{"id":151428,"date":"2013-02-14T18:24:45","date_gmt":"2013-02-15T02:24:45","guid":{"rendered":"http:\/\/chinadigitaltimes.net\/?p=151428"},"modified":"2013-02-14T19:57:31","modified_gmt":"2013-02-15T03:57:31","slug":"a-chinese-hacker-unmasked","status":"publish","type":"post","link":"https:\/\/chinadigitaltimes.net\/2013\/02\/a-chinese-hacker-unmasked\/","title":{"rendered":"A Chinese Hacker’s Identity Unmasked"},"content":{"rendered":"
China and<\/a> the United States have traded accusations of hacking<\/a> following reports that The New York Times<\/a>, Wall Street Journal<\/a> and Washington Post were all infiltrated by allegedly Chinese intruders<\/a>. Google’s Eric Schmidt blasts China for waging undeclared cyber war<\/a> in a forthcoming book, while Rupert Murdoch\u2014perhaps relieved to find one of his newspapers hacked, rather than hacking<\/a>\u2014has taken to Twitter to highlight alleged attacks<\/a>. But conclusively tracing any intrusion back to its source is usually impossible, allowing all parties some measure of plausible deniability.<\/p>\n In one case that has unfolded over the past two years, however, a trail of reused email addresses and aliases led to the business website and personal QQ and Kaixin accounts of a teacher at the P.L.A.’s Information Engineering University<\/strong><\/a>. At Bloomberg Businessweek, Dune Lawrence and Michael Riley describe and build researchers Joe Stewart’s and Cyb3rsleuth’s investigations of suspected hacker Zhang Changhe.<\/p>\n Computer attacks from China occasionally cause a flurry of headlines, as did last month\u2019s hack on the New York Times (NYT). An earlier wave of media attention crested in 2010, when Google (GOOG) and Intel (INTC) announced they\u2019d been hacked. But these reports don\u2019t convey the unrelenting nature of the attacks. It\u2019s not a matter of isolated incidents; it\u2019s a continuous invasion.<\/p>\n [\u2026] Investigators at dozens of commercial security companies suspect many if not most of those hackers either are military or take their orders from some of China\u2019s many intelligence or surveillance organizations. In general, they say the attacks are too organized and the scope too vast to be the work of freelancers. Secret diplomatic cables published by WikiLeaks connected the well-publicized hack of Google to Politburo officials, and the U.S. government has long had classified intelligence tracing some of the attacks to hackers linked to the People\u2019s Liberation Army (PLA), according to former intelligence officials. None of that evidence is public, however, and China\u2019s authorities have for years denied any involvement.<\/p>\n Up to now, private-sector researchers such as Stewart have had scant success putting faces to the hacks. There have been faint clues left behind\u2014aliases used in domain registrations, old online profiles, or posts on discussion boards that give the odd glimpse of hackers at work\u2014but rarely an identity. Occasionally, though, hackers mess up. Recently, one hacker\u2019s mistakes led a reporter right to his door.<\/p>\n [\u2026] Outing one person involved in the hacking teams won\u2019t stop computer intrusions from China. Zhang\u2019s a cog in a much larger machine and, given how large China\u2019s operations have become, finding more Zhangs may get easier. Show enough of this evidence, Stewart figures, and eventually the Chinese government can\u2019t deny its role. \u201cIt might take several more years of piling on reports like that to make that weight of evidence so strong that it\u2019s laughable, and they say, \u2018Oh, it was us,\u2019 \u201d says Stewart. \u201cI don\u2019t know that they\u2019ll stop, but I would like to make it a lot harder for them to get away with it.\u201d<\/p>\n<\/blockquote>\n Meek confessions from China do seem a long way off for now<\/strong><\/a>, as Adam Segal of the Council on Foreign Relations wrote shortly after the Times hacking was revealed:<\/p>\n Several commentaries and an article in the People\u2019s Daily all suggest that Beijing is not reacting to the public announcements with anything approaching shame. In fact, they all portray the claims as part of an effort to discredit China and distract from the offensive actions the United States is taking in cyberspace. The People\u2019s Daily notes that while the United States is portraying itself as the \u201cpatron saint of the free Internet\u201d it has plans to expand U.S. Cyber Command fivefold. He Hui, deputy director at the Communication University of China, argues that the claims about Chinese hacking are getting tiresome and in fact serve three alternate purposes: they raise suspicion about China\u2019s rise in the United States and the rest of the world; help raise defense budgets, especially for cyber weapons; and justify protectionist trade measures against Chinese firms that are beginning to challenge the big American companies.