The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Who is Hacking Whom? [Updated]

Share:

[tags]hacking, national security, China, cyber espionage[/tags]
Over the last week or two there have been several news items based on statements and leaks regarding on-going cyber espionage.  For instance, two articles, one in the British Financial Times and another on CNN allege that Chinese agents had successfully broken into systems at the Pentagon resulting in a shutdown of unclassified mail systems.  The London Times had an article on the Chinese Army making preparations for “Cyber War” and in New Zealand an official indicated that government systems had been hacked by foreign agents, implying Chinese involvement.  An article in today’s Christian Science Monitor noted that China has been attacking German and British government sites and industry, and another article in the Asia-Pacific news mentions France and Australia as targets.

Of course, these kinds of stories aren’t new.  There was a story in the Washington Post back in 2005 about alleged Chinese hacking, and another set of stories this past March including one in USA Today,  There seems to be a thread going back to at least 2003, as reported in Time magazine.

Not to be outdone, and perhaps in a classic “Spy vs. Spy” countercharge, a Chinese official complained that their systems had been hacked into and damaged by foreign agents.  That could very well be true, but the timing is such that we should be rather skeptical of these claims.

So, what is really going on?  Well, it probably is the case that few people know the whole, real story—and it is undoubtedly classified within each country where any part of the story is known.  However, there are a few things we know for certain:

  1. Most government agencies and companies around the world use common products—the same products that are so frequently penetrated by criminal hackers and malware.  We have years of evidence that these systems are easy to hack and hard to defend. Furthermore, those systems are often not kept up-to-date with patches because they are mission-critical and patches can break existing applications.
  2. The Chinese have publicly stated that they are pursuing activities in the cyber espionage and warfare arena.  Given the world situation, the US, Brits, Germany, and several other countries are likely targets—not only for political and military espionage, but for economic and technical espionage.  (The Chinese could certainly benefit by stealing plans on how to make lead-free toy coloring and toxin-free toothpaste, for instance. grin
  3. The Chinese are almost certainly not the only country with resources, talent and motives to commit cyber espionage.
  4. It’s possible (sometimes) to trace connections back to particular networks and machines, but it is difficult to know if those are the “final” machines in a chain.  It is even more difficult to determine who is running those machines and whether those individuals are motivated by government orders, criminal intent, or simply a hobbyist’s interest.  All three groups are likely to be interested in access to the kinds of information that appear to be involved in these incidents; in some cases, there may be ties between organized crime and governmental entities, so activities of one benefit the other.

Given those 4 observations, we can be reasonably sure that not all the events being discovered are actually government sanctioned; that not all the actors are being accurately identified; and probably only a fraction of the incidents are actually being discovered.  The situation is almost certainly worse in some ways than implied by the newspaper accounts.

Some of us have been warning about lax cyber security, especially coupled with poorly designed COTS products, for years.  What is surprising is that authorities and the press are viewing these incidents as surprising!

It remains to be seen why so many stories are popping up now.  It’s possible that there has been a recent surge in activity, or perhaps some recent change has made it more visible to various parties involved.  However, that kind of behavior is normally kept under wraps.  That several stories are leaking out, with similar elements, suggests that there may be some kind of political positioning also going on—the stories are being released to create leverage in some other situation.

Cynically, we can conclude that once some deal is concluded everyone will go back to quietly spying on each other and the stories will disappear for a while, only to surface again at some later time when it serves anoher political purpose.  And once again, people will act surprised.  If government and industry were really concerned, we’d see a huge surge in spending on defenses and research, and a big push to educate a cadre of cyber defenders.  But it appears that the President is going to veto whatever budget bills Congress sends to him, so no help there.  And the stories of high-tech espionage have already faded behind media frenzy over accounts about Britney being fat, at least in the US.

So, who is getting violated?  In a sense, all of us, and our own governments are doing some of the “hacking” involved.  And sadly,  that isn’t really newsworthy any more.

Updated 9/14
And here is something interesting from the airforce that echoes many of the above points.

[posted with ecto]

Comments

Posted by Farhad Tarapore
on Thursday, September 13, 2007 at 07:53 PM

Another question to ponder over would be “why”? What are they looking for? Is the hacking just to prove cyber-supremacy or is it something more subtle? Whats the information they’ve stolen or are trying to steal?
Military espionage is certainly dangerous. But that has been happening since the time man knew what war was.
I think its more a case of “If I can, then why not” attitude. Those delicious computers sitting out there are a pretty target for any would-be hacker.

Posted by Spaf
on Friday, September 14, 2007 at 12:00 PM

Why?  Well, as I suggested, trying to find out typical military or political espionage materials, and to seek out economic and technical information.  Those are the usual targets of espionage.

If the players are simply criminals, the scope of their interest is slight different but again, somewhat typical.

Leave a comment

Commenting is not available in this section entry.