Schneier on Security

Bruce --

Nice article; thanks.

Your "originally appeared" URL

http://dsc.discovery.com/technology/my-take/computer-hackers-china.html or http://tinyurl.com/5lv3ac

(yes, all of that) is invalid. You probably meant that as two different URLs but it doesn't work as-is.

:-D
--
David T-G

And our government does the exact same thing. This is the perfect way for a government to absolve itself of any responsibility for the hacker's actions. Most of the time they don't even have to pay the hackers - just stroke their egos.

The recent call for hacker attacks on the cult of Scientology was completely the Bush administration's idea. Given a green light, the hackers reacted instantly and did not much think or care about why their activities were being greenlighted.

Unlike the fully tolerated right-wing Unification Church cult, which has pumped millions of dollars into GOP campaign coffers, the Scientologists were about to release a movie (Tom Cruise starring and directing) called "Operation Valkyrie" this June which told the story of the single known assassination attempt on Adolf Hitler. As one might imagine this is a touchy subject when it comes to the Bush administration.

The movie was slated for release last month, but due to financial pressure brought to bear by the hacker attacks, that did not happen. And when it was publicly announced that the movie release was going to be delayed six months (conveniently when Bush is out of office), the call for attacks mysteriously ceased.

There are two issues here, that are frequently conflated, but which are worth separating: hacker (sorry) crime, and hacker espionage.

This article seems to be mostly concerned with crime -- website vandalism, vxism, botnet recruitment and tasking, phishing, ddos blackmail, etc. Certainly China is a big part of the problem here. In the long term, however, as China accumulates more wealth, the number of Chinese victims of this sort of crime is likely to rise, giving the PRC government an incentive to crack down and collaborate with other governments to suppress this new mob.

Insofar as hacker-espionage is concerned, there is not a doubt in my mind that the PRC government has an active program, and in the past few years we have certainly seen a few attacks that seemed to have their fingerprints on them.

But this is what governments do to each other. It's not evil, it's just life. Obviously we should be doing more to protect sensitive systems and information against state espionage over the net. But let's not get all foamy about Chinese Internet espionage. Last I checked, the NSA, the U.S. agency in charge of communications espionage, has a budget somewhere north of $6.0E+09. Does anyone really doubt that some of that money goes into playing these sorts of games against our own adversaries/competitors?

@Trichinosis USA

"the Scientologists were about to release a movie (Tom Cruise starring and directing) called 'Operation Valkyrie' this June which told the story of the single known assassination attempt on Adolf Hitler. As one might imagine this is a touchy subject when it comes to the Bush administration."

Okay, I really don't see how the aforementioned assassination attempt on Adolf Hitler is a 'touchy subject' of the Bush Administration. Nor do I see why it would interest the 'church' of Scientology enough to pump millions into a movie production of the 'July 20' attempt. Please, humor me.

Tom Cruise's movie is just a remake of a German film. It isn't going to break any news or threaten anyone. The story it tells is well-known, and not at all "touchy". And if it were a Scientology production, rather than just a Tom Cruise production, the German government (which considers Scientology a dangerous cult) never would have cooperated with the filmmakers.

Bruce,

Can you cite public sources which back the claims you make in this piece?

@Trichinosis USA
Thank you for providing me a laugh for the day.

How naive, Bruce....

Do you really think that targeted "spearphishing" / hacking is done by bored kids looking for fame and glory? Sure, there might be some of that, but those days largely ended in the 90's.

Q: Since Lenovo is building computers, and nobody is overseeing what is on their chips, what problem would there be for them to hack the US Government systems if Lenovo is the US Government's contract computer supplier?

A: None, and nobody would be the wiser until it was too late.

That question is about as alarming as them hacking us, which is not really that alarming at all...

As I am working on a paper on the topic, here is my bibliography for those wishing to further explore the question of Chinese hacking:

Demitri Sevastopulo, Financial Times, ‘Chinese hacked into Pentagon’, http://preview.tinyurl.com/2etwsq

Andrew Leonard, Salon, ‘U.S. Military routinely hacks into Chinese networks,’ http://preview.tinyurl.com/246f9q

Joshua Holland, AlterNet, ‘China Surpasses U.S. in Technological Prowess,’ http://preview.tinyurl.com/3wcbqw

Natalie Pace, Forbes, ‘China Surpasses U.S. in Internet Use,’ http://preview.tinyurl.com/52g3ec

S. Fidler, M. Palmer, Financial Times, ‘MI5 warns banks of Chinese hackers,’ http://preview.tinyurl.com/5w867q

Ellen Messmer, Network World, ‘Encryption restrictions,’ http://preview.tinyurl.com/5br342

Epoch Times, ‘Defecting Chinese agent tells of spy network in Canada,’ http://preview.tinyurl.com/5b5mx9

Andrei Chang, United Press International, ‘Chinese spies in the West,’ http://preview.tinyurl.com/6fqo76

W. Reid Witliff, Graves, Dougherty, Hearon & Moody, ‘Computer Hacking and Liability Issues,’ http://tinyurl.com/69kyxg

Open Net Initiative, ‘Internet Filtering in China in 2004-2005: A Country Study,’ http://opennet.net/studies/china

Wow, and here, we thought the powers of FUD held little sway.

