I was waiting at the British Airways lounge for my connection flight when my eyes caught the
cover of a BusinessWeek magazine. “Hey China”, it said, “Stop Stealing Our Stuff!”
In the last 2 years there has been a dramatic surge of Advance Persistent Threat attacks – military grade cyber attacks against commercial targets. Many of these attacks were reported by security researchers to have smoking trails leading to actors in China.
Google was first to
point a finger following what was made public as the famous Operation Aurora in which dozens of companies were successfully penetrated. Other attack waves such as Night Dragon and Shady RAT were also
attributed to China by various sources (by the way, Dmitri Alperovitch, at the time working for MacAfee, came with all of these cool names). And the same applies to numerous reports on attacks targeting
high-profile commercial interests as well as the
mining and energy companies and the
oil and gas sector.
NSA director General Keith Alexander
told the Senate Armed Services Committee that China is behind attacks targeting military-related intellectual property, mentioning the attack on RSA in that context; and chief security officer in cyber security consulting company Mandiant
testified that in cases handled by his firm where intrusions were traced back to Chinese hackers, 94% of the targeted companies didn't realize they had been breached until someone else told them.
I can go on like this for a long while, sending you to additional links, but let’s stop here. Clearly a lot of fingers are pointed at a single direction.
Attribution is not trivial in the digital world. I can tell you that some denial-of-service attacks blamed on Russian Intelligence over the past five years were actually conducted by zealous patriotic privateers and were not directed by Moscow; that a recent
attack on Israeli companies was staged from an Iran-registered server, but there’s open debate whether it was just a rather transparent decoy and the server was actually hijacked by the true attacker, which had the modus operandi of a hacktivist.
China consistently denied all allegations of foul play, while attacks rightly or falsely attributed to cyber attackers in China continued to escalate. Australia was one of the first non-US targets to suffer targeted advanced attacks; in March 2011 the
Australian prime minister office reported a breach in their email server, and later it was
speculated that the trigger was a planned visit of the prime minister to China as well as emails sent to Australian companies mining in China. Intelligence specialists at Stratfor, itself a target of attack by hacktivism group Anonymous,
reported at the time that Australian intelligence sources blamed China for the attack.
OK. Let’s assume we know whodunit.
China is an economic superpower. It’s not just the ‘made in China’ toys and shirts; it’s not just the huge market with access to over one billion local consumers; it’s not just the staggering $ trade deficit between China and the West. China is the largest
single holder of
US government debt, with 26 percent of all foreign-held US Treasury securities. China is also a major investor in the global markets, a major investor in developing countries, and a huge manufacturer of IT.
Accusing is one thing; engaging in actions is another. But there are signs that in certain minds, perhaps things have gone too far when it comes to the cold cyber war staged against economic interests.
A couple of months ago the Australian government passed a strong message to the Chinese government. Reports say it was
banning Chinese technology giant Huawei from attending multibillion- dollar tenders to supply IT equipment to the national broadband network (NBN). The national network is an important piece of critical infrastructure, and according to the media, the Australian
intelligence community will not risk any influence by foreign governments they do not trust.
The gloves are off, it seems, at many levels. People are sending a clear message to Beijing; they act, rather than just talk. It’s going to be very interesting to watch how this continues to unfold.