Germany (FZ Juelich) and so on. I think
| no-one wishes this to turn into a kinetic war, but for all we
| know besides the economic warfare that has been going on for
| quite some time, this feels like we are in an all out conflict
| with China.
| zaxu wrote:
| These are crypto mining schemes, though. This looks a lot more
| like run of the mill money making cybercrime than espionage - I
| don't think any nation state would be interested in outing
| themselves for a pittance in bitcoin.
| eloisius wrote:
| Would they set up a crypto mining scheme to obfuscate the
| origin and intent of the attack though?
| orbifold wrote:
| At least according to this incident report
| https://csirt.egi.eu/academic-data-centers-abused-for-
| crypto..., one of the two attacks had "unknown purpose". In
| particular it was not tied to crypto mining.
| zaxu wrote:
| From the site you linked, the one with "unknown" motive has
| exclusively attacked Chinese academic victims. It would be
| extremely bizarre to suggest that the Chinese government is
| behind this.
| zaxu wrote:
| Ah, I misread the table. This is very suggestive, then.
| orbifold wrote:
| The second one is the attack that spread all the way to a
| basement HPC cluster in the Physics Institute at LMU
| Munich, the IP addresses listed are indicators to look
| for that your system might be compromised, not the
| victims of the attack.
| pengaru wrote:
| I'm not under the impression that non-military research and
| academic computing facilities are particularly well secured.
|
| Decades ago I spent a bunch of time around fnal.gov with a
| buddy who worked there, and they were debating the requirement
| of _every_ computer, including desktops, having a static,
| public IPv4 address. Nobody wanted to be behind a firewall in
| the name of open, collaborative research.
| gnufx wrote:
| Yes, the fundamental problem is that this sort of thing has
| around the top of the threat list for academic computing
| facilities for 30 years or so (originally typically coming in
| to the UK from CERN). It's just that this is larger scale,
| possibly more automated (filching SSH keys), and has a higher
| profile. Despite that, the systems are normally not managed
| to counter the threat, running with known privilege
| escalations either through unpatched OS vulnerabilities or
| through something like the batch system. Don't trust them
| with anything sensitive, including credentials like typed
| passwords or SSH forwarding, yet people do. I have an
| existence proof that it doesn't have to be like that for HPC
| systems, even if you're not allowed system time -- in which
| case live patching of login node kernels is specifically
| necessary.
|
| Incidentally, if attackers were looking for sensitive
| research results from this, I think it would have to be
| targeted with detailed knowledge about what specific
| researchers were doing; after all, it's difficult enough for
| a typical researcher to keep track of their own stuff, and it
| mostly won't have look-at-me names.
| RobertoG wrote:
| we are in all out conflict with China because some super
| computing sites were "attacked"?
|
| That's not a very responsible statement.
| orbifold wrote:
| Well this is clearly a hostile act during a time in which
| several European countries have declared medical emergencies.
| They were not just "attacked" but have been completely
| offline for almost two weeks now
| (https://www.hpcwire.com/2020/05/18/hacking-streak-forces-
| eur...).
|
| In Germany it is (incident was 15.05) - NEMO (Freiburg) -
| bwUniCluster 2.0 and ForHLR II (Karlsruhe) - Hawk (Stuttgart)
| - Leibniz Supercomputing Center (Munich) - JURECA, JUWELS und
| JUDAC (FZ Julich) - Taurus (Dresden)
|
| Switzerland shutdown access to all of CSCS (16.05).
| goodcjw2 wrote:
| Facts:
|
| 1 - HPC centers in Europes are down.
|
| 2 - Those are useful resources to battle battle against
| COVID-19.
|
| 3 - HPC centers are down due to malware infections.
|
| 4 - FBI warned and Department of Homeland Security warns of
| possible cyberattacks targeting COVID-19 research.
| orbifold wrote:
| Facts:
|
| 1 - one of the two incidences reported (#EGI2020512)
| targeted academic data centers "for unknown purposes"
| (https://csirt.egi.eu/academic-data-centers-abused-for-
| crypto...) and not necessarily crypto currency mining.
|
| 2 - IP addresses associated with that second attack were
| all assigned to a Chinese University (Shanghai Jiaotong
| University), CSTNET and one Polish host known to be
| compromised by someone from China.
| TeMPOraL wrote:
| Re 2., since when IP is address tracking a reliable
| method of attack attribution?
|
| It's like trying to assign blame for a terrorist attack
| based on where the jacket dropped by a terrorist was
| made. Maybe it was made in their home country. Maybe it
| was imported. Or maybe they purposefully wore a jacket
| made in a different country and dropped it on the scene
| to confuse you.
| acqq wrote:
| And in the linked article the probable cause is much more
| prosaic:
|
| "The attacks may have been perpetrated in order to mine
| cryptocurrency; investigations are ongoing."
| salawat wrote:
| I feel like cryptocurrency miner install is going to end
| up being the new cover story anytime someone doesn't want
| to tip their hand on capabilities.
| gnufx wrote:
| Yes, but if you were serious about espionage, say, you
| wouldn't draw attention to the compromise by running one.
| Reelin wrote:
| > this is clearly a hostile act
|
| That's not my reading of the article you linked. A bad
| actor compromised the credentials of multiple researchers
| with access to various supercomputers (over some unknown or
| at least unspecified period of time). They then
| simultaneously accessed the compromised machines and
| installed cryptocurrency mining software on them.
|
| This could easily be profit motivated (as it appears). It
| could also be (as you suggest) a hostile act disguised as
| the former, but I don't see what the motivation to do that
| would be?
| fpgaminer wrote:
| Also the article mentions that Chinese researchers had
| access to the clusters as well. So the GP's implication
| is that the PRC attacked these datacenters ... to stop
| their own research?
|
| Seems more likely that more people are using/accessing
| these services, and people's guards are down, which made
| it easier for intruders to get in.
| orbifold wrote:
| Well there were two incidents
| (https://csirt.egi.eu/academic-data-centers-abused-for-
| crypto...) one of which had "unknown purpose". It had the
| real effect of disrupting the majority of the super
| computing infrastructure in Switzerland and Germany for
| almost two weeks now. The attacks originated from China
| (Shanghai Jiao Tong University and CSTNET).
| [deleted]
| pjc50 wrote:
| So, when do we launch the nukes?
|
| If you're talking about conflict, be clear how far both sides
| might be willing to escalate.
| antpls wrote:
| Do you have a reference about those attacks? A press release or
| a link to a blog maybe?
| throwanem wrote:
| https://www.hpcwire.com/2020/05/18/hacking-streak-forces-
| eur...
| pcbro141 wrote:
| Shouldn't all countries be working together openly on fighting
| the pandemic? Given that it's hurting the whole world.
| kolbe wrote:
| Sure, but what does this have to do with a single state actor
| that hides everything they do (with fatal consequences in 2020)
| hacking another?
