Sunday, October 4, 2009

Is Beijing Behind Cyberattacks on the Pentagon?

Defense News


Is Beijing Behind Cyberattacks on the Pentagon?


SINGAPORE — Cyberattacks traced back to China might be largely the work of a loose group of hackers, not government agents.

China observers have assumed Beijing coordinated such opera­tions to gather intelligence and prepare for cyberwarfare. The sophisticated penetration of fire­walled U.S. government computers seemed to point to the People’s Liberation Army (PLA). Some dug deep into Chinese strategic doctrine to unearth asymmetric warfare strategies such as “acupuncture warfare” — which aims to paralyze command-and-control hubs — then attached these concepts to Chinese cyberwarfare strategies.

But little evidence can be found that the Chinese government is involved in many of the acts of sabotage, data theft and cyber probing of U.S. government com­puters. Internet security analysts have come to believe that the PLA lacks the skill and organiza­tion for such operations.

Instead, there are signs that these and other cyber crimes are perpetrated by a loosely affiliated group of as many as 400,000 hackers called the Red Hacker Al­liance by Internet security specialists.

“As for government-sponsored attacks, I have never seen anyone produce any credible information on it,” said Scott Henderson, au­thor of “The Dark Visitor: Inside the World of Chinese Hackers.” “Does the People’s Liberation Army have an I/O [input-output] branch? Absolutely, but so do most other countries with a mod­ern military force,” he said. “PLA doctrine sees cyberwarfare as a means to reach parity with the United States, but it would be a big stretch to say they advocate massive intrusions around the world to test their capabilities.” Henderson, who retired from the U.S. Army as a Chinese lin­guist and served in the U.S. Embassy in Beijing in 1997 on special assignment, lists 189 hacker Web sites in his book as evidence that these groups exist and can work together.

Henderson said Red Hacker Al­liance members, who link their independent Web sites to each other, began with coordinated at­tacks against foreign govern­ments and other groups to protest what they feel to be injustices done to China.

But now, many attacks are done for money by hackers who sell in­formation to third parties, he said. “The group started out as a nationalist organization, but now they primarily hack for money,” he said.

Great Firewall of China

In the late 1990s, the Chinese government began installing hardware and software to restrict Chinese Internet users from learning about or discussing var­ious subjects, including Tibet, Taiwan and the 1989 Tiananmen Square massacre. Some believe this Golden Shield Project, also known as the Great Firewall of China, means that the PLA must be the puppet master of the Red Hacker Alliance.

These tight controls make it “highly unlikely that any signifi­cant attacks coming out of China are not state-sanctioned in some way,” said O Sami Saydjari, who runs the Cyber Defense Agency, a U.S.-based company.

But others say these restric­tions have bred a generation of hackers skilled at breaking through fire­walls and penetrating layers of security protocols.

“Through attacking the Golden Shield Project, a hacker could learn how to get around advanced firewalls,” said Jun Iso­mura, a senior fellow at the Hudson Insti­tute in Washington.

Henderson says neither is strictly the case.

“Most Chinese hackers don’t worry about getting around firewalls. Their tool of choice is the Trojan and social engi­neering,” he said. “They began writing their own malware around 1999 and have shown great success with getting people to load it for them.” Greg Walton, the Asia editor of Infowar Monitor , who works with pro-Tibetan groups attacked by Chinese hackers, is concerned about “zombie computers” con­trolled by remote computers in China.

“We can infer that some of the comput­ers in our networks have been compro­mised by control servers that are invari­ably located in China,” he said.

They can identify the exact street ad­dress, office and workstation that launched an attack.

He said he believes the attacks are not state-sponsored because they are traced to individual computer stations and the at­tacks are uncoordinated.

But even if the Red Hacker Alliance isn’t led by Beijing, the country’s military may still benefit from its efforts.

“The most obvious reason for the gov­ernment’s tolerance of the Red Hacker Al­liance is that it is likely that it receives valuable information from them. Thou­sands of attacks per day could surely fill in some of the gray areas of a composite intelligence picture,” Walton said. “Fur­thermore, as a nonstate actor, the Red Hacker Alliance provides Beijing with plausible deniability. Attribution is chal­lenging when investigating computer net­work attacks, and even if freelance hack­ers could be positively identified, it is eas­ily disavowed as the actions of patriotic youth — and certainly not that of the gov­ernment.” Yet Beijing also pays a price for its tol­erance: cyber crime and vandalism perpe­trated within China.

Of 70,000 Chinese Internet users sur­veyed, 90 percent had been infected with a virus, 44.8 percent had account numbers or personal information stolen, 26.7 per­cent suffered from online hacker attacks and 23.9 percent had been cheated by counterfeited Web sites, according to a 2007 study by the China Internet Network Information Center.

Other Threats

Henderson said the greatest threat out of China is not attacks on military or gov­ernmental information systems, but on civilian industry.

“This is a far more lucrative portion of the industry and will be the wave of the fu­ture,” he said.

And the threat isn’t just from China. Iso­mura said better defenses are needed be­cause U.S. information networks have been penetrated from India, Russia and Eastern Europe, many with criminal, not political, motivation.

Isomura said what is needed is a “social scientific approach for cyber warfare, in­formation technology security and in­fowarfare.” Because hackers are human, he said, it is necessary to learn what drives them. Is it espionage or “just fun” to penetrate a difficult system?

Saydjari called for a cyber Manhattan Project, led by top U.S. cyberdefense specialists.

“Such an initiative is imperative to im­prove detection and prevention tech­niques to mitigate a national strategic vul­nerability that grows worse every day,” he said.