The US needs to treat this as an act of war by a foreign military/government, not as a criminal act by people acting in an individual capacity.
If the US can identify the individual hackers, then they should be able to identify the physical location from which the military committed the acts of war and respond with the use of force as permitted by the UN Charter and international laws and norms. By responding with grand jury indictments the US sets a terrible and dangerous precedent and is telling foreign governments the US will not do anything in response to military based acts of cyber warfare.
By that token, Europe should have gone to war with the US for spying on its very leaders — Angela Merkel, François Hollande, etc. (The Snowden revelations and the aftermath).
I honestly don't see how the US could spin anything positively on the world stage in that regard, they are by far the worst offender as far as spying is concerned. It's not even funny to compare. And there is documentation that tech/trade secrets from foreign companies aquired by e.g. CIA or NSA was given to US companies — industrial espionage isn't exactly new or surprising, but when conducted by Federal Agencies above any control, responsibility or accountability to the US public, let alone the UN or the world...
Your suggestion is disingenuous at best and, I'm sorry to say so, terribly blind to the reality of the world, wherein the US is certainly not an all around good guy. Especially these days, it's clearly a hostile power to most others. As seen from the EU, at least, I can't speak for other places/cultures. But I hear it's not that great in general.
We need to get Federal Agencies accountable to the US Tax Payers, and be more transparent I 100% agree with that
I 10000% disagree they should ever have any accountability to the UN or any other international body
I also do not feel bad that they spied on Angela Merkel, I do care that they spied on US Citizens. Spying on Angela Merkel is constitutional and within their remit, Spying on US Citizens is Unconstitutional and not in their Remit
>By that token, Europe should have gone to war with the US for spying on its very leaders
Well not exactly. One was a state sponsored military act of cyber warfare that indiscriminately targeted an entire populace and infrastructure (i.e. a military infringed on the sovereignty of an entire nation state). The other was a targeted intelligence operation.
>Your suggestion is disingenuous at best and, I'm sorry to say so, terribly blind to the reality of the world...
Being from Europe I would assume you would be very familiar with the dangers of failing to act when one military infringes on the sovereignty of another. Though I guess we will see either China will continue hacking and escalate their hacking or they won't...if I were a betting man I would happily take you up on such a bet that China will continue and escalate its military hacking against all nation states.
The grand powers on the world stage are constantly posturing and taking actions to further their own power. The United States is no different. We, civilians don't know the majority of what is taking place.
A "hot" war between two powers would be of such a great cost in human life, you would want to avoid it at all costs. This means indicting with a grand jury instead of starting a war.
>A "hot" war between two powers would be of such a great cost in human life, you would want to avoid it at all costs.
I was very careful to specify "respond with the use of force as permitted by the UN Charter and international laws and norms." In other words the UN Charter only permits a response in proportion to the offense. I do think an act of cyber warfare may legally allow us of "armed force" but it would likely have to be limited to targeting the installations where the attacks were coming from (but realistically it is a new and undeveloped area of law with respect to cyber warfare).
The problem in my opinion with failing to act is we signal that there will be no military response, and these acts of cyber warfare escalate to hacking power grids or other infrastructure than results in indirect lose of life. Then due to political pressure all out war becomes more realistic.
Wasn't this more intelligence gathering?
The appropriate response would be more akin to hacking back into China's social credit scoring company and snooping around.
I believe it raised to a level above spying and intelligence gathering. It was a state sponsored military act of cyber warfare that infringed on the US' territorial sovereignty.
>The appropriate response would be more akin to hacking back into China's social credit scoring company and snooping around.
The purpose of a proportionate response to military acts under the UN Charter and the use of force and armed conflict is not so much "an eye for an eye" (i.e. you hack me, I hack you), but to put an end to the military operations infringing on your sovereignty ...for example, assuming you believe Iraq had WMDs and chemical weapons or response is not to create stock piles of our own chemical weapons.
I agree and believe the US probably are having a hard time creating escalation mechanisms for cyberwarfare and signaling their strategic needs and interests. When the United State's entire democratic apparatus was attacked during the presidential elections and the only answer was a similar indictment of Russian hackers, enemies have a harder time knowing what is and isn't a "red line".