<\/p>\n<\/blockquote>\n Other recent news may do little to dispel these views. The New York Times reported early this month, for example, that a secret legal review had authorized pre-emptive strikes in response to “credible evidence of a major digital attack looming from abroad”<\/strong><\/a>. From David E. Sanger and Thom Shanker:<\/p>\n One senior American official said that officials quickly determined that the cyberweapons were so powerful that \u2014 like nuclear weapons \u2014 they should be unleashed only on the direct orders of the commander in chief.<\/p>\n [\u2026] \u201cWhile this is all described in neutral terms \u2014 what are we going to do about cyberattacks \u2014 the underlying question is, \u2018What are we going to do about China?\u2019 \u201d said Richard Falkenrath, a senior fellow at the Council on Foreign Relations. \u201cThere\u2019s a lot of signaling going on between the two countries on this subject.\u201d<\/p>\n<\/blockquote>\n China is not alone in its wariness of U.S. policy. At The New Republic, Thomas Rid argued that the Obama administration’s “lousy” record on cyber security includes neglecting defensive in favor of offensive capabilities<\/strong><\/a>.<\/p>\n Indeed, the Obama administration has been so intent on responding to the cyber threat with martial aggression that it hasn’t paused to consider the true nature of the threat. And that has lead to two crucial mistakes: first, failing to realize (or choosing to ignore) that offensive capabilities in cyber security don\u2019t translate easily into defensive capabilities. And second, failing to realize (or choosing to ignore) that it is far more urgent for the United States to concentrate on developing the latter, rather than the former.<\/p>\n [\u2026] So amid all the activity, little has been done to address the country’s major vulnerabilities. The software that controls America’s most critical infrastructure\u2014from pipeline valves to elevators to sluices, trains, and the electricity grid\u2014is often highly insecure by design, as the work of groups like Digital Bond illustrates. Worse, these systems are often connected to the internet for maintenance reasons, which means they are always vulnerable to attack. Shodan, a search engine dubbed the Google for hackers, has already made these networked devices searchable. Recently a group of computer scientists at the Freie Universit\u00e4t in Berlin began to develop their own crawlers to geo-locate these vulnerable devices and display them on a map. Although the data are still incomplete and anonymized, parts of America’s most vulnerable infrastructure are now visible for anyone to see.<\/p>\n Defending these areas ought to be the government’s top priority, not the creation of a larger Cyber Command capable of going on the offense. Yet the White House has hardly complained that the piece of legislation that would have made some progress towards that goal, the Cybersecurity Act of 2012, has stalled indefinitely in the Senate.<\/p>\n<\/blockquote>\n On Tuesday, however, the Associated Press reported that fear of “America [\u2026] losing cyber war to China” might help drive legislation through an otherwise gridlocked Congress<\/strong><\/a>:<\/p>\n Declaring that America is losing an aggressive cyber-espionage campaign waged from China, administration officials and lawmakers on Wednesday agreed to push legislation that would make it easier for the government and industry to share information about who is getting hacked and what to do about it.<\/p>\n They say this new partnership, codified by law and buoyed by President Barack Obama\u2019s new executive order, is critical to keeping countries like China, Russia and even Iran from rummaging in American computer networks and targeting proprietary data they can use to wreak havoc or compete against U.S. businesses.<\/p>\n [\u2026] \u201cUntil Congress acts, President Obama will be fighting to defend this country with one hand tied behind his back,\u201d said Senate Majority Leader Harry Reid, D-Nev., who promised Wednesday to advance a bipartisan proposal \u201cas soon as possible.\u201d<\/p>\n<\/blockquote>\n\n
\n
\n
\n
\n