| djsumdog wrote:
| Not when there's money to be made. The Gates foundation does
| seek a Return on Investment, and has publicly stated they
| wanted to create good markets for vaccines.
|
| Gavi/Gates/GSK and other big pharma companies might be claiming
| to help the world, but they're also seeking to get a return on
| their research funding. Even in academic circles, there isn't
| really a lot of information sharing.
| tree3 wrote:
| Companies across all countries have proprietary data that they
| are using to develop treatment options.
| jeffbee wrote:
| It's not hurting the whole world equally. It's been far worse
| for countries peopled with and led by idiots, like the USA. As
| long as this goes on it benefits China very greatly. We've
| already seen a huge shift away from the idea of American global
| leadership.
| blhack wrote:
| What an unbelievably low effort comment.
|
| >It's been far worse for countries peopled with and led by
| idiots, like the USA.
|
| Ranked next to Western European countries, the US ranks at
| the _bottom_ of worst effected. The worst effected country is
| Belgium, followed by France, Italy, the UK, Sweden, and so
| on. As far as CFR, the US is about 1 /3 or Belgium, and about
| 1/2 of the Netherlands.
|
| Among western liberal democracies, the US is among the
| safest/best place to be right now with regards to health
| outcomes related to the coronavirus.
|
| https://coronavirus.jhu.edu/data/mortality
|
| >We've already seen a huge shift away from the idea of
| American global leadership.
|
| This is simply not true, and the evidence of it not being
| true is echoed at every reasonable metric. People are
| increasingly storing their money in the US (as evidenced by
| the stock market refusing to collapse), and increasingly
| following along with US-led pullbacks against global
| organizations like the WHO.
|
| China is rapidly losing its ability to enact soft power
| anywhere in the world.
|
| We are also only _gaining_ in economic power:
| https://www.foreignaffairs.com/articles/united-
| states/2020-0...
|
| --
|
| The US coronavirus response has been one of the strongest
| among western nations, our economy has weathered this better
| than anywhere in the world, and we will likely come out of
| this crisis even stronger, with even more global power, than
| we went in.
| gowld wrote:
| US is 9/10 on the graph of worst 10. Scroll down past the
| top 10 worst countries, to see all the countries with lower
| death rate.
| blhack wrote:
| The US was probably not the _safest_ place to be with
| regards to covid, but it 's ridiculous to imply that our
| leaders are all idiots who messed it all up. The data
| just does not support that no matter how you look at it.
|
| I was replying to this:
|
| >It's been far worse for countries peopled with and led
| by idiots, like the USA.
|
| Maybe this person means that the majority of western
| europe as well as The US is peopled with and led by
| idiots, but it seems much more likely that they are just
| incredibly misinformed.
| thephyber wrote:
| > Ranked next to Western European countries, the US ranks
| at the bottom of worst effected. The worst effected country
| is Belgium, followed by France, Italy, the UK, Sweden, and
| so on. As far as CFR, the US is about 1/3 or Belgium, and
| about 1/2 of the Netherlands.
|
| The problem is that the numbers you cite aren't about
| response, they are about {affected population, environment,
| response}. Being lucky that the USA isn't as population-
| dense as Belgium (which is 10x the number of people per
| area of the USA) isn't a strategy, it's an environmental
| factor.
| jeffbee wrote:
| The aspect of the pandemic which impacts the USA most
| greatly is not the number of dead bodies, it is the loss of
| the perception of the USA as a global leader. Nobody thinks
| that Italy was key to handling the Ebola outbreak, so they
| did not lose their reputation over this. In fact everybody
| knows that Italy is a basket case led by craven criminals.
| But the USA was until recently viewed as the nation that
| could coordinate global action against pandemics. Now,
| everyone sees China as that nation. China is exporting
| masks and test kits and whatnot. USA is importing them.
| Officials with the German Marshall Fund, essentially a US
| propaganda outlet leftover from the Cold War, are going on
| the record discussing America's abdication of leadership.
| thephyber wrote:
| > our economy has weathered this better than anywhere in
| the world, and we will likely come out of this crisis even
| stronger, with even more global power, than we went in
|
| Incredibly optimistic and I don't see the evidence for it.
| The US economy isn't out of the storm yet. Bear Sterns fell
| in March 2008 and the US economy kept "whistling past the
| graveyard" until September before it fell off a cliff after
| the smoke had somewhat cleared. Let's check back in 3-5
| months. The only national institution in the US that didn't
| take a perception hit so far is the Federal Reserve, but
| that's because it threw $8+ trillion at the problem and
| made big promises early (too soon to tell if that massive
| injection will be problematic).
|
| I see a national USA government who chose not to take a
| significant role in either helping the states (and never
| told the states that this would be the policy) or other
| nations (as we normally do during every natural disaster
| and health epidemic since WW2). I don't think I am alone in
| that view.
|
| S Korea and Italy (yes, _that_ Italy) sent PPE to assist
| other countries early in the first wave while the US
| federal government was intercepting shipments which were
| legally purchased by (entities in) other countries and
| diverting them to a federal government stockpile (not the
| states where civilians needed them).
|
| It's worth looking at how well S Korea, Taiwan, and
| Singapore reacted to the outbreak. Their emergency health
| systems acted as if it didn't matter if "China lied" or not
| and set up useful policies and procedures just in case the
| disease made it there.
|
| China has started to donate the medical equipment (PPE,
| ventilators) they didn't need to use after the first wave
| and they are sending medical staff around the world to
| assist other countries. The US is exporting some hastily-
| made ventilators, but it's not yet clear if that will make
| a difference in the perceptions other nations have of our
| response.
|
| I think the US has lost significant soft power as we failed
| to provide the worldwide leadership we have since we became
| a superpower and China stood up to fill in the vacuum for
| very low cost to them.
| smkellat wrote:
| If you're doing research of any significance in today's world and
| don't have an active security program looking for harmful actions
| by foreign intelligence your organization opens itself up for all
| sorts of nasty liabilities. You don't even have to have an
| electronic intrusion. The PRC's government also pays people off
| as the case of this former Cleveland Clinic researcher shows:
| https://www.cleveland.com/crime/2020/05/former-cleveland-cli...
| [deleted]
| vsareto wrote:
| What kind of liabilities? That looks like a case against an
| individual.
|
| Are you talking human counter-intelligence as well as IT
| security?
| akiselev wrote:
| Imagine a state actor hitting the contract research
| organization in charge of the last phase of a clinical trial
| for a blood pressure medication and changing data. Due to the
| nature of double blind trials, catching these modifications
| can become really hard to catch and could lead to a lot of
| human suffering.
| La1n wrote:
| If they target a CRO the sponsor still has the original
| data from the trial sites. I can say that at least for the
| company (one of the 10 largest pharmaceutical companies) I
| work for this would almost be impossible to not be caught.