What would be the "correct" response? Given that citizens affected (including me) have gotten their information used relating to this attack, I'd say a state sponsored cyber counter attack will be/is the best deterrence. UN clearly has not caught up with the times in how to respond to state sponsored attacks.
What do you mean? The parent said they supported a cyber counter attack, which doesn't imply killing anyone unless it's explicitly stated (e.g. attacking critical infrastructure like power stations).
The correct response is recognizing the flaws in our Finchinal System and fixing those.
The Response should be shifting the Liability back to the credit providers, not the consumers
The idea of "Identity Theft" should be a thing of the past, for you did not have your identity stolen, you still have your identity, no the bank was defrauded by giving money to someone they did not properly vet. 100% of the liability should be on them, not the person who they claim had their "identity stolen"
the Liability for financial Fraud in the US is 180 degrees from where it should be.
Launching missiles at China may make you feel good, but it does not solve the root cause of the problem
You should re-read what I said. No where do I see me saying physical force had to be used.
"Fixing" takes a long time that does not mean one should not deter attacks on the current system. How does one respond to a broken legacy software system that can be taken advantage of? You restrict the actions that can be performed on that system until it is replaced.
deter - discourage (someone) from doing something by instilling doubt or fear of the consequences.
^ this is the deter I am talking about.
APT is on a different level than what you are used to. Also my question was rhetorical. Didn't actually mean for you to answer it. For you or your company it is not a viable solution since you don't have the resources.
But I, as a civilian am not qualified to answer that question. Nor do I want to answer that question.
This is not a perfect analogy, and I don't want you to think that geopolitics is a zero sum game. But, imagine two heavyweight boxers circling each other in a ring. They are bouncing on the balls of their feet. They are moving in what you would almost call a dance. Most of the "fight" is in their footwork, their positioning. When one does jab, the other blocks, or moves out of the way, or takes the hit. Sometimes they counter. Sometimes they punch. This fight goes on for a long, long time. It is not tit for tat. They both want to win.
What you are saying is "That boxer needs to jab back, because the other boxer jabbed at him."
I really do not like having to make calls about fraud for months because some countries military decided to attack electronic property holding a ton of sensitive, very hard to change information. Biggest cyber theft of PII information in US history.
I think it is best for the population on the other side to feel that as well which is why I prefer an electronic counter attack. We need deterrence. If China was to "jab", let them use other means of interaction that doesn't make us want to attack them physically. The more people who are affected financially by this, the more the call for a physical deterrence whether we agree with people's feelings or not.
Techthroway's that have never experienced war and don't study international relations and geopolitics should stop suggesting bullshit like this. I get so tired of people advocating more aggressive stances with other nations when it's not their ass or their offsprings that will go to war. This is also why I advocate that next war all the politicians sons and daughters get drafted and then we can see if they still want to go to war.
Oh wait, the congress abdicated it's constitutional duty to be responsible for declaring war via the unconstitutional War Powers Act and AUMF's...
> Oh wait, the congress abdicated it's constitutional duty to be responsible for declaring war via the unconstitutional War Powers Act and AUMF's...
AUMFs are (often limited and/or conditional) declarations of war, from a Constitutional perspective, not an abdication of the power; the Supreme Court has consistently held that the Constitution doesn't require magic words when exercising the Constitutional power to declare war.
While valid, this is a technical interpretation that misses the point IMO.
Look at the range of actions the AUMF's are applied to. The AUMF's, in effect, allow the executive to wage war pretty much anywhere on the planet for an indefinite amount of time.
In your view, is Congress honoring the spirit of their Constitutional duty?
> Look at the range of actions the AUMF's are applied to. The AUMF's, in effect, allow the executive to wage war pretty much anywhere on the planet for an indefinite amount of time.
Most declarations of war do not have temporal or geographic bounds. What was unusually expansive about the 9/11 AUMF (not AUMFs more generally, neither prior nor subsequent AUMFs have had this feature) is that it also delegates the decision of the actual primary opponent(s) to executive discretion, which, yes, is an abdication of Congressional responsibility. But that's the 9/11 AUMF, not AUMFs in general.
There is no sense of the word "appeasement" that includes the Treaty of Versailles. USA entering WWI and allowing UK and France to win decisively was what caused WWII.
