Monday, February 22, 2010

More Ammo in China Cyberwar

Day 6 of 46 c Lenten Season 2010

First, A Lenten Confession:

A seasoned newspaperman once told me there are a million idiots out there who would just love the opportunity to tell the world what’s wrong with it.

Not only was he right, but how many times have you read an editorial or a blog and thought, “what a self-righteous person that writer is”! As I re-read some of the essays I’ve written for this blog, I think the same thing. Unfortunately, the writer I’m criticizing is yours truly!

So before I launch into today’s essay, allow me to clarify a fairly significant point. I am imperfect. Which means I sometimes ignore personal blind spots. I’m rarely careful enough to point out somebody else’s flaws without first addressing those flaws in myself. In the Bible, that mistake is called trying to remove a speck of sawdust from another person’s eye without first removing the log from your own eye.

By now, you’ve no doubt realized that I hold some fairly controversial opinions on a variety of topics, and I write about them with a fair degree of conviction and impunity. Sometimes it seems like I’m pontificating from a position of sanctimonious, elitist superiority. However, in most instances, the reader should not conclude that I have personally overcome the problems or flaws I find in others.

Sometimes, I feel like I’m on the freeway, driving along just over the speed limit in the middle lane, when a pack of vehicles representing everyday life appears in my rear-view mirror, then speeds past on both sides, charging on ahead, leaving me in their dust.

But hey, I’m breaking the law, too, since I’m going over the speed limit… just because I’m not going as fast as the other cars, I’m not Mr. Innocent.

The cop could still pull any of us over and give us a ticket. Believe me – I’ve learned that the hard way – particularly in Dallas County!

And Now...
On to China!

A lot of my conservative friends refuse to read the New York Times because of its blatantly liberal leanings. Although I subscribe to a digital version of the Times, I usually read the New York Metro section for city news, and sometimes the International section, since the American press hardly acknowledges any part of the planet that average citizens can’t find on a map.

However, as Republican politicians know, reading the Times – even with its liberal baggage – can be akin to keeping ones’ friends close and your enemies even closer. It’s also an invaluable resource for obscure yet potentially explosive stories that most people might consider “boutique news” – news that is fairly specific to an industry or social group.

For example, in yesterday’s Times, an article about suspected hackers in China may have made the eyes of many readers glaze over with disinterest. According to the article, two universities in China have become focal points in an international investigation into incidents of hacking and cyberattacks. One of these universities, Shanghai Jiaotong University, has considerable ties with the University of Michigan, Microsoft, Cysco Systems, and Intel. The model Jiaotong University has created with American institutions serves as the archetype for other such ventures between China and the United States. The other school is the lesser-known Lanxiang Vocational School in Shandong Province.

Experts have traced Internet security breaches at dozens of organizations last year to these two schools. Victims purportedly include corporations as well as human rights activists.

Now, before anybody jumps to wild conclusions, it should be said that the very nature of cyberattacks makes the determination of perpetrators extremely difficult. Hackers can disguise their identities to the point where they can mask their point of origin and hijack other computers to do their dirty work. The incidents that have prompted a scrutiny of Jiaotong and Lanxiang could very well have been red-herring projects by hackers who were intending to send officials on a wild goose chase in finding the perpetrators. Of course, experts know this is a strong possibility, so they’re proceeding with caution and diplomacy until more facts can be determined.

Marching in Step?

Speculation has mounted against these two schools not only because of their academic prestige and influence, but also their associations with China’s People’s Liberation Army. Perhaps unwittingly, they have been helping to dig their way into this situation by hosting tutorial lectures on hacking, including one at Jiaotong University by a known Chinese hacker affiliated with China’s military. They also have participated with the Chinese government on Internet privacy projects, endeavors that do not sit well with Internet censorship opponents around the world. To top it off, at least two of Jiaotong’s leaders have been consultants to China’s military.

For their part, the two schools resent the charges and claim innocence of any wrongdoing, while the Chinese government won’t commit to any investigation of the charges implicating the two schools. So far, companies and organizations that have suffered dozens of cyberattacks in the past year have refused to comment on the issue, either out of legitimate legal protocol or private fears of continued Internet security risks and industrial espionage.

In the meantime, IBM’s internationally-prestigious Battle of the Brains computer competition was won by Jiaotong students just two weeks ago, besting efforts by elite engineering programs in universities across the world.

Hints for Online Safety

What does any of this mean to you and me? Well, maybe nothing, if experts can prove the suspicious cyberattacks came from someplace else. It’s probably still too early to sound alarm bells and raise the specter of China’s visceral grip on Internet technology. If anything, the clamor from international experts about last year’s attacks may force hackers into new levels of secrecy and subterfuge, making investigations even more complex.

What we can learn, however, is that we simply cannot take Internet security for granted. Particularly as our reliance on it continues to expand, we should at least take basic precautions for protecting the identities of our family members and ourselves.

For example, here are some easy things you can do today:
  1. Change passwords to your online accounts; consider incorporating symbols like “@” for “a”; “3” for “e”; “5” for “s”, and so on. That way, you don't need really long passwords that are harder to remember.
  2. If you’re on FaceBook, remove any reference to your age and/or birthdate. Like any social networking site, FaceBook is NOT family-friend or security-friendly.
  3. Also on FaceBook, remove all references to your child(ren) and their age(s) and/or birthdate(s); however, if you’re naming your kids in a photo, use just their first name.
  4. For any portrait photo of yourself online, try to avoid having your full name listed (unless you’re in a group of people, and all of their names are going to be listed as well). If you’re going to be listed on a company website’s contact page, make sure your webmaster encrypts your photo, caption, and e-mail address.
  5. Be suspicious of anything "free" online. Those gorgeous screensavers and cute emoticons? They could be hosting Trojan horses that could infiltrate your hard drive.
  6. Don't click on any online ad unless you're sure you want to visit their site. If you think you need to click on the ad to find out more about what they're offering, Google the company instead.
  7. Refrain from filling out online forms, but if you must, only do it on sites you know you can trust. If it’s an unofficial survey, consider using a fake name and e-mail address. I don’t believe supplying such “false” information is lying; there is room for being prudent with your personal information. If providing "false" information is troubling for you, consider opening a ghost e-mail account that you won't use for more personal communication.
  8. NEVER fill out a raffle form and provide your e-mail address or street address. Even if the "prize" is a new car, how do you think the organization sponsoring the raffle is going to pay for it? They're probably going to sell your contact information.
  9. Absolutely DO NOT reply to or forward chain e-mails. Not only are they annoying to almost everybody, you could be unwittingly assisting in the spread of malicious spyware and viruses.

1 comment:

  1. David Barbosa's claim that Lanxiang Vocational School has tie with the Chinese military isn't reliable.

    Of all places, The Inquirer figured out this 3rd rate voc tech only supplied a handfull of cooks and mechanics to the PLA:

    http://www.theinquirer.net/inquirer/news/1592914/google-bought-chinese-hairdressers

    NYT's mistake on Lanxiang's supposed military connection can be traced to some wonk in Berkley mistranslating news reports about Lanxiang grads enlisting.

    Instead of reporting students from culinary and mechanics program joining the military as technical sergeant, they mistranslated it as "technology officer" and made the hacking leap:

    http://chinadigitaltimes.net/2010/02/two-chinese-schools-said-to-be-tied-to-online-attacks/

    NYT was all too happy to jump on this without fact checking.

    ReplyDelete

Thank you for your feedback!