To paraphrase an old public service announcement, do you know where your data is? With the popularity of cloud services such as iCloud, Google Drive, Amazon CloudDrive, and Dropbox on the rise, it is quite difficult to pinpoint where our data is located at any given time. Moreover, it seems that cloud services are common targets of hackers to attempt to gain personal information. These hackers could be individuals or government agencies, in particular, China. In a recent report, the U.S.-China Economic and Security Review Commission warned congress that the Chinese government could target American citizens and businesses that utilize cloud services.
Browsing china spying
Not only have they stolen our secrets and jobs, but are attacking our economy and competitive position as well. Job loss is bad as it leads to an increase in social programs and underemployment. Aside from this, however, it negatively impacts cash available in our economy as well. For the sake of argument, let’s consider that half of the people who lost jobs to China are unable to find something else. With an average income of $50,000 per person (1) , this equates to $50 billion in lost wages. In all reality, however, the loss to our economy is much more. To add misery upon misery, we are also being torpedoed in terms of our ability to compete. (2) After all, the Chinese are not stealing secrets like how to wash cars or cut hair, they are targeting strategic resources in key industries. They are stealing our know-how in the world of finance, (3) nuclear tech, (4) energy, battery technology and so much more.
China’s historical belief of greatness was logical in light of the fact that they were a preeminent power for a few hundred years. Long ago the Chinese invented things like gunpowder, money and paper and in the 15th century their navy was second to none. Aside from their naval prowess, their economy was also huge. Buoyed by their economic success, the Chinese had little use for foreigners. Those who did not come from China were seen as second class citizens whose culture and inventions had little value. Consequently they treated foreign dignitaries as little more than bothersome serfs who did not merit equality and Chinese consideration. One of the ways they exhibited this scorn was by exacting tributes in order to come to the “center country” or China. Interestingly enough, little has changed since then. China’s economic rise has compelled them to once again see us as unworthy and in some way inferior. In Macartney’s time as in today, the world seems to agree with China. Based on the collective reaction of the most countries, our kowtowing to Beijing proves that we subjugate ourselves to their whims. “Don’t meet the Dali or you will offend Beijing.” (1) Make a movie, “Be sure that the bad guys’ are not Chinese.” (2) Want to produce in China, “Make sure and hand over your secrets (3) if you do.” (4) China’s has set an incredibly high bar to enter their markets which is eerily similar to that of their past.
In 1792, George Macartney traveled to ancient China determined to iron out trade inequalities with Emperor Qian Long. England was an emerging power and sought to erase a negative trade balance with the “middle kingdom”. What Mr. Macartney failed to realize, however, is that the Chinese considered themselves to be superior and thus had no need for foreigners and their goods. At that time the Chinese considered the rest of the world filled with barbarians who merited little consideration but should subjugate themselves to the powers of Peking-Beijing. This belief governed how China dealt with the outside world. Interestingly enough most countries seemed to agree as they “bowed to Beijing”, accepting its superiority. The English, however, were different. By refusing to accept Qian Long’s demands, England bucked the global trend to accept unequal treatment at the hands of the Chinese. Lord Macartney was forced to endure scandalous treatment and was required to “kowtow” to Beijing, among other things. He refused to do so, for kowtowing to the emperor was required of all vassal states and tributaries. Lord Macartney considered England as an equal and refused to be subjugated to China in act and in deed. Little did he know that his failure to accept Chinese superiority would lead to rejection of England’s proposal. After several miscues, George Macartney was finally given a meeting with the emperor and thought it had gone well. What he did not know, however, was that he had resolved precious little. The following message was sent from Emperor Qianlong to King George III: “You, O King, should simply act in conformity with our wishes by strengthening your loyalty and swearing perpetual obedience so as to ensure that your country may share the blessings of peace.” The emperor was saying that England should know its place and [...]
With such strict control, not only should Beijing be able to stop individuals from breaking the law but companies as well, right? Well, it should, but that is not the case. Remember how Beijing claimed that they police the net to ensure the rights of citizens and businesses alike? Well, they must mean they will protect the rights of the Chinese but not the rest of us. Hiding in plain sight is a host of Chinese citizens and companies selling pirated software online. If you don’t believe me, then click on this link or better yet let me explain. (1) In the link, Killian Bell explains that a specific Chinese website allows iPhone and iPad users to download pirated software for free. (2) He then goes on to explain that the Chinese site has been up for over one year and has been acting with legal impunity. Mr. Bell goes on to say that part of the reason that the Chinese company has gone undetected for so long is the fact that it is hiding behind China’s Great Firewall. What he means is that if you search for the offending site from any country but China you will be sent to a generic homepage which allows you “purchase” software; from within China, however, things are different. In other words, if you live in the USA and want to find Chinese companies which are stealing your ideas and software, it is almost impossible.