| thephyber wrote:
| I'm not sure I agree that it's the responsibility of the people
| doing research to protect against foreign nation state attacks
| (whether cyber or legacy intelligence).
|
| 1st: most people outside of government don't know how much they
| are expected/"required" to do to protect their work against
| foreign nation states. Except for heavily regulated sectors
| (government, military, heavy industry, banking, core telecom,
| and more recently elections) very few companies will actually
| get help from 3-letter-agencies to actively protect against
| foreign nation state attacks.
|
| 2nd: _many_ people expect that the {NSA, Cyber Command, et al}
| are actively defending _all_ US organizations. I don 't see
| evidence of this (although if there was evidence, I probably
| wouldn't see it anyway).
|
| 3rd: In a national emergency (which the COVID response was
| declared), there are limits to the liabilities which would
| otherwise be enforceable in court. There are frequently/always
| legal escape clauses like _force majeure_ and _act of god_
| which would likely alleviate liabilities due to fallout from
| acts of war or a severe pandemic, so it 's not clear that those
| "nasty liabilities" could be enforced. There are currently 2
| important cyberinsurance cases[1] which are winding their way
| through courts right now which may effectively decide if
| cyberinsurance is a viable product (depending on whether).
| Violations of HIPAA are possible, but similarly may not amount
| to much in terms of prosecution because of the pandemic.
|
| In reality, it's damn near impossible to protect against a
| motivated+targeted nation state attack (especially with the
| resources of PRC). If the liabilities incentives require all
| projects (large and small) be able to withstand nation-state
| attacks, then all of the project resources go to cybersecurity
| and none into research -- your productivity is now zero.
|
| It's important to remember that it's the FBI's job to do
| counter-intel. If a medical research group is defrauded by PRC
| spies and you blame the researchers for not being able to spot
| a non-trivial espionage attempt, you are just victim blaming. I
| work as a product developer in cybersecurity and I doubt I
| could identify most spy craft if it were to happen right in
| front of me.
|
| [1] https://www.cpomagazine.com/cyber-security/aig-case-
| highligh...
| 99_00 wrote:
| They don't even have to pay.
|
| Chinese citizens are forced by law to spy when asked.
|
| https://www.canada.ca/en/security-intelligence-service/corpo...
| chrisjc wrote:
| Let's not pretend that you have to be a Chinese citizen, or
| even Chinese in order to spy for China. Or for any other
| country for that matter.
|
| https://www.cnn.com/2020/01/28/politics/harvard-professor-
| ch...
| dheera wrote:
| Given today's anti-free-thinker HN climate I'm probably going
| to get downvoted to oblivion for saying this, but I feel I need
| to say it.
|
| I don't think COVID-19 research should be secretive, I think it
| should be a global effort, and I'm perfectly happy with the
| idea of any nation having open access to all COVID-19 research,
| vaccines, results, and (anonymized) data. There should NOT be a
| concept of intellectual property when there are people dying in
| droves from a disease. Please, China, Italy, Spain, everywhere,
| scoop up all the COVID-19 research you can find and act upon it
| to save lives. Copy ideas. Copy drugs. Re-do and verify tests.
| Immediately. Don't mind the courts. They suck, and are sitting
| in armchairs killing people by delaying the effort and
| enforcing intellectual "property".
| spacephysics wrote:
| Before sanctioning stealing, perhaps the problem is two fold.
| China wants to have the first vaccine for:
|
| * Becoming the first to market, to try and salvage their
| reputation
|
| * Using the vaccine as leverage toward the incoming sanctions
| for violating the Hong Kong treaty during UK handover, as
| well as the now-declared possible non-peaceful reunification
| of Taiwan
|
| * monetary gain
|
| * leverage against the US restricting/removing Chinese's
| companies from the NASDAQ
|
| I agree research should be open, but it's hard to say to what
| degree, and how that might effect the economics of it.
| Whether we like it or not, capitalistic driven progress
| requires a reward, and one of the few reasons pharmaceutical
| companies will take the risk of finding a vaccine is the
| potential for increased reputation, and being first to
| market.
|
| Without those incentives, it's straightforward to not to take
| a massive monetary risk as others are all working on similar
| problems, thus the likelihood that _your_ lab will be the
| first is slim.
|
| Further, the crisis is a worldwide pandemic, but if the rate
| of natural immunity is as high as some predict, the efficacy
| of these vaccines may lead to less 'sales' than initially
| expected.
|
| Oxford running out of people to test their vaccine on: https:
| //news.cgtn.com/news/2020-05-25/COVID-19-disappearing-...
|
| China report about Taiwan has "peaceful" removed:
| https://www.reuters.com/article/us-china-parliament-
| taiwan/c...
|
| China breaking the handover treaty: https://www.theatlantic.c
| om/international/archive/2020/05/ch...
| dheera wrote:
| > Oxford running out of people to test their vaccine on: ht
| tps://news.cgtn.com/news/2020-05-25/COVID-19-disappearing-.
| ...
|
| I'm not a medical expert, but can someone in the know
| comment on this? Can I volunteer to get the Oxford vaccine
| in the US? Can I volunteer to fly to UK and get the vaccine
| immediately upon arrival?
| dunkelheit wrote:
| The problem is not the absence of volunteers, the problem
| is that as the first wave of the epidemic recedes, most
| volunteers won't catch the disease by themselves and thus
| will add no information as to whether the vaccine works.
| And challenge trials (deliberately infecting people) are
| apparently a big ethical no-no.
| anthony_doan wrote:
| > * to try and salvage their reputation
|
| Really? They just recently ban Australia trades because
| Australia inquire about Covid19 origins.
|
| https://www.theguardian.com/world/2020/may/13/australia-
| chin...
| AYBABTME wrote:
| Australia is heavily economically dependent on China, so
| it's not really comparable.
| NGRhodes wrote:
| Related:
| https://www.theregister.co.uk/2020/05/13/uk_archer_supercomp...
|
| "One of Britain's most powerful academic supercomputers has
| fallen victim to a "security exploitation" of its login nodes,
| forcing the rewriting of all user passwords and SSH keys."
|
| https://www.theregister.co.uk/2020/05/05/coronavirus_researc...
|
| "Foreign state hackers are trying to brute-force their way into
| pharmaceutical and medical research agencies hunting for a
| COVID-19 vaccine, British and American infosec agencies are
| warning.
|
| The National Cyber Security Centre (NCSC) and America's
| Cybersecurity and Infrastructure Security Agency (CISA) cautioned
| of a "password spraying" campaign targeting healthcare and
| medical research organisations."
| btrettel wrote:
| Some of the comments here discuss how an attacker could tamper
| with data. What are some good ways for a scientist to ensure the
| integrity of their data in this case?
|
| Post it online with a hash, particularly in a way that will get
| archived by others?
|
| Keep off-site backups?
