Information Warfare: The Longer War Gets Worse


June 15,2008: Several U.S. legislators (from the House of Representatives) have complained that their computers were infected by eavesdropping software inserted by hackers traced back to China. There was a similar flap over two years ago. Back then, there was enough proof to know that China was behind the increasing number of Internet based attacks, but not enough to call China out on it.

This all began about eight years ago, with an increasing number of very well executed Internet attacks hitting U.S. government (especially Department of Defense) computers. Analysis of these attacks indicated that the hackers appeared to be coming from China. At first, it was thought to be adventurous computer science students, or criminals out to steal something they could sell.

Then, in 2003, came the "Titan Rain" incident. This was a massive and well organized attack on American military networks. The people carrying out the attack really knew what they were doing, and thousands of military and industrial documents were sent back to China. The attackers were not able to cover their trail completely, and some of the attackers were traced back to a Chinese government facility in southern China. The Chinese government denied all, and the vast amounts of technical data American researchers had as proof was not considered compelling enough for the event to be turned into a major media or diplomatic episode.

In the wake of Titan Rain, governments around the world began to improve their Internet security. But not enough. The attacks kept coming. Out of China. And the attackers were getting better. In 2005, a well organized attack was made on the networks of the British parliament. This time, the defense won the battle. Mostly. The carefully prepared emails (with virus attached), would have fooled many recipients, because they were personalized, and this helped prevent network defenses from detecting the true nature of these messages. These targeted emails from hackers were very successful. If the recipient tried to open the attached file, their computer who have hacking software secretly installed. This software would basically give the hacker control of that PC, making it possible to monitor what the user does on the computer, and have access to whatever is on that machine.

While many recipients sense that the "spear fishing" (or "phishing") attack is just that, some don't, and it only takes a few compromised PCs to give someone access to a lot of secret information. This would be the case even if it is home PCs that are being infected. The recent complaints from American legislators is all about that, as they have discovered office and personal PCs of themselves and their staffers infected.

But many other attacks are only discovered when they are over, or nearly so. The attackers are very well prepared, and usually first make probes and trial run attacks on target systems. When the attackers come in force, they don't want to be interrupted. And usually they aren't. The Chinese attackers use techniques similar to those employed by criminal gangs trying to get into banks, brokerages and big businesses in general. Thus it is believed that the Chinese hackers try, as much as possible, to appear like just another gang of cyber criminals. But the Chinese have certain traits that appear more military than gangster.

The Chinese cyber army keeps getting better, and that includes covering their tracks. It may take a defector or three to make it definite that China is waging a stealthy war over the Internet. Meanwhile, the Chinese reap enormous economic and political benefits from their raids on economic and technical secrets in the West.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close