Thanks Mr. Scientologist for sharing your conspiracy theories. Xenu (or is it Zemu) would be proud.

And thanks, JDW. BTW, please tell us how come non-US companies should accept US-designed CPUs in all of their computers? Are you going to be able to prove that the NSA hasn't installed a backdoor into every Intel and AMD chip at its very design?

Letters from a Chinese Official: Being an Eastern View of Western Civilization

"And as we are not led to interfere with you by the desire to convert you, so are we not driven to do so by the necessities of trade. Economically,
as well as politically, we are sufficient to ourselves. What we consume we produce, and what we produce we consume. We do not require,
and we have not sought, the products of
other nations; and we hold it no less imprudent than unjust to make war on strangers in order to open their markets. A society, we conceive, that is to be politically stable must be economically independent; and we regard an extensive foreign trade as necessarily a source of social demoralization."
Written originally for the English, they touch upon specifically English institutions. Original from Harvard University

Extensive foreign trade has expanded and look at the morals today. War, market turmoil and all the rest of it.

"Not even computers will replace committees, because committees buy computers." Shepherd Mead, 1964

If you point your finger on any of the governments of the largest countries in the world, I would guess you also find some who use information or other gained from hacker groups, one way or another. China is not a special case, US, Russia, India, UK, all of these use hackers to gain support, power or intelligence.

Many times a worm attack, ddos or similar have come just in time to prompt through support for some new legislation that have the goal to reduce our freedom on the internet, or put the media on red alert so that some bloke in the administration can look good by fending off a threat or something.

@jdw242b

And you hit the nail on the head why Lenovo laptops are not allowed on any DoD networks (at least any of the ones I work on).

My impression is that pro-Tibet organizations are not anti-China. More that they want China to withdraw from Tibet and permit self determination by the Tibetans. In contrast, the Chinese government seems to focus on demonizing Tibetans who oppose the Beijing government and the Buddhist clergy of Tibet.

Thanks for the thoughtful, insightful piece.

I'm sorry, Bruce, but how do you know any of this?

Obviously a nation as large as China is going to have independent, skilled hacker groups unaffiliated with the government. It simply does not follow from that observation that there is no Chinese government-sponsored hacking operation.

I don't trust everything my government tells me, but I don't trust everything you tell me, either, especially when your support is thin and the government's support is not.

trenchant has a good point. I personally consider Bruce my hero, but as a Marine who works in computer network defense, I have been exposed to a lot that would lead me to believe the Chinese government is supporting this activity. I would sincerely be interested in gaining a better understanding of what is leading Bruce to this conclusion........

A very interesting piece, thank you!

I admin' a server for the Epoch Times - a news media which published a comprehensive history of the Chinese Communist Party (CCP) a few years ago. It started a movement in which 40 million people have quit the CCP. So, of course the Epoch Times is a target. I get hundreds of hacking attempts each day from IP addresses in China.

Perhaps they are attempts from people who have strong nationalist pride! But I am not convinced that "these hacker groups seem not to be working for the Chinese government".

I would like to cite an example where currently in the Chinese area of Flushing, New York City, mobs of up to 600 have been attacking (verbally and physically) the volunteers at the "Quit the CCP Center" since May 17th. From the outside, the pro-CCP mobs appear to be zealous nationalists, however we have a recording of the Chinese Consul General, Peng Keyu, who admitted to encouraging these hate attacks on US soil. We also know that people in the mobs were paid $90 a day.

These mobs initially also "seemed not to be working for the Chinese government"...

We also know from Chinese defectors like Chen Yonglin and Hao Fengjun that the CCP employs thousands of spies around the world.

Given the CCP's insatiable hunger for controlling information both inside and outside of China, and the great lengths and expense that they go through to employ global spies, wouldn't it just
follow that they would exert the same amount of effort and force on the internet?

(Sorry this is so long!)

Even no action is an action. By turning their heads the other way, the Chinese Government supports the hackers. If the hackers are based in China, then China must take responsibility. Thats the way the world works.

Netter Bericht - kann ich nur beistimmen.

Bruce: Your apparent level of certainty is unjustified. Just because some of them are non-state actors (no doubt true), it does not follow that all of them are.

