back to article Guess who's back, back again? China's back, hacking your friends: Beijing targets American biz amid tech tariff tiff

Three years after the governments of America and China agreed not to hack corporations in each other's countries, experts say Beijing is now back to its old ways. And if that's the case, we can well imagine Uncle Sam having a pop back. Speaking at the Aspen Cyber Summit in San Francisco on Thursday, a panel including top NSA …

  1. sanmigueelbeer
    Happy

    "There is clearly an ambition to graduate beyond IP theft and become more of a leader,"

    I disagree.

    China has been reverse-engineering stuff since the 1950s and I don't see them "graduate" to this sort of "skills".

    The only way to stop PRoC from stealing other people's ideas and/or design is booby-trap those so-called designs so that when they try to replicate it in their lab something horrible happens.

  2. silent_count

    I wonder if the yank's zeal for protecting IP right extends to paying royalties to China every time they manufacture a bullet - which, funnily enough, contains gunpowder which was invented by...

    Sure one could argue that the patient might have expired but guess which Disney-beholden national government keeps extending IP terms ever further towards the big bang.

    1. Captain Hogwash
      Coat

      Yes, patients often expire when subjected to a bullet or a big bang.

  3. Paratrooping Parrot
    Mushroom

    Hypocritic US

    Whenever the US hacks someone, it's all fine. Whenever a non Five-eyes country does the same, all hell breaks loose. Smells of hypocrisy. As long as the US are hacking and spying on others, then I think everyone else should have the same access. If the US forces companies to install backdoors, then don't come running if others find the backdoors and make use of it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hypocritic US

      > Whenever the US hacks someone, it's all fine.

      Says who, other than you? To me it is not fine, nor is Chinese intrusion fine either. The server I use is under constant attack from Chinese IP numbers.

      1. Sabot
        Boffin

        Re: Hypocritic US

        So I use a free home edition UTM, and tell it to drop all incoming traffic from any other country than my own. Except when I'm abroad, I still need to be able to VPN into it, so allow traffic temporarily from that country. Companies can buy this stuff.

        1. Anonymous Coward
          Facepalm

          Re: Hypocritic US

          Good thing no one outside your country has access to a VPN.

    2. Aodhhan

      Re: Hypocritic US

      Gathering information from a network in order to ensure national security is a lot different than theft of intellectual property. This shouldn't be too difficult to comprehend.

  4. 0laf
    Facepalm

    Well tbh, you know the value of your assets. You know who is coming after it and you know they are capable and well resourced.

    Now you need to protect your assets appropriately.

    It sounds like many companies have been paying lip service to the security around their IP and if they want to continue to do business in the world today they will have to up their game.

    If your business was gold storage you wouldn't cut corners on the physical security around that asset. You wouldn't leave your locked windows to rot until they fell out of their frames leaving gaping holes in the walls. But many buinesses think it's fine to let their IT installations of Windows rot without updates or patches. Then they wonder why the electric burglars were able to climb through the holes in their walls.

    It's taking a long long time to get the idea across that nothing has changed, people still want to steal your valuables it's just the form of the valuables that has changed.

    1. Kabukiwookie

      It sounds like many companies have been paying lip service to the security around their IP

      That's because non-technical people have no clue about IT and are not willing to spend money on what appears to work 'just fine' automagically. The whole premise of securing a physical gold storage facility is much easier to understand than setting up proper user authentication.

      I am encountering more and more that even people working in IT seem to know the 'magic incantations' to get something done, but have no idea what those incantations actually do, nor what any side effect of those incantations may be. On top of that, they often don't even seem to be actually interested in anything except 'making stuff work'.

    2. Aodhhan

      Olaf... I see you've never worked at a large company where many individuals work together to design and build a product.

      To say you must do more to secure information is a pretty obvious statement. Do you think companies don't know this? C'mon, you're smarter than this.

      When you have 500+ people working on a project--some at other locations, to simply secure it on a private network isn't as easy as it sounds. Even if you employ best practices and proper security devices, there are many attack points. Even a novice InfoSec professional knows this and can point many out.

      I've been a red team professional for nearly 10 years--even when companies do everything right to secure their systems, we manage to find a weak point to exploit within 30 days. A nation state has all the time in the world to do this, along with employing a workforce dedicated to working on zero days; on a variety of different and popular software. If you don't understand there are thousands of zero days available to nation states (which they keep secret), then you probably should consider working in another field.

      All of this is pretty obvious to an experienced InfoSec professional. Especially those who keep up with the latest offensive security attack methods/techniques. Along with understanding you have a lot to learn--and should begin to consider not the obvious, but the unique and ambiguous.

      You may also want to consider withholding judgement until you have a lot more experience.

  5. Graham Cunningham
    Pint

    Beer for

    a sub-head with a sting! ;)

  6. Jimmy2Cows Silver badge

    Heading cadence is off

    Should be China's back, hacks your friends

    Hacking is a syllable too much

  7. naive

    GeoIP databases are your friend

    Since these Chinese never buy anything from western companies anyway, they only come for hacking. It is easy to block their ip addresses.

  8. vtcodger Silver badge

    They're foreign. They must be idiots

    My first question would be what, exactly, the Chinese are supposed to be stealing. Knowledge of how to build high speed trains? China has 27000km of HSR trackage. The US has a few hundred km. Same story in many other fields. With a few exceptions -- fighter jet engines, cutting edge semiconductors -- Chinese technology genuinely seems reasonably competitive with the West. If not better.

    My feeling -- The folks pushing this story are the 21st century equivalent of the mid 20th Century experts who claimed that Japanese technology was entirely derivative and besides which Japanese had genetically weak eyes that would be ineffective in aerial combat. Turned out that the Mitsubishi A6M ("Zero") was a better fighter than its American/British counterparts and that the Japanese pilots had no trouble at all targeting American, British, and Dutch ships in late 1941.

  9. Anonymous Coward
    Anonymous Coward

    It's more likely hackers, not governments

    While there is likely to be a government component in this (on all sides) our experience has been that the hack attempts drastically increased as soon as we started talking to Chinese customers - our agents in China routinely send us their sales forecasts in the form of .XLS files and as soon as we take on a new agent we see an increase in spoofed emails and infected attachments. The fact is that most PC's in China are infected and hacked, we're just on the receiving end of their internal problems for the most part.

    And it's not just China, start dealing with any country that runs its office infrastructure on Windows XP and you'll see the same thing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like