The uproar over claims that the People's Republic of China launched a series of network-based cyber attacks earlier this month against the U.K., France, Germany, and the U.S. has died down. But few expect China to back off efforts to gain the upper hand in the battle of bits and bytes. China's own stated military goals include improving the country's ability to wage information warfare.
The cyber attacks against the U.S. stand out because security researchers have traced them back to the Chinese government. "Normally it is not possible to attribute the source of an attack, because source addresses can be spoofed," says Alan Paller, director of research at the SANS (SysAdmin, Audit, Network, Security) Institute in Bethesda, Md., which trains and certifies technology workers in cyber security. In China's case, though, analysts tracked a series of 2005 cyber assaults against U.S. computers--dubbed "Titan Rain"--to 20 computer workstations in China's Guangdong province, Paller says.
"The precision of the attacks, the perfection of the methods and the 24-by-seven operations over two and a half years, and the number of workstations involved are simply not replicated in the amateur criminal community," he notes. "Amateur cyber criminals do a lot of other things right, but this is an order of magnitude more disciplined than anything I have seen out of the hacker or amateur criminal community."
The strikes against the U.S. and its North American Treaty Organization (NATO) allies, as well as others against the Baltic nation of Estonia's information-technology infrastructure earlier this year, provide but a glimpse of the damage that could be inflicted should a full-scale cyber war erupt between countries. Cyber assaults are a particularly dangerous addition to any country's arsenal because of the growing reliance on networks and technology to control critical systems that run power plants and transportation systems. Cyber attacks on banks, stock markets and other financial institutions could likewise have a devastating effect on a nation's economy.
In about 50 percent of the cases in which an attacker gains access to a system, it is because the software running on it was poorly designed, loaded or protected, Paller says. Cyber attacks can take many forms. One common type probes an organization's perimeter for a hole in a firewall or other network defenses. This can be accomplished by exploiting a piece of software that is improperly designed, configured or patched to protect against malicious software. Once an attacker gains control of that exploited software, he or she can search for information and leave behind hidden software that can be accessed at a later date.
Although the theft of sensitive government data is a major worry, it is not necessarily the greatest one, Paller says, adding, "the bigger concern is that the attackers are planting back doors for future attacks."
Other times, cyber attackers use social-engineering tactics that fool computer users into surrendering important information. So-called phishing attacks, in which computer users are sent e-mails requesting that they reply by sending sensitive information, such as bank account or credit card numbers, are a common scam. "They work because the e-mail appears to come from someone who is trusted," Paller says, "and asks them to do something that is reasonable."
The recently publicized cyber strikes against Western countries are more about spying and intelligence-gathering than about taking down systems and destroying information. The attacks on Estonia began April 27 and were designed to shut down that technology-dependent country's infrastructure, interfering with citizens' ability to perform financial transactions or even make the most basic purchases of bread, milk or gas.
Attackers—the identity of the culprit or culprits is still unknown, though the Russian government was at one point suspected—bombarded Web sites run by the Estonian government with superfluous Web traffic, up to 1,000 times the normal amount passing through the country's Web servers. The attackers used Russian blogs to successfully enlist Russian citizens in the assault, even instructing average computer users on how to attack Estonian Web sites. The attacks included the use of botnets, networks of otherwise benign computers that are broken into and controlled remotely by an attacker. The cyber attacks against Estonia resembled more of a cyber riot by Web users than a singular act of espionage.
China's goals are more subtle but no less dangerous. Although the Chinese government has denied involvement in this latest round of attacks, government officials last year published a report entitled "China's National Defense in 2006" that states China is pursuing a three-step development strategy to modernize its national defense and armed forces that includes building "informationized armed forces" capable of winning "informationized wars" by 2050.
The potential for information warfare was a key component of the U.S. Department of Defense's report to Congress earlier this year analyzing China's military capabilities. China views the acquisition and effective distribution of data as crucial to its ability to optimize "materials, energy and information to form a combined fighting force" and to apply "effective means to weaken the enemy side's information superiority and lower the operational efficiency of enemy information equipment," the report says.
The report asserts that China's People's Liberation Army has established information warfare units to develop viruses to attack enemy computer systems and networks, as well as tactics and measures to protect friendly computer systems and networks. The report charges that China is already engaged in cyber theft and attack against the U.S. and other countries that it perceives as its enemies. "China continues a systematic effort to obtain from abroad through legal and illegal commercial transactions dual-use and military technologies," the report says. In fact, it notes, U.S. Immigration and Customs Enforcement (ICE) officials have rated China's "aggressive and wide-ranging espionage as the leading threat to U.S. technology."
"In the United States, we're particularly vulnerable because a lot of our communication infrastructure is owned by the private sector," says Jody Westby, chief executive of security consulting firm Global Cyber Risk and chair of the American Bar Association's Privacy and Computer Crime Committee. "In China and Russia, their infrastructure is in the hands of the government, it's easier for them to coordinate and protect those assets."
"For every breach you read about at least five more go unreported," says Jayson Street, the chief information security officer for Stratagem 1 Solutions, a provider of IT security services, and an information technology consultant to the FBI and U.S. Secret Service. "The new Cold War is between China and the Western world."