05.28.13

Cyberwar, cyberespionage and manipulation

Posted in Cyberterrorism at 2:24 pm by George Smith

If you’ve been following along it’s no secret the US government and the national security industry have been waging an increasingly concerted campaign to increase cyber-defense spending. The lynchpin of the strategy is the relentless argument that Chinese hackers, under the guidance of its government and military, are into all American corporate business, military networks and the nation’s infrastructure. Because of this catastrophe looms.

Another ploy in this orchestrated theatrical production arrived today in the guise of the Defense Science Board report, Resilient Military Systems and the Advanced Cyber Threat.

The report is here.

However, it is not the same report the Washington Post’s Ellen Nakashima publicized in a big story on alleged deep Chinese cyberespionage directed against the US military and its arms manufacturers.

“Designs for many of the nation’s most sensitive advanced weapons systems have been compromised by Chinese hackers, according to a report prepared for the Pentagon and to officials from government and the defense industry,” writes Nakashima for the Post.

The Post’s report never makes clear if classified information was taken. And it informs that internal US government discussion of some of the incidents with China is now over a year old.

What does seem to be secret, but in a selective way, is the Defense Science Report.

The Post reporter delivers the information on Chinese cyber-espionage by admitting she has access to a “confidential” section of the report not included in the copy made generally available to the public.

One of the definitions for “confidential” in Merriam-Webster is “private, secret.”

The public version of the DSB report contains only three instances of the word “China” and only one of “Chinese.” “Espionage” appears only four times in report’s 146 .pdf pages.

What does this mean?

It means one of the Defense Science Board’s members or minions — which can be any number of a pool of representatives from arms manufacturers like Boeing and Northrop Grumman, to consultants to these same businesses or small national security “think tanks” or lawyers in legal firms providing consultation on cybersecurity issues under contract to the Department of Defense — leaked the real report, the “confidential” part, to the Washington Post.

These are never selfless acts to get word out about an emerging national threat. That’s not how things work.

What it is is another report, among an increasing number, aimed at growing the national security industry’s cyberwar and cyber-defense programs, in which many of the Defense Science Board’s members are employed.

The secret report, the one the Washington Post tells us about, is to redirect attention toward a new threat. It is part of a national argument that generally lumps all cyber-crime , cyber-spying and claimed cyberwar into one big threat aimed at the United States, over everyone else.

Nakashima’s report for the Post grudging includes the information that spokesmen for the Chinese government have complained that it is the victim of hacking and cyberespionage, too.

Indeed, a recent set of articles in the Financial Times on the subject includes an analysis that recounts internal cyberespionage in China, a case in which groups of young hackers invade Chinese firms, as well as those in other countries, in collection of information and e-mails which can be sold to competing firms or used in extortion schemes.

China’s corporate security businesses are not as mature as American competitors, the FT informs. As a result, criminal hacking groups and espionage efforts can be very successful.

Reads the FT:

China’s leading internet security firms such as Kingsoft, Qihoo 360, Inspur, Topsec or Venustech have little or no ambition in investing in forensics, the capability that supports long-term, in-depth analysis of the origin, structure and technical detail of past attacks that is being built by firms such as Symantec or TrendMicro. “Our internet security sector is light years behind the US, partly because there is very little awareness of the problems yet and companies are not willing to pay for such services,??? says Tony Yuan, head of Netentsec, a Beijing security company …

For Chinese experts, therefore, foreign complaints about hacking attacks originating in their country are far down the priority list. “Those who accuse the Chinese government of cyber attacks lack sincerity,??? says Liu Deliang, a cyber law expert from Beijing Normal University. “Cyber crime is the main problem and we should close ranks to fight it.???

Obviously, the Chinese read the Washington Post and they are not naive.

They know how the system works in America, too. And they are unlikely to be cowed or embarrassed by a newspaper story about a “confidential” Pentagon report, news of which is a fairly obvious case of insider manipulation. Of course, everyone connected with the DSB report knows this, too.

Thought question: What’s the difference between a good leak and a bad leak?