Because apparently it must be said, I am not a "Nazi sympathizer". I would have preferred that the Nazis had never existed let alone dominated a large portion of Europe. Similarly, it would have been better had we not invaded Iraq and caused ISIS to exist.
Not really, the great depression caused by private interests in US overlending to europeans lead to a sovereign debt issue that finally made it possible for Hitler to gain power leading to WW2.
>Techthroway's that have never experienced war and don't study international relations and geopolitics should stop suggesting bullshit like this.
I would venture to guess I have significantly more experience and knowledge with the UN Charter Article 2(4), the UN Security Council and the international laws on the use of armed force than you.
No one said anything about "go to war", the Use of armed force is not "going to war". The UN Charter permits the use of armed force in response to acts that infringe on the sovereignty of any nation by military action.
To bury ones head in the sand at this point in history to foreign military acts against a populace is inviting more invasive and damaging acts of cyber warfare. Do you honestly think China is going to say we got away with this we should deescalate?
> No one said anything about "go to war", the Use of armed force is not "going to war".
???
> The UN Charter permits the use of armed force in response to acts that infringe on the sovereignty of any nation by military action.
Should France have nuked Fort Meade to stop the NSA from infringing on their sovereignty?
I don't understand this line of thinking, it's basically "if we do it, yeah, it's cool. If they do it, it's an act of war against our innocent republic", and you figure everybody will agree to that and not treat your cyber attacks similarly?
>> No one said anything about "go to war", the Use of armed force is not "going to war".
???
Consider the US Seal Team military operating in Pakistan where Bin Laden was killed. That was use of armed force, we infringed on Pakistani territorial sovereignty, conducted a military operation and even killed a couple people...I hope you understand that this example of using armed force is not the equivalent of "going to war."
The thing you are missing is that every action like that carries a risk of causing a war much larger than the original action. As a matter of fact within military circles even the Bin Laden raid was criticised because almost all other operations were cordinated with Pakistan and since Pakistan is particularly unstable and also nuclear the risk was considered worth it for the value of the target, but there was a major potential for escalation and lots of political capitol was expended to quell the reaction to that action.
China is not nearly as constrained by diplomatic inroads or other mechanisms at play (such as cultural considerations) that would vastly change the potential of any overt action against China causing an exponential series of increasing escalations that could end up as a major war.
I'm not excusing China and not saying the US or other western countries should lay down for China's increasingly agressive diplomatic and strategic actions, but rather that the utmost care should be taken in the response, just as the US is doing in the conflicts going on in the south China sea and increase in espionage cases.
As an Iraq combat vet who has spent quite a bit of time trying to understand these subjects, my general thought is that I really dislike so many armchair quarterbacks speculating and being so eager to throw away others lives, even if in the of potentialities such as your suggestion. War is one of the most horrible things humans can ever experience and any avoidance of it should be sought in almost all cases possible. It's also annoying how many of those armchair quarterbacks usually don't volunteer to serve themselves.
>The thing you are missing is that every action like that carries a risk of causing a war much larger than the original action.
I fully understand that. The thing you are missing is that by ignoring act of cyber warfare from a foreign military and/or treating acts of war by a foreign military as a domestic criminal case, escalates the risk of causing acts of war much larger than if they were to be nipped in the bud now.
>As an Iraq combat vet who has spent quite a bit of time trying to understand these subjects, my general thought is that I really dislike so many armchair quarterbacks speculating and being so eager to throw away others lives
I trust you understand there are many uses of force that do not result in lost lives. The very nature of my argument is that the actions of China's military is an act of war and use of force...yet no lives were lost. As I said we should respond proportionately as authorized by the UN Charter and international law...I am not suggesting WW3, nukes or throwing away lives as has been suggested by countless people in this thread.
Just as much as I am admittedly "speculating" that treating cyber warfare by a foreign military will result in escalated attacks...it is also a speculation to suggest China will deescalate their cyber warfare against us.
So the question would fall to you is the US strategy of treating cyber warfare by a foreign military as crimes going to deescalate China's attacks here?
> I hope you understand that this example of using armed force is not the equivalent of "going to war."
It's not a "war" because Pakistan isn't a match for the US. It's very much an act of war, though, Pakistan just chooses to ignore the offense because they can't really do anything about it. That's different with China or Russia. Please don't try landing a Seal team in Moscow to extract some hacker.
