My first paycheck from Google! - A look into making money with your blog.

Yay! My first paycheck from Google! Enough money for.... something I guess.

Yes. It is possible to make money with your blog. I have always dreamed of working for Google. Even though that probably will never happen, I now can at least pretend it is happening, because Google sent me a paycheck! Just under $120. Woot!


Read article »

Read More

Why Business Methods Are as Important as IP to China

Courtesy of China Defense Blog, I just read a fascinating (if you like aircraft) report on China's capability to natively produce jet engines produced by China SignPost titled Jet Engine Development in China: Indigenous high-performance turbofans are a final step toward fully independent fighter production (pdf).

It's common to see open source reports describing how the APT seeks intellectual property (IP), which many people read as plans, designs, and related mechanical and scientific information. What some miss, however, is that China needs business know-how as well as technical know-how in order to achieve its economic and security goals. The report includes examples of this:

What China must achieve, however, is a methodology akin to Six Sigma or Total Quality Management (TQM) to ensure quality control and sufficient organizational honesty to ensure that actual problems are reported and that figures are not doctored.

Otherwise, standardization and integration may be the one in which the costs of China’s ad hoc, eclectic approach to strategic technology development truly manifest themselves.

The Soviet defense industrial base failed in precisely this area: talented designers and technicians presided over balkanized design bureaus and irregularly-linked production facilities; lack of standardization and quality control rendered it “less than the sum of the parts.”

If there's anything you need to know about the Chinese government, it's that it seeks to avoid mistakes made by others. The Chinese government does not want to repeat the Soviet failure, and it knows that technology isn't the only component when trying to build jet engines. Expect to more open and hidden actions by Chinese actors to gain the resources they need to indigenously create this core military and civilian capability.

Tweet

Read More

Get-Winevent Part III: Querying the Event Log for Logons (Part A)

The following is a digression on using Powershell's where-object (filter) to query System and Administrative events with 'Get-WinEvent'.  I like this method of querying the event logs because it is "pipeline" oriented and allows me to re-use/amend/copy previous syntax.  I was having some concern understanding a mysterious problem: my Windows 7 PC spontaneously un-sleeps itself and seemingly commences a log-on. I wanted to understand why this happened and if there was evidence of ex-filtration or malware.
  

With Powershell's 'where-object', I am going to filter select events. I can query the entire set of all Windows events, but limit the query with the '-max' parameter, otherwise the query will take much to long. To look at events with "Pnp" in the message body, I found I need 'findstr':

get-winevent -max 100 | where {$_.Message | findstr "Pnp"} | Select Timecreated,ID,RecordID, Message | ft -auto -wrap

TimeCreated Id RecordId Message
----------- -- -------- -------
6/28/2011 10:15:16 AM 2102 14420 Forwarded a finished Pnp or Power operation (22, 2) to the lower driver for device WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_RIMSPCI#DISK&VEN_RIC
OH&PROD_MEMORYSTICKSTORAGE&REV_1.00#MS0001# with status 0xC00000BB.
6/28/2011 10:15:16 AM 2100 14419 Received a Pnp or Power operation (22, 2) for device WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_RIMSPCI#DISK&VEN_RICOH&PROD_MEMORYSTICKSTORAGE&REV
_1.00#MS0001#.
6/28/2011 10:15:16 AM 2102 14418 Forwarded a finished Pnp or Power operation (22, 2) to the lower driver for device WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_RISD#DISK&VEN_RICOH&
PROD_SD#MMCSTORAGE&REV_2.00#0001# with status 0xC00000BB.
6/28/2011 10:15:16 AM 2100 14417 Received a Pnp or Power operation (22, 2) for device WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_RISD#DISK&VEN_RICOH&PROD_SD#MMCSTORAGE&REV_2.00#00
01#.
6/27/2011 10:48:10 PM 2102 14416 Forwarded a finished Pnp or Power operation (22, 2) to the lower driver for device WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_RISD#DISK&VEN_RICOH&
PROD_SD#MMCSTORAGE&REV_2.00#0001# with status 0xC00000BB.
6/27/2011 10:48:10 PM 2100 14415 Received a Pnp or Power operation (22, 2) for device WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_RISD#DISK&VEN_RICOH&PROD_SD#MMCSTORAGE&REV_2.00#00
01#.
6/27/2011 10:48:10 PM 2102 14414 Forwarded a finished Pnp or Power operation (22, 2) to the lower driver for device WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_RIMSPCI#DISK&VEN_RIC
OH&PROD_MEMORYSTICKSTORAGE&REV_1.00#MS0001# with status 0xC00000BB.
  
