June 15,2008:
Several U.S. legislators (from the House of Representatives) have
complained that their computers were infected by eavesdropping software
inserted by hackers traced back to China. There was a similar flap over two
years ago. Back then, there was enough proof to know that China was behind the
increasing number of Internet based attacks, but not enough to call China out
on it.
This all
began about eight years ago, with an increasing number of very well executed
Internet attacks hitting U.S. government (especially Department of Defense)
computers. Analysis of these attacks indicated that the hackers appeared to be
coming from China. At first, it was thought to be adventurous computer science
students, or criminals out to steal something they could sell.
Then, in
2003, came the "Titan Rain" incident. This was a massive and well organized
attack on American military networks. The people carrying out the attack really
knew what they were doing, and thousands of military and industrial documents
were sent back to China. The attackers were not able to cover their trail
completely, and some of the attackers were traced back to a Chinese government
facility in southern China. The Chinese government denied all, and the vast
amounts of technical data American researchers had as proof was not considered
compelling enough for the event to be turned into a major media or diplomatic episode.
In the
wake of Titan Rain, governments around the world began to improve their
Internet security. But not enough. The attacks kept coming. Out of China. And
the attackers were getting better. In 2005, a well organized attack was made on
the networks of the British parliament. This time, the defense won the battle.
Mostly. The carefully prepared emails (with virus attached), would have fooled
many recipients, because they were personalized, and this helped prevent
network defenses from detecting the true nature of these messages. These
targeted emails from hackers were very successful. If the recipient tried to
open the attached file, their computer who have hacking software secretly
installed. This software would basically give the hacker control of that PC,
making it possible to monitor what the user does on the computer, and have
access to whatever is on that machine.
While many
recipients sense that the "spear fishing" (or "phishing") attack is
just that, some don't, and it only takes a few compromised PCs to give someone
access to a lot of secret information. This would be the case even if it is
home PCs that are being infected. The recent complaints from American
legislators is all about that, as they have discovered office and personal PCs
of themselves and their staffers infected.
But many
other attacks are only discovered when they are over, or nearly so. The
attackers are very well prepared, and usually first make probes and trial run
attacks on target systems. When the attackers come in force, they don't want to
be interrupted. And usually they aren't. The Chinese attackers use techniques
similar to those employed by criminal gangs trying to get into banks,
brokerages and big businesses in general. Thus it is believed that the Chinese
hackers try, as much as possible, to appear like just another gang of cyber
criminals. But the Chinese have certain traits that appear more military than
gangster.
The
Chinese cyber army keeps getting better, and that includes covering their
tracks. It may take a defector or three to make it definite that China is
waging a stealthy war over the Internet. Meanwhile, the Chinese reap enormous economic
and political benefits from their raids on economic and technical secrets in
the West.