Wednesday, March 04, 2009

Stratfor on Chinese Bots

A very fun read from Stratfor, available in open access: "China: Pushing Ahead of the Cyberwarfare Pack."

I took issue with a few of the bits in the piece and received a nice clarification from them. The bits were:

"The Chinese government can decipher most types of encrypted e-mails and
documents" (I said that it is defies the common sense of most every
cryptographer as brute-forcing many today's algorithms is pretty much
impossible - they clarified that they meant to add "... by 0wning the endpoints," which makes their point quite correct.)

"Details were vague, but the implication was that computer encryption
inside China would become essentially useless." (disclosing the algorithms
does NOT make encryption useless - they clarified that they mean "... hardware encryption with key embedded in a device and device available to China" which makes it pretty true)

"The government’s strongest tactic is a vast network of “bots” —
parasitic software programs that allow their users to hijack networked
computers." (the fact that bots are govt-controlled and not individual
hacker group-controlled has NEVER been proven; this is just a rumor - this point is still highly debatable, IMHO)

"Today, with current technology, the Chinese government can hack into most
anything, even without information on specific encryption programs."
(my comment was "no comment" on this one :-))

"Many Chinese Web sites have these embedded bots, and simply logging on to
a Web site could trigger the download of a bot onto the host computer."
(again, no proof that this is by govt, not hackers)

In any case, enjoy the piece here.

Dr Anton Chuvakin