Skip to comments.Former cybersecurity czar: Every major U.S. company has been hacked by China
Posted on 03/28/2012 1:04:20 AM PDT by LibWhacker
Richard Clarke says evidence 'pretty strong' that China is stealing commercial secrets
March 27, 2012, 12:18 PM Former White House cybersecurity advisor Richard Clarke has made a career out of issuing security warnings.
His most famous, of course, was his alert to Bush Administration officials in July 2001 -- 10 weeks before 9/11 -- that "something really spectacular is going to happen here, and it's going to happen soon."
Clarke was talking about an attack on U.S. soil by Al-Qaida, the terrorist group he had been warning the new administration about -- to virtually complete indifference -- since that January.
Now Clarke, author of the book Cyber War, is issuing an alert via Smithsonian magazine that the U.S. is defenseless against a cyberattack which could take down major parts of the nation's infrastructure, including civilian, military and commercial networks.
What makes the U.S. especially vulnerable, Clarke says, is that its aggressive "cyberoffense" -- the U.S. government is involved in espionage against other governments, he tells Smithsonian -- isn't matched by an effective, or even competent, cyberdefense, making the nation particularly vulnerable to blowback.
Clarke says he's concerned that hackers on the Chinese government payroll are threatening the U.S. economy.
"Im about to say something that people think is an exaggeration, but I think the evidence is pretty strong. Every major company in the United States has already been penetrated by China, Clarke says in the Smithsonian interview:
Clarke claims, for instance, that the manufacturer of the F-35, our next-generation fighter bomber, has been penetrated and F-35 details stolen. And dont get him started on our supply chain of chips, routers and hardware we import from Chinese and other foreign suppliers and what may be implanted in themlogic bombs, trapdoors and Trojan horses, all ready to be activated on command so we wont know what hit us. Or whats already hitting us.
To Clarke this is a more insidious and dangerous attack than some high-profile, real-time assault on commercial and government networks.
"My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese," Clarke tells Smithsonian. "And we never really see the single event that makes us do something about it. That its always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China....After a while you cant compete."
It's easy to dismiss this as alarmism, but the man has a track record of being right.
Another victory for the “free trade uber alles” crowd.
Now, as someone who used to work in the networking industry, here’s a little possibility that should make one’s blood run cold:
All those network interface and other low-margin chips that are now fab’ed in China... and designed into networking gear, PC’s and other devices on our networks: how do you know that the only thing on those chips is (eg) an Ethernet interface? How do you know that there isn’t something more?
I’m in the business myself.....and to address your statement/question: You and others assume that no one seems to care about QC; that product isn’t analyzed, inspected, checked out, shaken out, etc. to the nth degree before dissemination.
The Chinese aren’t supermen, #1, and #2, the finest minds on the planet in the semiconductor industry are in American companies. We’re the OPEC of information technology, and the world full-well knows it. If the Chicomms were to attempt a cyber attack on this country, there are FAR more effective ways to approach it than inserting cutesy “time bombs” into silicon. That’s nonsense.
I swear at times it seems like most of the posts and comments on FR are nothing but creative Chinese hackers using the forum to generate a directed mob mentality.
But I am pretty sure its just the rats from the DUmp.
The Obama administration is full of Chicom and KGB loving Marxists—Obama himself the worst. They are busy leaking our national security secrets to the communists—like the flight codes of our stealth drones—and don't forget on the hot mike how Obama promised more to Putin AFTER he is reelected when he will have the power to really make us vulnerable.
Clarke is still working for the Left (and he is so vain and benighted he may not even know it) and is trying shift the blame for our security problems on the Chicoms when it is cleary Obama’s treasonous espionage.
Richard is there to tell lies. He did so well for TWA 800.
Good points but I think you’re a little off here,
“like the flight codes of our stealth drones”.
The Chinese arent supermen, #1, and #2, the finest minds on the planet in the semiconductor industry are in American companies.
You and others assume that no one seems to care about QC; that product isnt analyzed, inspected, checked out, shaken out, etc. to the nth degree before dissemination.
Without being a Clarke apologist or asserting "superman," my worldview of the ChiComs is quite different.
QC? Simply a dog and pony show. Well planned and often rehearsed before the always announced "VIP's" ever arrive. Following suspicions that China exported toxic pet foods or lead painted toys; we've found these consumer items deeply integrated beyond the marketplace.
Fact is more Chinese people speak English than USA citizens do; more Chinese students graduate with advanced technical degrees each year than the USA enjoys. The technology gap quickly closes.
