Homeland Security

Hacking: Not Just China

by Matthew Hilburn February 21, 2013

Computer hacking by the Chinese has been causing a stir in recent weeks, but experts warn that focusing too much on Beijing could open the door to cyber spies from other countries the U.S. government is monitoring.

For example, the most recent National Intelligence Estimate, a classified document said to represent a consensus view of the U.S. intelligence community, named Russia, Israel and France, in addition to China, as leading countries engaged in hacking against U.S. targets for economic gain.

"In my opinion, while China is getting, and may even deserve, the lion's share of the attention, they are not the only ones dabbling in cyber mischief," said Christopher Burgess, author of Secrets Stolen, Fortunes Lost, Preventing Economic Espionage and Intellectual Property Theft in the 21st Century.

Narrowly focusing on China can have negative consequences, says Jeffrey Carr, founder and CEO of Taia Group, a cybersecurity firm, who wrote a blog post critical of a recent, and oft-cited study by the computer security firm, Mandiant, that focused on China's hacking capabilities.

Carr said always blaming China, could cause "unnecessary ramping up of tensions" between the two rivals. He also said a narrow focus on China gives an "inaccurate picture of the global threat landscape, which leads to poor defense planning." Finally, he said, too much emphasis on China could give "companies a false sense of security when they operate in countries besides China."

Russia, for example, reportedly pulled off two very high-profile cyber attacks in recent years. In 2007, after a row with Estonia, cyber attacks said to be from Russia shut down Estonian government, media and financial computers. In 2008, during the South Ossetia War, Georgian computers faced similar attacks. The two incidents were enough for the U.S. Army to commission a paper analyzing the Russian cyber threat.

Late last year, Iran was seen as the likely culprit in a cyber attack on the Saudi oil industry, which brought down computers and even affected some U.S. financial institutions. In the wake of the attack, U.S Defense Secretary Leon Panetta warned of a "cyber Pearl Harbor."

Iran also has been the victim of cyber attack. It is widely believed the U.S. and Israel were behind the so-called Stuxnet worm that damaged key components of Iran's nuclear facilities.

The U.S. also was accused of hacking into the Elysée Palace computers in May of last year just before François Hollande succeeded Nicolas Sarkozy as president of France. The U.S. denied the charges.

Massive, Noisy, Familiar

The cost of cybercrime is a hotly debated topic, but there's no doubt it costs the U.S. economy billions. And while other countries may be more discreet in their hacking activities, China appears to be comfortable conducting at least some of their cyber espionage in what experts call a "noisy" manner, meaning they're not careful to cover their footprints.

Matthew Aid, an intelligence historian, said the Chinese have operated over the past decade "as if they don't care who knows what they are doing," which he says probably represents the mindset of the generals who run the cyber espionage programs.

"This may, in part, be a reflection of the enormous pressure the Chinese intelligence 'mandarins' have been under from their political masters in Beijing to produce all of the commercial data needed to push forward the Chinese economy and spot opportunities for growth outside of China," he said. "The Chinese perhaps calculated that the U.S. and other western nations would not do anything about their spying activities because of China's enormous new economic power on the world stage and Washington's need for Chinese cooperation on global issues like North Korea and Iran."

Because Chinese cyber espionage can be noisy and easily discovered, experts say at least some of China's activities in cyberspace are easy to understand because they're familiar and persistent.

"I think in terms of sheer volume [China's threat] is not an exaggeration, but it's too simplistic," said Aid. "It's easy to make the Chinese the bogeyman. We know a great deal more about them, but we know so much less about Russia, Israel, France and Iran."

It's possible, Aid added, that Russia in particular may be even more successful than the Chinese because "they've been able to remain secret and covert."

And while China is certainly on everyone's mind now, Burgess said governments and corporations need to realize that a cyber threat can come from anywhere.

"The prudent strategy is prepare for all who may attack your infrastructure and be pleasantly surprised when they don't, and prepared if they do," he said.

He also added that China's noise is likely masking more sophisticated, quiet efforts.

Badge of Honor

It used to be a stigma for a U.S. company to be hacked by China, but as China's stature has risen, more and more companies are coming forward claiming they've been hacked by the Chinese as some kind of badge of honor.

Recently, many U.S. media outlets, including the New York Times, Wall Street Journal, Bloomberg and the Washington Post, have all claimed to have been hacked by the Chinese.

Carr relates the story of a client whose company was hacked by the Chinese.

The company computers were infiltrated, he said, after an executive visited China and returned to the U.S. The hack was cleaned up, but the executive went back to China, this time with a clean laptop.

"That was breached when he was asleep in his hotel room," Carr said. "One of the executives for the company later said 'our work has never been in the limelight. We've gotten some kind of status. All of a sudden, we matter.'"

Carr said that kind of thinking struck him as "weird."

"If you had your choice of being hacked by Slovakia or China, the latter is much more interesting," he said.

Nothing new

China's aims are nothing new, says Burgess, citing the 863 Program, created by China in March of 1986 with the goal of identifying needed technologies -- and either developing them domestically or, as a 2011 report by the National Counterintelligence Executive said, "to clandestinely acquire U.S. technology and sensitive economic information."

Aid said China has become "reasonably good at producing on a Detroit-style mass production basis vast amounts of foreign economic intelligence information by exploiting weaknesses in computer software and security systems."

"You cannot measure the success or failure of Chinese espionage by our standards," he said. "You have to try to put yourself in the shoes of the Chinese political leadership in Beijing, who perhaps feel that they have a narrow window of opportunity to work with, and who still fear the U.S. is still a substantial military power in East Asia, and the recent trends of pivoting U.S. national security strategy away from South Asia towards East Asia."

Cover, for Now

Not only does China engage in massive cyber espionage, but the scale of it could very well allow other states to conduct their own spying behind the Chinese flag. In the short term, China may very well be doing Israel, France, Russia and, to a lesser extent, Iran, a favor.

"China is the best cover there is in the world for acts of cyber espionage," said Carr. "Every foreign intelligence service should set up a front business in Shanghai or Beijing for that very reason."

According to Burgess, a would-be cyber thief would not even have to physically be in China.

"I can make that connection bounce all over the world and you're not going to be able to pinpoint where I'm coming from," he said. "I can be sitting in Munich and make it look like like I'm in Beijing."

Carr wondered why other states active in cyber espionage are never caught.

"It's not because they do it less, or because China is incompetent at it," he said. "It could be because they are using China for cover. It could be because the Chinese government isn't involved at all; that it is the work of professional hacker crews who are Chinese, Eastern European, Brazilian, etc. and who then sell the information to China and/or other nation states. How is it that they've never one time discovered Russia, France or Israel doing these things? How can that happen, statistically speaking. I don't understand."

Over the long term, there could, however, be a silver lining to the Chinese cyber espionage story.

"The Chinese have done us a great service by making plain the nature and extent of the cyber threat that the U.S. and its allies face from countries such as, but not limited to, China," said Aid. "With recognition of the threat comes the inevitable move to strengthen our cyber defenses, which not only will inevitably strangle off many of the most productive cyber targets that the Chinese have been exploiting, but also in the process kill off many of the targets in the U.S., Europe and Japan that Russia, France, and Israel have been more secretly monitoring for their own intelligence purposes.

"In effect," Carr concluded, "the Chinese have queered the pitch for all the other nations that were quietly using cyber espionage to gather needed economic and political intelligence on the U.S. and its allies."



NEWSLETTER
Join the GlobalSecurity.org mailing list