http://www.forbes.com/security/2007/07/30/china-cybercrime-war-tech-cx_ag_0730internet.html By Andy Greenberg Forbes.com 07.31.07 The Chinese government is an infamous enforcer of digital apartheid; when its citizens try to access prominent international Web sites like Wikipedia and Flickr, they hit a filter that blocks politically sensitive material. In the West, that information blockade is often described as the "Great Firewall of China." But in Mandarin, it is called jindun gongcheng, the Golden Shield. As that name implies, China's controls on the Internet are capable of blocking inbound as well as outbound traffic. And according to some security professionals, that means the Golden Shield is more than just a barrier to free expression; it may also be China's advantage in a future cyber-war. "China has powerful controls over content going out and coming in at every gateway," says Jody Westby, chief executive of security consultancy Global Cyber Risk. She argues that the tight relationship between China's government and its Internet service providers--originally established to stop Web users reading about censored topics like Tiananmen and Taiwan--also means the country could better coordinate a defense against online attacks. In the U.S., by contrast, the autonomy of the Internet may leave it vulnerable to state-sponsored enemies trying to steal classified data or shut down servers controlling energy or telecommunications. "They have a decided defensive advantage," says Westby. "China simply doesn't have the same issues of coordination [the U.S.] would face in the case of information warfare." Sizing up threats in a hypothetical cyber-war is still based on educated guesswork and speculation, but no longer mere science-fiction: A political dispute in May over a U.S.S.R. memorial in Estonia led to massive attacks on the country's government Web sites; state servers were paralyzed with "distributed denial of service" attacks, which use tens of thousands of simultaneous requests for information to overwhelm Web-connected computers. Estonia initially accused the Russian government of launching the blitzkrieg, though the use of "botnets"--herds of PCs hijacked with malicious software--made tracing its origin difficult. The threat of an information-based war with China is particularly real. A Department of Defense report earlier this year warned that China's military is putting more resources into "electromagnetic warfare," focusing on attacking and defending computer networks. The first shots may have already been fired: In August and September 2006, Chinese computers penetrated the State Department and the U.S. Department of Commerce's Bureau of Industry and Security. The attack, known as "Titan Rain," forced the government to replace hundreds of computers and take others offline for a month. While that attack couldn't be traced to any official source, the U.S.-China Economic and Security Review commission subsequently claimed that China is developing computer viruses intended to disable military defense systems. If China did turn computer viruses into a military tool, the Golden Shield could be used to prevent collateral damage, says Jayson Street, a consultant at the computer security firm Stratagem 1 Solutions. "The firewall would protect China from whatever it releases," says Street. "When a worm goes out, it's not a gun, it's a bomb. It affects everyone. That's why the Golden Shield could be so effective." Chinese cyber-attacks might take the same form as the denial of service attacks that rattled Estonia, using botnets to overwhelm foreign servers and depending on the Golden Shield to block attempts at retaliation. The exact anatomy of the shield is known only to the Chinese government, but most security professionals believe it's capable of not only filtering for certain politically charged keywords, but also examining the structure and origin of information moving into and out of the country's networks. That means botnet attacks could be deflected more easily than in the U.S., where there are virtually no checks on international Internet traffic. Still, the shield's effectiveness as a defense in cyber-warfare is far from clear: Bruce Schneier, the founder and chief technology officer of security firm BT Counterpane, argues that no single strategy can stop determined hackers. "It's a pipe dream to think that a country can secure its cyber-borders," says Schneier. He points out that in general, security vulnerabilities are much easier to find than they are to patch. "If you look at what's happening now in the computer security field, the bad guys are winning, and they're just criminals," says Schneier. "Imagine if militaries got involved." If China did face all-out digital war, it might have at least one resource that the U.S. wouldn't: an Internet kill switch. "It's true that it's impossible to completely defend against denial of service attacks and still be accessible," says Marcus Ranum, chief security officer of Tenable Security. "But if you're willing to go off the air completely, you could disrupt the enemy's command and control." Ranum suggests that China's worst-case strategy in a cyber-war would simply be to "pull the plug," temporarily isolating the Chinese Internet. That's not an option in the U.S., where the Web is less regulated and considered a basic freedom. If China made itself immune from outside attack, it could still be vulnerable to botnets run from within the country, says Allan Paller, director of research at the SANS Institute. "Installing malware on computers within the country would be the real key to an Internet Cold War," he says. Military enemies could launch denial of service attacks that begin and end within China's own network. To grab control of those computers, Paller imagines CIA agents working in Chinese Internet cafes or other domestic access points. Timed botnet attacks could also be organized to launch automatically, without an external go-ahead. At the end of 2006, China had 26% of the world's malware-infected computers, more than any other country, according to a report from Symantec (nasdaq: SYMC - news - people ). But most of those PCs are likely controlled by spam-sending cyber-criminals, not foreign militaries. Whether of note the U.S. military has caught on to these nuances of the digital arms race, it will soon, Paller argues. "This is going to be an area of huge investment for the military for the next hundred years," he says. "It isn't just the future of information warfare. It's the future of warfare." _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Aug 02 2007 - 03:27:16 PDT