In one case that has unfolded over the past two years, however, a trail of reused email addresses and aliases led to the business website and personal QQ and Kaixin accounts of a teacher at the P.L.A.’s Information Engineering University. At Bloomberg Businessweek, Dune Lawrence and Michael Riley describe and build researchers Joe Stewart’s and Cyb3rsleuth’s investigations of suspected hacker Zhang Changhe.

Computer attacks from China occasionally cause a flurry of headlines, as did last month’s hack on the New York Times (NYT). An earlier wave of media attention crested in 2010, when Google (GOOG) and Intel (INTC) announced they’d been hacked. But these reports don’t convey the unrelenting nature of the attacks. It’s not a matter of isolated incidents; it’s a continuous invasion.

[…] Investigators at dozens of commercial security companies suspect many if not most of those hackers either are military or take their orders from some of China’s many intelligence or surveillance organizations. In general, they say the attacks are too organized and the scope too vast to be the work of freelancers. Secret diplomatic cables published by WikiLeaks connected the well-publicized hack of Google to Politburo officials, and the U.S. government has long had classified intelligence tracing some of the attacks to hackers linked to the People’s Liberation Army (PLA), according to former intelligence officials. None of that evidence is public, however, and China’s authorities have for years denied any involvement.

Up to now, private-sector researchers such as Stewart have had scant success putting faces to the hacks. There have been faint clues left behind—aliases used in domain registrations, old online profiles, or posts on discussion boards that give the odd glimpse of hackers at work—but rarely an identity. Occasionally, though, hackers mess up. Recently, one hacker’s mistakes led a reporter right to his door.

[…] Outing one person involved in the hacking teams won’t stop computer intrusions from China. Zhang’s a cog in a much larger machine and, given how large China’s operations have become, finding more Zhangs may get easier. Show enough of this evidence, Stewart figures, and eventually the Chinese government can’t deny its role. “It might take several more years of piling on reports like that to make that weight of evidence so strong that it’s laughable, and they say, ‘Oh, it was us,’ ” says Stewart. “I don’t know that they’ll stop, but I would like to make it a lot harder for them to get away with it.”

Meek confessions from China do seem a long way off for now, as Adam Segal of the Council on Foreign Relations wrote shortly after the Times hacking was revealed:

Several commentaries and an article in the People’s Daily all suggest that Beijing is not reacting to the public announcements with anything approaching shame. In fact, they all portray the claims as part of an effort to discredit China and distract from the offensive actions the United States is taking in cyberspace. The People’s Daily notes that while the United States is portraying itself as the “patron saint of the free Internet” it has plans to expand U.S. Cyber Command fivefold. He Hui, deputy director at the Communication University of China, argues that the claims about Chinese hacking are getting tiresome and in fact serve three alternate purposes: they raise suspicion about China’s rise in the United States and the rest of the world; help raise defense budgets, especially for cyber weapons; and justify protectionist trade measures against Chinese firms that are beginning to challenge the big American companies.

Other recent news may do little to dispel these views. The New York Times reported early this month, for example, that a secret legal review had authorized pre-emptive strikes in response to “credible evidence of a major digital attack looming from abroad”. From David E. Sanger and Thom Shanker:

One senior American official said that officials quickly determined that the cyberweapons were so powerful that — like nuclear weapons — they should be unleashed only on the direct orders of the commander in chief.

[…] “While this is all described in neutral terms — what are we going to do about cyberattacks — the underlying question is, ‘What are we going to do about China?’ ” said Richard Falkenrath, a senior fellow at the Council on Foreign Relations. “There’s a lot of signaling going on between the two countries on this subject.”

China is not alone in its wariness of U.S. policy. At The New Republic, Thomas Rid argued that the Obama administration’s “lousy” record on cyber security includes neglecting defensive in favor of offensive capabilities.

Indeed, the Obama administration has been so intent on responding to the cyber threat with martial aggression that it hasn’t paused to consider the true nature of the threat. And that has lead to two crucial mistakes: first, failing to realize (or choosing to ignore) that offensive capabilities in cyber security don’t translate easily into defensive capabilities. And second, failing to realize (or choosing to ignore) that it is far more urgent for the United States to concentrate on developing the latter, rather than the former.

[…] So amid all the activity, little has been done to address the country’s major vulnerabilities. The software that controls America’s most critical infrastructure—from pipeline valves to elevators to sluices, trains, and the electricity grid—is often highly insecure by design, as the work of groups like Digital Bond illustrates. Worse, these systems are often connected to the internet for maintenance reasons, which means they are always vulnerable to attack. Shodan, a search engine dubbed the Google for hackers, has already made these networked devices searchable. Recently a group of computer scientists at the Freie Universität in Berlin began to develop their own crawlers to geo-locate these vulnerable devices and display them on a map. Although the data are still incomplete and anonymized, parts of America’s most vulnerable infrastructure are now visible for anyone to see.

Defending these areas ought to be the government’s top priority, not the creation of a larger Cyber Command capable of going on the offense. Yet the White House has hardly complained that the piece of legislation that would have made some progress towards that goal, the Cybersecurity Act of 2012, has stalled indefinitely in the Senate.

On Tuesday, however, the Associated Press reported that fear of “America […] losing cyber war to China” might help drive legislation through an otherwise gridlocked Congress:

Declaring that America is losing an aggressive cyber-espionage campaign waged from China, administration officials and lawmakers on Wednesday agreed to push legislation that would make it easier for the government and industry to share information about who is getting hacked and what to do about it.

They say this new partnership, codified by law and buoyed by President Barack Obama’s new executive order, is critical to keeping countries like China, Russia and even Iran from rummaging in American computer networks and targeting proprietary data they can use to wreak havoc or compete against U.S. businesses.

