Sunday, April 24, 2011

Forbidden Knowledge, Forbidden City, Part 2

We pick up where we left off at the end of Part 1, and continue reviewing Google charge highlights China-based hacking by Joe McDonald, dated February 3, 2010:

Companies rarely come forward

Officials in the United States, Germany and Britain say hackers linked to China's military have broken into government and defense systems. But attacks on commercial systems receive less attention because victims rarely come forward, possibly for fear it might erode trust in their businesses.

Google was the exception when it announced Jan. 12 that attacks hit it and at least 20 other companies. Google says it has "conclusive evidence" the attacks came from China but declined to say whether the government was involved.

Google cited the attacks and attempts to snoop on dissidents in announcing that it would stop censoring results on its China-based search engine and leave the country if the government does not loosen restrictions.

Only two other companies have disclosed they were targets in that attack — software maker Adobe Systems Inc. and Rackspace Inc., a Web hosting service.

Mikko Hypponen, chief research officer at Finnish security software maker F-Secure Corp., said his company has detected about two dozen attacks originating from China each month since 2005.

"There must be much more that go completely undetected," he said.

Hypponen said a large British military contractor with which his company worked discovered last year that information had leaked for 18 months from one of its computers to an Internet address in the Chinese territory of Hong Kong. He said similar attacks on military contractors were found in Germany, the Netherlands, Sweden and Finland.

Saydjari said other researchers have told him of dozens of U.S. companies that have been attacked from China but said he could not disclose their names or other details.


First of all, the attacks like this one on Google, that are traced back to China, are only the tip of what appears to be a real cyberintelligence iceberg. Second, the fact that China conducts so many cyberattacks lends credence to my suggestion in Part 1 that the PRC may have been behind the attacks first on RSA, then on ORNL.


China's army supports hacker hobbyists

A key source of the skills required might be China's military. China's army supports hacker hobby clubs with as many as 100,000 members to develop a pool of possible recruits, according to Saydjari.

"China has a strategic goal of becoming the world-dominant economic power within this century. Certainly one way to do that faster is to steal industrial secrets," he said.

There are no estimates of losses attributable to hacking traced to China, but antivirus supplier McAfee Inc. says intellectual property worth an estimated $1 trillion was stolen worldwide through the Internet in 2008.

Separately, a Los Angeles law firm says it was hit Jan. 11 by an attack that appeared to originate in China after it filed a lawsuit for CyberSitter LLC, a software maker that accuses the Chinese government of stealing its code for use in a Web-filtering system.

The firm Gipson Hoffman & Pancione said e-mails sent to its lawyers contained malicious software designed to extract information from their computers.

I would say that establishes both motive and opportunity.

'Advanced persistent threat'

Security firm Mandiant Corp. has dubbed such attacks — which allow repeated thefts over months or years — an "advanced persistent threat" and says each one it has studied over the past five years involved theft of information related to U.S.-China corporate acquisitions, negotiations or military acquisitions.

"The scale, operation and logistics of conducting these attacks — against the government, commercial and private sectors — indicates that they're state-sponsored," the company said in a report last month.

But even if an attack is traced to China, experts need to examine the computer used to be sure it was not hijacked by an attacker elsewhere. Consultants say security for many Chinese computers is so poor that they are vulnerable to being taken over and used to hide the source of attacks from elsewhere.

In the Google case, confirming the source would require China's cooperation, and Beijing has yet to respond to U.S. Secretary of State Hillary Rodham Clinton's appeal for an investigation.

"The 'smoking gun' proof is very hard to put together," said Graham Cluley, a researcher for Sophos, a British security software company.

Perhaps China takes advantage of its poor cybersecurity environment as plausible deniability cover for the attacks its intelligence personnel commit?

Regardless, it is a safe bet we will not get that "smoking gun".

China denies government involvement

China's Industry Ministry said in a statement that any suggestion the government is involved in any Internet attack "is groundless and aims to discredit China."

But China is no stranger to government-directed industrial espionage on a vast scale.

Intelligence experts say that since the 1970s, Beijing has carried on a quiet campaign to acquire foreign technology and other secrets by using Chinese businesspeople, students and scientists who travel abroad as part-time spies.

China, with the world's biggest population of Web users at more than 384 million, also has a history of hacking. In 1999, Web surfers defaced U.S. government sites after the mistaken American bombing of Beijing's Belgrade embassy killed three Chinese. Nationalists have attacked Web sites in Japan and Taiwan, the self-ruled island claimed by Beijing as its own territory.

More recent cases have shifted from vandalism to theft of government or trade secrets.

The vast scale, government-directed espionage is far from being just industrial!


From vandalism to theft

Last March, a Canadian group, the Information Warfare Monitor, said it found a China-based ring stole sensitive information from thousands of computers worldwide. Targets included the communications network of The Associated Press.

The government did not respond to the report's details but said it opposes computer crime and criticized the researchers for suggesting otherwise.

China has also ordered vendors that sell computer security technology to government agencies to reveal how it works under rules that take effect on May 1. Foreign companies operating there worry that might compromise systems used by banks and others to protect customer information and trade secrets.

Beijing is also pressing foreign financial firms to move more of their computer servers into China. That might require a switch to Chinese-made equipment with weaker protections.

Companies' reluctance to talk about China-based hacking "makes it difficult to make the case for action broadly," Saydjari said. "That might be why Google is parting from that history and sounding the alarm."

Remember, this was a 2010 article. How much progress has China made since then in cyberespionage by requiring vendors to divulge secrets to computer security technology in exchange for China's business?

What might be of interest at ORNL? Perhaps this - 20 petaflops: New supercomputer for Oak Ridge facility to regain speed lead over the Chinese, March 23, 2011:

It was only last October that China's National University of Defense team unveiled the Tianhe-1A, a machine capable of computing at 2.5 petaflops.

"China's National University of Defense team" - is that the connection to the PLA?


The [20 petaflop - 20,000 trillion calculations per second] Titan, built by Cray Computer, will become part of a collection of some of the fastest computers in the world at the ORNL facility, joining NOAA's Gaea, the NSF's Kraken and the DOE's current workhorse, the Jaguar, though new space will have to be found, as the current structure has no room. Plans are in the works for an entirely new facility to be built over the next year, which should fit in well with the delivery date for the first stage of the Titan expected to be by the end of this year, with the second stage slated for sometime next year.

Wow! Petaflops!

Now that sounds exciting... and technology from a computer that works that fast would be worth stealing.

No comments:

Post a Comment