Content mafia to US govt: WE WANT TOTAL WAR!1

May 27, 2013

http://boingboing.net/2013/05/26/us-entert...ustry-to-c.html

US entertainment industry to Congress: make it legal for us to deploy rootkits, spyware, ransomware and trojans to attack pirates!

The hilariously named "Commission on the Theft of American Intellectual Property" has finally released its report, an 84-page tome that's pretty bonkers. But amidst all that crazy, there's a bit that stands out as particularly insane: a proposal to legalize the use of malware in order to punish people believed to be copying illegally. The report proposes that software would be loaded on computers that would somehow figure out if you were a pirate, and if you were, it would lock your computer up and take all your files hostage until you call the police and confess your crime. This is the mechanism that crooks use when they deploy ransomware.

Sony showed us how to do the rootkitting of customers PCs the "right" way with their "enhanced" CDs. Valve showed us that centralized DRM ridden platforms can even be forced upon formerly "free" markets. Origin expanded on that by showing us the value of finding out the sexual orientation and entire hard disk content of the buyers. Microsoft wants to install an all seeing all hearing eye of Sauron in everybody's living room - and now we're in for a new treat, some nice ransomware like those fake "child porn" trojans that tell you to pay 100€ or you'd be prosecuted - for files that that piece of malware downloaded onto your computer without your consent, btw.

We'll see if the industry crooks go the way of the semiprofessional ones and install a torrent client that downloads Lady Gaga so they can send you a nice bill for $50k for your crimes against humanity.

Discuss - if you will.

OT rant: I think we were lately on the topic of DRM, DLC, added content etc - maybe if we're lucky R* will also give us a rootkit for the SE or CE! That'd be soooo coool of them, all you guys hating on them are like totally stupid! I like the added value, I'm sure that rootkit will be crafted to the superior R* standards and I'm willing to pay a little extra, after all the content industry is our friend and we have to protect it

Edited May 27, 2013 by baguvix_wanrltw

May 27, 2013

You're like the modern age-of-technology Lil Weasel.

May 27, 2013

You're like the modern age-of-technology Lil Weasel.

Yeah he is haha!

Meh, it'll never pass, it's stupid anyway.

May 27, 2013

We're talking theft of intellectual property here, not piracy. My understanding of the document was the it effectively only applies to state-sponsored, persistent targeting of critical infrastructure and economic services; in fact the document itself refers specifically to international IP theft. It's got absolutely nothing to do with the US entertainment industry, and everything to do with stopping China engaging in industrial and economic espionage. Threat-based operations against network intrusion doesn't really apply to people downloading songs off BitTorrent. If you fancy, have a read of the actual document the commission prepared- here. Some tip-bits:

Members
• Dennis C. Blair (co-chair), former Director of National Intelligence and Commander in Chief of the U.S. Pacific Command

• Jon M. Huntsman, Jr. (co-chair), former Ambassador to China, Governor of the state of Utah, and Deputy U.S. Trade Representative

• Craig R. Barrett, former Chairman and CEO of Intel Corporation

• Slade Gorton, former U.S. Senator from the state of Washington, Washington Attorney General, and member of the 9-11 Commission

• William J. Lynn III, CEO of DRS Technologies and former Deputy Secretary of Defense

• Deborah Wince-Smith, President and CEO of the Council on Competitiveness

• Michael K. Young, President of the University of Washington and former Deputy Under Secretary of State

Nothing in there suggesting any links to the US entertainment industry. Looks like trade, military and economic affairs big-wigs to me.

The role of China
• Between 50% and 80% of the problem. The major studies range in their estimates of China’s share of international IP theft; many are roughly 70%, but in specific industries we see a broader range.

• The evidence. Evidence comes from disparate sources: the portion of court cases in which China is the destination for stolen IP, reports by the U.S. Trade Representative, studies from specialized firms and industry groups, and studies sponsored by the U.S. government.

• Why does China stand out? A core component of China’s successful growth strategy is acquiring science and technology. It does this in part by legal means—imports, foreign domestic investment, licensing, and joint ventures—but also by means that are illegal. National industrial policy goals in China encourage IP theft, and an extraordinary number of Chinese in business and government entities are engaged in this practice. There are also weaknesses and biases in the legal and patent systems that lessen the protection of foreign IP. In addition, other policies weaken IPR, from mandating technology standards that favor domestic suppliers to leveraging access to the Chinese market for foreign companies’ technologies

Looks like the report is referring to state-sponsored espionage to me.

