Still, “it’s perfectly appropriate for us to do everything we can to embarrass and punish the Chinese if they’re in our systems, whether or not we’re in theirs,” said former National Security Agency general counsel Stewart A. Baker. “It’s the case that the U.S. and Russia and other countries are much more cautious about getting caught because they think there are going to be consequences. It’s only the Chinese that think there are no consequences to getting caught.”
Stewart Baker making himself look foolish again! Last time he popped up on HN:
I really wonder how someone can come out with stuff like this. I doubt the PRC feels one iota of embarrassment for even one split second, and if senior US officials really bring up Chinese state sponsored hacking "every time they meet with their counterparts in Beijing" then the US Government is living up to its reputation as plumbing the depths of hypocrisy. They embarrass only themselves.
Obama is heading to China again, time to publish a story about them hacking again? This quote was interesting because it seems to confirm that the whole story is smoke and mirrors for some political agenda.
Before Snowden I actually bought into this whole 'the Chinese are hacking us' refrain. I don't see how they can keep up with it with a straight face anymore.
I think the US has zero credibility pointing the finger here. Spend 1/10th as much on defense as offense and then maybe complain your system protected by default passwords and zero encryption got "hacked".
The PRC doesn't feel embarrassment about this, but not because of anything the US is or isn't doing. The way they see it, espionage is a fair method of catching up to (and then exceeding) the US, and if it keeps working then maybe the US should actually do something about it. After all, it's not like the Chinese ever voted for strong "intellectual property" protection, they see it as a rule imposed on them by the rest of the world instead of some universal behavioral norm.
The US complaining about their hacking just proves to them how effective it is.
Now, the US engages in strategic espionage for different reasons (just as China actually engages in strategic espionage, which the US doesn't complain about in public). But US representatives should be embarrassed here just because their whining proves the point to the PRC.
And you're saying it's somehow a different class of ethical conundrum to engage in espionage to kill people, or to engage in it for economic advantage, and killing people is more ethical?
I am not surprised the state-capitalist Chinese see it differently, and are okay with both.
> But the government does not deny it routinely spies to advance American economic advantage, which is part of its broad definition of how it protects American national security. In short, the officials say, while the N.S.A. cannot spy on Airbus and give the results to Boeing, it is free to spy on European or Asian trade negotiators and use the results to help American trade officials — and, by extension, the American industries and workers they are trying to bolster.
Cause at this point everyone knows the US is trying to get into _everyone's_ systems, so it probably sounded hypocritical to himself for him to say it's a big deal when China does it. He's got to come up with something.
It's too late for "gentlemen do not read each other's mail".
They buried the lede a bit -- since I doubt organized attackers are after the personal information of postal service employees:
"It is also possible that the Chinese were after other types of data, analysts said. For instance, the U.S. Postal Service, at the request of law enforcement officials, takes pictures of all addressing information from envelopes and parcels."
IMO the real goal is HUMINT, getting access to a list of people with security clearance (including all of their personal information) meaning China can now easily target them individually. Blackmail or pay them off, convert them to informants/spies within the postal system. A postal system now flush with tons of data about every American citizen.
It's much easier to have people embedded in the system, long term, extracting data... than it is to exfiltrate data remotely from China via hacking.
The data these people have access to is quite an important intelligence asset:
> the Chinese may be assuming that the U.S. Postal Service is more like theirs — a state-owned entity that has vast amounts of data on its citizens, said James A. Lewis, a cyber-policy expert at the Center for Strategic and International Studies. Second, he said, the trend in intelligence is the same as in the commercial sector: amass big sets of data that can be analyzed for previously unknown links or insights.
Everything is relative, including time. Nothing tell us how long they were trying to attack USPS or even how they were trying. This is just a case were they tried to do it one way, they succeeded and they got caught. There's probably multiple incident that public doesn't know or even that intelligence services doesn't know.
That's an effect of certain poorly-made security decisions.
For example, if a small organization such as a gym or school makes copies of all customer/user driver's licenses: They end up creating a small pile of gold that they can't afford to protect.
Don't ask for data you can't securely store. I think that's just common sense. If you keep the data on paper, you wouldn't leave it out in the open for anyone to take it would you?
I worked for USPS. When I saw this title I immediately assumed that China was after the main database which contains information on basically every US citizen. As a developer I had access to some databases and was told that USPS had the third largest database in the world. This was before Facebook, but still, there is a lot to be had other than employee information.
