China has gotten a lot of tough press worldwide in recent years because of the cyberattacks originating from the PRC.
Some of the critics accuse the government here of State-sponsored hacking, having a shadow force of hackers, crackers, and smackers (I made the last one up) on the payroll. Periodically, they say, the cyberforce gets orders to either test their capabilities against formidable opponents like the U.S. defense establishment, or to actually take down sites.
While I do not discount the threat, some of the rhetoric does tend to be rather breathless and Cold War-ish:
Since 2003, Chinese military hackers have been causing havoc in the computer networks of some of America’s most secure military and nuclear centers.
The Chinese threat from cyberspace has developed at an alarming rate and for the Chinese military and intelligence services it has proved the most cost-effective way of stealing our nuclear, industrial and defense secrets.
In the past five years Chinese hackers, under the guidance of the People’s Liberation Army (PLA) cyber-warfare branch, have penetrated systems at the Pentagon and, more importantly, at Sandia Laboratories, the heart of America’s nuclear research and design facilities.
Scary stuff. I don’t profess to know what China is/is not doing in this area. Some of the critics are Red Scare nutjobs, others are acknowledged experts on the subject who have excellent track records. Certainly the government is involved in this subsector of security policy, but to what extent, and to what end (nefarious or otherwise) remains to be seen. I’ve always assumed that any country that has sufficient IT capabilities is into this stuff, just like every country engages in some form of spying, if they can get away with it.
Regardless of what Beijing is doing in this area, I have no doubt that there is a significant hacker population in this country and that they go after a wide range of “opponents,” including domestic targets.
Hackers that have been co-opted by the government (i.e. working for “The Man”), and I suppose the more nationalist 愤青 type guys, perhaps do not attack PRC government sites, but I’m sure that the other ones do so all the time. That’s their calling, after all, and how else are you going to make your name in the business?
So I saw the following in the paper yesterday:
Hackers have attacked 81 government websites in the past week leaving 29 still paralyzed, according to figures released by the National Computer Network Emergency Response Center of China（CNETCC).
The CNETCC also revealed in its report, that four provincial websites in Anhui, Jiangsu, Sichuan and Tibet autonomous region were down, Chinanews.com.cn reported on Wednesday.
The latest figure, covering May 10 to May 16, marks a decline in the cyber attacks compared to the previous week, May 2 to May 9, where the number of affected websites was 124.
In this CNETCC report, about 150 website with .CN suffix are blacklisted, five malice codes and five software loopholes are also included.
Again, I have no concerns about the accuracy of the report. Of course these sites are targeted, and based on their site designs alone, I’m sure their security sucks big time. However, I can’t help but wonder if there is an ulterior motive in publishing this sort of information.
Once this sort of report is out there in the public domain, and discussed among experts and commentators, it’s possible that it blunts some of the other criticism. China might be conducting studies into cybersecurity, and they might have hackers on the payroll, but how bad could they be? They’re victims too.
This is groundless speculation on my part (the best part of the blogger’s “job”), but even if this is just another news story, and the report’s publication was standard operating procedure, will this kind of information have any effect on the standard, current meme of China as the base of a malicious, State-sponsored group of cyberterrorists? Or is this sort of thing just ignored as irrelevant to the question of whether China is actively preparing for cyberwar?
Note that this is not the only “We’re victims too” story in the Chinese press. Among others, a similar piece, sourced directly from China’s Ministry of Defense, appeared in the Chinese press on March 16 and described incoming hacking attempts from overseas IP addresses, including some based in the U.S.:
A chief editor with the official website of China’s Ministry of National Defense (MOD), www.mod.gov.cn, said Tuesday the site still receives thousands of overseas-based hacking attacks everyday after more than six months of trial operations.
I personally don’t think this will in fact blunt the criticism. However, it will give the government something to use in deflecting such criticism. In the greater international conversation on this issue, you might end up with the appearance of balance (i.e., everyone does it, so China shouldn’t be singled out), facts notwithstanding.
In addition to this narrow bit of speculation, though, there is a more central issue, which for the sake of discussion I will pose in question form. To wit:
1. If cyberterrorism is a real threat, shouldn’t all governments ramp up their capabilities in this area? Therefore is the existence of a cybersquad, even a PLA-sponsored brigade of Red Bull-swilling, Cheeto-encrusted hackers, completely justified?1
2. Where do you draw the line between permissible “live fire drills” and impermissible attacks on foreign sites? I understand that causing blackouts and pushing sites over the edge with denial of service blitzes are no-nos, but what about less invasive test runs against potential foreign adversaries? (Techies might have a better feel for this than I do.)
3. Do we need, or should we have, an international agreement on this issue? I say absolutely, at least at some point, but then again, I never met an international law I didn’t like. I’m still waiting for the New World Order and the One World Government.
- Well, there are no Cheetos in China. Perhaps some sort of nuts, dried fruit, or White Rabbit candy would be a more apt illustration. [↩]