[…] “Until Congress acts, President Obama will be fighting to defend this country with one hand tied behind his back,” said Senate Majority Leader Harry Reid, D-Nev., who promised Wednesday to advance a bipartisan proposal “as soon as possible.”

The threat from China has already proven lucrative for some in the private sector. Previously at Businessweek, Brad Stone and Michael Riley profiled security firm Mandiant, enlisted by both The New York Times and The Washington Post to exorcise suspected Chinese intrusions. The company’s $100 million business has been built in large part on the threat of attacks from China.

In one large central control room, dubbed the Bridge, a dozen security analysts peer quietly at their computer monitors, looking for anomalous activity on the computer networks of Mandiant’s hundreds of corporate clients around the world. A large computer display on the wall shows an image of the earth, seen from space, that highlights inbound and outbound network activity in each country. Mandiant monitors the entire planet, yet a printout taped to the desk of one analyst suggests that these days, the company has a more specific focus. “To accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless,” reads an excerpt from a recent Chinese government statement. Jennifer Ayers, who manages the Redwood City facility, removes the printout and folds it in half. “We’re not supposed to editorialize,” she says.

[…] For the first few years, [Mandia's] company remained small and relatively unknown outside computer security circles. But it was in the right place at the right time. In 2011, as anxieties about attacks by China spread, the company raised $70 million from venture capital firm Kleiner Perkins Caufield & Byers and the investment arm of JPMorgan Chase (JPM). […]

See also a ChinaFile conversation on recent hackings between CDT founder Xiao Qiang, Orville Schell, James Fallows, Bill Bishop and others, and more on hacking and cyber security via CDT.

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | One comment | Add to del.icio.us
Post tags: Barack Obama, congress, cyberattacks, cyberespionage, cybersecurity, cyberwar, Eric Schmidt, hackers, hacking, PLA, Rupert Murdoch
Download Tools to Circumvent the Great Firewall

China, Schmidt and Cohen write, is “the world’s most active and enthusiastic filterer of information” as well as “the most sophisticated and prolific” hacker of foreign companies. In a world that is becoming increasingly digital, the willingness of China’s government and state companies to use cyber crime gives the country an economic and political edge, they say.

[…] But for all the advantages China gains from its approach to the Internet, Schmidt and Cohen still seem to think its hollow political center is unsustainable. “This mix of active citizens armed with technological devices and tight government control is exceptionally volatile,” they write, warning this could lead to “widespread instability.”

In the longer run, China will see “some kind of revolution in the coming decades,” they write.

In a separate post, Gara takes a broader overview of the book’s contents, including real-name registration, “automated and machine-precise” haircuts, and the view that “we’re already living in an age of state-led cyber war, even if most of us aren’t aware of it.” See also Schmidt’s daughter Sophie’s account of their recent trip to North Korea.

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | One comment | Add to del.icio.us
Post tags: books, cyberutopianism, cyberwar, Eric Schmidt, Google, hacking, real name registration, revolution
Download Tools to Circumvent the Great Firewall

Duncan Clark, chairman of market research company BDA China Ltd, said that Schmidt’s visit to China was incidental, after his visit to the DPRK.

However, Clark added that “both Google China’s R&D presence in Beijing and its massive influence on the smartphone market through Android still give it a lot of heft here” despite the fact that local rival Baidu Inc has won the upper hand in recent times. Google’s Android is the world’s most widely used smartphone operating system.

…

Faced with a declining market share in China, Google is pushing into the mobile sector,trying to generate revenues from its mobile advertising products, which enable ads tobe shown on mobile applications, mobile search results and online videos.

John Liu, corporate vice-president of Google China, said earlier the mobile ad business is the company’s fastest-growing business in the country.

Meanwhile, the cat-and-mouse game with Chinese authorities over web freedoms in China continues. Google recently cancelled a search filter notification feature which tipped off users to banned or risky keywords, prompting some to claim that the Internet giant has given up the fight against Chinese government censorship. While activist groups such as GreatFire.org have expressed disappointment with Google, The Economist tries to put the move in perspective:

Fair enough, but a question comes to mind. Why should Google be buckling under now? Some see crassly commercial motives, supposing that the firm has stopped crying foul on censorship in order to woo back the Chinese government on behalf of its business interests. Such folk observe that Google has recently announced a tie up with Qihoo 360 Technology, a Chinese firm that puts out popular antivirus software as well as the country’s leading web browser.

Qihoo is determined to take on Baidu, which has consolidated its grip on China’s search market after Google’s departure (it is estimated to command a share of greater than 70%). A tie-up with Google would help Qihoo to improve searches and to better match eyeballs with relevant advertising. Google could benefit from the tie-up as the benevolent rich uncle, using the local firm as a proxy for its commercial aims. By keeping Baidu from becoming an utter monopoly, goes this argument, Qihoo helps keep the China market open for Google’s eventual re-entry when and if the censorship regime changes.

That seems a plausible thesis, but there is another. Every move Google has tried to make to combat, expose or pervert China’s efforts at censorship has been met and defeated by the authorities—often with overwhelming force. This was true too of its latest warnings about censorship. In the end, it may be that Google simply stopped banging its head against the wall, having realised that the headache was pointless.

The notion that Google could curry favour with the leadership now by halting its warning messages is ridiculous, insists a former Google insider: “the opportunity to capitulate was lost forever when Google gave the middle finger and left.”

© Scott Greene for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: Eric Schmidt, Google, Internet, Internet censorship, mobile applications, search engines
Download Tools to Circumvent the Great Firewall