[ISN] Invisible arms race: The internet balance of power

From: InfoSec News (alerts@private)
Date: Fri Sep 07 2007 - 01:25:13 PDT


By Clifford Coonan
06 September 2007

Somewhere here in Guangzhou, the balmy capital of the booming southern 
province of Guangdong, a shadowy group of computer scientists is said to 
be hard at work under the supervision of the People's Liberation Army, 
waging cyber warfare on Western military and industrial targets.

Their fellow scientists in the dusty city of Lanzhou in northwestern 
China, not far from where the Chinese space mission is based, are also 
reportedly hacking into government files in Whitehall and the Pentagon.

It's hard to believe in the 30-degree-plus heat of Guangzhou, but this 
city has been named one of the epicentres of the Cold Cyber War. Instead 
of missiles pointing atcapital cities, and huge standing armies facing 
each other across ideological divides and barbed-wire fences, the only 
weapons in this secret war are keyboards, some sharp minds and a lot of 
caffeine pills.

The experts tell of how cyber spies breach supposedly unbreachable 
firewalls as smoothly as a skilled jewel thief, before swooping on a 
hard drive, snatching the secret files, and sending them to a third 
country, usually somewhere in Asia such as South Korea or Hong Kong. 
Then they make good their escape, often leaving no trace of the raid.

The secret agents and operatives are bleary-eyed computer whizzkids, 
cranked on cigarettes and coffee as they snoop through computer networks 
at Western military bases, armaments companies and aerospace giants. 
They hang out in online chatrooms rather than barrack rooms or smoky 
bars in communist enclaves, but they are just as hard to track as their 
Cold War counterparts.

Their methods may be hi-tech but the strategy is ancient – Trojan Horse 
software developed by the PLA's computer whizzes, disguised as 
PowerPoint or Word programmes, which find their way into computer 
systems in the corridors of power of London, into the Foreign Ministry 
and other government departments, even into the House of Commons. They 
redirect the programmes via South Korean networks or Taiwanese servers 
to disguise where they came from.

"There's a huge amount of cyber warfare going on here aimed at gathering 
intelligence and probing networks. There is also a huge amount of cyber 
espionage to access information about intellectual property rights and 
trade matters," said one security expert who did not wish to be named.

The US House of Representatives has said that intelligence gained 
through cyber espionage has allowed China to copy many scientific and 
technological breakthroughs from the West.

And traditional espionage is also on the rise as global competition 
intensifies for new products. Defectors tell of plans to obtain 
hush-hush industrial information through operatives working at 
embassies, and post-graduate students or private individuals employed by 
companies for years. Pure John Le Carré territory.

At times, cyber espionage and good-old fashioned spying overlap – the 
greater use of laptop computers has led to more people having their 
secrets stolen from beside them on the evening train home or from their 
hotel room on business trips. German businessmen travelling to China 
with the Chancellor, Angela Merkel, were told to bring their computers 
with them during state banquets.

Cyber espionage costs British companies billions of pounds every year, 
not only in the direct effects of stolen secrets, but in the loss of 
competitive advantage. There have long been reports that China operates 
a web of operatives throughout Europe, who penetrate all levels of key 
industries. "As cyber warfare grows, so does cyber espionage. There have 
been significant advances in China but I still think China is playing 
catch-up on the West in this game – the West has a lot more to spend – 
just look at the Chinese military budget and compare it to the American 
spending on defence," said the analyst.

Chinese cyber warfare and cyber espionage have been in the news since 
the German magazine Der Spiegel ran a report about Chinese hackers 
breaking into IT systems in the Chancellery using Trojans – just as Ms 
Merkel's plane was touching down at Beijing airport.

The timing of the report was embarrassing for the Chinese government, 
forcing Premier Wen Jiabao to stress China's anti-hacker credentials and 
pledge that China would co-operate closely with Germany to prevent such 

"The Chinese government attaches great importance to the hacker attack 
on the German government networks," he said, promising "determined" and 
"forceful" measures to combat it.

The news of cyber warfare from China was followed by reports that cyber 
warriors had penetrated the computer systems of the Pentagon in June.

Computer security experts say the key to the success of the cyber wars 
was deniability. The cyber spies use third-party computers in other 
countries as a way of covering their tracks. There could easily be a 
Trojan Horse sitting on your computer, creating a network right now, 
without your knowledge.