  
But I can also look at "sleep" events with the '-imatch' operator:

get-winevent -max 1000 | Select ProcessID,TimeCreated,ID,Task,TaskDisplayName,KeywordsDisplayNames,Message | where {$_.Message -imatch "sleep"} | ft -wrap -auto


ProcessId TimeCreated Id Task TaskDisplayName KeywordsDisplayNames Message--------- ----------- -- ---- --------------- -------------------- -------
1608 6/28/2011 10:15:24 AM 1 0 {} The system has resumed from sleep.

Sleep Time: ‎2011‎-‎06‎-‎28T05:47:49.589233900Z
Wake Time: ‎2011‎-‎06‎-‎28T17:15:17.711126400Z

Wake Source: Unknown
4 6/27/2011 10:48:05 PM 42 64 {} The system is entering sleep.

Sleep Reason: Hibernate from Sleep
1608 6/27/2011 10:47:54 PM 1 0 {} The system has resumed from sleep.

Sleep Time: ‎2011‎-‎06‎-‎28T05:47:49.589233900Z
Wake Time: ‎2011‎-‎06‎-‎28T05:47:49.587233800Z

Wake Source: S4 Doze to Hibernate
4 6/27/2011 4:47:43 PM 42 64 {} The system is entering sleep.

Sleep Reason: Button or Lid
1608 6/27/2011 3:55:48 PM 1 0 {} The system has resumed from sleep.

Sleep Time: ‎2011‎-‎06‎-‎27T07:04:00.443168300Z
Wake Time: ‎2011‎-‎06‎-‎27T22:55:37.240099500Z
   
Since the 10:15 AM login is my recent interactive logon and I know I did not logon interactively at 10:48 PM (the night before), I wanted to understand why that was happening at that odd hour in the evening.  The next series of commands helped me see if my ID was responsible for a "Logon" or "Special Logon" for that 10:48 PM "Pnp" or "resume from sleep" event: 

get-winevent -ProviderName "Microsoft-Windows-Security-Auditing" -max 100 | Select ProcessID,TimeCreated,ID,Task,TaskDisplayName,KeywordsDisplayNames | where {$_.TaskDisplayName -like "Logon"} | ft -wrap -auto | more
 
ProcessId TimeCreated Id Task TaskDisplayName KeywordsDisplayNames
--------- ----------- -- ---- --------------- --------------------
632 6/28/2011 10:31:34 AM 4624 12544 Logon {Audit Success}
632 6/28/2011 10:25:19 AM 4624 12544 Logon {Audit Success}
632 6/28/2011 10:25:05 AM 4624 12544 Logon {Audit Success}
632 6/28/2011 10:22:18 AM 4624 12544 Logon {Audit Success}
632 6/28/2011 10:20:55 AM 4624 12544 Logon {Audit Success}
632 6/28/2011 10:20:54 AM 4624 12544 Logon {Audit Success}
632 6/28/2011 10:18:52 AM 4624 12544 Logon {Audit Success}
632 6/28/2011 10:18:34 AM 4624 12544 Logon {Audit Success}
632 6/28/2011 10:18:34 AM 4624 12544 Logon {Audit Success}
632 6/28/2011 10:18:34 AM 4648 12544 Logon {Audit Success}
632 6/27/2011 3:58:55 PM 4624 12544 Logon {Audit Success}
632 6/27/2011 3:56:07 PM 4624 12544 Logon {Audit Success}
632 6/27/2011 3:56:07 PM 4624 12544 Logon {Audit Success}
632 6/27/2011 3:56:07 PM 4648 12544 Logon {Audit Success}
....

get-winevent -ProviderName "Microsoft-Windows-Security-Auditing" -max 100 | Select ProcessID,TimeCreated,ID,Task,TaskDisplayName,KeywordsDisplayNames | where {$_.TaskDisplayName -like "Special Logon"} | ft -wrap -auto | more

