55501
Politics & Religion / China pushes ahead in cyberwar
« on: March 02, 2009, 12:26:27 PM »
Summary
With its vast population and internal-security concerns, China could well have the most extensive and aggressive cyberwarfare capability in the world. This may bode well for China as it strives to become a global power, but it does not engender a business-friendly environment for foreign companies and individuals in China, where there is no such thing as proprietary information. From within or without, defending against China’s cyberwarfare capability is a daunting task.
Analysis
In late 2008, rumors began circulating that the Chinese government, beginning in May 2009, would require foreign companies operating in China to submit their computer security technology for government approval. Details were vague, but the implication was that computer encryption inside China would become essentially useless. By giving away such information — the type of encryption systems they use and how they are implemented — companies would be showing the Chinese government how to penetrate their computer systems. It is not uncommon for governments and militaries operating on foreign soil to be required to do this, but it is unusual for private companies. (Of course, many governments, such as the United States, refuse to relinquish secure communications even when they have a diplomatic presence in a friendly nation, such as the United Kingdom.)
There is nothing sacred about information in China, where the cyberwarfare capability is deep, pervasive and a threat not only to foreign governments and militaries but also foreign corporations and individuals. STRATFOR sources tell us that the Chinese government already has pertinent information on all Taiwanese citizens of interest to China, a database that could easily be expanded to include other foreign nationals. The Chinese government can decipher most types of encrypted e-mails and documents, and China’s Internet spy network is thought to be the most extensive — if not the most creative — in the world. The government’s strongest tactic is a vast network of “bots” — parasitic software programs that allow their users to hijack networked computers. Individual bots can be building blocks for powerful conglomerations known as “botnets” or “bot armies,” which are fairly conventional formations engaged in a game of numbers not unlike traditional Chinese espionage. It is not the most innovative form of cyberwarfare, but China wields this relatively blunt instrument very effectively.
Indeed, China may well have the most extensive cyberwarfare capability in the world and the willingness to use it more aggressively than any other country. Such capability and intent are based on two key factors. One is the sheer size of China’s population, which is large enough to apply capable manpower to such a pervasive, people-intensive undertaking. In other words, one reason they do it is because they can.
Related Special Topic Page
Cyberwarfare
Another is the Chinese government’s innate paranoia about internal security, born of the constant challenge of extending central rule over a vast territory. This paranoia drove Beijing to build the “Great Firewall,” an ability to control Internet activity inside the country. (Virtually all information coming into and out of China is filtered and can be cut off by the flip of a switch.) This amount of control over the information infrastructure far surpasses the control that the United States and other Western countries — or even Russia — can wield over their infrastructures.
While much of China’s Internet spying is aimed at Taiwan, it is also driven by Beijing’s desire for global-power status. With the United States and Russia both investing in offensive and defensive cyberwarfare capability, China has a vested interest in applying its strengths and devoting its resources to staying ahead of the pack and not being caught in the middle. With its information infrastructure under tight governmental control, China can leverage its massive manpower resources in a manner that allows it to conduct far more direct and holistic cyberwarfare operations than any other country.
Today, with current technology, the Chinese government can hack into most anything, even without information on specific encryption programs. It can do this not only by breaking codes but also through less elaborate means, such as capturing information upstream on Internet servers, which, in China, are all controlled by the government and its security apparatus. If a foreign company is operating in China, it is almost a given that its entire computer system is or will be compromised. If companies or individuals are using the Internet in China, there is an extremely strong possibility that several extensive bots have already infiltrated their systems. STRATFOR sources in the Chinese hotel industry tell of extensive Internet networks in hotels that are tied directly to the Public Security Bureau (PSB, the Chinese version of the FBI). During the 2008 Olympics, Western hotel chains were asked to install special Internet monitoring devices that would give the PSB even more access to Internet activities.
The Chinese Internet spy network relies heavily on bots. Many Chinese Web sites have these embedded bots, and simply logging on to a Web site could trigger the download of a bot onto the host computer. Given that the Internet in China is centrally controlled by the government, these bots likely are on many common Web sites, including English-language news sites and expatriate blogs. It is important to note that the Chinese cyberwarfare capability is not limited by geography. The government can break into Web sites anywhere in the world to install bots.
China has invested considerable time and resources to developing its bot armies, focusing on quantity rather than quality and shying away from more creative forms of hacking such as SQL injections (injecting code to exploit a security vulnerability) and next-generation remote exploits (in such features as chat software and online games). The best thing about bots is that they are easy to spread. An extensive bot army, for example, can be employed both externally and internally, which puts China at a distinct advantage. If Beijing wanted to cut its Internet access to the rest of the world in a crisis scenario, it could still spy on computers beyond its national boundaries, with bots installed on computers around the world. The upkeep of the spy network could easily be accomplished by a few people operating outside of China. By comparison, according to STRATFOR Internet security sources, the United States does not have the ability to shut down its Internet network in a time of crisis, nor could it get into China’s network if it were shut down.