I specifically said "respond with the use of force as permitted by the UN Charter and international laws and norms."
It seems clear the people responding talking about all out war and "end of human civilization" don't have much experience with the UN Charter, security council and international laws and norms for the use of force. Generally the legal terms of art I used.
The idea is a proportional response to deescalate future cyber warfare attacks...not end all of humanity.
That produces a Security Council deadlock that then opens the door for General Assembly action under the Uniting for Peace resolution, as has happened roughly a dozen times since UfP was adopted in 1951.
Also plausible is that the Americans don't want to toot their own horn (as the CIA and NSA seldom do) and the Chinese don't want to appear vulnerable and admit they were hacked. The difference in responsibilities to the people that a dictatorship and a democracy are stark, almost regardless of how broken of a democracy it is.
I am no hacking expert, but the fact that the internet is such an open place and knowledge sharing is so widespread, I would lean to the side that they have comparable hacking capabilities as America. I've yet to hear of a reason why they wouldn't other than the standard " 'Murica #1". And given a dictatorship presiding over a massive economy and a valid raison d'etre for such capabilities, there is no reason they cannot fund an equivalent of the NSA
So does the US. If you treat this as an act of war, you automatically classify any cyber operation your operatives have executed as an act of war. Against Russians, against EU countries etc. I don't think anybody really wants that.
It's clearly not the right approach, however the severity of what the breach entails does require a very sharp, adequate response - which hasn't happened yet.
'Doing nothing' (or very little) by no means reduces the possibility of conflict escalation, possibly the opposite.
By declaring such intrusions as an 'act of war' (or maybe something literally just a little less hard sounding) it's a signal to foreign powers of the seriousness of such activities.
There is no doubt that this is a really, really serious act that has to have serious consequences.
In this new 'information era' we have to establish new boundaries. Those boundaries will help establish clarity, validate responses, enable 3rd parties to take a judicial view instead of just a political one etc..
Edit: For the last 30 years, China has been on a fairly exponential path to increasing aggression, there's no reason at all to believe this will not continue to the extent they have the material ability (i.e. supporting economy) unless they are stopped, or it becomes too painful for them to continue. If there is little meaningful response to this action, it will grow 10x. Charging the military staff responsible is the wrong tactic as the state is responsible, not these actors (it may even be against the Geneva convention), but more importantly, the cost to the state is nothing. Throw a few officers under the bus for a massive attack? That is 'no consequence' to them, and maybe even not said charged officers. There won't be any lack of volunteers. There has to be a pretty comprehensive coordinated response, and definitely not just some artefact/negotiating point in a trade war. The response may include trade, but it shouldn't be part of a tit-for-tat in a trade deal.
Hasn't this precedent already been set a long time ago? I had thought cyber warfare acts were common. I would think they would have to specifically shut down large infrastructure before a response beyond this was even considered.
Considering how much crap the NSA has pulled over the years, I wouldn't consider this an "act of war". More-so tit-for-tat provoking and power posturing. China knows they are the swingin-big-dick of world manufacturing, not to mention the fact they own a massive amount of US treasury bonds and could jolt the world economy at a moments notice.
>Considering how much crap the NSA has pulled over the years, I wouldn't consider this an "act of war".
It may not seem like a distinction to some, but I think there is a difference from hacking by an intelligence agency and directly by a military. Now if you disagree, that is fine, but also each hack would need to be looked at on the merits to determine what would be a proportionate response, if any.
I know the recent charges list them as members of the Chinese "military", but I wouldn't be surprised if they also did work under the Chinese "intelligence agency" umbrella...especially considering their skillsets. Since the Chinese gov has such a tight grip on everything, I'd assume that the importance of which internal division is cutting which paycheck is more obfuscated than the US as long as it benefits the country.
Yes because of the solution to Cyber Hacking is WW3, ending with everyone launching Nuclear bombs at each other
Good Plan.
Personally I am impressed that the War Hawks were unable to persuade the Administration to start a Conventional War over this. Good for them for refusing such an action
> The US needs to treat this as an act of war by a foreign military/government, not as a criminal act by people acting in an individual capacity.
Should every CIA black and grey op... And any operation by the NSA be considered by the target country as an act of war, too?