ProcessId TimeCreated Id Task TaskDisplayName KeywordsDisplayNames
--------- ----------- -- ---- --------------- --------------------
632 6/28/2011 10:31:34 AM 4672 12548 Special Logon {Audit Success}
632 6/28/2011 10:25:19 AM 4672 12548 Special Logon {Audit Success}
632 6/28/2011 10:25:05 AM 4672 12548 Special Logon {Audit Success}
632 6/28/2011 10:22:18 AM 4672 12548 Special Logon {Audit Success}
632 6/28/2011 10:20:55 AM 4672 12548 Special Logon {Audit Success}
632 6/28/2011 10:20:54 AM 4672 12548 Special Logon {Audit Success}
632 6/28/2011 10:18:52 AM 4672 12548 Special Logon {Audit Success}
632 6/28/2011 10:18:34 AM 4672 12548 Special Logon {Audit Success}
632 6/27/2011 3:58:55 PM 4672 12548 Special Logon {Audit Success}
632 6/27/2011 3:56:07 PM 4672 12548 Special Logon {Audit Success}
... 

No evidence of a "Logon" or "Special Logon" at the 10:00 PM hour yesterday!
As a side note, if I wanted to see more information about "Special Logon" attempts, I could structure a provider query as below, pumping all the information to out-gridview which I could paste and copy into a spreadsheet.
  
get-winevent -ProviderName "Microsoft-Windows-Security-Auditing" -max 1000 | Select ProcessID,TimeCreated,ID,Task,TaskDisplayName,KeywordsDisplayNames | where {$_.TaskDisplayName -like "Special Logon"} | ogv

If I want to look a little more thoroughly at "Special Logon" events, I can use:
 
get-winevent -ProviderName "Microsoft-Windows-Security-Auditing" -max 10 | Select ProcessID,TimeCreated,ID,Task,TaskDisplayName,KeywordsDisplayNames | where {$_.TaskDisplayName -like "Special Logon"} | fl * | more

 
ProcessId : 632TimeCreated : 6/28/2011 10:44:30 AM
Id : 4672
Task : 12548
TaskDisplayName : Special Logon
KeywordsDisplayNames : {Audit Success}

ProcessId : 632
TimeCreated : 6/28/2011 10:31:34 AM
Id : 4672
Task : 12548
TaskDisplayName : Special Logon
KeywordsDisplayNames : {Audit Success}
...

If I want to look at all details of "Special Logon" event entries:

get-winevent -ProviderName "Microsoft-Windows-Security-Auditing" -max 100 | Select * | where {$_.TaskDisplayName -like "Special Logon"} | fl * | more

...

Message : Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Id : 4672
Version : 0
Qualifiers :
Level : 0
Task : 12548
Opcode : 0
Keywords : -9214364837600034816
RecordId : 16766
ProviderName : Microsoft-Windows-Security-Auditing
ProviderId : 54849625-5478-4994-a5ba-3e3b0328c30d
LogName : Security
ProcessId : 632
ThreadId : 752
MachineName : rmfvpc
UserId :
TimeCreated : 6/28/2011 10:44:30 AM
ActivityId : 4f32adc8-0278-0270-8105-0000ca77ff7e
RelatedActivityId :
ContainerLog : security
MatchedQueryIds : {}
Bookmark : System.Diagnostics.Eventing.Reader.EventBookmark
LevelDisplayName : Information
OpcodeDisplayName : Info
TaskDisplayName : Special Logon
KeywordsDisplayNames : {Audit Success}
Properties : {System.Diagnostics.Eventing.Reader.EventProperty, System.Diagnostics.Eventing.Reader.EventProperty, System.Diagnostics.Eventing.Reader.EventProperty, System.Diagnostics.Eventing.Reader.EventProperty...}

...

This last command is important because it gives a complete readout of the entire event log entry and query fields. But really, I just want to know what happened yesterday around the time my system un-hibernated. For this, I can run a "match" query on a particular date:

get-winevent -max 1000 | Select ProcessID,TimeCreated,ID,Task,TaskDisplayName,KeywordsDisplayNames | where {$_.TimeCreated -match "6/27/2011"} | ft -wrap -auto | more 

Alternatively,I can add the "message" to the query. For security reasons, I will leave this as an exercise for the reader:

get-winevent -max 400 | Select ProcessID,TimeCreated,ID,Task,TaskDisplayName,KeywordsDisplayNames,Message | where {$_.TimeCreated -match "6/27/2011"} | ft -wrap -auto 

At this point, I still do not know what caused the "resume from sleep" event. Please see
Get-Winevent Part III: Querying the Event Log for Logons (Part B)

Read More

With "Cyber" Attacks, Effects Matter More Than Means

I enjoyed reading Stuxnet Poses Interesting International Cyber Law Issues by Rick Aldrich in IAnewsletter Vol 14 No 2 (pdf). I've known the author since my days in the USAF and he's very clued-in as a CS grad from USAFA and a lawyer who worked for AFOSI. I'd like to share a few excerpts. Please try to avoid fixation on Stuxnet if that topic bothers you. Stuxnet is not the core of Alrich's argument.