Not really- while the USPS does take pictures of all mail, there is no specific evidence that the hackers were after or accessed that data- making it speculation and not news.
It was USSR before. It has been China since 1990's. An imaginary and powerful enemy has to be created. Iraq, Iran, Afganistan are too small for the title.
> It was USSR before. It has been China since 1990's. An imaginary and powerful enemy has to be created.
I agree that espionage is over-emphasized -- everyone does it. Also I agree that some like to imagine enemies; it fits their narratives. That doesn't make every enemy imaginary.
The USSR was a real enemy. Many Chinese leaders openly proclaim themselves our enemy and they take aggressive actions against us; among the public, aggressive nationalism is at least somewhat popular. Hopefully the relationship doesn't turn out that way, but it's a real risk that I don't think we should ignore.
Sorry that I'm not going to spend the time to look them up, but there are extreme nationalistic military officers who take this position. What I'm saying is not controversial in foreign policy literature, though perhaps the position is more often strongly implied than literally stated. Also, realize that the Chinese government seems to have less control over the statements of its military officers; I can't imagine U.S. officers making statements like these.
Try searching for 'kill a chicken to scare the monkeys'. A popular meme (at least popular enough that I've encountered it many times) is that China suffered a "century of humiliation" at the West's hands, that China is ascending and the U.S. is in decline, and now China will take what it wants as the great power of the world, including control of their region and territory from their neighbors (some of whom have security guarantees from the U.S.).
As far as actions, for example the Chinese military actively have harassed U.S. and allied nations' ships and planes, including causing a few serious collisions.
Sadly, in the "right" hands (or after the "right" catastrophy), nothing is too small for the title. Or it can be just made up, like "they're throwing babies out of incubators". And just as sadly, this goes both ways, "the west" also served as an excuse for decades of atrocities in China and Russia.
"It is also possible that the Chinese were after other types of data, analysts said. For instance, the U.S. Postal Service, at the request of law enforcement officials, takes pictures of all addressing information from envelopes and parcels. [1]"
"For one thing, the Chinese may be assuming that the postal service is more like theirs — a state-owned entity that has vast amounts of data on its citizens, said James A. Lewis, a cyber-policy expert at the Center for Strategic and International Studies."
State-owned? That is true. "has vast amount of data on its citizens"? Please do some homework before speaking.
As a side note, I really hate article titles that use this kind of wildly inaccurate accusation. The nation of China did not breach the U.S. Postal Service, a Chinese government team did. Still inaccurate and vague, but there's a world of difference between the United States launching a drone strike and the CIA, an agent of the US, launching a drone strike.
Edit: I've read more than enough articles where the agent or actor is NOT a member of the government, yet still referred to as "China" or "America". However, even in situations where it is a member of the government or of a company, I still think the connotations conveyed by imprecisely labeling the actors totally throw off expectations and perceptions.
I am not sure if I agree with your rationale. An agent of a government acts on behalf of his or her government. According to your reasoning, a nation cannot breach a system or wage war because it is an agent that does the hacking or a soldier that does the firing.
Nevertheless, I liked this excerpt by the NSA's general counsel:
> Still, “it’s perfectly appropriate for us to do everything we can to embarrass and punish the Chinese if they’re in our systems, whether or not we’re in theirs,” said former National Security Agency general counsel Stewart A. Baker. “It’s the case that the U.S. and Russia and other countries are much more cautious about getting caught because they think there are going to be consequences. It’s only the Chinese that think there are no consequences to getting caught.”
The actors are members of a larger system, the government, and act on its behalf and in most cases with its explicit approval and support. They're all parts of the same entity and by trying to distance the actor from the system would be to remove some level of responsibility that all parties share in.
Also, I don't think there's a world of difference between saying the CIA launched a drone strike and America launching a drone strike. I know the general public would like to believe they are not personally responsible for what our country does but as citizens, we collectively share in what we as a whole have decided to do or what those we've put in charge have decided to do.
Functionally, what's the difference? Supposedly a Chinese government team would be acting on behalf of the nation of China and at their orders. I don't think anyone would interpret that as saying that every single Chinese citizen was involved.
Stewart Baker making himself look foolish again! Last time he popped up on HN:
https://news.ycombinator.com/item?id=8559454
I really wonder how someone can come out with stuff like this. I doubt the PRC feels one iota of embarrassment for even one split second, and if senior US officials really bring up Chinese state sponsored hacking "every time they meet with their counterparts in Beijing" then the US Government is living up to its reputation as plumbing the depths of hypocrisy. They embarrass only themselves.