I don't think there's much, if any evidence of the report referring to internal theft of IP. There's no mention of it, and the measures are all very clear in their addressing of the focus being on state-sponsored activity.

@baguvix_wanrltw- I'm aware I haven't responded to your last post in the other thread still- I will do so when I get a chance.

May 27, 2013

Well...

Its actually an extremely necessary piece of legislation because Americans are losing hundreds of billions because of intellectual property theft. This isn't about some minor pirate, who decides to upload a song, instead it's about large scale, organized Chinese industrial espionage. In the long run, such IP theft is going to hurt the US of A quite badly. Right now the companies who fall victim to such theft don't have any legal counter-measures.

May 27, 2013

sivi, of course it'd be you again Oh man. Another long one I suppose. No worries about the other thread, that just became too much work, I assume you have a life outside of this forum as well. Besides I think we made our points, no need to agree entirely.

As for this thing, it really depends on who you trust as a source apparently - for example [email protected] stated that new legislation was actually being sought while Heise (beware of ze Germans!) explicitly claims that statement was in error and no new legislation is being sought because they believe their actions were covered by law already.

But apparently they do want to go through with the CP-trojan style computer locking, which begs the question: are you really trying to tell me that the US gov't/whatever private organization is being "attacked" "from China" is supposed to somehow lock up that chinese guys' computer? And then that chinese gov't hacker is supposed to call a 1-800 number to have his computer unlocked by the friendly FBI guy next door? What if that 1337 chinese gov't hacker isn't using Windows XP and his computer can't be "locked" so easily?

I'm sure that "theft of IP" works just the way it usually does: we say it's about jobs (THE argument, always works), fantastillions of dollars that are lost in Murrkah and blah blah blah.

While in reality all that legislation seeks is to improve profit margins. Just like all the network monitoring infrastructure that was supposed to "only ever be used against terrorists", then came the pedophiles, then (depending on country) the left wing, then demonstrants, then regime critics etc. etc.

My point: just because that paper sounds to you more like it was aimed to protect the poor and hard working masses of the US of A doesn't make it so. First of all, call me cynical but usually these groups don't have lobbies, and especially no organizations that churn out 84 page reports just about how bad they're off.

Another thing: it's common knowledge that in order to do business in China you have to hand over a certain level of control over said business to the chinese. They didn't need to cry for 84 pages to make that known, I didn't even need a full sentence. You can't really think that's all this is about... have you not been around for ACTA? SOPA? PIPA? Any of that sh*t? Perhaps the new incarnations with the most confusing possible names so nobody can tell it's just the same sh*t under a new pseudonym? No?

But to get more into facts... let's start at the beginning:

We're talking theft of intellectual property here, not piracy.

Uuuuuuummmmmmm....

Chapter 7
Copyright Infringement

In 1999, a political scientist was in an economically well-developed area of China studying,

ironically, intellectual property rights. While interviewing an official who worked in the Office of

the Education, Science, Culture, and Public Health Committee of the Provincial People’s Congress,

the researcher mentioned that he was interested in purchasing a CD-ROM set of China’s national

and local laws, but even at the reduced price of $1,000, this was more than the academic could afford.

The government official took the researcher to a market notorious for openly selling pirated software.

The researcher walked away with the entire set for roughly $1.50.

Then you go on to talk about "persistent targeting of critical infrastructure" which is true, but the only gov'ts doing that (at least persistently, like you said) are the American and Israeli ones (Stuxnet, Flame, Duqu, whatshisface, ...). So lol, they're most definitely NOT the victims in regards to that - and besides that has NOTHING AT ALL to do with the topic and you know it. Neither has that funny incident recently when Chinese hackers apptly worked their way into US gov't DBs to find out if they were being watched Just in case you were going to mention that.

"Theft of Intellectual Property" has NOTHING to do with "targeting critical infrastructure" unless Disney has been declared critical... which is possible, after Star Wars who knows.