Article 51 of the United Nations (UN) charter states in pertinent part, “Nothing in the present Charter shall impair the inherent right of individual or collective self-defense if an armed attack occurs against a Member of the United Nations.” [8]

So can a cyber attack, such as that evidenced by Stuxnet, constitute an “armed attack?”

Clearly at the time Article 51 was written, in August of 1945, such an attack was never envisioned. Traditionally the term “armed attack” has connoted a kinetic attack – missiles, bombs, bullets and the like – but it has never been definitively defined.

Incidents like the cyber attacks against Estonia in 2007 and against Georgia in 2008 have prompted renewed interest in defining if or when a cyber attack can also constitute an “armed attack.”

International legal scholars are increasingly moving away from the means of attack and instead looking to the effects.

The test would be whether the effects of the attack are similar to those of a kinetic attack.

Cyber attacks that result in physical damage, such as the destroyed centrifuges in the case of Stuxnet, may be pulled under the rubric of an armed attack, though this approach does not rule out attacks resulting in non-physical effects if the harm is substantial.

This is fascinating, because it makes "cyber" less relevant and requires judgement regarding the consequences of an event. Clearly physical harm takes precedence here, but the underlined portion shows that even digital events without physical harm could still be considered attacks, in the eyes of legal experts.

The article raises other interesting points, such as options for Iran, but I wanted to emphasize the points I listed above.

Tweet

Read More

Old Photo Restoration using the Gimp (How to Remove a Moiré Pattern)

For this past Father's day, I worked with my brothers to create a slideshow of our awesome dad. My older brother scanned old photos from slides and photos, I did some of the photo restoration and my younger brother put the photos together and made a fun slideshow.

For this tutorial, I will show you how I did some of the restoration techniques; specifically, I will talk about how to remove Moiré other patterns on the photo. (A Moiré pattern is the dot pattern you see on many old photos. Click here to read the Wikipedia article on Moiré patterns)

Read article »

Read More

THEY DID IT

Read More

Is Digital Security Possible?

"Africa is not a continent which is any longer isolated. It is not a place where people are uninformed. It is the fastest growing market for cellular phones. Information, whether it is in the townships or wherever, now passes very quickly... And this is not an issue which is going to go away. Nor is it an issue that is trivial for those of us that live here as we do here."

 JAMES WOLFENSOHN ex-President of the World Bank 


Below is a philosophical comment I  posted on Dark Reading today:

"It has occurred to me lately (because of the advances and volume increase in penetration and ex-filtration) that the digital industry has falsely assumed that data can be kept private in a networked world; that perhaps the concept of "data security" or "network security" is not achievable or (at best) not achievable at current levels of technology, internet reach, network topology.
If this is the case, we will have to rethink our current goals. Is data security possible? If so, at what costs? Can commercial interests or individual privacy be protected on the internet? If so, what would be the true costs for such protection?
Social and economic inequality, the true driver behind nation state and organized criminal penetration and ex-filtration, may not be an affordable reality in a networked world. Conversely, a secure, networked world may be not an achievable reality in a world of social and economic inequality. Either conclusion has gross implications for the global economy as it now exists."

For some long time, in the moments between burying my head in code or research, this rather somber thought has occurred to me. If digital security is not truly possible, would the current world of security architects be able to recognize the futility of their own profession?  Probably not, I would answer. Good engineers that we are (in a profit hungry market capitalism), we simply just keep chasing the next big thing or fixing the last defect.  But what if it were the case that digital security is  not an existential possibility? What if it were the case that the next abstraction, the next algorithm always begat the next penetration or ex-filtration? What if digital security was never truly achievable for any moment but  a single point in time?