If a government employee hacking some software system is an act of war, then the US has committed acts of war against China, Russia, Germany, France, the UK, etc, etc, etc.
Committing an act of war against four nuclear powers sounds pretty irrational to me... Maybe we should reign those two organizations in a bit, before they get everyone killed?
Are you going to be picking up a rifle and hitting the beach? Chances are you and your buddies will be wiped out by transonic anti-ship missiles hitting the troop transport ship on the way to China.
I'd be careful throwing around wishes like that. Are you sure the US doesn't do similar hacks? I'd much prefer people steal data than damage/penetrate critical infrastructure. (The latter is something that should be treated much more harshly, in my opinion)
It seems your position is that the response is the trigger not the initial aggression. How did WW2 start? With Hitler invading Poland or was that fine, and UK/France bear the blame of the WW2 by declaring war on hitler in response?
Its a somewhat educated guess if they would but I meant who answer who might. I personally anticipate an escalation of tensions along NATO / non-NATO lines and exploitation of destabilized regions. It's almost inevitable, classic Thucydides trap combined with NATO.
Depends. Iran has (allegedly) committed what could be constituted as acts of war already. With the US in a heightened state of engagement in direct conflict with China and possibly regional actors, the Gulf of Oman seems like a great place to touch off a regional conflict.
...their population isn’t a big fan of their governance.
Why would you believe this? The last time they didn't like their government, they replaced it with the current government. Even the Ayatollah was pissed off that they mistakenly shot down a plane full of Iranians; they weren't about to curb the relatively limited public demonstrations that agreed with him on that topic.
Oh, let me guess... you learned of the average Iranian's great political discontent from the USA war media. "Wishful thinking disguised as reporting" leads to wishful thinking in place of analysis.
It's pretty clear that the US hacks other countries far more than other countries hack the US. That's why the US has historically been very reticent to agree to treaties that would limit a country's ability to hack.
If that is the appropriate response then everyone would be shooting at everyone else long ago. You think the US doesn’t hack China, or Russian or pretty much every other country?
Haha, we've got lots of publicly documented evidence of US hacking operations against Chinese entities. Should China treat those as acts of war too then?
Are you crazy? That's one step away from a social credit score.
Orgs like Equifax should not exist. I did not consent to this kind of surveillance, I was forced into it because I needed a paycheck and a place to live. Now I'm paying for it because of the incompetence of others - if the U.S. government instead had this power it would become much more difficult to differentiate between incompetence and malice.
I could be crazy, but I’m not certain of the relevance here.
If the US government ran this, you would at least have a chance at congressional oversight. Equifax is largely unchecked in its present corporate state.
I’d argue for a people very dependent on credit, a financial credit score already approaches the burden of a social credit score.
Agreed, instead what needs to happen is aggressive implementation of inflicting "pain" in their systems via economic measures - however unfortunately democracies around the world aren't stable due to the gains from technology haven't been adequately redistributed to society for too long that the current cracks in foundations would turn into a complete collapse; this is something that Presidential candidate Andrew Yang seems to understand the most - and is not only ideal but likely the only candidate who is competent enough to manage China's leadership's behaviour appropriately.
“If Washington can cut China off from American technology at will, China will be determined to build its own technological infrastructure, top to bottom.“
it is certainly the right move to charge individuals rather then directly escalating military tensions with China.
Make life miserable for those directly involved and responsible. Next time, others will push back against an order to attack like this because consequences will be personal for them, not just another move in a war
> Next time, others will push back against an order to attack like this because consequences will be personal for them, not just another move in a war.
You think Chinese soldiers will push back against orders from above because one time the US made the (supposed) perpetrators lifes miserable?
What do you think China will do? Just say "OK, on second thought you don't have to do that"?
No, it's the opposite. The activity was directed by the state, the state must absolutely be held responsible.
If this were a rogue state, or rogue actors, or non-state related activity like general corruption, as we see with Russian figures, it might make more sense to go after the individuals.
If the US can identify the individual hackers, then they should be able to identify the physical location from which the military committed the acts of war and respond with the use of force as permitted by the UN Charter and international laws and norms. By responding with grand jury indictments the US sets a terrible and dangerous precedent and is telling foreign governments the US will not do anything in response to military based acts of cyber warfare.