Last week,
the New York Times,
Wall Street Journal and
Washington Post each reported attacks by Chinese hackers trying to discover documents and the names of sources for coverage of political corruption in China. They also reported that Chinese hackers had targeted Bloomberg, Reuters and other media sites.
The Times said the intruders used phishing attacks to break in around September 13 and infiltrated computers of at least 53 users, including those of the Shanghai and Beijing bureau chiefs. It seems they were looking for email and documents that might identify the sources for The Time's coverage of business deals that left relatives of Chinese prime minister Wen Jiabao wealthy.
According to
Mandiant, the security firm the Times hired for help on this case, at least thirty western news organizations have been targeted by China. Many private companies also say they have been attacked by China, but they will not give forensic proof because that would be bad public releations and also reveal security secrets.
The Times reported that the hackers used university computers as proxies and switched IP addresses in order to remain anonymous. Oliver Richwood has
warned against using China as a scapegoat and assuming they are responsible for all cyber attacks, but, in this case, the Times seems certain that the attacks are Chinese, saying they "closely matched the pattern of earlier attacks traced to China." The reported choice of targets supports that claim.
|
The outline of Cliff Stoll's TED Talk |
Eric Schmidt of Google has
said ”It’s fair to say we’re already living in an age of state-led cyber war, even if most of us aren’t aware of it.” Schmidt is correct, but "cyber war" is too broad a term. We may distinguish between at least three forms of cyber attack (1) espionage -- government, personal and business spying (2) sabotage that destroys or modifies data and (3) sabotage that effects the physical world. We can also characterize cyber attacks by their intent -- monetary gain, industrial advantage, political repression, political advantage, etc.
In his article "
Fear Pays the Bills, but Accounts Must Be Settled," security expert Bruce Schneier acknowledges that cyber attacks are commonplace, but points out that hype often outstrips reality and leads to major funding decisions. Many stories focus on hypothetical sabotage of the electric grid and other infrastructure, but, as far as I know, the only type 3 attack to date was the 2008 US-Israel Stuxnet worm, which damaged an Iranian nuclear enrichment plant. (The New York Times also
reported that story).
Hype or reality,
cyberwar funding is on the increase, and there is a lot of money to made. For example, the
recently increased funding for the Army cyber command.
|
Topographer Stoll's Klein wine bottle |
All this talk about government-sponsored hacking reminded me of Clifford Stoll, an astronomer and system administrator who tracked down a KGB hacker at Lawrence Berkeley National Lab in 1986. Stoll documented his detective work in an insightful and funny book "The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage."
Check it out and read the reviews at Amazon. I read it at the time and remember really liking both the book and Stoll himself. If you wonder why I said I liked him as well as his book, watch his
2006 TED Talk.
The New York Times has also recorded an
8-minute news video on the Chinese break ins featuring interviews of the Times CTO and Nicole Perlroth, who wrote the story.
-----
Update 2/19 -- The
New York Times reports that Mandiant will soon publish a report stating that a specific unit of the Chinese Army, headquartered in a specific building in Beijing has been responsible for "
an overwhelming percentage of the attacks on American corporations, organizations and government agencies."
-----
Update 2/20 -- Mandriant has published a
report detailing their evidence against the Chinese and the
Chinese have denied that the charges. They have also produced a
short video showing screen captures of the hackers at work. (Yes, the video could have easily been contrived and bogus).
The video shows alleged Chinese hackers setting up a gmail account using a US IP address, spearphishing, taking control ov victim computers, accessing a victim's Microsoft Exchange email, copying hacking tools from their repository in Shanghai and stealing files.
Security gurus are now
going through the Mondriant report to see which malware was being used and making sure that it is known to the security and antivirus community.
It is too bad that Cliff Stoll did not have access to YouTube when he was working on the Cuckoo's Egg. His video would have been a lot funnier!
-----
Update 2/24
Bloomberg has an article "
How to curb Chinese cyberattacks." The title promises more than it delivers, but it differentiates between attacks against critical infrastructure and espionage and talks about what the administration has and should do.
-----
Update 2/25
The New York Times
continues the discussion of Chinese cyber-attacks -- the "cyber-cold war" -- between the US and China. The article surveys the debate over the appropriate response to Chinese attacks -- from diplomacy to better defense to counter attack. There is no clear answer because of the deep inter-dependencies of the Chinese and US Economies.
-----
Update 3/1
The Chinese have countered US charges,
saying hackers from the US have repeatedly launched attacks on two Chinese military websites, including that of the Defense Ministry. They claim 144.000 attacks per month. Do you believe the US is also conducting offensive attacks? Do you favor our doing so?
