Skip to main content

The New York Times has an alarming story on how Chinese hackers have been attacking the newspaper for the last four months--including infiltrating its computer systems, stealing corporate passwords for its reporters, and breaking into the e-mail accounts of two foreign bureau chiefs. The Chinese hack is apparently retaliation for a New York Times story, which found that relatives of China's prime minister had accumulated several billion dollars through sweetheart business dealings. This is an unacceptable break-in that attempts to chill making information available to the public.

This week we also learned that the US is escalating its investigation into the government sources for another explosive New York Times article on the Stuxnet computer virus that attacked Iran's nuclear reactors. This is also an unacceptable hacking (euphemistically called "monitoring") that attempts to chill getting information to the public.

Both of these intrusions--instigated by newspaper articles that provided "too much" information to the public that offended government actors--are wrong and have a chilling effect.

Using so-called spy software designed to capture screen images from laptops of employees as they were being used at work or at home. The software tracked their keystrokes, intercepted their personal e-mails, copied the documents on their personal thumb drives and even followed their messages line by line as they were being drafted

Does this sounds like a computer attack done by Chinese hackers or US surveillance authorities?

The answer is that these methods have been used by both the Chinese (evidence points to the Chinese military) that hacked the New York Times and the US in hacking its own employees' e-mails, phone calls, and text messages--originating not just on their government computers, but on their private accounts as well.

Both are wrong.  Both have a chilling effect. Both evidence the vicious clampdown on any information that embarrasses a government, or worse, exposes its illegalities.

Cyberattacks are considered war crimes by both the Chinese and US governments, though both countries actively engage in using cyberwarfare against other nations and their own people.

Today's Times article states:

The mounting number of attacks that have been traced back to China suggest that hackers there are behind a far-reaching spying campaign aimed at an expanding set of targets including . . . activists and media organizations inside the United States. The intelligence-gathering campaign, foreign policy experts and computer security researchers say, is . . . about trying to control China’s public image, domestically and abroad.
The exact same thing can be said of the U.S., as Glenn Greenwald summarized so aptly:
The permanent US national security state has used extreme secrecy to shield its actions from democratic accountability. . . [T]hose secrecy powers were dramatically escalated in the name of 9/11 and the War on Terror, such that most of what the US government now does of any significance is completely hidden from public knowledge. Two recent events - the sentencing last week of CIA torture whistleblower John Kirikaou to 30 months in prison and the invasive investigation to find the New York Times' source for its reporting on the US role in launching cyberwarfare at Iran - demonstrate how devoted the Obama administration is not only to maintaining, but increasing, these secrecy powers.
EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  By "private account" do you mean their own (2+ / 0-)
    Recommended by:
    coffeetalk, KenBee

    private computer? Or a private account the employee set up on a government owned computer? That's a significant difference.

    •  Exactly. Speaking as an employer, (2+ / 0-)
      Recommended by:
      elmo, raincrow

      We provide computers for employees' work related matters.  We make clear that those are not THEIR computers, but computers fully owned by the company, and while we do not prohibit the employee from using the company computer for personal matters, we make clear that there is no expectation of privacy with respect to any matter on the company-owned computer.  I would expect the same of the government.  

      That said, if an employee has a private account on a personal computer, and does not use company-owned hardware, that IS the employee's business.

      Most people understand that if you do stuff on the company's (or the government's) computer, then the company (or the government) might look at what is on THEIR computer or what THEIR computer is used for.  After all, if it's the company's computer, the company might be held liable if it is used for illegal purposes.  

      •  Normally, if you log into your personal g-mail (5+ / 0-)

        account via the Web, on a company or government computer, the company or government would never be able to see or know this.  People are INSTRUCTED to do so if they have to briefly check their e-mail for, for example, the results of a medical test or child emergency.

        My book, TRAITOR: THE WHISTLEBLOWER & THE "AMERICAN TALIBAN," is Amazon's #1 Best Seller in Human Rights Books for February 2012.

        by Jesselyn Radack on Thu Jan 31, 2013 at 07:49:02 AM PST

        [ Parent ]

        •  That's Inaccurate (2+ / 0-)
          Recommended by:
          coffeetalk, raincrow

          Every company (with a halfway decent IT department) has full auditing capabilities of every bit and byte that traverses any piece of their network.  

          Most companies probably don't CARE if employees check their Gmail at work, but your claim that "[the company] would never be able to see or know this" is totally inaccurate.

