The computer and network security firm Mandiant
, recently issued a report concerning cyber attacks originating in China and directed against targets in the United States. The report reached a number of conclusions. These included:
- That the 2nd Bureau of the Chinese Liberation Army's General Staff Department's Third Department, otherwise known as Unit 61398, was engaged in wide-ranging cyber attacks against US targets.
- That this unit was based in Shanghai and that its activities were conducted at the behest of the Chinese Government.
- That Unit 61398 consisted of hundreds if not thousands of personnel.
- That Unit 61398 had attacked and successfully penetrated 141 companies in 20 industries.
- That Unit 61398 had stolen terabytes of data in categories including intellectual property, test results, business plans, partnership agreements, blueprints, proprietary manufacturing processes, etc.
- That in some cases individual businesses had been under attack for up to four years.
- In short, that the Chinese government was mounting a sustained cyber attack on the United States with the express purpose of robbing American businesses blind and acquiring a decisive competitive economic advantage.
- And that they were succeeding.
James "Jay" Carney, born May 22, 1965 is President Barack Obama's second White House Press Secretary. Prior to his appointment as Press Secretary, replacing Robert Gibbs, he was director of communications to Vice President Joe Biden. | Photo: The White House |
When presented with this news and asked for comment, White House spokesman, Jay Carney
had this comment. "I can tell you that we have repeatedly raised our concerns at the highest levels about cyber theft with senior Chinese officials, including in the military, and we will continue to do so'The United States and China are among the world's largest cyber actors, and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace.
Brilliant. Yet another example of the sophistication and intellectual superiority of the Obama Administration. I only wish we had a President of this caliber in the White House on December 7, 1941. Then we could have responded to the attack on Pearl Harbor by communicating our "concern" regarding the sinking of our battleships and killing of our sailors to the "highest levels" of the Japanese government and opening a dialogue regarding "acceptable behavior". That would have been so much easier than that whole, pesky, "War in the Pacific" thing.
Here is the reality. The significance of the Mandiant Report is that it came right out and said publicly what everyone who pays any attention to cyber threats has known for a long time. The Chinese are eating our lunch. This is not a matter of a handful of hackers having fun. This is not a minor annoyance. We are being attacked by the Chinese government. The attack is sustained. It is highly damaging. In the realm of cyber warfare, we are under siege.
This war did not just begin. The Chinese have been attacking our systems for years.
In 2004 Sandia National Laboratories traced the origin of a massive cyber espionage effort to Chinese government facilities in Guangdong Province. That ring, codenamed "Titan Rain", stole huge amounts of data from military labs and NASA. The Chinese unit perpetrating those attacks is believed to still be operating.
In October 2006 the Commerce Department's Bureau of Industry and Security had to dispose of all of its computers. Every computer in its possession had been compromised by the Chinese.
In 2008 Chinese cyber attacks were staged on the campaigns of both Senator Barack Obama and Senator John McCain. The Secret Service forced all senior staff in both campaigns to dispose of their laptops and Blackberries due to compromise.
In 2009 the Chinese were linked to a major theft of data on the F-35 fighter program from Lockheed Martin. Thefts of data regarding the F-35 went on for years.
Also in 2009, the Chinese launched Operation Aurora. A wide range of major US corporations was the target, including Google, Adobe Systems, Northrop Grumman and Dow Chemical.
In 2010 the computer security firm McAfee reported that the Chinese government had been involved in hacking more that 70 corporations and government organizations over a period of years. Forty-nine of the 72 target companies were in the United States. Targets included Department of Energy labs and US defense firms.
Let's be clear. These are not denial of service attacks designed to disrupt operations for a limited period of time. They are not "smash and grab" jobs in which data is stolen, but the attack is discovered relatively quickly. These are what are known as "advanced persistent threats". In this type of operation, the attacker gains access to a computer system without being detected and then, slowly and discreetly, expands his access. The ultimate goal is for the attacker to take control over the entire system and acquire privileges equivalent to that of a system administrator.
From this position of power, the attacker can then do virtually anything he wants. He can steal data and secrets. He can delete or corrupt data. Ultimately, when and if he chooses, he can initiate offensive actions against you. He can take down your computer systems. He can also take down or sabotage any of your other systems, which depend on the computer system he has infiltrated. In the world of high tech weaponry and a high tech economy, that is virtually everything.
In 2007, the Department of Homeland Security (DHS) demonstrated just how vulnerable the physical infrastructure was to cyber threats. As part of a demonstration, DHS hacked into the controls of a large generator of the type used in power plants all around the country. DHS then sent commands to the generator via the Internet that caused the generator to self-destruct.
The kind of large generators in question are no longer made in the United States. Most of them come from China. In good times, it may take three or four months to get a replacement when one is destroyed. One assumes that if generators were being lost to cyber attacks originating in China, that timeframe might be significantly extended.
Chinese government hackers
A boiler room of government sponsored hackers. |
I worked counterterrorism for many years before 9/11. Like most of my colleagues I watched in frustration as we were struck repeatedly, in Tanzania, in Kenya, in Yemen, and did nothing of consequence in response. Plans for retaliation for disapproved or shelved. We were at war, but we had decided to pretend that we were not. It would take the loss of almost 3000 American lives on our soil to finally wake us from our stupor and get us to start shooting back.
In the realm of cyber warfare 9/11 has not yet come. We continue to ignore the threat or to classify it is minimal. We labor under the misconception that if we do not shoot back we are not at war. In reality, we are already at war, and the fact that we are not shooting back simply means we are losing.
I am not advocating military action against the Chinese. I am saying that it is time to make clear to them that we will not tolerate their behavior any longer and that, if they really value an open economic and political relationship with us, they need to modify their behavior significantly and immediately.
In the short term what that translates to our meaningful trade sanctions that will impress upon the Chinese that we are serious. A good place to start might be with barring Chinese companies with known connections to the People's Liberation Army and other Chinese defense organizations from doing business in the United States or with US companies. We can communicate our "concern" to the Chinese all day long. Only when we start hitting their bottom line and cutting into their exports will they understand we are serious. Only then will they understand we've had enough.