Then comes the BBC link that is supposed to somehow make the connection between the above two entirely different matters (which is of course nonsensical) and surprise surprise - it fails. There is not a single word in that BBC article about "critical infrastructure", just the usual crying you hear from big money: wah wah wah, the chinese are stealing all our ideas and copying all our sh*t, this will be the end of the world as we know it, wah wah wah, bada bing, bada boom.

And then there's this little golden nugget:

As well as cyber espionage, it pointed out that most IP theft took place the "old-fashioned way", through bribed employees, on-site theft and re-engineering.

Well sh*t. I thought they needed to hack the evil spying hackers? But... what's the point if most IP theft happens elsewhere? So who are they gonna attack then if not the bad bad bad guys who cost the US "hundreds of billions of dollars per year, on the order of the size of US exports to Asia" (QUOTE BBC)?

Well... I have an idea or two.

Earlier this month, the Pentagon for the first time directly accused the Chinese government and military of targeting US government computers as part of a cyber espionage campaign aimed at collecting intelligence on US diplomatic, economic and defence sectors.

This is the only thing that even comes close to mentioning anything that could remotely be considered critical - but that's a completely unrelated incident that was just mentioned by the BBC because they were on the "check out the chinese, always hacking the poor americans!!!" train.

Still, no idea what critical infrastructure is supposed to have to do with this thread?!?!

Then you list the members of the IP commission (which I had seen before but thx), we find some interesting names on there.

Like Intel. Oh, aren't those the guys who - using extremely shady business practices - bullied their way to the top of the international CPU market? Well, before they got f*cked by ARM chips of course. I'm sure they only have the best interest of the little people in mind!

Then a lot of military related personnel.

"Council on Competitiveness" - google says compete.org, the flavor text is real sexy already:

Sets an agenda to encourage U.S. economic competitiveness and leadership in world markets in order to raise the standard of living for Americans.

Or in clearer words: we strongly disagree with the idea of free local markets or competition but would rather force everyone worldwide to buy our stuff; so we lobby for laws that allow us to live our dreams of being monopolists.

Extremely surprising they'd support something like this. Hr-hrm...

Also for added lulz, this:

The non-partisan private commission

AHAHAHAAAHA Intel, Council on Competitiveness, Ambassador in China, Secretary of Defense - that is considered non-partisan in US/China issues nowadays?

The "private" part is highly dubious as well. So neither private nor non-partisan, so it's just a commission of... people. With... interests. You'll excuse my lol.

That reminds me of the guy who was arrested by police for "anticapitalism", and what they found in his pockets when they searched him were an iPhone and an iPad.

Then back to the piracy issue and the other chapters:

33 Chapter 4 - Patent Violations
39 Chapter 5 - Trade-Secret Theft

47 Chapter 6 - Trademark Violations

51 Chapter 7 - Copyright Infringement

All the others are "what's the problem", "how to solve it" etc. so that means there are just 4 types of "IP theft" in there - and you conveniently missed the one that I was talking about

Besides: Trade secret theft is also just 1 of those 4, and everybody knows that's the price of doing business in China - great no, but reality yes.

Then Patents, oh no! Software patents! Hell yeah I invented the "for" loop! GIMME ALL THE MONEY!!!!! My rights HAVE to be protected!!!

And Trademarks!!! Oh no, somebody put a shoddy fake Apple sticker on a green see through $12 Shenzhen phone, that buyer surely thought he was going to get a real Apple product, he was scammed! Surely he had the extra $587 to pay for it too. AMERICA LOSES BILLIONS PER YEAR THIS WAY!!!!11111

Heh I enjoy discussing with you but if you just pretend 3/4 of the things that document talks about aren't there (the ridiculous ones), along with the other problems I mentioned before... well, that's just not really a basis for discussion.

So in conclusion, TL;DR: Yes this is about piracy. No this is not about critical infrastructure. The members of the "commission" make perfect sense to me. This is NOT just about trade secrets, that's just the poster child. "Look, look folks! This is not about us, the bigwigs! This is about you, this is hurting you! So help us fight the boogeyman!".

Of course the entire thing, especially the stuff about "cyber warfare" if you want to call it that, is ridiculous. Just for the record. But being ridiculous doesn't mean it won't become law in one form or another.

