I was reading Reuters today and I came across a news article indicating that a number of high profile agencies – from the United Nations to the Canadian Government to government of Taiwan – were broken into over a period of the past five years.  From the article:

BOSTON (Reuters) - Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.

Security company McAfee, which uncovered the intrusions, said it believed there was one "state actor" behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.

I’ll say it right now, even though I haven’t been briefed on it.  It was China. Continuing:

The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.

"What is happening to all this data ... is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat."

Some of the attacks lasted just a month, but the longest -- on the Olympic Committee of an unidentified Asian nation -- went on and off for 28 months, according to McAfee.

"Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors," Alperovitch told Reuters.

"This is the biggest transfer of wealth in terms of intellectual property in history," he said. "The scale at which this is occurring is really, really frightening."

CHINA CONNECTION?

Jim Lewis, a cyber expert with the Center for Strategic and International Studies, said it was very likely China was behind the campaign because some of the targets had information that would be of particular interest to Beijing.

The systems of the IOC and several national Olympic Committees were breached before the 2008 Beijing Games. And China views Taiwan as a renegade province, and political issues between them remain contentious even as economic ties have strengthened in recent years.

"Everything points to China. It could be the Russians, but there is more that points to China than Russia," Lewis said.

This is something that I have written about numerous times, here is a summary of my position:

  • China has long been suspected and accused of hacking into other governments and stealing data, either for political purposes or in espionage cases.

  • China wields its cyber espionage abilities far more openly than other western nations.  Western nations are either really far behind the 8-ball and need much more funding to recruit the best and brightest, or they have these abilities and are keeping their cards close to their chest (the NSA employs many brilliant programmers and analysts) and don’t wield them nearly so openly (Stuxnet being a possible exception).

  • Cultural values between the east and the west are not the same.  In China, keeping unemployment low is the most important domestic issue.  But western values and technology are viewed with suspicion in the far east which is why western companies have such a hard time succeeding in China. Also, China is not above taking (i.e., stealing) information from western companies and relaying it to Chinese ones in order to give them a competitive advantage.

  • Over the past several years, China has clamped down on unintentional abuse and moved into the realm of Advanced Persistent Threat.  By unintentional abuse, I mean having lax security standards which permitted spammers to abuse them.  One example is the .cn domain which used to be one of the worst for spam URLs.  China now requires manual processing and the .cn abuse cleared up.

    However, while they cleaned up the unintentional stuff for spammers to make it seem like they are a good place to do business (read: not abused by spammers) they have moved in the direction of employing an army of cyber warriors whose job it is to stay hidden and steal secrets.  They are pretty good at the latter, but not quite so good at the former.

  • Western cultures view these cyber intrusions as only a couple of steps below an act of war or aggression.  However, the US military has asserted that it will respond in kind.  If a foreign power attacked the US power grid, they would consider that an act of aggression.  But what does stealing state secrets mean?  Covert operations have been standard operating procedure since the beginning of civilization.

  • Here is a picture of me in China three years ago:

    image

Not every security researcher is convinced that the evidence points to China.  Graham Cluley, of the Sophos Security blog, writes the following:

Furthermore, the report (quite rightly, in my opinion) refuses to name who it believes is responsible for the hack. Nevertheless, the media have leapt to the conclusion, with a nudge and a wink, that it simply must be China.

Despite the lack of any evidence in the report that it is China.

I don't think we should be naive. I'm sure China does use the internet to spy on other countries.

But I'm equally sure that just about *every* country around the world is using the internet to spy. Why wouldn't they? It's not very hard, and it's certainly cost effective compared to other types of espionage.

In other words, China is a good candidate but it really could be any number of countries, each of whom possesses the ability to break in and steal secrets.  I think that Cluley is one of the best security bloggers out there and I respect his work a lot. But this obviously points to China:

  1. One of the targets was the International Olympic Committee and the World Anti-Doping Agency in the follow up to the 2008 Olympics which were held in… Beijing.  China made a big pomp-and-circumstance around these Olympics.  Remember when the little girl lip-synced the lyrics to the national anthem?  Or the controversy around the gymnasts who were too young?  Who would have a motivation to break into the IOC?  A country that wants to look good at the Olympics, that’s who.

  2. The Association of South East Asian Nations (ASEAN) Secretariat was hacked.  Who would have an interest in hacking that entity?  Someone who has commercial interests in that part of the world, that’s who.

  3. 13 defense contractors were hacked.  Who would hack into a defense contractor?  Someone who wants to catch up militarily to the United States.  Who announced in 2010 that they had the right to build overseas bases to support naval operations and protect their interests abroad?  And just launched their J-20 military plane?  China.

  4. Who is competing with Vietnam for an oil rich area?  And who has an economic with Indonesia from which to project their military capabilities (in terms of geography – China is blockaded militarily in the South China Sea by the United States)?  And, conveniently, what two governments were hacked?  China has those interests, and both Vietnam and Indonesia were hacked.

I could go on but those will suffice.  The targeted list of countries dovetail right into China’s interests.  Sure, it could be the United States or Russia or Britain or France or Israel.  It’s possible but not probable.

The question now is what other nations in the area and around the world are doing to counter it.