Cables Discuss Vast Hacking by a China That Fears the Web

This article finally adds detail about how the Google hacks were carried out - something I've been waiting for since the first day of cablegate, when it was mentioned that there were cables discussing the event.

<i>The cables indicate that the American government has been fighting a pitched battle with intruders who have been clearly identified as using Chinese-language keyboards and physically located in China.</i><p>Does anyone have insight into how keyboard language and physical location get clearly identified? I can't think of how you'd do that reliably.<p>Keyboard language: can you build timing signatures for how people type on different keyboards? Then set up a keylogger on a known compromised host or a honeypot, watch the intruder type for a while, and match the signature? That seems pretty easily defeatable: do as much as you can via scripts, and if you ever need to type something, pass all your keystrokes through a filter that knows how to mimic each timing signature.<p>I can't come up with a plausible way to pin down physical location, but I'm sure someone on here has a better working knowledge of that kind of thing than I do.

I'm finding the degree to which the political establishment is clueless as to the actual hard technical details of what is happening with this entire episode quite interesting, for example a quote from a recent article on the arab press response to the incident;<p><i>No one knows the truth of this WikiLeaks thing. Is it plausible that the United States with all its greatness, power and valor, cannot stop WikiLeaks and its millions of documents? Or have these documents been leaked by the Americans themselves to achieve a particular goal? Or has America simply turned a blind eye to the leak?</i><p>China's paranoia and amusing conclusions about the "fundamentally controllable" nature of the web also betray a lack of understanding of how this all really works, and a lot of the US response seems to fail to grasp that the game is already over and wikileaks has already won regardless of any action they take from here on in short of turning off the internet. And even the effectiveness of that is questionable, disregarding the fact that it simply will not happen.

<i>The cable goes on to quote this person as saying that the hacking of Google “had been coordinated out of the State Council Information Office with the oversight” of Mr. Li and another Politburo member, Zhou Yongkang.” Mr. Zhou is China’s top security official....But the person cited in the cable said he did not make that claim, and also doubted that Mr. Li directed a hacking attack...</i><p>You can rest assured he also will never be making any further claims or providing further sensitive information to American diplomats. Not after this.<p>I don't mean that as a good-bad thing. It simply is a statement of how things are -- and how they have changed. Draw your own conclusions.

China's current advantage in "cyber-warfare" is temporary.<p>As China keeps developing, the internet surface area of its corporations and institutions will be just as vast as the US. And it won't be magically immune to script-kiddies around the world, either.

Let's put two and two together folks...<p>First: Wouldn't the person who leaked the news of the Chinese hacking have a reasonable expectation that his leak would come back to the Chinese <i>through their hacking</i>?<p>Second: Every nation is spying on every other nation all the time and diplomatic communication is one of the first targets. That is why diplomats are ... diplomatic. They know they are always being watched even when they supposedly aren't.<p>Perhaps Wikileaks got far more than any other nation could expect to get through all the spying that goes on. But I doubt it.<p>What's out so-far hasn't been especially embarrassing to the US. That could be because the US is all sweetness and light. Or it could be because there's difference between 'secure' and 'secret'. Secure channels for things that shouldn't get out but wouldn't be a disaster to let out.<p>On the subject of Wikileaks itself, this brings up the point that whatever wikileaks winds up with through "humanitarian" leaking is going to be less than enemies of the US will wind-up through adversarial hacking.<p>Shouldn't the US public know at least as much about US behavior and motivations as the Chinese Polit Bureau?