Raavi: Oh and thx for comparing me to lil weasel, I'm sure it was a compliment

Edited May 27, 2013 by baguvix_wanrltw

May 27, 2013

Chapter 7
Copyright Infringement

In 1999, a political scientist was in an economically well-developed area of China studying,

ironically, intellectual property rights. While interviewing an official who worked in the Office of

the Education, Science, Culture, and Public Health Committee of the Provincial People’s Congress,

the researcher mentioned that he was interested in purchasing a CD-ROM set of China’s national

and local laws, but even at the reduced price of $1,000, this was more than the academic could afford.

The government official took the researcher to a market notorious for openly selling pirated software.

The researcher walked away with the entire set for roughly $1.50.

Why would it matter if a guy bought a pirated version of a "set of China’s national and local laws"? How is that our concern? Even if he bought an American product at a chinese "market notorious for openly selling pirated software", it is that country's responsibility to enforce copyright laws within their borders. If they choose not to, are we suposed to police the world?

May 27, 2013

Well...

But apparently they do want to go through with the CP-trojan style computer locking, which begs the question: are you really trying to tell me that the US gov't/whatever private organization is being "attacked" "from China" is supposed to somehow lock up that chinese guys' computer? And then that chinese gov't hacker is supposed to call a 1-800 number to have his computer unlocked by the friendly FBI guy next door? What if that 1337 chinese gov't hacker isn't using Windows XP and his computer can't be "locked" so easily?

This is a rather simplistic view of the proposed countermeasures. It isn't necessarily about catching the perpetrators but rather stifling their prospect for IP theft.

My point: just because that paper sounds to you more like it was aimed to protect the poor and hard working masses of the US of A doesn't make it so. First of all, call me cynical but usually these groups don't have lobbies, and especially no organizations that churn out 84 page reports just about how bad they're off.

The "poor hard working" masses probably don't have much clue as to the nature or scale of the problem. Neither do they have any interest as long as they get their paycheck. Just because you aren't aware of something (or perhaps don't care) doesn't mean it's not affecting you. A lack of direct relation isn't proof of absolute lack of relation.

Then you go on to talk about "persistent targeting of critical infrastructure" which is true, but the only gov'ts doing that (at least persistently, like you said) are the American and Israeli ones (Stuxnet, Flame, Duqu, whatshisface, ...). So lol, they're most definitely NOT the victims in regards to that - and besides that has NOTHING AT ALL to do with the topic and you know it.

So, because USA employs cyber attacks on certain foreign institutions, they aren't the victims? Thats rather bad argumentation. Also, it has everything to do with the topic.

What about this:

In the past two years, an
unprecedented number of cyberattacks have been uncovered against major corporations, nonprofit

institutions, and governments alike. The vast majority of these attacks have been traced back to

China. A single attack against RSA, the maker of the widely used SecurID tokens, resulted in the

compromise of at least 3 major defense contractors. The same attack compromised security at an

estimated 720 companies, including 20% of the Fortune 100. Through another series of attacks,

dubbed operation Shady RAT, it was discovered that petabytes of highly proprietary information,

including sensitive military and infrastructure data, had been siphoned off from the U.S. government

and its allies, supranational organizations such as the United Nations, and many other sovereign

nations and independent organizations over a period of more than five years.3

FYI, servers, authentication and authorization software, DNS services etc. are part of critical infrastructure, so any attack on those components can be considered an attack on critical infrastructure.

Then Patents, oh no! Software patents! Hell yeah I invented the "for" loop! GIMME ALL THE MONEY!!!!! My rights HAVE to be protected!!!

Not just software patents actually. The reason Intel and other large corporations are on board with this legislation is because they have a considerable amount of technological patents. You know... patents which require large spendings on R&D.

May 28, 2013

3nix has made a number of points I want to make- this is the rest of them.

As for this thing, it really depends on who you trust as a source apparently - for example [email protected] stated that new legislation was actually being sought while Heise (beware of ze Germans!) explicitly claims that statement was in error and no new legislation is being sought because they believe their actions were covered by law already.

