The Times said the intruders used phishing attacks to break in around September 13 and infiltrated computers of at least 53 users, including those of the Shanghai and Beijing bureau chiefs. It seems they were looking for email and documents that might identify the sources for The Time's coverage of business deals that left relatives of Chinese prime minister Wen Jiabao wealthy.
According to Mandiant, the security firm the Times hired for help on this case, at least thirty western news organizations have been targeted by China. Many private companies also say they have been attacked by China, but they will not give forensic proof because that would be bad public releations and also reveal security secrets.
The Times reported that the hackers used university computers as proxies and switched IP addresses in order to remain anonymous. Oliver Richwood has warned against using China as a scapegoat and assuming they are responsible for all cyber attacks, but, in this case, the Times seems certain that the attacks are Chinese, saying they "closely matched the pattern of earlier attacks traced to China." The reported choice of targets supports that claim.
|The outline of Cliff Stoll's TED Talk|
In his article "Fear Pays the Bills, but Accounts Must Be Settled," security expert Bruce Schneier acknowledges that cyber attacks are commonplace, but points out that hype often outstrips reality and leads to major funding decisions. Many stories focus on hypothetical sabotage of the electric grid and other infrastructure, but, as far as I know, the only type 3 attack to date was the 2008 US-Israel Stuxnet worm, which damaged an Iranian nuclear enrichment plant. (The New York Times also reported that story).
Hype or reality, cyberwar funding is on the increase, and there is a lot of money to made. For example, the recently increased funding for the Army cyber command.
|Topographer Stoll's Klein wine bottle|
The New York Times has also recorded an 8-minute news video on the Chinese break ins featuring interviews of the Times CTO and Nicole Perlroth, who wrote the story.
Update 2/19 -- The New York Times reports that Mandiant will soon publish a report stating that a specific unit of the Chinese Army, headquartered in a specific building in Beijing has been responsible for "an overwhelming percentage of the attacks on American corporations, organizations and government agencies."
Update 2/20 -- Mandriant has published a report detailing their evidence against the Chinese and the Chinese have denied that the charges. They have also produced a short video showing screen captures of the hackers at work. (Yes, the video could have easily been contrived and bogus).
The video shows alleged Chinese hackers setting up a gmail account using a US IP address, spearphishing, taking control ov victim computers, accessing a victim's Microsoft Exchange email, copying hacking tools from their repository in Shanghai and stealing files.
Security gurus are now going through the Mondriant report to see which malware was being used and making sure that it is known to the security and antivirus community.
It is too bad that Cliff Stoll did not have access to YouTube when he was working on the Cuckoo's Egg. His video would have been a lot funnier!
Bloomberg has an article "How to curb Chinese cyberattacks." The title promises more than it delivers, but it differentiates between attacks against critical infrastructure and espionage and talks about what the administration has and should do.
The New York Times continues the discussion of Chinese cyber-attacks -- the "cyber-cold war" -- between the US and China. The article surveys the debate over the appropriate response to Chinese attacks -- from diplomacy to better defense to counter attack. There is no clear answer because of the deep inter-dependencies of the Chinese and US Economies.
The Chinese have countered US charges, saying hackers from the US have repeatedly launched attacks on two Chinese military websites, including that of the Defense Ministry. They claim 144.000 attacks per month. Do you believe the US is also conducting offensive attacks? Do you favor our doing so?
I've always assumed that Skype calls were securely encrypted, but that turns out not to be the case. With Microsoft's assistance, the Chinese government is monitoring Skype calls. University of New Mexico graduate student Jeffrey Knockel, who discovered the monitoring and is tracking the tracker, maintains a list of keywords the Chinese use for both censorship and surveillance. There are over 1,100 keywords on the list and he updates it daily on his Web site. Be careful about saying things like "Reporters without Borders", "Amnesty International", or the Macdonalds in front of Chunxi Road in Chengdu" if you are using Skype to talk with someone in China.
Chinese Foreign Minister Yang Jiechi says recent hacking allegations are on "shaky ground," and China opposes "turning cyberspace into a new battlefield or using the Internet as a new tool to interfere in the internal affairs of other nations.” He said that China’s government opposes hacking and has drawn up rules and laws to strictly forbid hackers and they have advocated and submitted specific proposals for a set of international rules governing the Internet under a United Nations framework.
Do they really want a truce? What I wonder is why we are not seeing stories of Internet espionage in China. I suspect it is going on.
A high level official has now explicitly called upon China to curtail hacking and enter into talks on the topic. While this seems obvious to a layman, in the protocols of international diplomacy, this is apparently an important step.
The speech in which hacking is addressed was by Tom Donilon, National Security Advisory to the President.
The New York Times article stresses hacking, but it is worth noting that hacking was a small part of the speech addressing "The United States and the Asia-Pacific in 2013." The main point of the speech was that the US has shifted priorities, increasing emphasis on the Asia-Pacific region.
In fact the section on hacking was only 319 out of 5,317 words and 3 of 78 paragraphs -- 4-6%. That is perhaps indicative of the over-hyping of the importance of these "cyberwar" attacks.
The US is talking stick as well as carrot.
General Keith Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee “This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone.”
The same day the nation’s top intelligence official, James R. Clapper Jr., warned Congress that a major cyberattack on the United States could cripple the country’s infrastructure and economy, and suggested that such attacks now pose the most dangerous immediate threat to the United States, even more pressing than an attack by global terrorist networks.
This is starting to sound like the "weapons of mass destruction" buildup to the invasion of Iraq.
The New York Times has reported that the US has accused the Chinese military of "mounting attacks on American government computer systems and defense contractors, saying one motive could be to map “military capabilities that could be exploited during a crisis.”