Can FOSS offer a more secure environment? Is FOSS happening in China?The report mentions 'pirated' OS . China Alarmed by Security Threat From Internet
By SHARON LaFRANIERE and JONATHAN ANSFIELD Published: February 11, 2010 BEIJING — Deep inside a Chinese military engineering institute in September 2008, a researcher took a break from his duties and decided — against official policy — to check his private e-mail messages. Among the new arrivals was an electronic holiday greeting card that purported to be from a state defense office. Enlarge This Image<http://www.nytimes.com/2010/02/12/world/asia/12cyberchina.html?hpw> <http://www.nytimes.com/2010/02/12/world/asia/12cyberchina.html?hpw> Shiho Fukada for The New York Times An Internet cafe in Beijing. The researcher clicked on the card to open it. Within minutes, secretly implanted computer code enabled an unnamed foreign intelligence agency to tap into the databases of the institute in the city of Luoyang in central China<http://topics.nytimes.com/top/news/international/countriesandterritories/china/index.html?inline=nyt-geo> and spirit away top-secret information on Chinese submarines. So reported Global Times, a Communist Party-backed newspaper with a nationalist bent, in a little-noticed December article<http://mil.huanqiu.com/Exclusive/2009-12/659859.html>. The paper described the episode as “a major security breach” and quoted one government official who complained that such attacks were “ubiquitous” in China. The information could not be independently confirmed, and such leaks in the Chinese news media often serve the propaganda or lobbying goals of government officials. Nonetheless, the story is one sign that while much of the rest of the world frets about Chinese cyberspying abroad, China is increasingly alarmed about the threat that the Internet poses to its security and political stability. In the view of both political analysts and technology experts here and in the United States, China’s attempts to tighten its grip on Internet use are driven in part by the conviction that the West — and particularly the United States — is wielding communications innovations from malware to Twitter<http://topics.nytimes.com/top/news/business/companies/twitter/index.html?inline=nyt-org> to weaken it militarily and to stir dissent internally. “The United States has already done it, many times,” said Song Xiaojun, one of the authors of “Unhappy China<http://www.shanghaidaily.com/sp/article/2009/200903/20090327/article_395564.htm>,” a 2009 book advocating a muscular Chinese foreign policy, which the party’s propaganda department is said to promote. He cited the so-called color revolutions in Ukraine and Georgia as examples. “It is not really regime change, directly,” he said. “It is more like they use the Internet to sow chaos.” State media have vented those concerns more vociferously since Secretary of State Hillary Rodham Clinton<http://topics.nytimes.com/top/reference/timestopics/people/c/hillary_rodham_clinton/index.html?inline=nyt-per> last month criticized China for censorship and called for an investigation of Google<http://topics.nytimes.com/top/news/business/companies/google_inc/index.html?inline=nyt-org>’s assertion that its databases had been the target of a sophisticated attack from China. “China wants to make clear that it too is under serious attack from spies on the Internet,” said Cheng Gang, author of the Global Times article. Despite China’s robust technological abilities, its cyberdefenses are almost certainly more porous than those of the United States, American experts say. To cite one glaring example, even Chinese government computers are frequently equipped with pirated software fromMicrosoft<http://topics.nytimes.com/top/news/business/companies/microsoft_corporation/index.html?inline=nyt-org>, they say. That means many users miss out on security upgrades, available to paying users, that fix security breaches exploited by hackers. Cybersecurity is a growing concern for most governments. While the United States probably has tighter defenses than China, for example, experts say it relies more heavily on computers to run its infrastructure and so is more vulnerable to an attack. But for China, worries about how foreign forces might employ the Internet and other communications advances to unseat the Communist Party are a salient factor in the government’s 15-year effort to control those technologies. Chinese leaders are constantly trying to balance the economic and social benefits of online freedoms and open communications against the desire to preserve social stability and prevent organized political opposition. A distinct shift in favor of more comprehensive controls began nearly two years ago and hardened over the past six months, analysts say. New policies are intended to replace foreign hardware and software with homegrown systems that can be more easily controlled and protected. Officials are also expanding the reach and resources of state-controlled media outlets so they dominate Chinese cyberspace with their blogs, videos and news. At the same time, the government is beefing up its security apparatus. Officials have justified stronger measures by citing various internal threats that they say escalated online. Among them: the March 2008 riots in the Tibetan capital, Lhasa; reported attempts to disrupt the August 2008 Olympic Games and the amassing of more than 10,000 signatures supporting a petition for human rights and democratic freedoms, an example of how democracy advocates could organize online. Especially alarming to officials, analysts say, was the role of the Internet in ethnic riots last July that left nearly 200 people dead and more than 1,700 injured — the worst ethnic