| horsemessiah wrote:
| How can western leaders condemn China's lack of publishing info
| related to COVID-19 and protect private research for curing it at
| the same time? Research like this should be public and accessible
| to everyone. I don't know why I shouldn't applaud any hackers
| spreading this information.
| ezVoodoo wrote:
| Of course! China is very good at stealing things which the US
| does not possess. Last time it was the 5G technology, remember?
| ryanmarsh wrote:
| Comment history
|
| https://news.ycombinator.com/threads?id=ezVoodoo
| ezVoodoo wrote:
| What about my comment history? Do facts scare you? Can you
| not bear the pain to watch the video which shows something
| contradicting to the information you receive from your media?
| jhpriestley wrote:
| US Intelligence has released the following images of mobile
| bioweapons production labs, could they be in use by PRC to create
| Covid?
|
| https://en.wikipedia.org/wiki/Mobile_weapons_laboratory#/med...
| bt1a wrote:
| I've always wondered how you can be so sure it's PRC in the age
| of easily being able to mask your true IP address. Perhaps the
| identified attacks have been previously linked with the PRC, or
| another option is that the actors were not as covert as they
| thought.
|
| Like remember the indictment of 12 russians (
| https://www.justice.gov/file/1080281/download )
|
| The FBI linked a pool of bitcoins used to purchase a VPN service
| and other things to the Russians. Probably best to not use a
| crypto with a public ledger for criminal activity.
| toshk wrote:
| Same here. I remember once I was watching the news and they
| claimed a hack was done by Russians because they found Russian
| comments in the code. That didn't sound very convincing :). The
| ledger evidence sounds better.
|
| At the same time in this case I would be more surprised if the
| PRC , since their need for control, and since the stakes are
| extremely high, wasn't doing such things.
| bt1a wrote:
| Exactly my friend, seems like it'd be trivial to leave
| misleading clues.
| toshk wrote:
| Was googling to see if I could find a news article to back up
| my memory.
|
| Instead I found an article on Wikileaks claiming CIA executed
| false flag hacking operations:
| https://theintercept.com/2017/03/08/wikileaks-files-show-
| the...
| thephyber wrote:
| Which is another reason why attribution of cyber incidents
| is notoriously difficult.
|
| The CIA is hardly the only organization to put misleading
| evidence in their attack path. Also, countries like China
| and Russia have healthy malware ecosystems so a Chinese-
| written malware can end up in the payload of a {North
| Korean, Russian, Iranian} cyber attack.
|
| Personally, I'm starting to believe that the only way to
| have extremely high confidence in attributing an attack is
| to have surveillance of the person on the source keyboard
| when it happens or to have telecom evidence of people
| admitting what they did. Most of the actual attack is
| probably robotic at this point.
| oefrha wrote:
| Similarly, I recall a strain of malware being attributed to
| Chinese hackers because variable names were in Chinese; then
| when you actually inspect the code, it's clearly Unicode
| gibberish generated by an obfuscator... That is to say, the
| hackers weren't even trying to be misleading, it was just a
| result of obfuscation reminiscent of mojibake. (I read the
| article on Ars Technica but don't remember enough details to
| find the article.)
|
| If I ever code a hacking tool I'll throw in some Korean
| comments for sure.
| darawk wrote:
| Do keep in mind that intelligence services are probably not
| being fully transparent about how they know the source of
| an attack. They wouldn't want to reveal their methods, to
| avoid them becoming unreliable in the future.
| vkou wrote:
| Which makes it impossible to have an open, informed
| discussion on the subject.
|
| Instead, you get tribalist arguments over who believes
| which secret police.
| WrtCdEvrydy wrote:
| Do spanish instead... represent!
| heipei wrote:
| First of all, the IC works with estimative language, i.e. "with
| a high degree of confidence", which everyone understands on
| what to make of it and how it should inform policy (I know,
| policy is different than a criminal investigation).
|
| To your question: Imagine tracking these threat actors for
| years (or decades). You have observed different TTPs
| (Techniques, Tactics & Procedures) from different actors, you
| see them operating in different ways and with different teams,
| you can observe the time when they are active, by their
| targeting you can make an educated guess what they're after,
| you can correlate their activity with policy changes in their
| presumed home-countries and lastly you can repeat those
| observations over and over again since these threat actors are
| persistent and keep coming back since it's their job. If all
| these soft and passive observations already point to the same
| actor(s), and then you get some additional hard evidence on top
| (Opsec failures, HUMINT, SIGINT), you are eventually able to
| make a verdict with a high degree of confidence.
| GordonS wrote:
| I think sometimes they just blame whoever suits the political
| narrative. The Chinese replaced the Russians as the boogeyman
| de jour a short while back, so of course they will now be
| blamed by default.
| Aaronstotle wrote:
| Should have used Monero
| boomboomsubban wrote:
| >Perhaps the identified attacks have been previously linked
| with the PRC
|
| I'm sure the PRC has used password spraying before, the only
| detail mentioned. Tgatd about as easily forged as the IP
| address though.
| kube-system wrote:
| An IP address is merely one of thousands of ways that you could
| identify the source of network traffic.
| thephyber wrote:
| And I'm guessing most of the time the "thousands of ways"
| don't all point in the same direction.
| dkn775 wrote:
| Would you be willing to share some good resources for
| identifying rework traffic beyond IP? I have seen things in
| my little snitch logs I wonder about but no real recourse.
| tehjoker wrote:
| I can't recall the last time I saw a public statement by the FBI
| that wasn't a lie used for some nefarious purpose.
| chrononaut wrote:
| The FBI lists _many_ public statements per day about all sorts
| of operations and arrests: https://www.fbi.gov/news/pressrel
|
| What you're encountering might just be a selection effect since
| many of these press releases don't raise people's interests.
| Perhaps it's the people amplifying certain stories to drive
| their narrative than the FBI themselves?
| tehjoker wrote:
| The FBI is a highly political organization that uses its
| position of authority to routinely intervene in politics
| often at the behest of the state.
|
| Usually I list the interference they do in left wing
| movements where they spy and infiltrate spaces to disrupt and
| discredit vital activities aimed at e.g. preserving the
| environment. As a highlight, they tried to get MLK to kill
| himself. Much of this was documented by the revelations of
| COINTELPRO. That stuff was never punished, so why would they
| ever stop? It's good for the integrity of the state.
|
| For a conservative example, the recent "Obamagate"
| disclosures show how the FBI was instrumental in creating the
| now totally discredited Russiagate conspiracy which raged in
| the media for two years as a ploy to disrupt the Trump
| administration by an insane xenophobic conspiracy that Trump
| was the manchurian candidate, going so far as to create
| speculation that he was some kind of soviet sleeper agent
| from the 1980s. He's of course a bad guy, but this stuff is
| off the wall.