Also, as to whether the US government should blame the Chinese government, this is a bit like any other diplomatic issue where one country has the means, or, if not, a responsibility to develop the means, to control the hostile entities acting against other countries from within its own borders. So even if they are all non-state actors (which I doubt, but I'll grant for the sake of argument), they still should be brought under better control, the US might argue. Whether that can be done in a world of an open Internet is another question, but the main point about why the US may still want to hold China responsible stands.

It's very simple, as more cyber laws come into affect in China, and the CCP cracks down on hacker groups the cyber attacks will die down as these groups are brought under "better control" ie. the CCP centralize the effots of the hackers just as the US jails then employs them. The attacks will become more refined and less known to the public focusing on gaining state secrets, similiar to the efforts of the NSA attacks on other governments.

The US dominates in this area of espionage but as other countries especially developing countries surge ahead we'll see more attacks from them.

On a recent trip to China I had open internet access when not using my portable firewall, but no access when using it. Actually, I had access for a few minutes - but the penetration attempts were legion, and soon I was booted from connectivity. The words of my Chinese collegue said it best, "give them something to look at, and they'll leave you alone".

Mr. Schneier, I believe you have well organized source and I am confident some of the source you are reffering to, but I think it is wrong to deny Chinese official Cyber Warfare team not engaged in these activities. I know one of the origin of the Chinese hackers were using a computer owned by government operated organization through 0088.org. You have also not covered the social engineering techniques used within several attacks, rather or not you are ignoring this fact on purpose. There are several other techniques involved that smells professional and official. Your research is incomplete and misleading. I have several other reasons for possible official Cyber Warfare team involved, but I am not going to discuss it here for security purpose, but I believe you should redo your research.

Bruce,
You make reference in this article to people who actually monitor those networks as being able to verify your contention that these probes actually exist and are not part of someone's fantasy. For the past three years I was one of those people.

Hidden from view behind multiple doors with various badge swipes, PIN codes, and biometric exchanges we sat. The traffic was staggering. Across four government networks we're talking billions of events per week originating from Chinese IP addresses.

In some cases I was suprised that the sheer volume of IP and port walking didn't constitue a DOS attack. In the case of one customer it seemed that within an hour of announcing the IP space we were receiving several hundred thosand Chinese IP originating events per day.

Bottom line Bruce, thanks from the trenches. You hit the nail squarely on the head. This stuff is not a figment of the imagination and is not to be taken lightly. Just ask the Free Tibet folks.

I am a private US citizen. Yesterday evening my computer starting acting extremely unstable. I shut it down and ran my McAfee software checking for viruses. Nothing found. So I dug deeper. I checked my firewall and it was set below medium protection (since I hate to answer the pop up questions). Big mistake.

Once I checked my inbound log I found hundreds of IP addresses and clicked "trace" and one after another they were originating from computers all over China. I am shocked. The level of traffic to my system was astounding. Going back three weeks I found that I had been hit by the same Chinese IP addresses over and over. There were at least 40 different IP address originating there. I found 2 from Mexico and 2 from the UK. I banned every one that I found connected to China or other foreign countries. It is shocking.

So when you folks are reporting on these attacks, please don't fail to mention that they are accessing systems through private PCs all across the nation.

On Sunday afternoon I watched a special report about China's cyber attacks on the US. They interviewed the hackers and went to their hack "computer centers" to show how they were doing it. They explained why they were doing it. The reason the hacker gave was that they are furious at the US for our stance and false reporting on the Tibet issue. They pointed to CNN, ABC, and other news organizations for reporting the story with a negative skew toward China. They also explained that this was a reason for a surge in Chinese patriotism and a great desire to hack our systems in retailiation. During the program and after, for not one second did it ever occur to me that it was me they were using as access!

Needless to say, I just like millions of others watching that documentary never even suspected that I had hackers sitting over my shoulders for weeks at home while I sat and surfed the internet.

As I traced back the dates (and I traced every IP address that I saw in the log) the usage of my system increased substantially over the past two weeks. Prior to that these same hackers had visited my system routinely but not daily or hourly.

The most disturbing thing about all of this, while my computer was on but not connected to the internet Monday, I had traffic. The hackers had been on my system throughout the day while both I and my husband were at work.

Please start talking about personal PCs in your articles. I see government hacking stories in the posts and in the reports I watch, and it never dawned on me that I was a target or a vehicle to a target.

I have upped my firewall to lockdown. Those silly request and question pop ups are not a problem in the world to me now. Spread the word.

T. Strick

On the contrary, I believe China is very capable of having government-sanctioned academies targeted solely at hacking into American networks. Why not? Theirs is a very opportunisitc and amoral regime that will do things the easiest and most cost-effective way no matter the morals.