‘Punch the bully’ – cyber attacks provoke real-world response
The US Government has signaled that it will impose economic sanctions on Chinese companies if a prolonged cyber espionage campaign attributed to the People’s Republic does not cease.
The expression of US anger comes at the same time that a spate of cyber espionage attacks on Japan and an ongoing attempt to penetrate sources in India and Tibet have also been raising regional tensions. Some experts are calling for a moratorium on cyber espionage.
Intelligence sources in the UK and the US claim attackers are making a wholesale attempt to obtain information from Japan. The sources blame the Chinese Government, which has a long history of cyber intrusion.
The Chinese activity is part of a pattern of sustained cyber information gathering that is being carried out by a number of leading technology countries, including the US, Russia, the UK and other states, reported on by the CSRI’s sister site Future Intelligence.
They are now an issue in the US presidential race since details of the entire database of US Government employees, including biometric data at the Office of Personnel Management were stolen earlier this year. US officials blame China.
It is claimed that this incident could affect 18m people and that has led some Republican candidates to brand the actions cyber terrorism and demand at the very least some diplomatic retaliatory action over the visit of the Chinese President Xi Jinping’s visit to China.
“What will it take for President Obama to open his eyes? The way you deal with a bully on the playground is to punch them in the face and put them on the ground because the only thing they respect is power,” said the former Arkansas Governor and Republican Presidential hopeful, Mike Huckabee.
“The Chinese attacked our government and hacked into the lives of four million Americans. The response and retaliation to this behavior is simple – America should hack the Chinese government. We should hack the cell phones of some prominent Communist party leaders, hack the bank accounts of intelligence officials, publicly humiliate Chinese families for political corruption, or wipe-out a few critical Chinese computer systems,” said Huckabee.
In September 2015 a number of senior White House officials confirmed that the US is considering a series of economic sanctions against the Chinese state-owned enterprises and private companies that are thought to be involved in the attacks.
Such sabre-rattling has occurred in the past, in 2013 the US was rumoured to be about to launch sanctions, an action confirmed by high level sources but nothing happened at that time.
US draws line in sand
There are signs now that the US is finally beginning to lose its patience. On the 19th of May 2014, the US Department of Justice and the FBI announced that a US Grand Jury had indicted five Chinese army officers for cyber espionage.
According to the FBI: “From 2006-2014, defendants Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, who were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army, were allegedly involved in a hacking conspiracy that targeted Westinghouse Electric Co.; U.S. subsidiaries of SolarWorld AG; United States Steel Corp.; Allegheny Technologies Inc.; the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union; and Alcoa, Inc.”
Both US Government departments took the opportunity to explicitly lay out their grievances.
“This is a case alleging economic espionage by members of the Chinese military and represents the first ever charges against a state actor for this type of hacking,” U.S. Attorney General Eric Holder said. “The range of trade secrets and other sensitive business information stolen in this case is significant and demands an aggressive response. Success in the global market place should be based solely on a company’s ability to innovate and compete, not on a sponsor government’s ability to spy and steal business secrets. This Administration will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market.”
And the FBI Director James B. Comey underlined the exasperation felt by the US.
“For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries.
“The indictment announced today is an important step. But there are many more victims, and there is much more to be done. With our unique criminal and national security authorities, we will continue to use all legal tools at our disposal to counter cyber espionage from all sources.”
The briefings by White House officials indicate that once again sanctions may be imminent. They are seen by military experts to be the most likely course of action against the Chinese for their alleged crimes.
Despite calls from many in the US intelligence community to either lock out those involved in cyber espionage or to hit back at the computers suspected of carrying it out, military experts on cyber warfare have cautioned against such tactics.
According to Martin Libicki, Distinguished Professor at the Center for Cyber Security Studies of the US Naval Academy, both the US and Chinese military see cyber warfare as an integral part of any future conflict between the two states.
This is a development that Libicki claims is particularly worrying because of the potential for confusion between cyber warfare and cyber espionage and the likelihood that cyber conflict will rapidly escalate into conventional warfare.
Writing in the September 2014 issue of the International Institute for Strategic Studies journal Survival, Libicki and fellow professor at the Center for Cyber Security Studies of the US Naval Academy, David Gompert both argue that the difficulty of determining the intent behind a cyber incursion or indeed its source could spark a war between China and the US, because of the need for China to engage in a ‘cyber first strike’ to be able to stand a chance of defeating the US army.
It is a tactical necessity that Libicki says could draw both nations into a war, particularly given the current tension over potential flashpoints such as the Koreas, Taiwan and the South and East China Seas.
It is the systematic and continuous nature of the attacks that has led to them being called APT attacks by the cyber security industry – an acronym for ‘Advanced Persistent Threat’.
And it is the persistence of the attacks that has begun to test the patience of many of the countries that have been losing data to the Chinese.