|
| Now the FBI is being brought under control by the current
| administration which is attempting to distract from it's
| total failure to respond to the pandemic and its actions
| which are widely acknowledged to have made it far worse that
| it should have been. The United States, the richest most
| powerful country in the world, has had one of the worst
| responses in the world. So the administration is attempting
| to clumsily pin the blame on a "foreign enemy" by saying it's
| attempting unfairly to do something about the pandemic. What
| an incredible world we live in.
|
| EDIT: To conclude: Is withholding medical information in a
| pandemic for any reason ethical? What about for making money?
| Is stealing such information from such an actor unethical?
| mellow2020 wrote:
| That doesn't make it magically impossible for the PRC to do
| nefarious things of their own, which I'm sure you'd agree
| the FBI would gladly publicize.
| jorblumesea wrote:
| So the country that the virus originated from can't/doesn't even
| want to research vaccines properly? Or is this economic warfare
| to stop the West from producing a viable vaccine?
|
| Feels increasing likely that the real global virus here is the
| CCP.
| elliekelly wrote:
| I appreciate that there's probably a lot I don't know or
| understand about the national security aspects of this but it
| seems wrong to not share as much information as possible with as
| many researchers as possible in order to help as many as people
| as possible. Protecting security interests is one thing but this
| press release specifically mentions protecting intellectual
| property and that seems kind of tone deaf.
|
| I also wish they would explain _how_ treatment options are
| jeopardized, even at a high level:
|
| > The potential theft of this information jeopardizes the
| delivery of secure, effective, and efficient treatment options.
| caseysoftware wrote:
| First, it lists "affiliated with COVID-19-related research" not
| "exclusively COVID-19 research" so could be more than just the
| current research.
|
| More importantly, while data theft is bad, data tampering could
| be much worse.
|
| What happens to people's confidence, hope, and trust if a
| "remarkably effective" drug turns out to be a total dud or even
| dangerous because the underlying data was modified?
| cat199 wrote:
| > to not share as much information as possible with as many
| researchers as possible in order to help as many as people as
| possible.
|
| this presumes that the stolen information would be used 'to
| help as many people as possible'..
|
| Also, 1st country with viable vaccine/treatment/etc will have a
| huge geopolitical bargaining chip & it will likely be used as
| such no matter the country of origin.
| jessaustin wrote:
| _...huge geopolitical bargaining chip..._
|
| Ummm, I'm not sure how to break it to you, but USA is already
| laughingstock of world due to our comically misguided
| reaction to the "pandemic". Everyone expected Trump to screw
| up (and he hasn't disappointed), but there isn't any person
| or institution in USA that hasn't totally whiffed on this.
| CDC mandated tests that didn't work, news media remained
| unconvinced until late in the game and now jump from one
| conspiracy theory to another, in-person elections were held
| as late as _April 7_ , some states required that diseased
| patients be forced into _nursing homes for the elderly_ ,
| effective masks are still somehow difficult to acquire,
| Congress has passed numerous "bailout" laws representing
| trillions of dollars yet has somehow not been able to arrange
| healthcare for every citizen as most comparable nations have
| had for decades, our deaths have passed 100k and seem certain
| to pass 200k as well, etc.
|
| It's difficult not to see this "investigation" and especially
| this silly press release that purports to inform the public
| about it as just more of the same. Furious pretend activity
| with no view of long-term strategy or of benefit to anyone
| other than the bureaucrats who wrote the release.
| cat199 wrote:
| to be clear, wasn't disagreeing, but pointing out some
| potential rationale why this could conceivably be viewed as a
| security matter vs open science matter
| GuB-42 wrote:
| > Also, 1st country with viable vaccine/treatment/etc will
| have a huge geopolitical bargaining chip & it will likely be
| used as such no matter the country of origin.
|
| Definitely, but thankfully, it is a positive sum game.
|
| First thing, you won't keep your bargaining chip for long. If
| a country manages to find a vaccine, others will follow soon
| enough. Besides independent research and reverse engineering
| efforts, it is foolish to think that the US doesn't have
| spies and hackers targeting China.
|
| So in order to use that "bargaining chip", the vaccine has to
| be at least as valuable as what you are asking for in
| exchange. So while it may cost a lot to the country that
| doesn't have the vaccine, if it took the deal, it means that
| the cost is less than not having a vaccine at all.
|
| In the end it will be used to help as many people as
| possible, because it is the only thing a vaccine can do.
| Unless someone wants a full-on war that is. But if major
| powers really wanted the worst, there is a pile of nukes that
| is ready to make the whole pandemic look like a joke.
| tree3 wrote:
| Anytime the CCP does something bad, there's always someone like
| you to downplay it in the comments...
| rixed wrote:
| Which leaves some hope that everybody is not yet brainwashed.
|
| Remember, China sequenced the virus and shared the genome
| with the whole world to help build tests faster. And now they
| would try to impede research?
|
| Also, 9 times or of 10 it takes a long time to get an idea of
| where an attack is coming from. And independently of what
| they know, 9 times out of 10 politics won't tell you what
| they know but what they want you to believe. So what are the
| chances that you have any idea of what actually happened and
| why? Close to zero.
|
| What to do then? Well, at least let us refrain from howling
| with the wolves.
| free_rms wrote:
| And there's always 100 with extremely selective outrage.
|
| We're hacking them, they're hacking us, yawn. We hacked
| Angela Merkel's phone, even. This is normal low level stuff.
| jorblumesea wrote:
| I think the difference is that the West is engaging in
| surveillance and not sabotage. If the CCP was found to
| contaminate or corrupt data, that is a far step above
| Western norms. Also, the West mostly focuses on
| international relations and national security concerns,
| whereas the CCP also participates in economic sabotage and
| IP transfer.
|
| For example, it would be big news for the US to have been
| caught hacking Huawei, but, the CCP does this all the time
| to US companies.
| blackrock wrote:
| You seem to have rose colored glasses on, in thinking the
| west does not do things to sabotage others.
|
| 1. Stuxnet was active sabotage.
|
| 2. Some Chinese antivirus company, Qihoo360, found
| signatures of computer viruses in China, that matched CIA
| field programs. Then, the company got placed on the
| Entity List. Go figure.
|
| 3. All the recent propaganda against Huawei seems to be
| very sabotage oriented. There was evidence that the
| United States had already stolen Huawei source code, and
| actively developed tools to hack it. But, whenever
| someone brings this up, the justification, is that it's
| perfectly legal for the United States to do it to others,
| because it's enshrined in our laws, but somehow, it's not
| ok for others to do it to the United States. Go figure.
| throwaway_pdp09 wrote:
| 1. Maybe. I thought it was Israeli but maybe.
|
| 2. Provide a reference for this (and other) claims
| please.
|
| 3. "All the recent propaganda against Huawei seems to be
| very sabotage oriented" That might be economic warfare
| but I wouldn't call it sabotage.
