The uproar over claims that the People's Republic of China launched a series of network-based cyber attacks earlier this month against the U.K., France, Germany, and the U.S. has died down. But few expect China to back off efforts to gain the upper hand in the battle of bits and bytes. China's own stated military goals include improving the country's ability to wage information warfare.

The cyber attacks against the U.S. stand out because security researchers have traced them back to the Chinese government. "Normally it is not possible to attribute the source of an attack, because source addresses can be spoofed," says Alan Paller, director of research at the SANS (SysAdmin, Audit, Network, Security) Institute in Bethesda, Md., which trains and certifies technology workers in cyber security. In China's case, though, analysts tracked a series of 2005 cyber assaults against U.S. computers--dubbed "Titan Rain"--to 20 computer workstations in China's Guangdong province, Paller says.

"The precision of the attacks, the perfection of the methods and the 24-by-seven operations over two and a half years, and the number of workstations involved are simply not replicated in the amateur criminal community," he notes. "Amateur cyber criminals do a lot of other things right, but this is an order of magnitude more disciplined than anything I have seen out of the hacker or amateur criminal community."

The strikes against the U.S. and its North American Treaty Organization (NATO) allies, as well as others against the Baltic nation of Estonia's information-technology infrastructure earlier this year, provide but a glimpse of the damage that could be inflicted should a full-scale cyber war erupt between countries. Cyber assaults are a particularly dangerous addition to any country's arsenal because of the growing reliance on networks and technology to control critical systems that run power plants and transportation systems. Cyber attacks on banks, stock markets and other financial institutions could likewise have a devastating effect on a nation's economy.

In about 50 percent of the cases in which an attacker gains access to a system, it is because the software running on it was poorly designed, loaded or protected, Paller says. Cyber attacks can take many forms. One common type probes an organization's perimeter for a hole in a firewall or other network defenses. This can be accomplished by exploiting a piece of software that is improperly designed, configured or patched to protect against malicious software. Once an attacker gains control of that exploited software, he or she can search for information and leave behind hidden software that can be accessed at a later date.

Although the theft of sensitive government data is a major worry, it is not necessarily the greatest one, Paller says, adding, "the bigger concern is that the attackers are planting back doors for future attacks."

Other times, cyber attackers use social-engineering tactics that fool computer users into surrendering important information. So-called phishing attacks, in which computer users are sent e-mails requesting that they reply by sending sensitive information, such as bank account or credit card numbers, are a common scam. "They work because the e-mail appears to come from someone who is trusted," Paller says, "and asks them to do something that is reasonable."

The recently publicized cyber strikes against Western countries are more about spying and intelligence-gathering than about taking down systems and destroying information. The attacks on Estonia began April 27 and were designed to shut down that technology-dependent country's infrastructure, interfering with citizens' ability to perform financial transactions or even make the most basic purchases of bread, milk or gas.

Comments