Is Beijing Behind Cyberattacks on the Pentagon?
BY WENDELL MINNICK
SINGAPORE — Cyberattacks traced back to China might be largely the work of a loose group of hackers, not government agents.
China observers have assumed Beijing coordinated such operations to gather intelligence and prepare for cyberwarfare. The sophisticated penetration of firewalled U.S. government computers seemed to point to the People’s Liberation Army (PLA). Some dug deep into Chinese strategic doctrine to unearth asymmetric warfare strategies such as “acupuncture warfare” — which aims to paralyze command-and-control hubs — then attached these concepts to Chinese cyberwarfare strategies.
But little evidence can be found that the Chinese government is involved in many of the acts of sabotage, data theft and cyber probing of U.S. government computers. Internet security analysts have come to believe that the PLA lacks the skill and organization for such operations.
Instead, there are signs that these and other cyber crimes are perpetrated by a loosely affiliated group of as many as 400,000 hackers called the Red Hacker Alliance by Internet security specialists.
“As for government-sponsored attacks, I have never seen anyone produce any credible information on it,” said Scott Henderson, author of “The Dark Visitor: Inside the World of Chinese Hackers.” “Does the People’s Liberation Army have an I/O [input-output] branch? Absolutely, but so do most other countries with a modern military force,” he said. “PLA doctrine sees cyberwarfare as a means to reach parity with the United States, but it would be a big stretch to say they advocate massive intrusions around the world to test their capabilities.” Henderson, who retired from the U.S. Army as a Chinese linguist and served in the U.S. Embassy in Beijing in 1997 on special assignment, lists 189 hacker Web sites in his book as evidence that these groups exist and can work together.
Henderson said Red Hacker Alliance members, who link their independent Web sites to each other, began with coordinated attacks against foreign governments and other groups to protest what they feel to be injustices done to China.
But now, many attacks are done for money by hackers who sell information to third parties, he said. “The group started out as a nationalist organization, but now they primarily hack for money,” he said.
Great Firewall of China
In the late 1990s, the Chinese government began installing hardware and software to restrict Chinese Internet users from learning about or discussing various subjects, including Tibet, Taiwan and the 1989 Tiananmen Square massacre. Some believe this Golden Shield Project, also known as the Great Firewall of China, means that the PLA must be the puppet master of the Red Hacker Alliance.
These tight controls make it “highly unlikely that any significant attacks coming out of China are not state-sanctioned in some way,” said O Sami Saydjari, who runs the Cyber Defense Agency, a U.S.-based company.
But others say these restrictions have bred a generation of hackers skilled at breaking through firewalls and penetrating layers of security protocols.
“Through attacking the Golden Shield Project, a hacker could learn how to get around advanced firewalls,” said Jun Isomura, a senior fellow at the Hudson Institute in Washington.
Henderson says neither is strictly the case.
“Most Chinese hackers don’t worry about getting around firewalls. Their tool of choice is the Trojan and social engineering,” he said. “They began writing their own malware around 1999 and have shown great success with getting people to load it for them.” Greg Walton, the Asia editor of Infowar Monitor , who works with pro-Tibetan groups attacked by Chinese hackers, is concerned about “zombie computers” controlled by remote computers in China.
“We can infer that some of the computers in our networks have been compromised by control servers that are invariably located in China,” he said.
They can identify the exact street address, office and workstation that launched an attack.
He said he believes the attacks are not state-sponsored because they are traced to individual computer stations and the attacks are uncoordinated.
But even if the Red Hacker Alliance isn’t led by Beijing, the country’s military may still benefit from its efforts.
“The most obvious reason for the government’s tolerance of the Red Hacker Alliance is that it is likely that it receives valuable information from them. Thousands of attacks per day could surely fill in some of the gray areas of a composite intelligence picture,” Walton said. “Furthermore, as a nonstate actor, the Red Hacker Alliance provides Beijing with plausible deniability. Attribution is challenging when investigating computer network attacks, and even if freelance hackers could be positively identified, it is easily disavowed as the actions of patriotic youth — and certainly not that of the government.” Yet Beijing also pays a price for its tolerance: cyber crime and vandalism perpetrated within China.
Of 70,000 Chinese Internet users surveyed, 90 percent had been infected with a virus, 44.8 percent had account numbers or personal information stolen, 26.7 percent suffered from online hacker attacks and 23.9 percent had been cheated by counterfeited Web sites, according to a 2007 study by the China Internet Network Information Center.
Henderson said the greatest threat out of China is not attacks on military or governmental information systems, but on civilian industry.
“This is a far more lucrative portion of the industry and will be the wave of the future,” he said.
And the threat isn’t just from China. Isomura said better defenses are needed because U.S. information networks have been penetrated from India, Russia and Eastern Europe, many with criminal, not political, motivation.
Isomura said what is needed is a “social scientific approach for cyber warfare, information technology security and infowarfare.” Because hackers are human, he said, it is necessary to learn what drives them. Is it espionage or “just fun” to penetrate a difficult system?
Saydjari called for a cyber Manhattan Project, led by top U.S. cyberdefense specialists.
“Such an initiative is imperative to improve detection and prevention techniques to mitigate a national strategic vulnerability that grows worse every day,” he said.