|
| > There was evidence that the United States had already
| stolen Huawei source code
|
| yeah, yeah, back it up please. Don't throw out claims.
|
| > But, whenever someone brings this up, the
| justification, is that it's perfectly legal for the
| United States to do it to others, because it's enshrined
| in our laws
|
| Show me someone in the US government saying that.
| free_rms wrote:
| First off, the west's covert activities are not limited
| to benign surveillance.
|
| Second off.. aside from the total lack of evidence, _why_
| would the Chinese be interested in sabotage here?
| American discovery of a vaccine means they can rip it
| off, they 're definitely not gonna be paying anyone for
| it. If we're selling it at exorbitant prices while they
| give it away practically for free to African countries,
| that's a huge win for them. Plus, there's the whole
| taking care of their people thing.
|
| Sabotage just gets in the way, nobody cares who invented
| it 'first'.
| jorblumesea wrote:
| > the west's covert activities are not limited to benign
| surveillance.
|
| Compared to the CCP, it's fairly benign. The example you
| gave, Merkel's phone, is a textbook example. Spy all you
| want, but we're not stealing IP or sabotaging power grids
| (to my knowledge). We're not interfering with other
| countries' covid response or possibly corrupting medical
| records.
|
| > why would the Chinese be interested in sabotage here?
|
| Presumably, because it gives China a geopolitical edge in
| the international sphere. Think about how damaging it
| would be to not only be the country where the virus
| started, but also not having a valid vaccine. By slowing
| down Western vaccine efforts and boosting their own, they
| can regain the upper hand and make China look strong.
| "Strong China" keeps those leaders in power, and they'll
| do whatever they can to project the feeling that they're
| in control and "better" than the West. Also, China is
| posturing itself to be a counterpoint to the West, but
| they need to show themselves as somehow a viable
| candidate for that.
|
| So a wide variety of reasons, but it's easy to see why
| they would do this.
| rixed wrote:
| The power grid I don't know, but gaz pipeline apparently
| they did.
|
| See for instance
| https://en.m.wikipedia.org/wiki/At_the_Abyss
| jorblumesea wrote:
| I mean, come on:
|
| > A report in the Moscow Times quoted KGB veteran Vasily
| Pchelintsev as saying that there was a natural gas
| pipeline explosion in 1982, but it was near Tobolsk on a
| pipeline connecting the Urengoy gas field to the city of
| Chelyabinsk, and it was caused by poor construction
| rather than sabotage; according to Pchelintsev's account,
| no one was killed in the explosion and the damage was
| repaired within one day.[2] Reed's account has also not
| been corroborated by intelligence agencies in the United
| States.[3]
|
| From that page.
| eloisius wrote:
| Yeah and we also dropped potato beetles via parachutes
| over crops across Warsaw Pact countries
|
| https://en.wikipedia.org/wiki/War_against_the_potato_beet
| le
| free_rms wrote:
| > Compared to the CCP, it's fairly benign
|
| It would take a book-length treatment to evaluate that
| sentence, but I don't think it's justified. We've been
| VERY active, around the whole world, since WWII. China's
| only started to look past their immediate neighbors
| recently.
|
| I guess 'benign' can do a lot of work for you if you
| think we're the protagonists of history.
| jorblumesea wrote:
| I don't think anyone would ever argue that the West isn't
| active or that they've never done anything wrong.
| Obviously there are huge wikipedia articles and hundreds
| of books on the subject.
|
| But from what it seems of what little we know of that
| world, the US seems to have _some_ kind of value system,
| and the CCP has almost none. Freedom of speech is a good
| example. If the US were to spy on a citizen, they wouldn
| 't end up in a concentration camp. The US also encourages
| its allies, as much as it can, to promote "Western
| democratic values". For example, we were instrumental in
| turning South Korea into a democracy, from a
| dictatorship.
|
| So it's not as simple as "US bad china good" or "China
| bad, US good" but I think it's pretty clear China is a
| totalitarian system which has few scruples, if any. So
| that's what we mean by "benign". Some rough understanding
| of "the right thing". It's not that the US does
| everything great, forever, because clearly...
| free_rms wrote:
| Oof, Korea? Bad example.
|
| We spent 4 years fighting, with 3 million casualties, in
| order to leave the border between north/south in the same
| place we found it, and install an allied dictatorship for
| the following 30 years. I guess it worked out eventually,
| but that's to the credit of the Koreans, not us. We were
| fine with a capitalist dictatorship as long as the Cold
| War was on.
|
| Did you ever hear about this?
| https://en.wikipedia.org/wiki/Gwangju_Uprising
|
| Thousands of protestors killed, by US weapons, while our
| defense dept was kept in the loop. And I had never even
| heard of it until I went to fact-check myself about the
| length of the dictatorship there. Funny. I wonder why.
| throwaway_pdp09 wrote:
| Ok about korea, I'll look up the uprising.
|
| What about this bit he said "If the US were to spy on a
| citizen, they wouldn't end up in a concentration camp".
| Seems a valid point in general.
| free_rms wrote:
| I mean, I'm not trying to say "china always good, USA
| always bad", either. I'm just trying to add some
| perspective.
|
| If I were to take that on as some sort of debate
| challenge, I'd point out the mass incarceration and the
| fact that we still have a bigger chunk of people in jail
| despite being so much freer. Of course, that's a bit of a
| rhetorical gambit.
|
| As far as the characterization of china, it depends. Han
| Chinese don't go to prison for criticizing the
| government, they just lose opportunities. Party
| membership is a big part of getting ahead there. They go
| to prison if they start getting organized, holding
| meetings, being an alternative political party.
|
| Xinjiang is a whole other can of worms.
| netsharc wrote:
| It's interesting how biased you are, that you see the
| inherent good in the US and view China as totally evil.
| The Chinese version of you would probably see it the
| opposite way, and you'd call him brainwashed and
| deluded...
|
| I remember reading a cynical blog post about how what
| occupies governments are how to have the most influence
| in the world. USA used to be good at that, but well, we
| know where that's gone. As for "Western democtratic
| values", one could cynically view that as trying to
| install a free market so American companies can exploit
| resources and the population. Just look up where the term
| "banana republic" came from.
| rixed wrote:
| Different countries may have different values. Citizens
| of those countries are educated to value those different
| (quite abstract) ideals, such as "freedom of speach" in
| the US, or "economic development" in China. Like a
| religion, those systems of values are flexible and
| abstract enough that you can make them mean whatever you
| want. Then automatically we tend to think of our system
| of values as better than any other; indeed, that's what
| we use values for.
|
| So what have we learn so far? Nothing, apparently.
| jorblumesea wrote:
| I believe in cultural relativity, but that ends at, for
| example, mass concentration camps. Your argument is
| basically "let any country do whatever they want within
| their borders" and I don't think that makes sense. Or,
| there are limits to that. I would also argue that the
| acceptance of totalitarian values as "cultural norms"
| isn't entirely correct. Historical Chinese culture has
| little to do with the social credit system and the CCP is
| not Chinese culture.
