Friday, March 1, 2013

Chinese State Sponsored Cyber Attacks and Our Response

First, if you are unfamiliar with the basics of hacking, check out my previous post. Stay tuned for more specific info on how to secure your business.

Executive Summary

The Chinese State has been hacking U.S. and multinational companies, stealing valuable intellectual property. Businesses must take software security seriously, investing more resources in locking down computers and networks. The U.S. government should strike back at this Chinese aggression, disabling Chinese Internet censorship, and shedding light on Chinese government atrocities.


Chinese Cyber Attacks

Mandiant Corporation recently released a report on coordinated cyber attacks by the Chinese on large U.S. businesses and other organizations. The report raised lots of alarm bells and rightfully so. So what should we do about these attacks? We should respond in the name of liberty.

Sitting on our hands is not an option.

The detailed, well-written report focuses on APT1, the largest Advanced Persistent Threat to face American companies. APT1 is far more than a few script kidding with fast broadband. Mandiant presents a large body of evidenced that this organization is, in fact, Unit 61398, the cyber-warfare unit of the People's Liberation Army. This report was released in the wake of a New York Times article detailing a four month intrusion into its systems. The Washington Post reported a similar incident. The papers believe they were targeted in retaliation for less than favorable stories they ran on Chinese Prime Minister Wen Jiaobao.

Mandiant Corporation discovered those attacks and repelled the attackers. Their research has uncovered more than 140 total hacking incidents perpetrated against international organizations by APT1–most of them relatively sophisticated. The attacks originated from Shanghai and required a huge number of computing power and manpower. The pattern of attack used by APT1:

  1. Launch a spear phishing attack to acquire the password of a member of the target organization
  2. Use that user's credentials to load malware into his/her computer
  3. Leverage that malware to infect other systems in the target network
  4. Transfer a huge amount of intellectual property (often terabytes) back to APT1's servers
  5. Wash
  6. Rinse
  7. Repeat

The APT1 attacks were largely to steal intellectual property. This should be no surprise to anyone. China has written its laws so that foreign companies must partner with local firms in order to do business there–largely so that foreign companies will have to share IP in order to access China's burgeoning labor or consumer goods markets. Of course, these hacking incidents are far more sinister.

Who knows how far China will go? By one account, Chinese officials have already used stole IP to blackmail a corporate boss. What's to prevent China from attacking critical infrastructure? If China invades Taiwan and the US responds, might China be willing to take down the systems that operate the US power grid? You bet your sweet ass they would.

See no evil. Hear no evil. Hack no evil.

The Chinese government claims to have no knowledge of any attacks calling the Mandiant's report a fabrication. How beleievable are China's claims? Not very. Attacks of that magnitude could only have been carried out by a large organization, either a government or a large corporation., their location makes it nearly certain that they were at least tolerated. Furthermore, the Chinese government keeps a tight reign on their network. They use deep packet inspection in order to spy on and censor their own citizens. They maintain such tight control of their networks, and they didn't notice such large scale hacking happening in Shanghai? Yeah, right.

So what should we do?

Obviously, defensive measures are de rigueur. The Department of Defense, Central Intelligence Agency, and National Security Administration and many other government agencies have taken IT security seriously for a while now. Of course, the Chinese have chosen to attack the weak underbelly of U.S. corporations whose investors and management don't understand the threat. U.S. businesses need to get in the game. Firewalls, security policies, threat modeling, application security, data encryption, penetration testing, and more. If you don't know how to secure your networks, applications, and data, learn fast. Stay tuned for some specific information on how.

But are defensive measures enough? What we have here is a cyber-war. Or some would argue that cyber-espionage is a more appropriate term. That's all semantics. It doesn't matter what it's called. We need to fight back. Even if the group launching these attacks is not directly associated with the government, it is being sheltered. Remember, the Afghan government did bomb our embassies, but they harbored those who did. The U.S. government ignored the attacks, and a few years later, the thousands died in the 9/11 attacks. We don't know how far China is willing to go.

The NSA, CIA, and military cyber operations should strike back. But how? They attacked our businesses and stole valuable intellectual property. We could respond in kind, but we don't want their IP. What would we do with it anyway? We could escalate the war by taking down their infrastructure, grounding their airlines, stopping their trains, or take down their data centers, but that would achieve little.

Hacking for Liberty

We should steal embarrassing Chinese state secrets and use them to further its citizens liberty. China's government treats its citizens horribly. Those who seek redress are sent to labor camps, tortured or even executed. Rule of law does not even exist. Corruption is rampant at all levels. Rich public officials demand bribes from even the miserable poor.

China has gone to great lengths to keep its citizens in the dark regarding these injustices. The formal press is state run and the Internet is completely censored. We should use cyber operations steal data on all of China's injustices and corruption and give it to the press. Furthermore, the Chinese people are completely cut off from the press by Chinese censors, so we should change that. We should take down their censorship infrastructure and shine rays of light on their darkest secrets so that their citizens can demand justice.

What would happen? Certainly, this activity would raise Chinese awareness of their government's despotic nature. And this would foment change. Whether the change would come fast as in Egypt or slowly as in Myanmar, I do not know, but change would come. Change will come anyway. As China's population journeys from subsistence living to middle class, it will demand not just prosperity, but freedom. The first American colonists made this journey and these demands in the 17th and 18th centuries. Liberty is one of the cornerstones of American foreign policy. Recently, the U.S. has attempted to spread democracy in the Middle East. The imposition of democracy by ground troops failed. Many died, and the U.S. economy was gravely injured. But we have met success in Egypt, Libya, and Tunisia by supporting dissidents. The Chinese government is stronger than those Arab dictators, but the prize is bigger. First, in China, unlike in the Middle East, no violent, fundamentalist religion holds sway. The downfall of the Chinese Communist Party would certainly mean democracy. Second, the Chinese economy will be the world's largest by 2030. It is crucial, that such a large influential country be a force for good.

Of course, the U.S. is likely responding to these attacks as I am writing. If nothing else, security is being tightened in datacenters all over the country. Perhaps, agressive counter-attacks are happening. We won't know the details for years if ever. We'll continue to follow this fascinating story as it unfolds. Loyal readers, keep your Internet dial tuned right here for updates.


  1. The Chinese Government is operating large scale attacks on US business
  2. China denies everything
  3. Lock down your business! SECURE SECURE SECURE
  4. The U.S. government should respond by hacking back
  5. China's human rights abuses should be exposed to all
  6. The Chinese people should not be kept ignorant by their government any longer
  7. Hacking can be used as a tool for freedom

No comments:

Post a Comment