Cyber-Attacks on Gmail, Defense Industries Linked to China: Investigators

Cyber-Attacks on Gmail, Defense Industries Linked to China: Investigators

The hackers that launched attacks against Google's Gmail system, Lockheed Martin, L3 and Northrup Grumman may have been based at a vocational school run by the People's Liberation Army in Jinan, China, investigators say.

The investigators from Google have passed their evidence along to the FBI, which is performing a follow-up investigation. Jinan is also the headquarters of the Chinese intelligence service, and both that organization and the PLA have repeatedly said that China is beefing up its cyber-war capabilities.

The attacks against Google focused on U.S. government employees and members of the U.S. military, according to statements by Google. Other news reports say that the victims' Google Gmail boxes have been secured since the attacks were discovered. Further more security software company Trend Micro has reported that Yahoo and Hotmail Web email services also have been hit by similar attacks.

The accusations of Chinese involvement in the attacks on Google and U.S. defense contractors appear to surprise no one. China's military threatened to take sanctions against Lockheed Martin if the company went through with a sale of F-16 fighter jets to Taiwan. In addition, two scholars from the Chinese Academy of Military Sciences wrote in the China Youth Daily newspaper that the military is making preparations to fight the Internet war.

The Chinese government has a long history of hacking the computer systems of enterprises and governments it is in dispute with. It did its best to hack the Gmail accounts of Chinese activists, it hacked Google and stole some of the search engine code, and hardly anyone in the U.S. government or IT security business doubts that China is behind the recent attacks on the government contractors.

China, of course, strongly denies this, just as the Chinese government denies all unfavorable news. In fact, Chinese denials have come so frequently and about so many different topics that they're not taken seriously. The International Business Times points out that Chinese denials of the intentional weakness of the Yuan are just as vehement, even though the business world acknowledges the fact that the Yuan is undervalued.

So what will the U.S. government do about this hacking? Probably nothing. Even if it's proven beyond any doubt that the attacks came from the Chinese school in Jinan, it's impossible to prove that the Chinese government was behind it. The PLA might have done it and the intelligence service might have done it.

U.S. Can't Respond from Moral High Ground

Remember that in China, the civilian control of the military and intelligence apparatus isn't like it is in the United States. The Chinese military is essentially autonomous. Chinese generals can ignore orders from political leaders if they decide to with no consequences.

So why doesn't the United States demand that China stop these actions? The United States can and has made such demands. Until the United States is ready to ramp up the demands to the point where it appears that there might be concrete action, China will probably continue to ignore them. The problem is that the United States isn't in a position of strength here. The fact that China owns a large part of our national debt and the fact that China is a major trade partner make really aggressive action unlikely.

Adding to the problem is the fact that some of China's accusations appear to be true. China has accused the United States of starting a global Internet war, specifically in conjunction to the uprisings in the Middle East. It's impossible to know whether the United States is currently conducting a cyber=war against Arab governments in support of rebels, but the United States has done so in the past, notably targeting data systems in Iraq prior to the invasion several years ago.

In response to the current string of attacks on U.S. interests, the U.S. government will probably air its grievances in public, hoping to embarrass the Chinese government. The Chinese government will issue ever more strongly worded denials. The attacks will continue, at least for a while.

Eventually, the United States will amass enough evidence that can quietly be shown to the Chinese government to make it clear that the United States can prove what's going on. But the United States won't just retaliate with an attack of its own because it would lead to a series of escalations that would go completely out of control almost as soon as it started. The Chinese, seeing the evidence, will dial back the attacks.

What this means to you is that you can't let your guard down even a little. When you're in a battle between giants, it's really easy to get stepped on and that can certainly happen here.

Instead, your only real course is to build up your defenses and make sure that you're not the easy target that the Chinese (or whomever) goes after when they want to break into a network that they think might contain useful information. So the best answer is to make sure that your security is sufficiently strong that would-be hackers will try someplace else first. Build your defenses in depth just like Lockheed Martin did and use that as a way to encourage the Chinese to leave you alone.