News of a security compromise is normally confined to officials with 
high security clearance, and not for public consumption, which has made 
some commentators sceptical that the Government would ever reveal any 
information about security breaches, unless it had sound political 
reasons for doing so.

"Ultimately, if Whitehall's secret networks were accessed, then there 
was a weakness there, so we'll never know how deeply the security breach 
went because no government will ever reveal that kind of weakness.

"A lot of this is a kneejerk reaction. If the alarm system in your house 
was compromised and someone broke into your house, would you publicise 
it?" said a security analyst.

One internet commentator points out how the US controls the domain name 
system (DNS), and could do a lot of damage to China by simply removing 
the "cn" domain.

The webheads speculate about just how the hackers were tracked, given 
that the routes they took are supposedly untraceable. And they say that 
spammers and organised gangs using automated penetration tools are a 
much greater threat than the Chinese army.

Other security experts believe that China is as much a victim as it is a 
perpetrator in this conflict and that the Chinese are being scapegoated 
for what is a much wider problem.

Around 60 per cent of attacks on US national defence systems are said to 
emanate from within America itself, said the analyst. That leaves 40 per 
cent for the rest of the world, which means that it can't all be China.

Russians are no slouches when it comes to hacking. In May this year, 
Estonia's websites were the victims of the world's biggest online 
assault by cyber vigilantes from Russia. Government ministries, banks 
and newspapers had their websites jammed after Estonia caused offence by 
re-burying a Russian soldier from the Second World War.

"Every government does it and no government is beyond accusation. The 
manner in which these breaches were supposed to have been carried out 
shows it was extremely clever programming. And at the end of the day, 
totally deniable."

A Chinese Foreign Ministry spokesman, Jiang Yu, said the accusations 
were groundless and reflected a Cold War mentality. "China and the US 
are now devoted to constructive relations and co-operation. The 
bilateral military ties enjoy a sound momentum of development. Under 
this backdrop, some people make wild accusations against China, 
suggesting that the PLA made cyber raids against the Pentagon," said 
Jiang. "Hacking is a global issue and China is a frequent victim in this 
regard. China is ready to enhance co-operation with other countries 
including the US in countering internet crimes".

Since the 9/11 attacks on US targets, officials have become much more 
aware of cyber espionage and the growing threat of China has been noted. 
In 2003, a cyber espionage ring codenamed Titan Rain by US investigators 
was tracked to Guangdong province after a network break-in at Lockheed 

Beijing is keen to match its growing economic strength with political 
and diplomatic influence in the Asian region, but regularly emphasises 
that the country is undergoing a "peaceful rise". China's defence budget 
has been increasing by double-digit percentages for several years, 
stepping up fear in self-ruled Taiwan, which Beijing sees as a renegade 
province, that China will invade if it ever tries to declare 
independence from the mainland.

At the National People's Congress in March, China said it would boost 
defence spending by 17.8 per cent, to £22bn, this year, though the US 
says the figure could reach £63bn.

Beijing points out that Washington spends £244bn a year on its military, 
not including Iraq and Afghanistan.

To some extent this is a form of asymmetric warfare, where countries 
which do not possess the same level of military power as their bigger 
enemies adopt dissimilar tactics to wage conflict. While China has 2.3 
million soldiers, 800,000 reservists, and a People's Armed Police of 1.5 
million, its military still lags that of many Western powers. So China's 
confronting Whitehall's and the Pentagon's IT installations is a way of 
undermining Western military might with clever computer hacking skills.

A key driver in the sudden interest in cyber warfare by the Americans 
was the confirmation in January this year that the Chinese had 
successfully shot down one of its own satellites. The test was 
criticised by the US, Japan, Canada and Australia and read as a sign 
that China was flexing its military muscle, a way of showing that it is 
capable of taking out spy satellites should the US follow up on its 
pledge to assist Taiwan in the event of a military escalation across the 

The test also came as a shock to military commanders in the West, a 
revelation about the level which Chinese technology had attained and 
they were surprised by the developments. If the reports are true of 
breaches in Whitehall, Berlin and the Pentagon, it is a sign that 
China's technological progress is taking place even faster than 

© 2007 Independent News and Media Limited

Visit the InfoSec News Bookstore

This archive was generated by hypermail 2.1.3 : Fri Sep 07 2007 - 04:00:00 PDT