What ChiComs can't develop on their own, they steal; what they can't steal, they'll purchase. And what they can't purchase outright, ChiComs will bribe seditious politicians to do their will.
China's cyberwarfare command is quite a sophisticated apparatchik, no thanks to Google. Keyword gleans of our social media sites, including FreeRepublic, for national security technical discussions help them target sensitive USA military systems. And US business research and development.
My gut feeling is most "wikileaks" products are simply overt cyberware demonstrations. Our enemies demonstrate they can and do penetrate our secure communications networks. Rather than the work of a lone deranged sissy like Bradley Manning.
Chances are the moment China decides it's to their advantage; tech items such as my Droid 4 phone will become a paperweight.
Clarke may be useless but he’s right on this one. I’m in the security business, its not a matter of if you’ve been hacked but when and how bad.
It is a shame when a known liar tells the truth. The boy’s words just sound like “wolf” for the hundredth time.
Possible, but in most cases the IPs I see are from eastern Europe (Russia), China, or Brazil.
Nice summary. I would add that in my experience in IT, the the culture that drives bean counters to be concerned about quarterly profits and the last nano-cent of profit is a large part of the problem.
Good QC and robust security are expensive.
It’s not that I completely underestimate the Chinese.....but it’s equally dangerous to OVERestimate their capabilities, as well.
QC is far more than a dog and pony show. We’re not talking about companies subbing out the manufacture of dolls and trinkets here; we’re talking about heavy duty procs (try to find those being used in critical systems that are manufactured in mainland China, by the way). There are very, VERY rigorous pre-, during, and post-production QC processes that would make it ridiculously difficult, if not outright impossible, for Chicomms or anyone else to embed microcode into these processors. You have to give the manufacturers a bit of credit here......and don’t give the Chicomms too much credit.
The “time bomb” thing is utter twaddle.
But dropping the ability to activate a monitoring functionality in an ethernet chipset with a remote “golden packet?”
Pud easy. Time bombs are for amateurs. Turning your enemy’s entire network into your own version of the NSA... that’s appealing.
And QC wouldn’t catch it. Not unless QC for chipsets includes a scanning electron microscope on the silicon, asking “Hey, what do these seemingly extra set of gates over here do?” The chip works perfectly as intended, in every way. You have to take a look at the chip and say “OK, this set of gates does that, and this other set of gates does this... OK, all that’s required... and what’s this set over here do?”
It just passed off as a little extra “diagnostic logic” on the chip.
BTW — I know for a fact from experience that Ethernet chipsets aren’t that well checked out. We had to deal with problems in the IFG on the SEEQ 8003 chipset way back in the mid-90’s. That was just one of the chipsets that had problems under high loads... and it took logging packets on the wire with scopes (oscilloscopes, not data analyzers) to prove the problem to the chip vendors. They refused to deal with the problems in their chipsets until we rubbed their noses in it.
Her reply was, "Yes, but we have more to lose".
In other words, everyone is spying on everyone else. But the US has the most technology to lose in this age old activity, especially, now that the world is linked via the world wide web.
And, likely, there will come a day, when the Chinese will have more to lose, and will bring it up to America's attention instead.
Agree to not overestimated China. However, we must not forget everything China shows the world is a manufactured landscape; the ultimate dog and pony show.
Chinese manufacturing facilities aren’t independent business entities, we’re dealing with communist-fascism. Working conditions in a country that OSHA would shut down in a second; our short-sighted bean counters willingly pack an entire US manufacturing facility to shave one cent per unit. Despite Chinese employees are basically slaves, in their gated company town dormitories. These are the coveted “good” jobs in the manufacturing sector. The ultimate manager’s bonus is achieving a better housing condition than those of their management peers.
The best and brightest work for government. Behind computer screens, arguably under much better working conditions. Their team bonus for the latent imbed of a juicy intelligence gathering trojan within a commercial thumb drive: A better crib than their peers.
A few days after posting a photo image upon FreeRepublic, a image hosted from my business website; five unique visits from China. Coincidence? Five bored DUmpster diving kiddie types in China suddenly strayed from the DUmp while in mommie’s basement; just to visit an Ohio website specializing in market goats. Yeah, that’s the ticket.
Thanks for your kind words. Funny how the reportedly “great” school 0bama allegedly graduated from; her bean counter graduates aren’t concerned about China’s lack of EPA, OSHA, DOL compliance hassles, either.