Such a realization might change the very nature of system and network architecture.   First, we would have to assume that in a networked world there will always be data. The old Unix administrators motto ("There are two types of computer users: those who have lost data and those who will."), would be the starting point for developing the integrity of information systems. How would this effect privacy, commerce, and secrecy? It would tend to devalue the importance of all three.  In effect, it would mean we would live in a very public world where the emphasis of commerce and nation building would have to be the equality of social and economic justice.  The competitive battles of nation state hackers, spies, and terrorists would have to be devalued.  In their place something non-private, non-commercial, and very public would have to come to assume world wide importance.


I will avoid (as much as possible) tendencies to describe a utopian socialist reality that co-opts the urges of the very bright and nationalistic to commit computer crime. But I will concentrate instead on what the costs of extended information warfare could become in the future to nation states and its peoples. Clearly, we are not going to feed, house,clothe or co-exist very well with the nine billion people the World Bank says will inhabit the Earth by 2050 without evolutionary advances in world health, resource sharing, energy production, climate control or food production.




Clearly technology and information sharing will be critical to prevent perpetual regional wars and oppression. And yet we cannot continue to possess  a much higher standard of living here in the West because of more substantive and efficient network technologies without incurring the jealousy and wrath of those who struggle with much less.  If an American corporation invented a 10x improvement in photo-voltaic efficiency tomorrow, could we really keep China, Brazil or Russia or India from ex-filtrating, copying, or co-opting that technology? Recent history would say no and (for better or worse) the concept that a great idea should remain private for the profit of singular developers may be a concept that is now obsolete. (Suddenly, I hear Richard Stallman cheering in the background.)


Perhaps the networked world of commerce and thought now forces us to deal with a not so surprising conclusion: that there is no way to not know the thoughts and need of our brothers and sisters in this world, no matter how far away. But if our thoughts and needs are now ubiquitous, of what use is digital security anyway?   We don't maintain security in our families and communities by arming ourselves or walling off our lives from interaction with others.  We maintain our prosperity locally by allying and befriending those we know the most. In short, as a species, we function as a pack, tribe, or herd; we take care of the people that are closest to us. How will this ethic function in a world where a rapidly expanding global internet erases those boundaries?


We are not thinking about this as security professionals. We just keep thinking about the next fix, the newest hack, the next market opportunity, the next solution.  At this rate, we are going to code ourselves into irrelevance.  We will no more solve "network security" with our current approach than medical technology can "cure cancer". At some point we will have to deal with the reality that our current security paradigms don't work and that the improvement we see in our fixes provides only temporary solutions to a very intransigent and structural set of problems. 

Read More

Security Conference Recommendations

After my post Bejtlich Teaching at USENIX Security in San Francisco 8-9 Aug a reader asked the following:

Richard,

I was curious if you could suggest other security conferences that either you have attended or have heard are better than average?

It seems as though everyone and their brother sponsor some sort of security conference and it is difficult to tell how educational they will be just by reading the website.

Perhaps you could provide some insight into how you determine which conferences you would actually pay to attend? Thanks!

Great question. The answer that follows is just my opinion, and I'm sure others feel differently. For me, I like these conferences:

• Black Hat offers the best combination of training plus briefings per unit time, on a consistent basis. In other words, I believe attendees will learn more in two days of Black Hat Training plus two days of Black Hat Briefings compared to any alternatives, every year. The content is uniformly high, regardless of whether you attend in DC, Barcelona, Las Vegas, Tokyo, or Abu Dhabi. This is why I will be teaching two TCP/IP Weapons School 3.0 classes this summer and staying for the two days of Briefings that follow.


• My next favorite event is probably the SANS What Works in Forensics and Incident Response Summit organized each year by Rob Lee. His Summit connects me with the sorts of people who do the same work that I do. The event is a mix of panels and briefings by interesting people.


• In terms of value per dollar spent, you can't beat Security B-Sides. Why is that? Well, your travel cost will likely be almost nothing, since B-Sides events happen all over the world. Registration is free. Content quality is mixed, but when you throw a lot of local security people into a room in a non-traditional format, the output is surprisingly good!


• If you want more of an academic approach, I recommend any of the USENIX conferences. They are also a mix of training, "Refereed Papers" (see what I mean), and Invited Talks. I tend to see more college students talking about "solutions" more or less detached from the real world, but the diversity of specialized events means you're likely to find something of value that meets your direct needs, especially regarding system administration. After a multi-year break, I'm returning to teach TCP/IP Weapons School 3.0 in San Francisco at USENIX Security in August.