violence in recent Chinese history. Government reports asserted that terrorists, separatists and religious extremists from within and outside the country used the Internet to recruit Uighur youth to travel to Urumqi, the capital of western China’s Xinjiang region, to attack ethnic Han citizens. In August, security and propaganda officials briefed China’s ruling Politburo on their view of how the Xinjiang riots developed, according to one media executive with high-level government ties. The executive spoke on the condition of anonymity for fear of retribution for discussing delicate political topics. China’s leaders also reviewed how Iranian antigovernment activists used Twitter and other new communication tools to organize large street demonstrations against President Mahmoud Ahmadinejad<http://topics.nytimes.com/top/reference/timestopics/people/a/mahmoud_ahmadinejad/index.html?inline=nyt-per> over the summer. He said Chinese leaders saw the Iranian protests as an example of how the United States could use the new forms of online communication in a fashion that could one day be turned against China. “How did the unrest after the Iranian elections come about?” People’s Daily, the Communist Party’s official newspaper, asked in a Jan. 24 editorial. “It was because online warfare launched by America, via YouTube video and Twitter micro-blogging, spread rumors, created splits, stirred up and sowed discord.” Since the unrest in Iran and Xinjiang, Chinese leaders accelerated a raft of new initiatives, including closing thousands of Web sites, tightening censorship of text messages<http://topics.nytimes.com/top/reference/timestopics/subjects/t/text_messaging/index.html?inline=nyt-classifier> for lewd or “unhealthy” content and planning to converge China’s Internet, phone and state television networks. They are also carefully cultivating homegrown alternatives to foreign computer technologies and foreign-based Web sites like YouTube, Facebook<http://topics.nytimes.com/top/news/business/companies/facebook_inc/index.html?inline=nyt-org> and Twitter, all of which Chinese censors now block. The government says it needs the new controls to fight pornography, piracy and other illegal activity. In November, nearly 300 government officials and technicians gathered in Beijing for a seminar that stressed China’s vulnerability in cyberspace. “It is a long-existing reality that the West is stronger than us in terms of information security,” said the seminar training manual<http://www.djbh.net/html/zxdt02.htm>, posted on the Web site of the Ministry of Public Security. “Most of the key technology and products in the information security sphere are held in the hands of Western countries, which leaves China’s important information systems exposed to a bigger chance of being attacked and controlled by hostile forces,” the manual said. The risks of dependence on foreign-made software became clear in 2008 after Microsoft deployed a new antipiracy program aimed at detecting and discouraging unauthorized users of its Windows operating system. In China, where an estimated four-fifths of computer software is pirated, the program caused millions of computer screens to go dark every hour and led to a public outcry. New government procurement rules require state buyers to give preference to Chinese-made computers and communication products, among other supplies and services. But James Mulvenon, director of the Center for Intelligence Research and Analysis, a Washington-based consulting firm, said such orders were typically ignored. James A. Lewis <http://csis.org/expert/james-andrew-lewis>, director of the Center for Strategic and International Studies<http://topics.nytimes.com/top/reference/timestopics/organizations/c/center_for_strategic_and_international_studies/index.html?inline=nyt-org>, a Washington-based research group, said China was caught between contradictory goals. The authorities want to keep using superior Western software so they can engage in espionage and defend themselves against foreign infiltration. “But at the same time they want to use indigenous software, which is not up to par,” he said. But China is pushing hard to catch up. Mr. Mulvenon describes China as “absolutely the world leader” in development of Internet Protocol Version 6 (IPv6) — the successor to the current Internet. Some suggest China aims to develop a more autonomous system equipped with stronger firewalls and filters. China’s leaders “have always had the ambition to develop the capability of one big domestic Intranet that they could manage more easily, if need be,” one Communist Party newspaper editor said. But others suggest China is merely trying, like other nations, to respond to the reality that the existing IPv4 global Internet, in which the United States commands a disproportionate share of addresses, will soon run out of space. The clearest evidence of China’s determination to wield greater control was the virtual communications blackout imposed over Xinjiang for six months after the July riots. Nineteen million residents in a region more than twice as big as Texas were deprived of text-messaging service, international phone calls and Internet access to all but a few government-controlled Web sites. The damage to tourism and business, not to mention the disruption to everyday life, was significant. Hu Yong, a Beijing-based media expert, said the government was no longer as worried as it once was about the economic impact of electronic communication controls. “Now that is more secondary to their concerns about political and social stability,” he said.
_______________________________________________ network mailing list [email protected] http://lists.fosscom.in/listinfo.cgi/network-fosscom.in
