The Chinese Embassy spokesperson says, "Chinese law prohibits cyber crimes of all forms." We have laws that do the same, but they do very little to stop people from hacking. The Chinese accuse those who speculate about attribution to the Chinese as "hasty", just as they have done in every case so far, including the one that made Madiant famous, drilling into a group of state-sponsored hackers. Mandiant wasn't speculating in that case. They had hard evidence, used by the Justice Department to indict some of those same people on the other end of this one, no doubt. They live and work in China where they are not going to be extradicted because they work for the Army.
Today's Wall Street Journal says the data was not encrypted at rest, something not required for healthcare records. We have to wonder why not. That would be easy for an auditor to discover. However smart we may be on automating records, we can't allow cost-benefit analyses slanted towards profits to push security controls down the budget priority. Eighty million is a big number, but it probably doesn't reflect the real damage being done here. The Chinese military knows a good bit about every member of the Armed Forces and their civilian support contractors. We might be tempted to speculate about what they would do with that information if the time came for war. They think big.
No comments:
Post a Comment