I think the media is dropping the ball from hammering home just how bad this is for national security and world politics. Banning tiktok is superfluous in a world where every device can be compromised, every telecom is compromised, and government agencies are unable to mitigate attacks.
The reality is that the follow up to this information exposure is never connected to the outcome. How many government agents have been compromised using the OPM hack data? nobody knows. How many politicians/corporations intimidated via blackmail?
How have these hacks changed the outcome of world events?
EA-3167 20 days ago [-]
I don't understand what TikTok has to do with this. As I understand it the concern with TikTok is that it's essentially a way for China's government to manipulate (mostly young) Americans by shaping what they see regarding specific issues. As far as I'm aware there's no "it's an insecure app" angle being pursued, these are very different issues.
Besides, even if they weren't, I can be worried that I broke my leg and that my house is on fire.
mu53 20 days ago [-]
"Tiktok is a threat to national security because it exposes US Citizen's data to foreign adversaries"
Why fight that battle when we can't even secure devices with sensitive data?
af78 20 days ago [-]
To make the life of hostile foreign powers harder? Currently they are allowed to run code written by them on the devices of unsuspecting citizens, and curate the content these citizens watch.
The argument sounds like a non sequitur: because we cannot defend against all threats, we should not defend against any threat.
mu53 20 days ago [-]
We each have our priorities. I want to secure government secrets held by OPM/US Treasury and key infrastructure like telecom networks, and others want to secure the average citizen's social media feed.
We can have different priorities for what is more impactful, easier to secure, and less restricting to fundamental freedoms without resorting to black and white thinking.
Cybersecurity is failing across the board causing damage worth 1000x of what it would cost to secure these systems.
af78 20 days ago [-]
I am all for securing critical IT infrastructure, I think we agree on that.
Hostile powers will exploit any vulnerability they can find. In democracies, ordinary citizens are a target. In Romania an election was annulled, and TikTok specifically named in the investigation: https://apnews.com/article/romania-election-president-george...
Therefore I think we should not underestimate this threat. I admit that doing this in a way that preserves fundamental freedoms is not easy, and I don't claim to have the answer. Consider freedom of movement: few people seriously deny the need for passport checks on international borders.
buildbot 20 days ago [-]
Why do anything when X is already happening?
gamesetmath 19 days ago [-]
[dead]
aaomidi 20 days ago [-]
Literal exact argument every country that does censorship has said.
EA-3167 19 days ago [-]
This keeps coming up in spaces like this, and makes me wonder just how aware of what's happening people are. Do you think that the content is being censored? Even the platform isn't being censored, it's just that the current owners won't be allowed to own it.
That's it. It isn't regulation of speech, it's regulation of commerce, which is entirely within the rights of the US Congress to regulate.
19 days ago [-]
throwawaymanbot 20 days ago [-]
[dead]
toss1 20 days ago [-]
These sustained aggressive and systematic attacks by China demand a serious response, including massive financial and even kinetic responses.
Allowing it to happen with mere protests of concern is allowing it to happen.
I get not wanting to escalate, but lack of response only invites greater escalation. The cost of stopping this only increases with each round of attacks.
kinghajj 20 days ago [-]
Kinetic? Which targets do you have in mind that wouldn't start an escalatory spiral between two nuclear-armed nations? _Maybe_ some of the resource extraction infrastructure the PRC has set up in foreign nations.
You also have to consider the asymmetric nature of this information. It's quite plausible that the US has its "cyber-fangs" embedded in key parts of PRC infrastructure, but how forthcoming do you think the PRC would be about that?
toss1 20 days ago [-]
>>Kinetic?
Notice I put sanctions first, but considering we hardly go a week without seeing more massive CCP actions from cyberattacks to converting Chinese expats to spies, it needs to be taken seriously.
We could start with, every such attack and another major Chinese conglomerate is banned from US business. Coordinate with EU also to increase effects.
>>Which targets?
I'm not an expert in that field, but I'm sure there are many who could devise an appropriate target list. The targets you suggest are not bad, I'd certainly prioritize equipment and avoiding any human casualties, so maybe going after their power feeds and backpu to their research and data centers would be a start...
The key is a rapid response that they feel, hard.
consumer451 20 days ago [-]
We are so way too late.
ByteDance owns TikTok, part of Reddit, and many games. Also, the CCP runs almost the entire manufacturing sector. Not just electronics, but ships.
The Xiaomi SU7 is .1 revs away from Tesla & Porsche.
