DISCRETION IS NOW REQUIRED IN CHINA
www.strategypage.com March 25, 2013: A group of Chinese hackers recently tracked back to the
same area where many Chinese Cyber War organizations are based, have apparently
been ordered to improve their stealth skills. In the hacking community being
able to get in, grab what you came for (or found and decided was worth taking)
and leave undetected is the way it’s supposed to be done. Many hackers can get
in, but because of sloppiness, haste or a lack of skill they are detected. Even
if the intruders got what they came for, being detected, tracked and identified
is potentially disastrous. Hackers who are not based in a country that refuses
to extradite Internet criminals can be found, arrested and punished. Courts no
longer consider hacking a minor offense and those caught are being sent away
for longer and longer periods of imprisonment. China is particularly severe at
what it considers illegal hacking (as in plundering Chinese companies) and
those caught are sometimes executed.
The growing pile of evidence against China-based hackers is
proving embarrassing for China, which tends to dismiss such accusations. That
attitude has made the victims even angrier and there are more threats of
retaliation. So the recently revealed Chinese hackers have gone dark, as in
they have changed the now well-known IP addresses and servers they normally use.
China believes that the way Cyber War currently works, as long as no one is
getting killed (at least not openly) there is not much risk of conventional
(bombs, blockades, or whatever) retaliation. Yet their growing number of
victims in the West are becoming extremely agitated, so China has apparently
ordered their hackers to maintain a lower profile, or else.
Identifying specific hackers, or teams of hackers, is not
all that difficult if you can detect their presence. Just examine the type of
attacks along with the tools and techniques used, the specific information
being sought and much more. Internet security companies and government
intelligence agencies collect information on these “hacker profiles” are able
to quickly match patterns of behavior to identify groups, or even individuals.
China has been hacking away at U.S. targets for over a
decade now and shows no signs of slowing down, despite growing U.S. efforts to
erect better defenses. In addition to recent attacks on American media
companies, China has also launched well organized and very deliberate attacks
on American defense companies and specific Department of Defense computer
networks. Even when caught in the act, the hackers often got away with a lot of
valuable material.
When the U.S. Navy War College got hit seven years ago they
had to shut down their computer network so that servers could be scrutinized to
see what was taken, changed, or left behind. Why attack the Navy War College?
Mainly because that's where the navy does a lot of its’ planning for future
wars. The strategy for the Pacific war during World War II was worked out at
the Navy War College, and that planning tradition continues. Plus, the Chinese
may have also found the War College networks to be more vulnerable. Another well-organized
and executed attack was made on the Bureau of Industry and Security (BIS)
systems. BIS is a section of the Commerce Department that has been fighting
Chinese efforts to illegally obtain U.S. military technology and American trade
secrets in general. Some BIS computers were so thoroughly infiltrated that
their hard drives had to be wiped clean and reloaded as if they were new
machines. It’s not just the United States that is being hit.
The Chinese hackers have had similar spectacular success in
Europe. Despite spending over a billion dollars a year defending their
government networks, Britain complained openly of hackers getting into the
communications network of the Foreign Office. The government also warned of
increasing attacks on British companies. These attacks on government and
corporate networks were all targeting specific people and data. While China was
not mentioned in these official announcements, British officials have often
discussed how investigations of recent hacking efforts tended to lead back to
China. There is also a strong suspicion, backed up by hacker chatter, that some
governments were offering large bounties for information stolen from other
governments. Not information from China but from everyone else.
China manages to muster all this hacker talent by vigorously
recruiting patriotic Chinese Internet experts to hack for the motherland. China
is one of many nations taking advantage of the Internet to encourage, or even
organize, patriotic Internet users to provide hacking services for the
government. This enables these thousands of hackers be directed (unofficially)
to attack targets (foreign or domestic). These government organizations arrange
training and mentoring to improve the skills of group members. China has helped
identify and train over a million potential ace hackers so far. Most turn out
to be minor league at best, but the few hundred hotshots identified are put to
work plundering foreign networks.
While many of these Cyber Warriors are rank amateurs, even
the least skilled can be given simple tasks. And out of their ranks emerge more
skilled hackers, who can do some real damage. These hacker militias have also
led to the use of mercenary hacker groups, who will go looking for specific
secrets, for a price. Chinese companies are apparently major users of such
services, judging from the pattern of recent hacking activity, and the fact
that Chinese firms don't have to fear prosecution for using such methods.
China pioneered the militia concept in the late 1990s, when their
Defense Ministry established the "NET Force." This was initially a
research organization, which was to measure China's vulnerability to attacks
via the Internet. Soon this led to examining the vulnerability of other
countries, especially the United States, Japan, and South Korea (all nations
that were heavy Internet users). NET Force has continued to grow. NET Force was
soon joined by an irregular civilian militia, the "Red Hackers Union"
(RHU). These are over half a million patriotic Chinese programmers, Internet
engineers, and users who wished to assist the motherland and put the hurt, via
the Internet, on those who threaten or insult China. The RHU began
spontaneously in 1999 (after the U.S. accidentally bombed the Chinese embassy
in Serbia), but the government soon assumed some control, without turning the
voluntary organization into another bureaucracy. The literal name of the group
is "Red Honkers Union," with Honker meaning "guest" in
Chinese. But these were all Internet nerds out to avenge insults to the
motherland.
Various ministries have liaison officers who basically keep
in touch with what the RHU is up to (mostly the usual geek chatter) and
intervene only to "suggest" that certain key RHU members back off
from certain subjects or activities. Such "suggestions" carry great
weight in China, where people who misbehave on the web are very publicly
prosecuted and sent to jail. For those RHU opinion-leaders and ace hackers that
cooperate, there are all manner of benefits for their careers, not to mention
some leniency if they later get into some trouble with the authorities. Many
government officials fear the RHU, believing that it could easily turn into a
"counter-revolutionary force." So far, the Defense Ministry and NET
Force officials have assured the senior politicians that they have the RHU
under control.
All nations with a large Internet user population have these
informal groups, but not all nations have government guidance and encouragement
to make attacks. When there are tensions between nations with large number of
Internet users, it almost always results in the "hacker militias" of
both nations going after each other. The U.S. has one of the largest such
informal militias but there has been little government involvement. That is
changing. The U.S. Department of Defense, increasingly under hacker attack, is
now organizing to fight back, sort of.
No comments:
Post a Comment