China emerges as leader in cyberwarfare
In recent weeks, China has been accused of hacking the Pentagon as well as British and German government offices.
from the September 14, 2007 edition
Page 3 of 4
The new focus by other governments on China's capabilities are part of getting to know a country long criticized for a lack of transparency. "China's ambitions are quite extensive. It is a great power that is rising, and so other people want to scrutinize you. That's part of being a great society," says a veteran European China-watcher in Beijing. "When you hack into the private files of other governments, people want to know what you are doing. If you talk about a harmonious world, and a harmonious society, and then you do things that aren't harmonious – you get called out."
Of particular alarm for Washington and other world capitals are so-called "zero-day attacks" – cyberpenetrations that look for software flaws to exploit. This is not an uncommon pastime for hackers. But in China's case, suspicion falls on professional hackers, says Sami Saydjari, a Defense Department computer-security veteran who now heads a firm called Cyber Defense Agency in Wisconsin.
"The Chinese ... [put] very strong controls over … their Internet, and it's highly unlikely there are hacker groups that have any substantial level of capability they don't control," says Mr. Saydjari.
Analysts say China constantly probes US military networks. But attributing this conclusively to the People's Liberation Army, fingered by German officials in Der Speigel, is almost impossible. To trace attacks to their source requires the help of those who control each link, or router.
Proving cyberattacks involves what Mulvenon calls the "Tarzana, California, problem." How does one know an attack "isn't coming from a kid in Tarzana who is bouncing off a Chinese server?" Mulvenon asks. "You don't. You can't predicate a response based on perfect knowledge of the attacker. But we think that correlation is causation. That is, 'Who benefits?' The best-case analysis is to correlate attacks with what Chinese have always said and written their goals are, which makes them by far the most likely suspect."
Cyberpenetration runs the gamut, from simple to sophisticated. There's a simple "Trojan horse attack," for example, said to be used against the German chancellery. Hackers send what appears to be a legitimate e-mail. When opened, it installs malicious software that allows hackers to open files in a private network, or disrupt it. A Trojan horse is not surprising in an unclassified system, says Saydjari. "But some of the attacks attributed to China have been quite sophisticated."
Beijing's control showed in September 2003, when the company that administers .com and .net domain names made unilateral changes to the Internet's functioning. System administrators around the world scrambled to make piecemeal fixes.
RSS feed