But apparently they do want to go through with the CP-trojan style computer locking, which begs the question: are you really trying to tell me that the US gov't/whatever private organization is being "attacked" "from China" is supposed to somehow lock up that chinese guys' computer? And then that chinese gov't hacker is supposed to call a 1-800 number to have his computer unlocked by the friendly FBI guy next door? What if that 1337 chinese gov't hacker isn't using Windows XP and his computer can't be "locked" so easily?

It's been covered by various people I've read. The article you posted is the first time I've seen anyone interpret it as being applicable to domestic piracy. Much of it is already done. Crowdstrike have been developing active defence capabilities for about 18 months now- the principle of "hacking back" is well-known but much more complex than one might imply, for a number of reason you've alluded to. The primary issue, rather than target OS, is the use of multiple proxy machines to conduct attacks through. It's not uncommon to see attackers automate command and control capability using dozens of even hundreds of compromised hosts and domains. It's incredibly hard go go after individual users- in the way that you outline. What's more feasible- and what I think the authors of the paper are alluding to, is the targeting of known infrastructure related to state-sponsored attacks- like the unit of the People's Liberation Army highlighted by Mandiant's APT1. Active deterrence and defence has been discussed extensively in relation to counter-cyber-espionage. The paper really just makes a legal basis for it.

If you look back over historic counter-APT operations, like Beebus or The Comment Crew or Operation Hangover, you'll see that names are rarely named. Aside from a few examples- registration of domains, et cetera- it is nigh-on impossible to pinpoint infrastructure down to an individual level. The most feasible way of providing active defence is through the use of implanted documents in honeypot servers. The idea isn't that you disentangle the huge web of proxy connections- which whilst extremely useful for determining command and control infrastructure usually just results in a list of compromised legitimate sites- what you do is you let their greed compromise them. By weaponising encrypted documents with an implant or backdoor trojan, you can ensure that the final recipient of these documents- the person who successful breaks the encryption on them- is the person who gets targeted. And unlike triangulation for target analysis, the entire process can be done automatically just by leaving these encrypted documents where someone is likely to steal them.

Another thing: it's common knowledge that in order to do business in China you have to hand over a certain level of control over said business to the chinese. They didn't need to cry for 84 pages to make that known, I didn't even need a full sentence. You can't really think that's all this is about... have you not been around for ACTA? SOPA? PIPA? Any of that sh*t? Perhaps the new incarnations with the most confusing possible names so nobody can tell it's just the same sh*t under a new pseudonym? No?

That's not what this is about. This is about China engaging in the state-funding, state-operating and state-controlling of a vast dual-purpose hybrid-military-industrial espionage infrastructure for the purposes of stealing commercial, economic and business secrets and gathering intelligence on critical infrastructure to inform military and strategic policy, and what measures the US can do to counteract it. It's very different from ACTA/SOPA/PIPA.

But to get more into facts... let's start at the beginning:

We're talking theft of intellectual property here, not piracy.

Uuuuuuummmmmmm....

Chapter 7
Copyright Infringement

In 1999, a political scientist was in an economically well-developed area of China studying, ironically, intellectual property rights. While interviewing an official who worked in the Office of the Education, Science, Culture, and Public Health Committee of the Provincial People’s Congress, the researcher mentioned that he was interested in purchasing a CD-ROM set of China’s national and local laws, but even at the reduced price of $1,000, this was more than the academic could afford. The government official took the researcher to a market notorious for openly selling pirated software. The researcher walked away with the entire set for roughly $1.50.

Copyright infringement and piracy aren't the same thing. Piracy is an example of copyright infringement but not all copyright infringement is piracy. What I should have clarified by saying is "domestic, individual, small-scale piracy".

Then you go on to talk about "persistent targeting of critical infrastructure" which is true, but the only gov'ts doing that (at least persistently, like you said) are the American and Israeli ones (Stuxnet, Flame, Duqu, whatshisface, ...). So lol, they're most definitely NOT the victims in regards to that - and besides that has NOTHING AT ALL to do with the topic and you know it. Neither has that funny incident recently when Chinese hackers apptly worked their way into US gov't DBs to find out if they were being watched Just in case you were going to mention that.

"Theft of Intellectual Property" has NOTHING to do with "targeting critical infrastructure" unless Disney has been declared critical... which is possible, after Star Wars who knows.

