This page contains a Flash digital edition of a book.
Any cyber attack between the US and China would likely be limited due to the interdependent economic relationship the two nation’s share

security company Group-IB.

The most that can be said of many attacks is that they are believed to have originated from the PRC. Accounts of attacks will

frequently refer to IP addresses and servers in mainland China or Taiwan, but it can be diffi cult to link these to the government, or individuals working on behalf of the state. Governments frequently look for plausible deniability when executing attacks, and it is plausible that computers used to control attacks on foreign interests

espionage for two primary purposes: fi rstly to accelerate its technological development and secondly to identify and arrest dissidents”, he says.

Nevertheless, its capacity for espionage is huge, and as Darren Hayes, computer information systems program chair at Pace University in New York argues, its motivations are strong. “China doesn’t want to be regarded as the factory of the world. It wants to be a world leader, which makes it different to India and others”, he observes. “It’s looking to cut corners by advancing itself a lot faster, by stealing intellectual property”, Hayes warns. “It’s not just missile defense systems. It’s other, weaker institutions too, such as universities that were involved in government projects.”

Now Prove It

The problem with many of these attacks, whether classifi ed as cyberwarfare or mere espionage, is proving who did it. “There has been a lot of speculation but no direct attribution”, says Alex Kuzmin, head of the CERT-GIB investigation team at Russian


could have been compromised and then manipulated by others. “We must be cautious to rush to judgment in spite of circumstantial or other evidence”, says the 2009 GhostNet report by the Canada-based Information Warfare Monitor. It posits alternative explanations for its fi ndings, among these the discovery that the long-term GhostNet cyber espionage

He argues that evidence such as this, showing attacks happening during Chinese working hours, point to attackers working during the daytime in China. “Between the time when people normally clock in and out are when the attacks happen.”

The US National Counterintelligence Executive (NCIX) submitted a Congressional report in which it blamed “Chinese actors” for intruding on computer systems, including those of Fortune 500 manufacturing corporations. But again, these accusations are vague. It couldn’t say who was responsible for these attacks within China, and when it fi ngered China for stealing several terabytes of data relating to the development of the F-35 Lightning II fi ghter plane, it said that attackers “probably” operated from there. Google tied attacks on its own systems closely enough to the Chinese that it took action against the government there. In January 2010, it announced that it would operate an unfi ltered search engine following a series of attacks against its own servers, and against Google email accounts operated by Chinese activists. However, even Google, with direct and intimate knowledge of the attacks on its own servers, failed to directly accuse the Chinese government of hacking its systems.

Chinese McCarthyism While the Chinese are undoubtedly behind a lot of these attacks, we should take care before singling them out, says Carr, who

China doesn’t want to be regarded as the factory of the world. It wants to be a world leader

operation had a command-and-control center based primarily in China. The joint research venture ultimately refused to identify an attacker. However, Pace’s Hayes is unwilling to let China off the hook so easily. “These attacks are occurring with regular shifts in the work cycle”, he contends, citing analyst sources of his who work within US government agencies.

Darren Hayes Pace University

warns of what he calls “a rising tide of Sinophobia” regarding cyberattacks. “While China certainly does engage in many of these attacks, they are blamed for almost all of them – which is wrong. At least

May/June 2012

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52