          Too Folk For You. - Schmidting in the Punch Bowl - verb - Committing an unexpected and underhanded political act intended to "spoil the party."

          by TooFolkGR on Thu Jan 31, 2013 at 08:00:27 AM PST

          [ Parent ]

        •  You really should get your facts straight (1+ / 0-)
          Recommended by:
          raincrow

          Our computers are on a network, and can be monitored and audited by our IT group at any time.  I suspect that any business of any size has the same capability.

          And, of course, it's our network that they use to get to the internet.  Just like you get a warning when you use a network "pipe" to the internet at your local coffee shop that it's a public network and what you do may be viewable by others, when you use someone else's (your employer's) network to access the internet, what you do may be viewable by others.  

    •  Private account they set up on their own computer, (6+ / 0-)

      which they sometimes log into from work to send a personal e-mail.

      For years, government employees were told this was the "safe" way if they needed to send a personal message.  Log into their gmail account from work and confirm a doctor's appointment, or whatever brief private matter they need to take care of.

      My book, TRAITOR: THE WHISTLEBLOWER & THE "AMERICAN TALIBAN," is Amazon's #1 Best Seller in Human Rights Books for February 2012.

      by Jesselyn Radack on Thu Jan 31, 2013 at 07:46:12 AM PST

      [ Parent ]

      •  No, they weren't. (1+ / 0-)
        Recommended by:
        elmo

        If by "safe" you mean "the government would not be able to see what they were doing."  I can't imagine any responsible employer telling an employee that the employee can use employer owned hardware and an employer owned network and that was "safe" as in "we can't see what you are doing even if we want to."

        I DO know that employers may have told employees that it is "ok" to use employer owned computers for the occasional  personal message, with the understand that there's no "privacy" in the sense that the employer could still see it if the employer wanted to (which they don't, most of the time).

      •  Hmm (1+ / 0-)
        Recommended by:
        coffeetalk
        which they sometimes log into from work
        So they are using their employer's computer, not their own? Sorry, there is no expectation of privacy when you are using your employer's equipment for your own personal use.
        •  There's no expectation of privacy (3+ / 0-)
          Recommended by:
          joe shikspack, JesseCW, aliasalias

          period unless your using encryption.  Everything on the internet is monitored constantly and has been for a long time.  It is read by machine and correlated for human consumption based on key words.  This is nothing new.

          Using someone else's computer does not give them the right to access your private accounts.  If you borrow my computer it would be illegal for me to access your accounts without you permission.

          Of course, since a corporation is doing it the courts will uphold their right to do it.  Welcome to the surveillance state!

  •  My Company Owns The Laptop I Use For Work (1+ / 0-)
    Recommended by:
    coffeetalk

    They are within their rights to monitor--to any extent they desire--every bit of information that takes place on their hardware, their software, and their networks.  I have no business using any of those things for personal use, and if they find out I was and fire me I had it coming.

    The idea of taking photos of the insides of people's homes is pretty stupid, and I can't imagine any employer would actually gain anything from it...

    But everything else you mentioned is fair game.

    Too Folk For You. - Schmidting in the Punch Bowl - verb - Committing an unexpected and underhanded political act intended to "spoil the party."

    by TooFolkGR on Thu Jan 31, 2013 at 07:58:43 AM PST

  •  With the proliferation of Smart Phones and Tablets (1+ / 0-)
    Recommended by:
    coffeetalk

    People don't need to use company equipment or networks to check personal communications.

    Still no expectation of privacy however.

    Big Brother is always Watching.

  •  shoulder chips pen bad titles (1+ / 0-)
    Recommended by:
    714day

    even, sadly, on useful diaries.

    clime parches on. terms: ocean rise, weather re-patterning, storm pathology, drout-famine, acceptance of nature.

    by renzo capetti on Thu Jan 31, 2013 at 08:58:31 AM PST

  •  We own the devices we use less and less (5+ / 0-)

    I rooted my phone before it was illegal and I've been able to make it secure using various Tor based programs from the Guardian Project.

    Encryption is the answer to these problems, and it's the only answer right now.

  •  The attitude at the NYT towards security was awful (3+ / 0-)

    I worked at the Times  for 35+ years. The last 20+ in IT.
    The attitude toward security was shockingly lax.
    After I earned a M.S. in Computer Science and while working in an IT department I wrote a lengthy memo outlining several huge lapses. Four years later when I left none of them had even been addresses (nor was my memo answered or acknowledged).
    Ex. We gave root access to the entire network of page production and pagination machines, using the same password for all users, never changed when people left the company, to all members of the systems department.
    Ex. We had secure ID cards issued to remote users. Anyone who called our department claiming to be a reporter was issued a temporary ID and password.
    While it may have been Chinese Intelligence who hacked the NYT it could just as easily have been a gang of 12 year old smart kids with a laptop.
     

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site