Houston, Texas was home to a tenement project known as “The Village”. Located in one of the roughest areas of town, it was surrounded by a concrete fence topped off with barbed wire and only one way in or out. Guarding the entry to The Village was gun toting security personnel. To many this seemed ideal; a show of force to keep out the bad elements, but of course this was untrue. In reality, the armed guards allegedly worked for the drug dealers running The Village and their job was to regulate all illicit activity within the compound. They were more like a “mafia militia” as opposed to a conventional security force. Rather than protect the people within the borders or The Village, the role of the security guards was to oversee the rampant drug sales for the dealers who lorded over the complex. The Village was a self-contained entity which made and enforced its own rules while hiding in plain sight. To me nothing can better illustrate China’s Great Firewall (GFW) or Internet censorship technology. Beijing claims that Internet protection and the Great Firewall of China are needed in order to: “…Promote the sound development of China’s Internet, protect state security, social and public interests, and lawful rights and interests of individuals, legal persons and other organizations.” (1) Unfortunately, nothing could be farther from the truth. The reality is that like the guards at The Village, the GFW prevents “prying eyes” from peeking into the illegal if not unethical nature of China’s online activities. Truth be told, China’s Great Firewall acts as a border behind which Chinese companies can hide and offer illegal services to Chinese citizens. As you have to possess access to the Chinese Internet to know this, the GFW presents an ideal platform for thieves to [...]
Returning to the example in previous articles on China’s cyberwar against the US, if a person had mailed a package from Los Angeles and it was discovered to have a virus or lethal payload, investigators would have many tools at their disposal to find the criminal. They could analyze the packaging and the virus or device itself to determine its origin. In addition, they could scour the item for the DNA of the culprit. In the digital world, things are more complicated. Many of the viruses used today are developed by coders and then sold on the open market. This means that an attack may use an “off the shelf” tool which does not help in giving away the identity of the hacker. Virtual spies are more often identified by subtle things such as the configuration of the keyboard. Configured for Cyrilic or Chinese. Digital sleuths also look at patterns or signatures of the attack. What these sleuths have discovered is that certain consistencies have cropped up in attacks attributed to various Chinese hacker groups. If we have this information about China hacking into our systems then the question must be asked is why we cannot act upon it. The answers are many and revolve around attribution among other things. As stated, just knowing that certain hack signatures have been attributed to the Chinese army does not make it proof positive. The code could have been stolen or used by other actors and made to look as if the Chinese army was to blame. The Chinese, for instance, can hide behind the veil of plausible deniability in most attacks. Mandiant, for instance, claims that they have “proof beyond a reasonable doubt” that APT1 is part of the Chinese military, but the Chinese government still claims this data suspect. Another problem [...]
Malware is programming code which is covertly placed on computers to be used for nefarious purposes. (1) It is programming script which seeks to extract or control the computer on which it resides and then do the bidding of the malware owner. Malware is usually created with a specific end in mind. It could, for instance, be designed to copy all of the data on the infected machine and then send it back to the cyber thief. Malware is also used to steal sensitive information such as credit card data and computer passwords. The creation of malware is behind the multi-billion dollar cyber theft industry. An example of this is that in 2008 a group of Chinese hackers sold an “exploit” which attacked a weakness in the Microsoft Windows Operating System. Although they broke no laws, the hackers had essentially sold unauthorized access into computers across the globe. (2) Returning to the “real world” example, malware would play the same role a cat burglar. This burglar would have unrestricted access to your house and or office and possessions as well. The power of malware can be used to do most anything from petty theft to making one’s computer a part of a cyber-terrorist threat. Worms are a different type of malware which do not seek to disrupt the system per se. Their goal is to reproduce and spread themselves throughout the Internet. Some of these worms seek to create botnets which can be hyper-aggressive in their self-propagation and ability to fend off removal.
Part 1 of this article addressed the fact that the Chinese had hacked into major US news agencies. At the time of that writing it was alleged that the Chinese military was behind those attacks. Proving such a thing is very complicated and one of the reasons that the US has done so little in the face of mounting Chinese attacks on US companies. For their part, the Chinese steadfastly deny any state-sponsored hacking. Unfortunately for Beijing, Mandiant, a computer security firm, has strong evidence “proving” that China’s military has been attacking the US and its companies for years. Mandiant concluded that the Chinese military Unit 61398, located in Shanghai, was one such military hacking unit. As a matter of fact it was even uncovered that in 2004 that unit was actively recruiting hackers to join Unit 61398. This shows that Beijing has been updating its cyber army for quite some time now. The Mandiant report (1) also states that: Mandiant has been tracking security breaches or hacking since 2004. They claim that advanced threat actors “Advanced Persistent Threat” (APT) account for the majority of those breaches. Mandiant initially believed that the Chinese government authorized such groups but had no way to determine the extent of government involvement.
“China is the world’s “most sophisticated and prolific hacker…It’s fair to say we’re already living in an age of state-led cyberwar, even if most of us aren’t aware of it.” – Google chief executive Eric Schmidt (1) It was recently announced that the Wall Street Journal and New York Times had been hacked by the Chinese. The reason behind the hacks was retribution for explosive articles outlining immense wealth of Chinese leaders written by those news agencies. It has also been said that the attack on the Times was committed by the Chinese military. (2) If true, then this means that the Chinese government has illegally broken into US property and stolen information. In the real world this would be akin to the People’s Liberation Army soldiers breaking into the offices of US New Agencies. While the fact that a country such as China would use governmental resources to hack private US business is bold enough, it pales in comparison to any state-sponsored attacks on strategic US resources which could result in catastrophic failure. Unfortunately, the groundwork for such attacks may have already been laid. Such attacks could be considered an act of war depending on their scope. The US has said that hostile acts in cyberspace would be “..treated as any other hostile threat to our country”. (3) Furthermore, the Pentagon has stipulated that: “Needless to say, if any cyber-attack is directed at the U.S. –rather than by the U.S.–it will be instantly depicted as an act of unparalleled aggression and evil: Terrorism. Just last year, the Pentagon decreed that any cyberattack on the U.S. would be deemed “an act of war.” (3)