The Secret China-U.S. Hacking War

 
 
By Larry Seltzer  |  Posted 2008-03-13
 
 
 

Is the United States under attack again?

Recent reports have the U.S. military not quite blaming the Chinese military for a long string of cyber-attacks against U.S. military computers. It sure sounds like they believe it, but they're not quite saying it. Also left unsaid is how much actual damage and compromise has happened already.

A Wall Street Journal article March 12 described how military networks are increasingly the targets of hackers. The targets are not limited to actual Department of Defense networks, but can also include defense industries and think tanks. The full article is available only to subscribers. Another detailed article on the same material is available on DailyTech.

The Journal article quotes Gen. Kevin Chilton, "[t]he top U.S. commander in charge of cyberspace," as saying that the networks are under attack, and that there is significant evidence implicating the Chinese but not outright accusing them. "The thing about China that gives you pause is that they've written openly about their emphasis in particular areas--space and cyberspace," he said.

International cyber-wars are becoming a not-uncommon occurrence. Last year the Internet infrastructure of Estonia was largely taken down by attacks from Russia, following a dispute with Russia over the fate of a World War II memorial. But that attack was against the civilian Internet infrastructure: the ISPs and banks, for example, not the Estonian military or government. Such attacks can impact the entire Internet, and are fundamentally different from targeted hacks against specific installations. It's the difference between war and espionage.

I asked Gadi Evron, who consulted on the Estonian responses to the attacks they received. He confirms that China is a dangerous place for the Internet. "I can confirm targeted attacks with sophisticated technologies have been launched against obvious enemies of China. I can also confirm that China's network is the most plagued with cyber-crime in the world, being abused and used to launch attacks ranging from fraud to denial-of-service, worldwide. Who is behind these attacks can't be easily said, but it can be an American cyber-criminal, a Nigerian spammer or the Chinese themselves."

The Chinese government may try to exert control over the Internet that we find despotic, but they're not the only people using it there. Other actors in China can and do engage in the same Internet crimes that occur everywhere else. Evron adds: "Due to IP address spoofing and the fact criminals can take over and use computers worldwide as if they were their own, being sure about this is not possible by technical means--the Internet is perfect for plausible deniability."

But plausible deniability is not proof either way, and it's still reasonable for intelligence estimators like General Chilton to come to reasonable conclusions based on evidence. Even if you can't prove that the government was involved in an attack coming from China, it still bears some responsibility.

So is this a unilateral war or are we also attacking them? Don't expect a straight answer out of the U.S. military on that one either, or from the Chinese military for that matter. We have plenty of civilian and military networks capable of performing similar attacks and having an interest in doing so. It's just another espionage tool, and no more or less moral than others we've used in the past.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack.

Rocket Fuel