Intelligence reports of the attack from the People’s Republic started to circulate in 2001 but many observers have stated that the attacks from the Chinese started almost as soon as the internet was born and that evidence of Chinese attempts to penetrate Western computer systems emerged in 1997, two years after the commercial roll-out of the World Wide Web.
Indeed the alleged Chinese hacking has claimed some notable incursions. In 2006 it was reported on our sister website that the Chinese had hacked the UK Houses of Parliament.
Information gathering on an industrial scale
In the past some experts have suggested that the Chinese information-gathering has rotated around a number of state targets.
A sustained attack on Norway was registered some years ago, affecting most of its industry sectors. The 2015 attack on Japan bears some similarities to that, if the reports from the cyber security company Kaspersky are accurate.
According to Sugura Ishimaru, a security researcher working for Kaspersky in Japan, the attack named ‘Blue Termite’ by the company has been going on since at least November 2013 and is targeted at a number of Japanese sectors with the Japanese Pension Service high on its list of priorities.
Ishimaru goes on to add that despite this, Blue Termite is an all-out attempt to penetrate Japanese industry. It recognises the fact that virtually all Japanese companies have their ‘command- and-control functions’ located in Japan in order to control the flow of their intellectual property.
“The list of targeted industries includes government and government agencies, local governments, public interest groups, universities, banks, financial services, energy, communication, heavy industry, chemical, automotive, electrical, news media, information services sector, health care, real estate, food, semiconductor, robotics, construction, insurance, transportation and so on,” Ishimaru pointed out in his blog, and adds that the attack is ongoing with companies still falling victim to the attempt to infiltrate their computers and steal data.
Such systematic hacking has always been denied by the Chinese who have countered that they are as much sinned against as sinning. But analysts and cyber security experts in Europe and the US point out that China, which is trying to build up its industries at a rate to rival those in the West – often from nowhere – needs intellectual property from technologically developed nations whereas the do not need information from China.
Indeed, the Chinese Government has even developed a shopping list of its intellectual property requirements according to the computer security company Context IS, a specialist in protecting against APT attacks.
It has also been pointed out that many of the APT targets are traditional areas of Chinese foreign policy interest and of friction such as India, now seen as a potential rival to China’s position as the world’s industrial centre and a regional rival, Tibet. Of course Japan, like India, is both a local economic rival and a potential contender for political leadership in South East Asia.
In the case of Tibet, the Chinese Government has made sustained efforts to penetrate the computer systems used by the Dalai Lama. In the most conspicuous incident, hackers claimed to be from China introduced an APT virus into the computer used by the Dalai Lama’s head of communications via an email containing details of an amateur football team he supported.
A more dangerous scenario arose from the ridicule heaped upon the North Korean dictator Kim Yong-Un’s regime’s response to the film ‘The Interview’. This US movie lampooned the rogue state with a comic plot about a conspiracy to assassinate the North Korean leader. Sony Pictures was hacked and the film was released online before it could even have a theatre premiere. This wiped out its value – and other films were also stolen and pre-released by the hackers, believe to be North Koreans. The fact that Sony is a Japanese company only added to the toxic mix.
According to CSRI’s sources, the crippling response from North Korea which saw Sony’s systems comprehensively hacked and several of its forthcoming film releases pirated and made available on the web could only have been achieved with the help and sanction of the People’s Republic of China. As with the hacking on the US Government employee database the Sony hack provoked a furious response from the US with President Obama stating that it was unacceptable.
War or vandalism
In an interesting development, President Obama refused to define the attack as warfare and instead chose to call it ‘cyber vandalism’, a hesitancy the US administration shares with the UK as using the term ‘cyber warfare’ would demand the involvement of the military.
Due to this potential for cyber espionage to trigger a real world stand-off, the Chinese are in a very difficult position. Either they carry on the aggressive information gathering that the state considers essential to guarantee place in the world order and future economic well-being, or else risk provoking a conflict that would be disastrous to China’s ambitions if it lasted for any length of time.
Thus it should be no surprise that in response to the news of possible economic sanctions, Zhu Haiquan, spokesperson for the Chinese embassy in Washington, told the Wall Street Journal: “The Chinese side calls for all parties to seek a common solution through enhanced dialogue and co-operation. Groundless speculation, hyping up or accusation is not helpful to solve the problem or conducive to any party’s interests.
“As major internet countries, both China and the US share significant interests in cybersecurity. This should be a source of co-operation rather than confrontation for the two countries.”
It is a co-operation that may only occur if there is a significant reining back on cyber-espionage by all of the states engaged in the activity.
One of the factors that the long-suffering Western companies and governments have found particularly galling is the shameless and blatant nature of the Chinese attacks, and the difficulties of responding to them that have been pointed out by Libicki and Gompert.
Cyber Security Research Institute Chair Peter Warren comments: “To avoid the sort of escalation that could occur there is a need for either a moratorium or of a discussion about what should and should not be allowed.”