A bot army might be a large, blunt instrument, but finding a bot on a computer can be a Herculean task, beyond the capabilities of some of the most Internet-savvy people. Moreover, the Chinese have started to make their bots “user-friendly.” When bots were first introduced, they could slow down computer operating systems, eventually leading the computer user to reinstall the hard drive (and thus killing the bot). Sources say that Chinese bots now can be so efficient they actually make many computers run better by cleaning up the hard drive, trying to resolve conflicts and so on. They are like invisible computer housecleaners tidying things up and keeping users satisfied. The payment for this housecleaning, of course, is intelligence.
In addition to bots and other malware, the Chinese have many other ways to expand their Internet spy network. A great deal of the computer chips and other hardware used in manufacturing computers for Western companies and governments are made in China; and these components often come from the factory loaded with malware. It is also common for USB flash drives to come from the factory infected. These components make their way into all manner of computers operating in major Western companies and governments, even the Pentagon (which recently was forced to ban the use of USB thumb drives because of a computer security incident).
Recently, a STRATFOR source who formerly worked in Australia’s government was surprised that the Australian government was considering giving a national broadband contract to the Chinese telecommunications equipment maker Huawei Technologies, which is known to have ties to the Chinese government and military. Huawei was the subject of a U.S. investigation that eventually led it to withdraw a joint $2.2 billion bid to buy a stake in 3Com, a U.S. Internet router and networking company. Other STRATFOR sources are wary of Huawei’s relationship with the U.S. company Symantec, maker of popular anti-virus and anti-spyware programs.
For companies operating in China, the best course of action is simply to leave any sensitive materials outside of China and not allow computer networks inside China to come into contact with sensitive materials. A satellite connection would help mitigate the possibility of intrusion from targeted direct hacking, but such networks are not extensive in China and move data fairly slowly. It is really not a matter of what kind of network to use. Although there have been no reports of a next-generation 3G network being hacked in any country, the Chinese government can still access the traffic on the network because it owns the physical infrastructure — telephone wires and poles, fiber optics, switching stations — and maintains tight control over it. Moreover, most 3G-enabled devices also use Bluetooth, which is extremely vulnerable to attack. And neither 3G nor satellite connections necessarily reduce the threat from bots that are propagated over e-mail or by Web-browser exploits. In the end, if your computer or other data device is infected with malware, a secure network provides very little solace.
Even when a foreign traveler leaves sensitive materials at home, there is no guarantee of their safety. The pervasive Chinese bot armies are a formidable foe, and they frequently attack networks and systems in almost every part of the world (the Pentagon defends against thousands of such attacks every day). Although China lacks a certain innovative finesse when it comes to cyberwarfare, it has a massive program with a wide reach. Combating it, from within or without, is a daunting task for any individual, company or superpower.
With its vast population and internal-security concerns, China could well have the most extensive and aggressive cyberwarfare capability in the world. This may bode well for China as it strives to become a global power, but it does not engender a business-friendly environment for foreign companies and individuals in China, where there is no such thing as proprietary information. From within or without, defending against China’s cyberwarfare capability is a daunting task.
Analysis
In late 2008, rumors began circulating that the Chinese government, beginning in May 2009, would require foreign companies operating in China to submit their computer security technology for government approval. Details were vague, but the implication was that computer encryption inside China would become essentially useless. By giving away such information — the type of encryption systems they use and how they are implemented — companies would be showing the Chinese government how to penetrate their computer systems. It is not uncommon for governments and militaries operating on foreign soil to be required to do this, but it is unusual for private companies. (Of course, many governments, such as the United States, refuse to relinquish secure communications even when they have a diplomatic presence in a friendly nation, such as the United Kingdom.)
There is nothing sacred about information in China, where the cyberwarfare capability is deep, pervasive and a threat not only to foreign governments and militaries but also foreign corporations and individuals. STRATFOR sources tell us that the Chinese government already has pertinent information on all Taiwanese citizens of interest to China, a database that could easily be expanded to include other foreign nationals. The Chinese government can decipher most types of encrypted e-mails and documents, and China’s Internet spy network is thought to be the most extensive — if not the most creative — in the world. The government’s strongest tactic is a vast network of “bots” — parasitic software programs that allow their users to hijack networked computers. Individual bots can be building blocks for powerful conglomerations known as “botnets” or “bot armies,” which are fairly conventional formations engaged in a game of numbers not unlike traditional Chinese espionage. It is not the most innovative form of cyberwarfare, but China wields this relatively blunt instrument very effectively.
Indeed, China may well have the most extensive cyberwarfare capability in the world and the willingness to use it more aggressively than any other country. Such capability and intent are based on two key factors. One is the sheer size of China’s population, which is large enough to apply capable manpower to such a pervasive, people-intensive undertaking. In other words, one reason they do it is because they can.
Related Special Topic Page
Cyberwarfare
Another is the Chinese government’s innate paranoia about internal security, born of the constant challenge of extending central rule over a vast territory. This paranoia drove Beijing to build the “Great Firewall,” an ability to control Internet activity inside the country. (Virtually all information coming into and out of China is filtered and can be cut off by the flip of a switch.) This amount of control over the information infrastructure far surpasses the control that the United States and other Western countries — or even Russia — can wield over their infrastructures.
