Have we all lost our damn minds!?
Let's get a few things straight ...
- Google and a bunch (somewhere in the 'hood of 30) other high-priority targets, appear to have been hacked by the Chinese
- This issue is primarily based around China's commie-civil-rights issues
- The attack (if you believe "sources") was likely an inside job (at Google, at least)
- The attack was committed (again, believing "sources") using an 0-day exploit against IE6
- Panic has spread with Germany and France now issuing "stay away from IE directives"
Rik Ferguson (of TrendMicro fame) already wrote up a pretty good blog post on this titled "Google, China, Chicken Little and Cyber Armageddon" ... and I couldn't agree more with Rik.
I guess I just don't understand all the sudden panic. We've known the Chinese were hostile to us for year now right? When was the last time there was any civil discourse between China and western world that didn't involve hostility? Yet... we continue to sleep with the enemy.
This issue baffles me for a number of reasons...
- We've known the Chinese were hostile to us for many, many, many years (does anyone remember the Cold War?)
- We continue to economically tie ourselves deeper and deeper in debt with the Chinese
- Chinese "hackers" (state-sponsored or otherwise) have been at our digital doorsteps and in our Interwebs for a very long time as well... read here, here, here, here ...
- China's record on Civil Rights is deplorable from Tienanmen Square to the Green Dam
- Who still uses IE6? And before you say many SMBs and large businesses alike I will tell you that it is then their own damn fault ...
Yet - this is a big panic? Maybe it's because Google finally came out and publicly said "Hey, we've been had"... maybe it's because sentiment seems to think it's an "inside job" ... or maybe it's because Google is threatening to pull out of China (I'm calling their bluff)... or maybe it's because we're all so caught up in the paranoia that we can't tell when Chicken Little has us running for our lives and donning our foil hats.
Can we take a pause for a moment? Secure your networks. Know and live with the fact that the Chinese (and likely many other world nations) dislike us enough to be building "cyber-armies" against us (I feel sick just writing that stupid phrase) just like we live with radical Muslim terrorists who want us dead.
As a final word on the fact that this was an inside job - so what? No kidding! That's the price of doing business inside a hostile nation, with their own citizens as employees. This shocks us why? Let's get angry at Google for failing to properly secure information on a need-to-know basis... and failing to apply a risk-based approach to security - clearly Chinese employees needed to be highly limited!
Now for the IE6 issue ... to avoid beating a dead and buried horse I will simply say that incident could be substituted for anything else non-technical in nature ... such as driving a Chevy Nova and and failing to take it in for the recall notices - then freaking out when the car fails... well duh?
Get over it. Another day, another hack ...