| netsharc wrote:
| Remind me what's happening to the refugees (including
| infants) in the south border?
|
| Maybe they deserve it for being criminals, just like the
| Muslims in Xinjiang deserve it...
| throwaway_pdp09 wrote:
| > First off, the west's covert activities are not limited
| to benign surveillance.
|
| An annoying thing about pro-chinea respondents is they
| chuck out these claims without backup. They do it a lot.
| it's irritating.
| vkou wrote:
| > I think the difference is that the West is engaging in
| surveillance and not sabotage.
|
| 1. Stuxnet.
|
| 2. What makes you think this is not surveillance?
|
| 3. What makes you certain that CIA black budgets are not
| spent on sabotage? They don't exactly let anyone audit
| them...
| jorblumesea wrote:
| 1. Iranian nuclear capabilities are a "legitimate
| target". For whatever that is worth. We're not sabotaging
| medical records or taking down Tehran's power grid.
|
| 2. Textbook definition of surveillance is watching and
| collecting. "Active measures" are "spy stuff" but usually
| far outside of the scope of intelligence collection.
|
| 3. Fair point, no way to know. But from what has come out
| from PRISM/NSA leaks, it honestly looks that the US intel
| community is mostly postured for data collection.
| vkou wrote:
| > We're not sabotaging medical records or taking down
| Tehran's power grid.
|
| Has China sabotaged anyone's medical records, or taken
| down any power grids lately?
|
| > Fair point, no way to know. But from what has come out
| from PRISM/NSA leaks, it honestly looks to be just purely
| surveillance.
|
| Snowden was an NSA contractor, the NSA would not be
| responsible for sabotage, their raison d'etre is passive
| surveillance.
|
| The CIA would be, and nobody's dumped 50 TB of random
| powerpoints from their Sharepoint deployment. However,
| various leaks over the years strongly imply that they do
| conduct sabotage - directly, or by funding saboteurs.
| free_rms wrote:
| We did have the Church Commission.
| anyyw wrote:
| And anytime there's someone trying to give a different
| perspective on the situation, there's always someone who
| points out the political context. Sometimes having these
| conflicting opinions is conducive for good discussion and
| reducing echo chambers.
| ciarannolan wrote:
| > And anytime there's someone trying to give a different
| perspective on the situation, there's always someone who
| points out the political context.
|
| Yes, the Chinese government hacking into scientific
| organizations of other countries has political
| implications. In fact, they are probably the most
| significant implications, so it's correct to discuss them
| every time.
| dcolkitt wrote:
| Look, if it was up to me, all of the senior members of the
| CCP would be tried and executed for crimes against humanity.
| But that still doesn't mean that anything and everything the
| Chinese state does is reflexively bad.
|
| I really don't see any ethical reason that publicly funded
| Covid research shouldn't be publicly available. Hoarding
| research data may potentially delay any vaccine or cure by
| months, leading to millions of unnecessary deaths. For what?
| Some national bragging rights that "[Country X] alone
| discovered the vaccine! We're number one!"
|
| To the extent that other countries are hoarding Covid
| research data, I very much hope that the CIA and NSA are
| doing their damned best to liberate that data. (Data
| tampering is of course a separate issue, and unequivocally
| unethical. But the FBI only mentions "review or theft" not
| manipulation.)
| natechols wrote:
| I agree that public research should be publicly available,
| and Covid research in particular, but having worked in
| biomedicine, I also know that making data available to, and
| consumable by, everyone else takes actual work and
| dedicated resources, and most of the time when the data
| aren't easily downloadable it's usually not because someone
| doesn't want to share, but because they have other work to
| do and are possibly still collecting data. Unfortunately
| some of those resources now have to be spent recovering
| from a hacking attempt instead of actual science. Speaking
| as an American, I would prefer that the CIA and NSA please
| NOT hack Covid vaccine research in other countries based on
| stupid assumptions.
|
| Again, to deflect the obvious misstatements of how IP
| actually works, anyone who wants to sell a vaccine to the
| world will need to produce large amounts of data and
| presumably a formal patent which will actually document how
| it is made. How the licensing actually shakes out is a
| complicated question and will no doubt be as acrimonious as
| everyone expects, but as long as we're at the early stages
| these arguments are a waste of time and effort. Get the
| vaccine(s) working, do it right, do it without f __ _ing
| over the rest of the world,_ then* worry about whether IP
| rights or excessive secrecy are holding us back.
| giardini wrote:
| Just a detail about language and meaning. I think you may
| have meant to say:
|
| >"if it was up to me, all of the senior members of the CCP
| would be _tried_ for crimes against humanity. "<
|
| thereby leaving punishment to depend on the determination
| of criminal activity,
|
| instead of
|
| dcolkitt>"if it was up to me, all of the senior members of
| the CCP would be _tried and executed_ for crimes against
| humanity. "*
|
| The form you used describes a sort of "Judge Roy Bean"
| justice, whereby you assume them guilty of crimes. But if
| you do assume them guilty, why a trial? Simplify your
| language to the more succinct:
|
| > __" if it was up to me, the senior members of the CCP
| would be _executed_. " _
| dooglius wrote:
| I think that's a bit uncharitable, I interpreted the
| phrase to mean "tried and, except in the very unlikely
| case that guilt cannot be proved, executed".
| rixed wrote:
| Could we maybe leave calls for mass executions to other
| places and times?
| [deleted]
| dntbnmpls wrote:
| People who write "CCP" are easy tells. Also you forgot
| "whataboutism".
| thephyber wrote:
| I would like to point out that cyberattack attribution is
| notoriously difficult.
| natechols wrote:
| I take it you've never worked in information security, because
| cleaning up after a mess like this is an enormous time suck and
| they will need to audit their data to make sure it hasn't been
| "adjusted". (From a national security perspective, I bet
| derailing a competitor's vaccine trials is at least as valuable
| as "stealing" data that was already going to become public in
| the near future.) That means spending time and money that would
| be better spent doing just about anything else, if it weren't
| for human nature.
| troughway wrote:
| There is a big business opportunity, which I am sure is already
| fulfilled to some extent, to provide air-gap and other
| securities/countermeasures to businesses and orgs that deal with
| highly sensitive data, equipment, specimens, whatever.
|
| Something akin to an anti-Palantir.
| unclebucknasty wrote:
| Yeah, but our kids can still all use TikTok, right? That's the
| important thing here.
| tarkin2 wrote:
| This press release encourages me to think China is covering up
| something.
|
| This /may/ be the case. But the FBI wants me to come to this
| conclusion.
|
| It seems a little fishy.
| coliveira wrote:
| This is information that can save lives, so I support any nation
| to hack on COVID research, anywhere in the world. If they patent
| COVID research, I also support breaking any patent.
