March 25, 2013: A group of Chinese hackers, recently tracked back to the same area where many Chinese Cyber War organizations are based, have apparently been ordered to improve their stealth skills. In the hacking community being able to get in, grab what you came for (or found and decided was worth taking), and leave undetected is the way it’s supposed to be done. Many hackers can get in but because of sloppiness, haste, or a lack of skill they are detected. Even if the intruders got what they came for, being detected, tracked, and identified is potentially disastrous. Hackers who are not based in a country that refuses to extradite Internet criminals can be found, arrested, and punished. Courts no longer consider hacking a minor offense, and those caught are being sent away for longer and longer periods of imprisonment. China is particularly severe at what it considers illegal hacking (as in plundering Chinese companies) and those caught are sometimes executed.
The growing pile of evidence against China-based hackers is proving embarrassing for China, which tends to dismiss such accusations. That attitude has made the victims even angrier and there are more threats of retaliation. So the recently revealed Chinese hackers have gone dark, as in they have changed the now well-known IP addresses and servers they normally use. China believes that the way Cyber War currently works, as long as no one is getting killed (at least not openly) there is not much risk of conventional (bombs, blockades, or whatever) retaliation. Yet their growing number of victims in the West are becoming extremely agitated, so China has apparently ordered their hackers to maintain a lower profile or else.
Identifying specific hackers, or teams of hackers, is not all that difficult if you can detect their presence. Just examine the type of attacks along with the tools and techniques used, the specific information being sought, and much more. Internet security companies and government intelligence agencies who collect information on these “hacker profiles” are able to quickly match patterns of behavior to identify groups or even individuals.
China has been hacking away at U.S. targets for over a decade now and shows no signs of slowing down, despite growing U.S. efforts to erect better defenses. In addition to recent attacks on American media companies, China has also launched well organized and very deliberate attacks on American defense companies and specific Department of Defense computer networks. Even when caught in the act, the hackers often got away with a lot of valuable material.
When the U.S. Navy War College got hit seven years ago they had to shut down their computer network so that servers could be scrutinized to see what was taken, changed, or left behind. Why attack the Navy War College? Mainly because that's where the navy does a lot of its’ planning for future wars. The strategy for the Pacific war during World War II was worked out at the Navy War College and that planning tradition continues. Plus, the Chinese may have also found the War College networks to be more vulnerable. Another well-organized and executed attack was made on the Bureau of Industry and Security (BIS) systems. BIS is a section of the Commerce Department that has been fighting Chinese efforts to illegally obtain U.S. military technology and American trade secrets in general. Some BIS computers were so thoroughly infiltrated that their hard drives had to be wiped clean and reloaded as if they were new machines. It’s not just the United States that is being hit.
The Chinese hackers have had similar spectacular success in Europe. Despite spending over a billion dollars a year defending their government networks, Britain complained openly of hackers getting into the communications network of the Foreign Office. The government also warned of increasing attacks on British companies. These attacks on government and corporate networks were all targeting specific people and data. While China was not mentioned in these official announcements, British officials have often discussed how investigations of recent hacking efforts tended to lead back to China. There is also a strong suspicion, backed up by hacker chatter, that some governments were offering large bounties for information stolen from other governments. Not information from China but from everyone else.
China manages to muster all this hacker talent by vigorously recruiting patriotic Chinese Internet experts to hack for the motherland. China is one of many nations taking advantage of the Internet to encourage, or even organize, patriotic Internet users to provide hacking services for the government. This enables these thousands of hackers to be directed (unofficially) to attack targets (foreign or domestic). These government organizations arrange training and mentoring to improve the skills of group members. China has helped identify and train over a million potential ace hackers so far. Most turn out to be minor league at best, but the few hundred hotshots identified are put to work plundering foreign networks.
While many of these Cyber Warriors are rank amateurs, even the least skilled can be given simple tasks. And out of their ranks emerge more skilled hackers, who can do some real damage. These hacker militias have also led to the use of mercenary hacker groups, who will go looking for specific secrets, for a price. Chinese companies are apparently major users of such services, judging from the pattern of recent hacking activity and the fact that Chinese firms don't have to fear prosecution for using such methods.
China pioneered the militia concept in the late 1990s, when their Defense Ministry established the "NET Force." This was initially a research organization, which was to measure China's vulnerability to attacks via the Internet. Soon this led to examining the vulnerability of other countries, especially the United States, Japan, and South Korea (all nations that were heavy Internet users). NET Force has continued to grow. NET Force was soon joined by an irregular civilian militia, the "Red Hackers Union" (RHU). These are over half a million patriotic Chinese programmers, Internet engineers, and users who wished to assist the motherland and put the hurt, via the Internet, on those who threaten or insult China. The RHU began spontaneously in 1999 (after the U.S. accidentally bombed the Chinese embassy in Serbia) but the government soon assumed some control, without turning the voluntary organization into another bureaucracy. The literal name of the group is "Red Honkers Union," with Honker meaning "guest" in Chinese. But these were all Internet nerds out to avenge insults to the motherland.
Various ministries have liaison officers who basically keep in touch with what the RHU is up to (mostly the usual geek chatter) and intervene only to "suggest" that certain key RHU members back off from certain subjects or activities. Such "suggestions" carry great weight in China, where people who misbehave on the web are very publicly prosecuted and sent to jail. For those RHU opinion-leaders and ace hackers that cooperate, there are all manner of benefits for their careers, not to mention some leniency if they later get into some trouble with the authorities. Many government officials fear the RHU, believing that it could easily turn into a "counter-revolutionary force." So far, the Defense Ministry and NET Force officials have assured the senior politicians that they have the RHU under control.
All nations with a large Internet user population have these informal groups, but not all nations have government guidance and encouragement to make attacks. When there are tensions between nations with large number of Internet users, it almost always results in the "hacker militias" of both nations going after each other. The U.S. has one of the largest such informal militias but there has been little government involvement. That is changing. The U.S. Department of Defense, increasingly under hacker attack, is now organizing to fight back, sort of.