WASHINGTON — The US government has taken its first real swipe at China following accusations that Beijing is behind a widespread and systematic hacking campaign targeting US businesses.
Buried in a spending bill signed by President Obama on Tuesday is a provision that effectively bars much of the federal government from buying information technology made by companies linked to the Chinese government.
It is unclear what impact the legislation will have or whether it will turn out to be a symbolic gesture. The provision only affects certain nondefense government agency budgets between now and Sept. 30, when the fiscal year ends. It also allows for exceptions if an agency head determines that buying the technology is ‘‘in the national interest of the United States.’’
Still, the rule could upset US allies whose businesses rely on Chinese manufacturers for parts and pave the way for broader, more permanent changes in how the US government buys technology.
‘‘This is a change of direction,’’ said Stuart Baker, a former senior official at the Homeland Security Department now with the legal firm Steptoe & Johnson in Washington. ‘‘My guess is we’re going to keep going in this direction for a while.’’
Representative Dutch Ruppersberger of Maryland, top Democrat on the House Intelligence Committee, said he supports the restriction and does not think it would be too cumbersome for federal agencies.
‘‘Anything we can do to call awareness to the fact that we’re continuing to be cyberattacked, we’re continuing to lose jobs, and that billions of dollars in American money is being stolen,’’ Ruppersberger said Wednesday.
Unreal. Blaming hacking for costing jobs. From what I've been told by my paper, it's creating jobs.
In March, the US computer security firm Mandiant released details on what it said was an aggressive hacking campaign on American businesses by a Chinese military unit. Since then, Treasury Secretary Jacob Lew has used high-level meetings with Beijing officials to press the matter....
Related: US envoy presses China over hacking, North Korea
Time for lunch, readers.
Congressional leaders have promised to push comprehensive legislation that would make it easier for industry to share threat data with the government. But those efforts have been bogged down over concern that too much of US citizens’ private information could end up in the hands of the federal government.
What crap. The damn bill is ready for a vote today.
"CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. CISPA’s information sharing regime allows the transfer of vast amounts of data, including sensitive information like Internet records or the content of emails to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command."
All for your own good.
As Congress and privacy advocates debate a way ahead, lawmakers tucked a section into the latest budget resolution, which enables the government to pay for day-to day operations for the rest of the fiscal year. The provision specifically prohibits the Commerce and Justice departments, NASA, and the National Science Foundation from buying an information technology system that is ‘‘produced, manufactured, or assembled’’ by any entity that is ‘‘owned, operated, or subsidized’’ by the People’s Republic of China.
Look what else was tucked to you, 'murkns:
Sunday Globe Special: Brewery Tax Break
Budgeting My Posts
Obama Budget $crews Students
Elite Schools $queezing Taxpayers
Sunday Globe Specials: Fiscal Cliff Fraud
At least they raised taxes on the rich, right?
But a blanket prohibition of technology linked to the Chinese government may be easier said than done. Information systems are often a complicated assembly of parts manufactured by different companies around the globe.
No kidding. Pick up a product in AmeriKa these days and you stand a more than 50% chance that the label will say "Made in China."
--more--"
Related:
"The New York Times and Wall Street Journal reported Thursday that their computer systems had been infiltrated by China-based hackers, cybersecurity specialists said the US government is eyeing more pointed diplomatic and trade measures."
Honestly, who would really want to attack them?
China deflects US attempts to curtail cyberattacks
Because they aren't the ones doing it.
Happy now?
"US demands China act to halt network hacking" by Mark Landler | New York Times, March 12, 2013
WASHINGTON — The Obama administration demanded Monday that China take steps to stop the widespread hacking of US government and corporate computer networks and that it engage in a dialogue to set standards for security in cyberspace.
The demands, laid out in a speech by President Obama’s national security adviser, Thomas E. Donilon, represent the first direct response by the White House to a raft of attacks on US computer networks, many of which appear to have originated with the People’s Liberation Army.
You guys sure about that?
“US businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyberintrusions emanating from China on an unprecedented scale,’’ Donilon said in remarks prepared for delivery to the Asia Society in New York.
He also said the Treasury Department would sanction a North Korean bank that specializes in foreign-exchange transactions — ratcheting up the pressure on the North Korean government on the day Pyongyang said it would no longer abide by the 1953 armistice that halted the Korean War.
The White House, he said, was seeking three things from Beijing: public recognition of the urgency of the problem; a commitment to crack down on hackers operating in China; and an agreement to take part in a dialogue to establish ‘‘acceptable norms of behavior in cyberspace.’’
Until now, the White House has steered clear of mentioning China by name when discussing cybercrime, prompted in part by qualms about escalating a dispute with Beijing while it is in the midst of a leadership transition.