The choice to sell ourselves to the CCP, for short term profit, was made decades ago by the consulting class.
The Capitalists will sell us the rope with which we will hang them
I hate the person being quoted above with all my might, but that does not make the prediction any less true.
My last hope was that the corruption of the CCP was worse than the corruption of the USA. Given the latest election, I am not so sure about that anymore.
Has your employer contributed to POTUS's inauguration, if not, please ask them to do so or else you might be unemployed! This is the CCP-level corruption bullshit. WTF.
toss1 20 days ago [-]
>>We are so way too late.
Too true, sadly. And that quote is spot-on.
The thing is, there is no one better at playing catch-up than the USA; e.g., in 1939 just before WWII, the US had a total of 39 tanks in it's arsenal.
The big question is, whether the incoming administration, which looks in every way like it is already owned by the authoritarian powers and aspires to join them, will fight them, or if we'll be another 4 years down before anything happens. The incoming admin is already fighting to keep TikTok in the US. Insane.
toss1 19 days ago [-]
Nice, looks like a CCP-promoting downvoting brigade just showed up. All the posts critical of CCP and suggesting a response to their assault just lost a whole bunch of voted
Great confirmation that this is important. Let the downvotes begin.
WheelsAtLarge 20 days ago [-]
Kinetic responses do nothing long-term. We just get deeper into a hole of response and counter-response to the point of war. We need to start negotiating a long-term treaty that defines what's allowable and what's not. Whether we like it or not, China is a major player in cyber espionage, and we need to limit further conflict. This is a political issue and needs to be dealt with accordingly.
toss1 20 days ago [-]
When you are dealing with an aggressive authoritarian regime like CCP or Putin, agreements mean nothing. They all follow the algorithm described by Vladimir Lenin:
— “You probe with bayonets: if you find mush, you push. If you find steel, you withdraw”
They do this relentlessly until they face consequences too costly to continue. Negotiations and agreements are simply, and accurately seen as "I won, I can continue making bigger offenses, and the opponent will do nothing (they won't violate the agreement while I do)" .
I mentioned sanctions first because they can often be more effective than kinetic and less escalatory. That does not mean they should be off the table, particularly kinetic responses with plausible deniability.
But no, this is not a political issue. A political issue would be dumping goods onto the market at sub-production-cost or undercutting us on a deal with an ally. This is a violation of territory just as if they'd broken the locks on the buildings to come in and sit down at the keyboards.
panarky 20 days ago [-]
The US could announce that all Treasury securities held by China will not be redeemed and are now worthless.
nolok 19 days ago [-]
The US could destroy the one thing that make its economy unbreakable and ensure its ability to print infinite money at will without consequences? That's essentially the worst plan they could implement.
anikom15 20 days ago [-]
And tank its own economy in the process?
panarky 19 days ago [-]
It's seldom possible to impose severe consequences on your adversary without suffering some pain yourself. It's as true for economic warfare as it is for kinetic conflict.
hulitu 18 days ago [-]
> These sustained aggressive and systematic attacks by China demand a serious response, including massive financial and even kinetic responses.
Yes, like hiring sysadmins and not doing "checklist security". But, i guess, when Cisco has a backdoor in every product, the fight is lost.
> On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.
Reminiscent of the SolarWinds compromise.
daft_pink 20 days ago [-]
Really curious what aspect of the treasury they were hacking as it’s such a broad department that includes the IRS, etc.
alexwasserman 19 days ago [-]
This wasn’t specific to the Treasury.
BeyondTrust has a remote support product that gives support teams access to users desktops. It’s both SaaS and on-prem. BeyondTrust were hacked and a vuln was found in the remote access product.
Anyone using the products was impacted. Just happens to include Treasury.
These attacks are going to get more numerous and more brazen over time, as China continues to build up its military and seek economic and energy independence in order to deter any response.
The best time to plant a tree is 20 years ago, the second best time is now.
blackeyeblitzar 20 days ago [-]
This is one of a long string of incidents involving IP theft, espionage, hacking, etc. originating from China. At what point does the US government decide to treat these as acts of war and aggressively wage its own war against China, with the goal of dismantling the Chinese economy and CCP?
franktankbank 20 days ago [-]
Lol, the US is utterly dependent on China. Destroy its economy and we destroy ourselves (at least our overstuffed way of life). Our Democracy is not really equipped to pull out of this kind of trap. I'm really not sure what the fuckheads were thinking who offshored every god damn thing under the sun for a quick dollar. I mean it didn't even provide sustenance for more than the boomer generation.
