China « Mrs. Mecomber's Scrapbook

Posts Tagged China

Government Gmail Use: Is It Wise?

Jan 14

Posted by Mrs. Mecomber in Google, crime, email programs, news | 2 Comments

I saw this excellent article by Paul Strassman (writing a guest post for Larry Dignan) at ZDNet. I admit, though- I did not know that government officials– in this case, the Department of Defense– use Gmail for their government correspondence. Holy cow!

Federal Chief Information Officer Vivek Kundra has been a consistent advocate of increasing the government’s use of commercially available technologies, such as Gmail. In fact, as the District of Columbia’s chief technology officer, Kundra implemented Google Apps, including Gmail, for all District employees.

A number of Department of Defense (DoD) organizations are already using Gmail. Meanwhile, Google has made secure Gmail the default choice in light of the cyberattack the company detailed on Tuesday.

…Once you can wiretap, you can eventually figure out how to distinguish Gmail traffic from other traffic, and reverse engineer how Gmail data is replicated across servers.

There is no defense against a hostile party with full physical access to your server room. That is why Google’s only logical option is to withdraw all physical servers from China.

There are two Google data centers in China, almost surely co-hosted on shared facilities and not owned by Google. Similarly, there is a co-hosted facility in Russia. Unless a facility is owned and operated by Google it would be always suspect, and even then it would not qualify to operate DoD classified mail.

DoD should therefore not consider Gmail as a viable option because it cannot be trusted. Only a secure DoD Private Cloud, isolated from the Internet, can be seen as an acceptable option.

It’s a contentious issue- the comments on the post are filled with such incredulity as I express. And an update to the post was issued later today, when Google spokesman spoke out:

The premise of Mr. Strassman’s post is without merit: there’s no need to withdraw servers that store Gmail information from China because there aren’t any there.

I think Mr. Strassman’s post IS merited… because while Mr. Strassman does mention the recent cyberattack on Google’s Gmail as an impetus for moving DoD mail away from Gmail, the premise IS that the DoD, and truly all government offices, should have their own secure email system outside of the “cloud” maintained by global business. It’s just good sense. It blows my mind that the DoD has email with Gmail! Doesn’t the government have their own system?! It mirrors the same bafflement that I have regarding the SSL issues with online banking websites– their security is pitiable, whereas my photo-sharing account is tighter than a drum. Crazy!

Tags: China, government, hackers

Internet Warfare

Nov 9

Posted by Mrs. Mecomber in crime, news, security news | 3 Comments

Disturbing news from ComputerWorld. China is gearing up for “cyber warfare” while the United States blindly favors China with “Most Favored Nation” status, pandering to its Communist oppressive government, and free trade of endless toxic crap from the country…. unbelievable.

Looking to gain the upper hand in any future cyber conflicts, China is probably spying on U.S. companies and government, according to a report commissioned by a Congressional advisory panel monitoring the security implications of trade with China.

The report outlines the state of China’s hacking and cyber warfare capabilities, concluding that “China is likely using its maturing computer network exploitation capability to support intelligence collection against the U.S. government and industry by conducting a long term, sophisticated computer network exploitation campaign.”

Published Thursday, the report was written by Northrop Grumman analysts commissioned by the U.S.-China Economic and Security Review Commission.

Government agencies and military contractors have been hit with targeted, well-crafted attacks for years now, many of which appear to have originated in China. But this report describes in detail how many of these attacks play out, including an attack that exploited an unpatched flaw in Adobe Acrobat that was patched earlier this year.

Citing U.S. Air Force data from 2007, the report says at least 10TB to 20TB of sensitive data has been siphoned from U.S. government networks as part of a “long term, persistent campaign to collect sensitive but unclassified information.” Some of this information is used to create very targeted and credible phishing messages that then lead to the compromise of even more computers.

…The report describes sophisticated, methodical techniques and speculates on possible connections between Chinese government agencies and the country’s hacker community, increasingly a source of previously unknown “zero-day” computer attacks.

“Little evidence exists in open sources to establish firm ties between the [People's Liberation Army] and China’s hacker community, however, research did uncover limited cases of apparent collaboration between more elite individual hackers and the [People's Republic of China's] civilian security services,” the report says.

I remain totally baffled that the U.S. STILL maintains this one-sided relationship. In more realistic days, such activities would have been called for declarations of war. Our pink-puffy politicians just rake in the donations while they rip us off and sell us out! When will our coddling of China end?

Tags: China, security