But as evidence has emerged linking the People’s Liberation Army to an extensive hacking network, the China connection has become harder for the administration to avoid.
AmeriKan government evidence? Ha-ha-ha!
Donilon said the threats to cybersecurity had moved to the forefront of concerns about China.
Donilon made no mention of Washington’s attacks on computer networks in Iran, which have impeded Tehran’s development of nuclear centrifuge machines.
Well, there are hackers, and then there are hackers.
--more--"
"Hacking attempt traced to China" by Sam Kim | Associated Press, March 22, 2013
SEOUL — Investigators have traced a coordinated cyberattack that paralyzed tens of thousands of computers at six South Korean banks and media companies to a Chinese Internet Protocol address, but it was unclear who orchestrated the attack, authorities in Seoul said Thursday.
Also see: Bank Hacking a False Flag Hoax
They all are, folks.
The discovery did not erase suspicions that North Korea was to blame. An IP address can provide an important clue as to the location of an Internet-connected computer but can be manipulated by hackers operating anywhere in the world. The investigation into Wednesday’s attack could take weeks....
Cellphone call for you, readers.
WHERE did the HACKING ATTACKS come from again?
Wednesday’s cyber attack did not affect South Korea’s government, military, or infrastructure, and there were no initial reports that customers’ bank records were compromised. But it disabled scores of cash machines, disrupting commerce in this tech-savvy, Internet-dependent country, and renewed questions about South Korea’s Internet security and vulnerability to hackers....
The attack may have extended to the United States. The website of the US-based Committee for Human Rights in North Korea also hacked, with reports on satellite imagery of North Korean prison camps and policy recommendations to the US government deleted from the site, according to executive director Greg Scarlatoiu....
A malicious code that spread through the Nonghyup server was traced to an IP address in China, said Cho Kyeong-sik of the Korea Communications Commission. Regulators said all six attacks appeared to come from “a single organization.”
North Korea....
North Korea....
North Korea....
--more--"
And WHO BENEFIT$?
"Private firms playing major role against cyberattacks" by Anne Flaherty | Associated Press, February 22, 2013
WASHINGTON — When Kevin Mandia, a retired military cybercrime investigator, decided to expose China as a primary threat to US computer networks, he didn’t have to consult with American diplomats in Beijing or declassify tactics to safely reveal government secrets.
He pulled together a 76-page report based on seven years of his company’s work and produced the most detailed public account yet of how, he says, the Chinese government has been rummaging through the networks of major US companies.
It wasn’t news to Mandia’s commercial competitors, or the federal government, that systematic attacks could be traced back to a nondescript office building outside Shanghai that he believes was run by the Chinese army.
What was remarkable was that the extraordinary details — code names of hackers, one’s affection for Harry Potter, and how they stole sensitive trade secrets and passwords — came from a private security company without the official backing of the US military or intelligence agencies that are responsible for protecting the nation from a cyberattack.
The report, embraced by stakeholders in both government and industry, represented a notable alignment of interests in Washington: The Obama administration has pressed for new evidence of Chinese hacking that it can leverage in diplomatic talks — without revealing secrets about its own hacking investigations — and Mandiant has made headlines with its sensational revelations.
The report also shows the balance of power in America’s cyberwar has shifted into the hands of the $30 billion-a-year computer security industry....
CUI BONO?
Mandiant, which took in some $100 million in business last year — up 60 percent from the year before — is part of a lucrative and exploding market that goes beyond antivirus software and firewalls. These ‘‘digital forensics’’ outfits can tell a business whether its systems have been breached and — if the company pays extra — who attacked it.
Mandiant’s staff is stocked with retired intelligence and law enforcement agents who specialize in computer forensics and promise their clients confidentiality and control over the investigation.
In turn, they get unfettered access to the crime scene and resources to fix the problem....
The growing reliance on contractors like Mandiant has been compared to that enjoyed by the military and State Department contractor formerly known as Blackwater.
That company provided physical security to diplomats and other VIPs during the Iraq war.
Officials inside and outside government say that’s not a bad thing; contractors can often act more quickly than the government and without as much red tape.
It truly is a corporate pre$$.
There are also serious privacy concerns: Most US citizens don’t want the government to access their bank accounts, for example, even if China is attacking their bank....
We DON'T WANT SOME PRIVATE HACK doing it EITHER!!!!!!!!!!!
And we DON'T NEED CHINA to hack our accounts. As we have seen in CYPRUS, western bankers are SEIZING the DEPOSITS THEMSELVES!!!!!
--more--"
Related: Mass. at center of a war on hackers
Yup, it'$ a growing concern.
