PRC Cyberwar

Here’s an example of the People’s Republic of China’s war on us, here in cyberspace, described in BusinessWeek.

In 2011, [Dell SecureWorks Director of Malware Research, Joe] Stewart turned his sights on China. “I thought I’d have this figured out in two months,” he says.  Two years later, trying to identify Chinese malware and develop countermeasures is pretty much all he does.

Malware from China has inundated the Internet, targeting Fortune 500 companies, tech startups, government agencies, news organizations, embassies, universities, law firms, and anything else with intellectual property to protect.  A recently prepared secret intelligence assessment described this month in the Washington Post found that the US is the target of a massive and prolonged computer espionage campaign from China that threatens the US economy.  With the possible exceptions of the US Department of Defense and a handful of three-letter agencies, the victims are outmatched by an enemy with vast resources and a long head start.

Stewart tracks about 24,000 Internet domains, which he says Chinese spies have rented or hacked for the purpose of espionage. … He catalogs the malware he finds into categories, which usually correspond to particular hacking teams in China.  He says around 10 teams have deployed 300 malware groups, double the count of 10 months ago. “There is a tremendous amount of manpower being thrown at this from their side,” he says.

The intel assessment to which the BusinessWeek article referred was summarized here.

The National Intelligence Estimate identifies China as the country most aggressively seeking to penetrate the computer systems of American businesses and institutions to gain access to data that could be used for economic gain.

The report, which represents the consensus view of the U.S. intelligence community, describes a wide range of sectors that have been the focus of hacking over the past five years, including energy, finance, information technology, aerospace and automotives, according to the individuals familiar with the report, who spoke on the condition of anonymity about the classified document. The assessment does not quantify the financial impact of the espionage, but outside experts have estimated it in the tens of billions of dollars.

An example of the cascade effects of China’s war, from that intel summary:

In 2011, when Chinese hackers attacked network security company RSA Security, the technology stolen was used to penetrate military-industrial targets.  Shortly after, the networks of defense contracting giant Lockheed Martin, which used RSA security tokens, were penetrated by Chinese hackers.

There are a couple of questions remaining in this cynic’s mind.  One concerns the apparent ease with which Stewart and his Indian follow-on tracked down this Chinese hacker (an effort described in the BusinessWeek article).  I have to wonder whether the “hacker” was a honeypot and how well the two trackers covered their own tracks—or whether they left their employers exposed.

The other flows from that first question.  Assuming no honeypot, it seems apparent that the hacker was discovered because he was careless, and not because our guys were better at the cyber combat.  Is the US helplessly bringing a jackknife to a combined arms assault?  Is that why our government’s efforts to protect us—and to counter and retaliate—are so infantile?  And the latter so timid:

[T]he Obama administration is seeking ways to counter the online theft of trade secrets, according to officials.  Analysts have said that the administration’s options include formal protests, the expulsion of diplomatic personnel, the imposition of travel and visa restrictions, and complaints to the World Trade Organization.

Pleas and chit-chat, nothing serious.

How did we get so helplessly far behind?  Our government (not just the present administration) has had no understanding at all of the threat posed.  A former government official said,

The problem with foreign cyber-­espionage is not that it is an existential threat, but that it is invisible, and invisibility promotes inaction.

Understanding how our weapons work so they can be neutralized, knowing where and how to plant malware to shut down our financial, transportation, and energy infrastructure—and having the malware to plant—threatens our sovereignty.  That it’s “invisible” is simply an aspect of any war: camouflage and stealth.  The government has first to understand that we’re in a war with the Chinese for our independence; then the fact of invisibility for the Chinese combatants will be understood for what it is—just a technique for advancing their attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *