[dreww]

While I support the opinions with regard to security and disclosure as presented, the rest of the article is regrettably lacking in detail, specifics, evidence, or attributable quotes on what has actually occurred. It's hard to say if this is just the typical style of a piece for general audiences on this topic, or the tail wagging the dog on attributing these things to china in the public eye.

Frankly, what's more alarming; the dedicated resources of a single state actor, or a complex, emergent network of self-interested individuals and groups persuing their own aims?

I find the Chinese explanation a little too convenient and a little too amenable to typical national defense thinking. What this article really says to me is that if you want to hack an American company, own a Chinese box first. Nobody will look any further.

[trotsky]

The truth is that both are happening. When you talk to people who are pragmatic and watch the strategic elements they are often saying things like "or someone operating with chinese cover". There is definitely evidence that other actors are using chinese IPs, working hours and techniques to muddy the water. But at the same time, a preponderance of evidence suggests strongly that a majority of these attacks are from chinese sources. Keep in mind that military and national security investigators - even private sector investigators - have access to a lot more intelligence about these matters than simply what IP launched what. So, yes, while some intrusions from china are undoubtedly the work of non-chinese it still makes sense to focus a lot of your efforts on the dragon in the room.

[dreww]

i totally believe that there is more evidence out there, it is just rarely actually revealed.

so it seems at least possible that there is some collusion, conscious or not, between journalists and cybersecurity spooks to name an enemy in order to get traction in the public mind, vs. saying "well, it's from a lot of different people, lots of stuff from china, and who knows what else."

I even think this might be a good strategy - I guess my point is i'd like to see more real public evidence before we accuse foreign governments of attacking us in the press. not because i don't believe it is happening, but because i feel those assertions should be backed up if they're going to be made.

[metachris]

What this article really says to me is that if you want to hack an American company, own a Chinese box first. Nobody will look any further.

Exactly -- it's pretty easy to rent a chinese box from one of the many botnets out there, and I guess that would be the first choice of an intruder to hide his trails.

[ja30278]

> I find the Chinese explanation a little too convenient and a little too amenable to typical national defense thinking. What this article really says to me is that if you want to hack an American company, own a Chinese box first. Nobody will look any further.

Would you also limit your targets to things that would seem to be of overwhelming interest to the chinese government?

[dreww]

i hear what you're saying, but lots of the targets in the press would be of interest to a lot of people who are just in it for the money, etc.

[ja30278]

In this case, look at the target data that was recovered from a single control server: http://blogs.mcafee.com/wp-content/uploads/2011/08/ShadyRAT_...

US defense contractors; the governments of US, Canada, Vietnam, South Korea, Taiwan, and India; Democracy/Human Rights groups; mining, security, electronics, power companies.

That seems like an unlikely target list for someone who's in it for the 'lulz'.

[microarchitect]

While your claim is a reasonable one, Dmitri Alperovitch's analysis (link in metachris's comment) of Operation Shady RAT strongly suggests that China is behind this operation.