Answer: Bad leaks are those the Department of Justice is commanded to investigate. Good leaks are when contractor/consultants give “confidential” material on an expanding national security threat to the WaPost.

Yes, China is engaged in cyber-espionage against us. The US military is the largest and most powerful in world history. It would be a surprise if everyone wasn’t trying spy on it and its vast private sector infrastructure of giant arms and services contractors.

How do you secure such a large globe-spanning enterprise, one in which there will always be thousands of people, or even many more, who dumbly click on e-mail attachments, idly insert foreign media, go off secure protocols or copy sensitive materials to networked home or unsecured devices for convenience? Rhetorical question.

What can be seen in the non-secret version of Resilient Military Systems and the Advanced Cyber Threat?

Well, there is a loud call for mounting a big defensive and offensive military cyberwar capability, claiming that the cybersecurity threat facing the nation is equivalent to, or even more serious and complex than, things like mounting strategy against the German U-boat campaign in WW2 and the achievement of nuclear deterrence during the Cold War (page 38).

Readers may recall the latter was the building of a survivable capability to blow up the entire world in the case of a doomsday attack.

Cyberthreats are given a taxonomy and a graphic illustration. They range from nuisances, Tier 1 threats, to Tier 6 threats, malware hardware/software as yet unmade that is an “existential” threat.

A threat to existence!

It then proceeds to explain what constitutes various tier threats.

The Stuxnet virus, which the report coyly declines to mention was developed and deployed by the United States, was a Tier 4 threat. The Agent.btz worm/malware, a piece that circulated worldwide in 2008, is given the same rating.

Which I and others would call inflated but which left a lasting scar on the US military because it demonstrated that DoD was no better at keeping viruses off its networks than anyone else.

Agent.btz is never actually named in the Advanced Cyber Threat report. Instead the authors reference only the problem contained by “Buckshot Yankee,” which means nothing to laymen because it is not explained in the edition released to the public audience.

Buckshot Yankee was the name given to the operation aimed at neutralizing Agent.btz.

As an illustrative example of what constitutes a past Tier 6 threat, the DSP report comes up with the spying IBM Selectric typerwriter, machines that were altered by the Soviet to collect and transmit what was typed on them. The spying typewriters were put into US embassies in Moscow and Leningrad.

A newer Tier 6 threat is what I call the Subversive Chip of Cyber Doom.

The subversive chip would work normally in US computing and weapons systems until triggered by conditions or an outside signal. At which point it could transmit compromised information or destroy the processor and operating system.

So let’s not outsource all computer manufacturing to China. Oh, wait…

Other parts of the document discuss growing the US capacity for offensive cyberwar and establishing a “resilient” cyber force, a potentially immense open-ended project that is said to be of the utmost urgency.

---

More germane excerpts on China and cyberespionage from recent Financial Times pieces.

More than a quarter of US companies surveyed by the American Chamber of Commerce in China say they have had trade secrets stolen or compromised through cyber attacks on their China operations, adding weight to US accusations that Beijing is behind numerous corporate espionage attacks.

Twenty-six per cent of respondents to the US business lobby’s annual survey said they had been victims of such attacks …

In response to a question about the Amcham survey, a spokesman for the Chinese Foreign Ministry described any accusation of Chinese cyber theft as “irresponsible??? and urged US officials and companies “not to politicise economic and trade issues and to stop hyping the issue of cyber security???. Link.

And, an assertion that US deployment of the Stuxnet virus has made international cooperation between computer emergency response teams harder because of weakened trust:

Mr Du, “deputy chief engineer of the National Computer Network Emergency Response Team of China,” blamed [a mistaken identification of an IP in China as origination of a recent cyberattack on South Korean banks] on governments’ growing wariness since the detection in 2010 of Stuxnet, a worm which is believed to have been launched by the US and Israel against Iran’s nuclear programme.

“Since the cyber attack against Iran, namely the Stuxnet incident, governments don’t trust each other as much as before, and trust among CERTs has been damaged too,??? he said. “The dispute and misunderstandings among countries will give cyber attackers and terrorists new opportunities.???

Permalink