The reality is that the follow up to this information exposure is never connected to the outcome. How many government agents have been compromised using the OPM hack data? nobody knows. How many politicians/corporations intimidated via blackmail?
How have these hacks changed the outcome of world events?
Besides, even if they weren't, I can be worried that I broke my leg and that my house is on fire.
Why fight that battle when we can't even secure devices with sensitive data?
The argument sounds like a non sequitur: because we cannot defend against all threats, we should not defend against any threat.
We can have different priorities for what is more impactful, easier to secure, and less restricting to fundamental freedoms without resorting to black and white thinking.
Cybersecurity is failing across the board causing damage worth 1000x of what it would cost to secure these systems.
Hostile powers will exploit any vulnerability they can find. In democracies, ordinary citizens are a target. In Romania an election was annulled, and TikTok specifically named in the investigation: https://apnews.com/article/romania-election-president-george...
Therefore I think we should not underestimate this threat. I admit that doing this in a way that preserves fundamental freedoms is not easy, and I don't claim to have the answer. Consider freedom of movement: few people seriously deny the need for passport checks on international borders.
That's it. It isn't regulation of speech, it's regulation of commerce, which is entirely within the rights of the US Congress to regulate.
Allowing it to happen with mere protests of concern is allowing it to happen.
I get not wanting to escalate, but lack of response only invites greater escalation. The cost of stopping this only increases with each round of attacks.
You also have to consider the asymmetric nature of this information. It's quite plausible that the US has its "cyber-fangs" embedded in key parts of PRC infrastructure, but how forthcoming do you think the PRC would be about that?
We could start with, every such attack and another major Chinese conglomerate is banned from US business. Coordinate with EU also to increase effects.
>>Which targets? I'm not an expert in that field, but I'm sure there are many who could devise an appropriate target list. The targets you suggest are not bad, I'd certainly prioritize equipment and avoiding any human casualties, so maybe going after their power feeds and backpu to their research and data centers would be a start...
The key is a rapid response that they feel, hard.
ByteDance owns TikTok, part of Reddit, and many games. Also, the CCP runs almost the entire manufacturing sector. Not just electronics, but ships.
The Xiaomi SU7 is .1 revs away from Tesla & Porsche.
The choice to sell ourselves to the CCP, for short term profit, was made decades ago by the consulting class.
I hate the person being quoted above with all my might, but that does not make the prediction any less true.My last hope was that the corruption of the CCP was worse than the corruption of the USA. Given the latest election, I am not so sure about that anymore.
Has your employer contributed to POTUS's inauguration, if not, please ask them to do so or else you might be unemployed! This is the CCP-level corruption bullshit. WTF.
Too true, sadly. And that quote is spot-on.
The thing is, there is no one better at playing catch-up than the USA; e.g., in 1939 just before WWII, the US had a total of 39 tanks in it's arsenal.
The big question is, whether the incoming administration, which looks in every way like it is already owned by the authoritarian powers and aspires to join them, will fight them, or if we'll be another 4 years down before anything happens. The incoming admin is already fighting to keep TikTok in the US. Insane.
Great confirmation that this is important. Let the downvotes begin.
— “You probe with bayonets: if you find mush, you push. If you find steel, you withdraw”
They do this relentlessly until they face consequences too costly to continue. Negotiations and agreements are simply, and accurately seen as "I won, I can continue making bigger offenses, and the opponent will do nothing (they won't violate the agreement while I do)" .
I mentioned sanctions first because they can often be more effective than kinetic and less escalatory. That does not mean they should be off the table, particularly kinetic responses with plausible deniability.
But no, this is not a political issue. A political issue would be dumping goods onto the market at sub-production-cost or undercutting us on a deal with an ally. This is a violation of territory just as if they'd broken the locks on the buildings to come in and sit down at the keyboards.
Yes, like hiring sysadmins and not doing "checklist security". But, i guess, when Cisco has a backdoor in every product, the fight is lost.
Reminiscent of the SolarWinds compromise.
BeyondTrust has a remote support product that gives support teams access to users desktops. It’s both SaaS and on-prem. BeyondTrust were hacked and a vuln was found in the remote access product.
Anyone using the products was impacted. Just happens to include Treasury.
The best time to plant a tree is 20 years ago, the second best time is now.