While much of China’s Internet spying is aimed at Taiwan, it is also driven by Beijing’s desire for global-power status. With the United States and Russia both investing in offensive and defensive cyberwarfare capability, China has a vested interest in applying its strengths and devoting its resources to staying ahead of the pack and not being caught in the middle. With its information infrastructure under tight governmental control, China can leverage its massive manpower resources in a manner that allows it to conduct far more direct and holistic cyberwarfare operations than any other country.
Today, with current technology, the Chinese government can hack into most anything, even without information on specific encryption programs. It can do this not only by breaking codes but also through less elaborate means, such as capturing information upstream on Internet servers, which, in China, are all controlled by the government and its security apparatus. If a foreign company is operating in China, it is almost a given that its entire computer system is or will be compromised. If companies or individuals are using the Internet in China, there is an extremely strong possibility that several extensive bots have already infiltrated their systems. STRATFOR sources in the Chinese hotel industry tell of extensive Internet networks in hotels that are tied directly to the Public Security Bureau (PSB, the Chinese version of the FBI). During the 2008 Olympics, Western hotel chains were asked to install special Internet monitoring devices that would give the PSB even more access to Internet activities.
The Chinese Internet spy network relies heavily on bots. Many Chinese Web sites have these embedded bots, and simply logging on to a Web site could trigger the download of a bot onto the host computer. Given that the Internet in China is centrally controlled by the government, these bots likely are on many common Web sites, including English-language news sites and expatriate blogs. It is important to note that the Chinese cyberwarfare capability is not limited by geography. The government can break into Web sites anywhere in the world to install bots.
China has invested considerable time and resources to developing its bot armies, focusing on quantity rather than quality and shying away from more creative forms of hacking such as SQL injections (injecting code to exploit a security vulnerability) and next-generation remote exploits (in such features as chat software and online games). The best thing about bots is that they are easy to spread. An extensive bot army, for example, can be employed both externally and internally, which puts China at a distinct advantage. If Beijing wanted to cut its Internet access to the rest of the world in a crisis scenario, it could still spy on computers beyond its national boundaries, with bots installed on computers around the world. The upkeep of the spy network could easily be accomplished by a few people operating outside of China. By comparison, according to STRATFOR Internet security sources, the United States does not have the ability to shut down its Internet network in a time of crisis, nor could it get into China’s network if it were shut down.
A bot army might be a large, blunt instrument, but finding a bot on a computer can be a Herculean task, beyond the capabilities of some of the most Internet-savvy people. Moreover, the Chinese have started to make their bots “user-friendly.” When bots were first introduced, they could slow down computer operating systems, eventually leading the computer user to reinstall the hard drive (and thus killing the bot). Sources say that Chinese bots now can be so efficient they actually make many computers run better by cleaning up the hard drive, trying to resolve conflicts and so on. They are like invisible computer housecleaners tidying things up and keeping users satisfied. The payment for this housecleaning, of course, is intelligence.
In addition to bots and other malware, the Chinese have many other ways to expand their Internet spy network. A great deal of the computer chips and other hardware used in manufacturing computers for Western companies and governments are made in China; and these components often come from the factory loaded with malware. It is also common for USB flash drives to come from the factory infected. These components make their way into all manner of computers operating in major Western companies and governments, even the Pentagon (which recently was forced to ban the use of USB thumb drives because of a computer security incident).
Recently, a STRATFOR source who formerly worked in Australia’s government was surprised that the Australian government was considering giving a national broadband contract to the Chinese telecommunications equipment maker Huawei Technologies, which is known to have ties to the Chinese government and military. Huawei was the subject of a U.S. investigation that eventually led it to withdraw a joint $2.2 billion bid to buy a stake in 3Com, a U.S. Internet router and networking company. Other STRATFOR sources are wary of Huawei’s relationship with the U.S. company Symantec, maker of popular anti-virus and anti-spyware programs.
For companies operating in China, the best course of action is simply to leave any sensitive materials outside of China and not allow computer networks inside China to come into contact with sensitive materials. A satellite connection would help mitigate the possibility of intrusion from targeted direct hacking, but such networks are not extensive in China and move data fairly slowly. It is really not a matter of what kind of network to use. Although there have been no reports of a next-generation 3G network being hacked in any country, the Chinese government can still access the traffic on the network because it owns the physical infrastructure — telephone wires and poles, fiber optics, switching stations — and maintains tight control over it. Moreover, most 3G-enabled devices also use Bluetooth, which is extremely vulnerable to attack. And neither 3G nor satellite connections necessarily reduce the threat from bots that are propagated over e-mail or by Web-browser exploits. In the end, if your computer or other data device is infected with malware, a secure network provides very little solace.
Even when a foreign traveler leaves sensitive materials at home, there is no guarantee of their safety. The pervasive Chinese bot armies are a formidable foe, and they frequently attack networks and systems in almost every part of the world (the Pentagon defends against thousands of such attacks every day). Although China lacks a certain innovative finesse when it comes to cyberwarfare, it has a massive program with a wide reach. Combating it, from within or without, is a daunting task for any individual, company or superpower.