-----
Update 3/8
I've always assumed that Skype calls were securely encrypted, but that turns out not to be the case. With Microsoft's assistance,
the Chinese government is monitoring Skype calls. University of New Mexico graduate student Jeffrey Knockel, who discovered the monitoring and is tracking the tracker, maintains a list of keywords the Chinese use for both censorship and surveillance. There are
over 1,100 keywords on the list and he updates it daily on
his Web site. Be careful about saying things like "Reporters without Borders", "Amnesty International", or the Macdonalds in front of Chunxi Road in Chengdu" if you are using Skype to talk with someone in China.
-----
Update 3/9/2013
Chinese Foreign Minister
Yang Jiechi says recent hacking allegations are on "shaky ground," and China opposes "turning cyberspace into a new battlefield or using the Internet as a new tool to interfere in the internal affairs of other nations.” He said that China’s government opposes hacking and has drawn up rules and laws to strictly forbid hackers and they have advocated and submitted specific proposals for a set of international rules governing the Internet under a United Nations framework.
Do they really want a truce? What I wonder is why we are not seeing stories of Internet espionage in China. I suspect it is going on.
-----
Update 3/15/2013
A high level official has now
explicitly called upon China to curtail hacking and enter into talks on the topic. While this seems obvious to a layman, in the protocols of international diplomacy, this is apparently an important step.
The
speech in which hacking is addressed was by Tom Donilon, National Security Advisory to the President.
The New York Times article stresses hacking, but it is worth noting that hacking was a small part of the speech addressing "The United States and the Asia-Pacific in 2013." The main point of the speech was that the US has shifted priorities, increasing emphasis on the Asia-Pacific region.
In fact the section on hacking was only 319 out of 5,317 words and 3 of 78 paragraphs -- 4-6%. That is perhaps indicative of the over-hyping of the importance of these "cyberwar" attacks.
-----
Update 3/15/2013
The US is talking stick as well as carrot.
http://nyti.ms/WtjCLX
General Keith Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee “This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone.”
The same day the nation’s top intelligence official, James R. Clapper Jr., warned Congress that a major cyberattack on the United States could cripple the country’s infrastructure and economy, and suggested that such attacks now pose the most dangerous immediate threat to the United States, even more pressing than an attack by global terrorist networks.
This is starting to sound like the "weapons of mass destruction" buildup to the invasion of Iraq.
-----
Update 5/7/2013
http://nyti.ms/16e8CYU
The New York Times has reported that the US has accused the Chinese military of "mounting attacks on American government computer systems and defense contractors, saying one motive could be to map “military capabilities that could be exploited during a crisis.”
-----
Update 5/20/2013
The New York Times reports that, after a three-month break,
Chinese hackers have resumed their attacks on U.S. targets. The Chinese Foreign Ministry denies the accusation, and People’s Daily, which reflects the views of the Communist Party, called the United States “the real ‘hacking empire,’ ” saying it “has continued to strengthen its network tools for political subversion against other countries.” Other Chinese organizations and scholars cited American and Israeli cyberattacks on Iran’s nuclear facilities as evidence of American hypocrisy.
-----
Update 5/22/2013
This story keeps on going. The Washington Post reported that
Chinese hackers breached Google security in an effort to learn the identities of Chinese intelligence operatives in the United States who may have been under surveillance by American law enforcement agencies. It seems they tried tried to do the same at Microsoft, but failed to gain access.
----
Update 5/23/2013
The New York Times has published an
article on the culture of hacking in China --
it is widespread and brazen. Companies advertise their capability and sell at trade shows. The article covered a trade show and quotes a salesman as saying “We can physically locate anyone who spreads a rumor on the Internet.” The company’s services include monitoring online postings and pinpointing who has been saying what about whom.
Another quote from the article:
The culture of hacking in China is not confined to top-secret military compounds where hackers carry out orders to pilfer data from foreign governments and corporations. Hacking thrives across official, corporate and criminal worlds. Whether it is used to break into private networks, track online dissent back to its source or steal trade secrets, hacking is openly discussed and even promoted at trade shows, inside university classrooms and on Internet forums.
-----
Update 5/29/2013
The Washington Post reports that critical U.S. weapons system designs
were compromised by Chinese hackers. Before things like reports of weapons in Iraq, I would have been more concerned about this report, but, now, I cannot help wondering whether it is hype to get congress to allocate funds for agencies and companies.
-----
Update 6/1/2013
A
New York Times column argues that the example of the British use of Elizabethan pirates against the Spanish navy is more relevant to the budding cyberwar between the US and China than the cold war between the US and the Soviet Union.
_____
Update 6/1/2013
A New York Times article reports that The United States and China have agreed to hold regular, high-level talks on how to set standards of behavior for cybersecurity and commercial espionage, the first diplomatic effort to defuse the tensions over what the United States says is a daily barrage of computer break-ins and theft of corporate and government secrets. That sounds hopeful.