<div dir="ltr">In my mind, the question is less "does the Chinese government sponsor or affiliate itself with or carry out cyber attacks?" and more "is this *particular* group associated with this *particular* designation and this *particular* incident?" <div>
<br></div><div>Yes, of course the Chinese carry out CNA/CNE operations (as does the US). And drawing a circle around a set of incidents and saying "we believe that a single adversary carried out these attacks" can be validated with relative ease, at least in theory, assuming access to relevant data and indicators. But then connecting that adversary label to a human or a defined organization requires further analysis and, because it's more complicated, will inevitably run up against appropriate analytic questioning to avoid falling prey to things like confirmation bias and whatnot.</div>
<div><br></div><div>The issue of trust comes up here as well, because things changed sometime after the APT1 report release. Many of us in this community have even more trouble than we might have had before in accepting assertions based solely on "NSA" and "DoD" and "US government" labels, to the extend we ever *did* accept them.</div>
<div><br></div><div><div>The idea of reproducibility is a key part of inquiry, whether in science or intel analysis or anything else where critical thinking matters. We're not shamans. In the 21st century, we should expect to have our conclusions and methodology challenged (as I do every day). In any case, if one's response to criticism is to withdraw from the discussion, onlookers will not draw good conclusions. The audience is listening, as I believe I've heard once or twice.</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Mar 25, 2014 at 10:39 AM, xgermx <span dir="ltr"><<a href="mailto:xgermx@gmail.com" target="_blank">xgermx@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><font face="verdana, sans-serif">From Saturday's NYT article on the NSA owning Huawei:</font><div><font face="verdana, sans-serif"><br></font><div><font face="verdana, sans-serif">"<span style="color:rgb(51,51,51);line-height:23px">The N.S.A., for example, is tracking more than 20 Chinese hacking groups — more than half of them Chinese Army and Navy units — as they break into the networks of the United States government, companies including Google, and drone and nuclear-weapon part makers, according to a half-dozen current and former American officials."</span></font></div>
<div><font face="verdana, sans-serif"><font color="#333333"><span style="line-height:23px"><a href="http://www.nytimes.com/2014/03/23/world/asia/nsa-breached-chinese-servers-seen-as-spy-peril.html?_r=0" target="_blank">http://www.nytimes.com/2014/03/23/world/asia/nsa-breached-chinese-servers-seen-as-spy-peril.html?_r=0</a> </span></font><br>
</font></div></div><div><font color="#333333" face="verdana, sans-serif"><span style="line-height:23px"><br></span></font></div><div><font color="#333333" face="verdana, sans-serif"><span style="line-height:23px">Is anyone on this list really shocked by this? If we can so readily accept this, why is so hard to accept the APT1 attribution? Being younger, I'm not nearly as experienced in all of these domains, but it seems to a be salient question. In my eyes, APT1 is just that, one out of MANY. And yes, lets not forget it works both ways, as evidenced by the NSA's sheer ownage of the Chinese non-mil/gov targets.</span></font></div>
</div><div class=""><div class="h5"><div class="gmail_extra"><br><br></div></div></div></blockquote></div><div><br></div>-- <br>Kyle Maxwell [<a href="mailto:krmaxwell@gmail.com" target="_blank">krmaxwell@gmail.com</a>]<br>
Twitter: @kylemaxwell
</div></div></div>