China's Cyber Merchantism
Mercantilism is where a country deliberately pushes the exports of products from their country while keeping imports to a minimum.
With security breaches the great thing about it is there is 100% deniability. There is always a chance that your country is being framed. And with the 100% deniability, there is no downside to Cyber Merchantism for a country. What is the cost of stealing competitive information (oil reserve information) from a US Oil company that can help your own domestic oil industry on bidding? None, since nobody can prove your country did it.
For any software used in China that uses encryption, the Chinese government requires a company to turn over the keys (access) to them. The US has similar requirements for criminal investigations through court orders. What happened with Skype for example in China, was somebody was monitoring conversations and scanning them for keywords, and then copying them. The challenge is what happens when the Chinese government favors domestic competition over your foreign site?
An example of this in China was initially Google's site for a while was being forwarded to a competitors. So if you typed in Google.cop Baidu would come put. Another example was when Google.cn was shut down due to pornography.
From a software prospective China was going to require that all PC's be installed with software to filter the Internet. Unfortunately it seems the software, Green Dam, had large parts of it copied from a US Software Cybersitter. Currently Cybersitter is suing for $2.2 Billion dollars over this. Since Green Dam has no foreign assets I don't see a cost for them copying the code. Cybersitter is also going after PC Manufacturers who installed the software that have foreign assets such as Sony, Lenovo, Toshiba, Acer, etc.
What is happening in the hacker attacks is an outside entitity is gaining control of a computer. Making it into a zombie, which then gives them access to the network that computer is on. And specific people are being targeted using a combination of human engineering and zero day flaws. Through E-Mails sent directly to a person using their name and having a subject line that appears real, with a link or attached pdf, that when clicked on gives control of the computer.
And the sophistication of the hacking is amazing with different groups being involved in different areas. One group does the initial penetration, and then another group would search out needed information, and a third group would actually move the information out.
Why would a country do Cyber Merchantism? The simple answer is to give their own industry help. And this applies from raw materials, manufacturing, to the information economy. The goal of China's government is move up the economic value food chain, to advance from being just a place for low cost hub for manufacturing, into a producer and developer of high technology products.
I found this quote interesting:
“The China threat is constant,” says Shawn Carpenter, principal forensics analyst for NetWitness, a cybersecurity company. “If there’s valuable intellectual property out there, there are people in China and elsewhere who want to take it. It’s the new battlefield – low risk and low investment with high gain.”
References:
US oil industry hit by cyberattacks: Was China involved? - Christian Science Monitor
In Digital Combat, U.S. Finds No Easy Deterrent - NY Times.
Google Attack Part of Widespread Spying Effort - IDG
China Issues Sharp Rebuke to U.S. Calls for an Investigation on Google Attacks - NY Times.
China retreats on Internet Filtering SoftwareChina Requires Censoring on New PCs
With security breaches the great thing about it is there is 100% deniability. There is always a chance that your country is being framed. And with the 100% deniability, there is no downside to Cyber Merchantism for a country. What is the cost of stealing competitive information (oil reserve information) from a US Oil company that can help your own domestic oil industry on bidding? None, since nobody can prove your country did it.
For any software used in China that uses encryption, the Chinese government requires a company to turn over the keys (access) to them. The US has similar requirements for criminal investigations through court orders. What happened with Skype for example in China, was somebody was monitoring conversations and scanning them for keywords, and then copying them. The challenge is what happens when the Chinese government favors domestic competition over your foreign site?
An example of this in China was initially Google's site for a while was being forwarded to a competitors. So if you typed in Google.cop Baidu would come put. Another example was when Google.cn was shut down due to pornography.
From a software prospective China was going to require that all PC's be installed with software to filter the Internet. Unfortunately it seems the software, Green Dam, had large parts of it copied from a US Software Cybersitter. Currently Cybersitter is suing for $2.2 Billion dollars over this. Since Green Dam has no foreign assets I don't see a cost for them copying the code. Cybersitter is also going after PC Manufacturers who installed the software that have foreign assets such as Sony, Lenovo, Toshiba, Acer, etc.
What is happening in the hacker attacks is an outside entitity is gaining control of a computer. Making it into a zombie, which then gives them access to the network that computer is on. And specific people are being targeted using a combination of human engineering and zero day flaws. Through E-Mails sent directly to a person using their name and having a subject line that appears real, with a link or attached pdf, that when clicked on gives control of the computer.
And the sophistication of the hacking is amazing with different groups being involved in different areas. One group does the initial penetration, and then another group would search out needed information, and a third group would actually move the information out.
Why would a country do Cyber Merchantism? The simple answer is to give their own industry help. And this applies from raw materials, manufacturing, to the information economy. The goal of China's government is move up the economic value food chain, to advance from being just a place for low cost hub for manufacturing, into a producer and developer of high technology products.
I found this quote interesting:
“The China threat is constant,” says Shawn Carpenter, principal forensics analyst for NetWitness, a cybersecurity company. “If there’s valuable intellectual property out there, there are people in China and elsewhere who want to take it. It’s the new battlefield – low risk and low investment with high gain.”
References:
US oil industry hit by cyberattacks: Was China involved? - Christian Science Monitor
In Digital Combat, U.S. Finds No Easy Deterrent - NY Times.
Google Attack Part of Widespread Spying Effort - IDG
China Issues Sharp Rebuke to U.S. Calls for an Investigation on Google Attacks - NY Times.
China retreats on Internet Filtering SoftwareChina Requires Censoring on New PCs
Labels: china economy, china's future, Chinese Economics, google
posted by Ray Ritchey at
8:50 AM
0 Comments:
Post a Comment
<< Home