Two points here. One, the same organisations involved in commercial espionage have been involved in intelligence gathering targeting critical infrastructure, government services, defence and security policy, et cetera. We aren't talking the same kind of sabotage that has taken place in Iran (though I would question to what extent uranium enrichment facilities for the purposes of producing HEU for nuclear weapons would constitute critical infrastructure) but it's been a present aspect of just about any major malicious campaign that's taken place- see some of my examples above. Also, it might be a national semantic distinction, but all major critical (highly economically active/strategically important) businesses in the UK come under the protection of the CPNI- the Centre for the Protection of National Infrastructure- when referring to cyber security threats. Hence they are usually all classed as national infrastructure, with their criticality assessed on economic value, sensitivity of material held and various other factors.

Like Intel. Oh, aren't those the guys who - using extremely shady business practices - bullied their way to the top of the international CPU market? Well, before they got f*cked by ARM chips of course. I'm sure they only have the best interest of the little people in mind!

Right, and that's a reason why they wouldn't be targeted by Chinese cyber espionage operations?

33 Chapter 4 - Patent Violations
39 Chapter 5 - Trade-Secret Theft

47 Chapter 6 - Trademark Violations

51 Chapter 7 - Copyright Infringement

All the others are "what's the problem", "how to solve it" etc. so that means there are just 4 types of "IP theft" in there - and you conveniently missed the one that I was talking about

Copyright infringement isn't piracy, though. Piracy is copyright infringement, but the inverse is not necessarily true.

Besides: Trade secret theft is also just 1 of those 4, and everybody knows that's the price of doing business in China - great no, but reality yes.

We aren't talking a "price" of doing business in China. We're talking about espionage against organisations who have no operational capability or interest there being targeted for the sole purposes of exfiltrating sensitive data. Do you really think people like QinettiQ can operate in China and still maintain so many US government contracts? Can you really use the justification "oh, that's the price of doing business" when you're talking defence infrastructure, public research institutions, international nonprofit organisations and domestic niche technology manufacturing companies? It's absurd. We aren't just talking multinationals here- the small-medium enterprises whose whole existence is based on patents and trade secrets are being systematically targeted too. The difference being that they get reported on less, and it's actually far more harmful for them.

Then Patents, oh no! Software patents! Hell yeah I invented the "for" loop! GIMME ALL THE MONEY!!!!! My rights HAVE to be protected!!!

Why be reductionist and refer only to software here? Patents violation and trade-secret theft are inexorably intertwined.

So in conclusion, TL;DR: Yes this is about piracy. No this is not about critical infrastructure. The members of the "commission" make perfect sense to me. This is NOT just about trade secrets, that's just the poster child. "Look, look folks! This is not about us, the bigwigs! This is about you, this is hurting you! So help us fight the boogeyman!".

I appreciate your cynicism, but I fear you don't understand quite how widespread and active an issue this is. Mandiant's APT1 report covers quite literally one of at least a score of known organisations linked to the Chinese government and military who engage in industrial espionage, the theft of protectively marked information from governments, the targeting of human rights groups and the probing of critical infrastructure. The simple fact of the matter is that China is sponsoring and actively benefiting from this activity, and organisations and governments need both a strategic understanding of the threat and the capaibility to defend themselves against outside threats. In reference to my repeated alluding to critical infrastructure, four sectors, all which comprise part of the critical infrastructure by most measures, comprise more than 50% of all state sponsored targets- aerospace and defence; energy, oil and gas; finance and government services. So the argument that this espionage does not relate to critical infrastructure is misguided in my view.

Also, "cyber warfare" is something entirely different.

Edited May 28, 2013 by sivispacem

Content mafia to US govt: WE WANT TOTAL WAR!1

Recommended Posts

baguvix_wanrltw

Link to comment

Share on other sites

Raavi

Link to comment

Share on other sites

Finn 7 five 11

Link to comment

Share on other sites

sivispacem

Link to comment

Share on other sites

3niX

Link to comment

Share on other sites

baguvix_wanrltw

Link to comment

Share on other sites

DarrinPA

Link to comment

Share on other sites

3niX

Link to comment

Share on other sites

sivispacem

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

1 User Currently Viewing 0 members, 0 Anonymous, 1 Guest

Important Information

1 User Currently Viewing

0 members, 0 Anonymous, 1 Guest