• Returning to the incident response world, you might also like FIRST conferences. I think every CIRT should become a FIRST member, and attending a conference or other FIRST event every other year or so is a nice way to stay in touch with a very globalized security community.


• If you qualify to attend, you might also enjoy the DoD Cybercrime or GFIRST conferences. As you can tell they cater to the .gov and .mil communities, but their focus tends to involve more interesting problem sets.


• I should also give CanSecWest an honorable mention, although it's been years since I've attended. I could say the same for BSDCan and ShmooCon.
  
  Speaking of Shmoo, the logistics are the main reason I stopped going. At least with my old job, it was a hassle to commute to DC for only a Friday evening, then again for a full day Saturday, and again for only a few hours on Sunday morning. I don't like weekend events since I'd rather spend the time with my family, and the ratio of travel-to-conference for Friday evening and Sunday morning was just too high!

Regarding how I pick conferences, I primarily want to learn something and see people whom I may not have seen recently. I prefer to avoid any conferences where keynotes are given to sponsors based on their sponsorship alone. I also try to attend conferences where I expect new material to be presented.

What conferences do you like to attend, and why?

Tweet

Read More

China's View Is More Important Than Yours

In my post Review of Dragon Bytes Posted I wrote the following to summarize analysis of Chinese thoughts on cyberwar, as translated from original Chinese publications:

The Chinese military sees Western culture, particularly American culture, as an assault on China, saying "the West uses a system of values (democracy, freedom, human rights, etc.) in a long-term attack on socialist countries...

Marxist theory opposes peaceful evolution, which... is the basic Western tactic for subverting socialist countries" (pp 102-3). They believe the US is conducting psychological warfare operations against socialism and consider culture as a "frontier" that has extended beyond American shores into the Chinese mainland.

The Chinese therefore consider control of information to be paramount, since they do not trust their population to "correctly" interpret American messaging (hence the "Great Firewall of China"). In this sense, China may consider the US as the aggressor in an ongoing cyberwar.

Today's Reuters article China PLA officers call Internet key battleground elaborated on these ideas:

The essay by two PLA scholars, Senior Colonel Ye Zheng and his colleague Zhao Baoxian, in the China Youth Daily nonetheless stressed that Beijing is focused on honing its cyber-warfare skills, and sees an unfettered Internet as a threat to its Communist Party-run state.

"Just as nuclear warfare was the strategic war of the industrial era, cyber-warfare has become the strategic war of the information era, and this has become a form of battle that is massively destructive and concerns the life and death of nations," they wrote in the Party-run paper...

"Cyberware [sic] is an entirely new mode of battle that is invisible and silent, and it is active not only in wars and conflicts, but also flares in the everyday political, economic, military, cultural and scientific activities."

The first highlight makes me think the Chinese see the current cyberwar as being similar to the Cold War. During the Cold War, nuclear warfare (or avoiding it) was the strategic form of war. During the current "Electronic War" (my term, not sure I like it), cyberwar is the strategic form of war.

The second highlight shows that the Chinese see cyberwar as being active right now, and "not only in wars and conflicts." By "wars and conflicts" they mean physical combat.

The AP article China Calls US Culprit in Global 'Internet War' contained a few more choice quotes:

Writing in the Communist Party-controlled China Youth Daily newspaper, the scholars did not mention Google's claims, but said recent computer attacks and incidents employing the Internet to promote regime change in Arab nations appeared to have originated with the U.S. government.

"Of late, an Internet tornado has swept across the world ... massively impacting and shocking the globe. Behind all this lies the shadow of America," said the article, signed by Ye Zheng and Zhao Baoxian, identified as scholars with the Academy of Military Sciences.

"Faced with this warmup for an Internet war, every nation and military can't be passive but is making preparations to fight the Internet war," it said...

China needs to "express to the world its principled stance of maintaining an 'Internet border' and protecting its 'Internet sovereignty,' unite all advanced forces to dive into the raging torrent of the age of peaceful use of the Internet, and return to the Internet world a healthy, orderly environment," the article said.

As you can see, the Chinese think an information war is already being waged. The US started it, and the US continues it (in the Chinese view) as demonstrated by turbulence in the Middle East.

China's view is more important than yours, because China is acting on its view while too many in the West and the US in particular argue about whether or not a cyberwar is happening. The Chinese believe cyberwar is ongoing, and that the US started it. From what I can tell, the Chinese intend to win it.

Tweet

Read More