| kube-system wrote:
| Compromising remote systems puts researchers, their work, and
| patient rights at risk. Patents are published publicly and
| available free of charge, so I'm not sure how that would be a
| reasonable justification for compromising other's computers.
| "Research" per se isn't patentable anyway.
| pnw_hazor wrote:
| Patents provide country-by-country protection -- a US Patent
| doesn't mean anything in other countries - except for being
| evidence of prior art in their own patent offices.
|
| Also, some/many countries have laws that disallow patents or
| patent infringement claims associated with medicine.
| tehjoker wrote:
| Until the fairly recent proliferation of trade agreements that
| are negotiated out of the view of the public, the investor
| relations and patent/copyright clauses that prevented the
| sharing of medical information were not common and were
| routinely broken by most developing nations. The business
| community's wishes had no power there, and quite arguably when
| it comes to medicine, it is a crime against the people to
| withhold lifesaving information.
|
| In fact, until the US became top dog in the post-war era, we
| pirated everything we could from England, especially industrial
| know-how so that we could promote our own development. It is
| only after we reached hegemonic status that we started
| enforcing these ludicrous agreements in order to preserve our
| own businesses' position.
| natechols wrote:
| This is a gross misunderstanding of what patent and copyright
| actually mean - specifically, they exist to encourage
| _sharing_ of information, not secrecy. They require full
| disclosure by definition, so you can 't patent a trade secret
| without revealing it to everyone. There's a period of
| exclusivity (~20 years), which is very different from
| "withholding information", but that's only after the IP has
| been published.
| tehjoker wrote:
| They exist to encourage sharing of information in the
| context of a private marketplace. Most useful technology is
| created by state-funded research over decades. The private
| sector just monopolizes the results. If anything,
| competition would be better if there were no patents. If
| employers could simply poach key employees by offering good
| salaries, they would get that information quite easily.
| natechols wrote:
| > Most useful technology is created by state-funded
| research over decades. The private sector just
| monopolizes the results.
|
| This is another gross oversimplification at best, and I
| have yet to hear anyone who has spent significant amounts
| of time in either public or private sector R&D make such
| a claim. Real life, and product development in
| particular, is not so easily reduced to catchy political
| slogans.
| tehjoker wrote:
| Point to nearly anything that has dramatically changed
| modern life and you will see the arm of the state
| involved: GPS, internet, the airplane, etc. The best
| argument I'm aware of for private enterprise producing
| really novel products is Bell Research, however they were
| a regulated monopoly, not a competitive industry and the
| state authorized 10% additional charges for investment.
|
| You can make some arguments about things like iPhones but
| that device depended on a huge state funded or regulated
| infrastructure to be useful (e.g. cell towers, internet),
| and it was essentially a very polished cobbling together
| of different components (microchips, batteries) that were
| developed from many decades of state supported /
| regulated monopoly research.
|
| Business is very good at taking something off the shelf
| and making money with it. It's very bad at sustained
| investment that might not be profitable more than a few
| years away.
| natechols wrote:
| If you think Apple simply "took something off the shelf"
| and sold us iPhones at huge markups, you clearly know
| even less about R&D than I assumed. Cherry-picking
| examples like the Internet doesn't really prove your
| point: try comparing the amount of taxpayer-funded R&D
| that went into the early (pre-1994) Internet with the
| amount of private investment since then. (I have no idea
| what the actual numbers are but I'd guess at least two
| orders of magnitude difference based on what I've seen
| elsewhere.)
| coliveira wrote:
| You are misunderstanding the matter of patents. Modern
| patents exist precisely because of the inevitability of
| industrial espionage, which is largely practiced by all
| developed countries. The goal is that, even after a trade
| secret is stolen, it will be made useless because nobody
| can use that information. So the goal is not to "share
| knowledge", but to avoid the practical use of knowledge
| that was shared by any means.
|
| Also, you are mistaken in thinking that, by publishing a
| patent, the company is sharing knowledge. Quite the
| contrary, the contents of a patent gives only the minimum
| necessary to protect a crucial aspect of a business secret.
| Most patents are opaque and don't give any concrete
| business information that be used to successfully replicate
| what it is trying to conceal.
| natechols wrote:
| In the USA, patents are explicitly mentioned in the
| Constitution and the purpose is to incentivize
| disclosure, not because the founders were worried about
| industrial espionage. It would have been awfully
| difficult for hostile powers to remotely hack our R&D
| facilities in 1789.
| coliveira wrote:
| Think again. Hacking is a very old activity; it was not
| done with computers in 1789, but you can be sure that
| there was a lot of industrial espionage between Britain
| and the US at that time.
| jmccaf wrote:
| There is the story of the clove tree, which was
| monopolized by Dutch East India company, until 1 tree was
| stolen and seeded elsewhere
| skrebbel wrote:
| I love the term "cyber actor". That's basically like Hugh Jackman
| and Jonny Lee Miller, right?
| [deleted]
| scollet wrote:
| And my favourite: Rami Malek
| pessimizer wrote:
| Why would they be press-releasing this other than to drive public
| opinion against China?
| raverbashing wrote:
| Oh poor China... They just want to do whatever they want
| without anyone messing with them and publicizing it.
|
| Maybe because as opposed to Chinese and other oppressive
| governments, the western press actually makes the people
| informed. Sometimes.
| vkou wrote:
| "Trust me, I have evidence for a theory that is politically
| convenient for my boss, but I won't tell you what it is" is
| not keeping people informed.
|
| It's propaganda that pushes an agenda. That agenda may even
| be correct, but an outside observer who can't verify any of
| the evidence can't tell.
| [deleted]
| mcphage wrote:
| To publicize the fact that these sort of attacks can be
| tracked. Similar to when they publish information about
| particularly crafty drug houses they bust: so that people
| planning on building a drug house think "well, if they got
| _that_ house, then they 'll definitely find out the one I'm
| planning, so maybe I'd better not."
| boomboomsubban wrote:
| This doesn't demonstrate that these kinds of attacks can be
| tracked though. If I were planning similar attacks, I'd just
| acquire a Chinese IP address and assume they'd take the
| blame.
| bt1a wrote:
| While the admin is currently pushing a very negative image
| against China, I do not believe the FBI would do that so
| lightly.
| ciarannolan wrote:
| The problem is that this administration has shown time and
| again that they're willing to corrupt American institutions
| (like the FBI) when it suits them.
| boomboomsubban wrote:
| Why would the FBI be hesitant about faking/sensationalizing
| this? It's nearly impossible to prove, China's unlikely to
| make an issue out of it, and even if the lie got exposed what
| punishment would they face?
| thephyber wrote:
| > I do not believe the FBI would do that so lightly
|
| What do you mean by "so lightly"? It changed the entire
| meaning of the sentence.
___________________________________________________________________
(page generated 2020-05-26 23:01 UTC)