Under Attack 3: Who Spies on Whom?

The issues raised here by Gordon Corera as he’s taking more interviews largely include the attribution of cyber attacks and espionage to specific nation states.

David Garfield Cyber attacks may be launched through computer networks, but they’re still about people. Attackers research employees in a target company, learning about their professional and personal lives. They’re looking for a way to pique someone’s interest and persuade them to click on an email under the mistaken impression that it’s from their boss or a friend. For the defenders it’s all about understanding your opponent. Detica’s Dave Garfield has gleaned a pretty good idea of who they are from watching numerous attacks unfold.

– I think it’s like any aspect of intelligence: the more monitoring you do, the more research you do into these groups, the more you’ll find out. We have a very clear understanding of the working hours of the attack groups. Many attack groups work Monday to Friday, they typically work from 9am to 5pm, they have a two-hour lunch break. We know that when they’re attacking Western organizations, particularly in America, they’ll then work the hours of the American corporations to try and hide in the noise of their networks, which means that they are often doing a second shift. So, once the first shift is going home, the second shift comes in. We can look at the hours and translate it to understanding roughly where in the world they might be.

– And what do you find in terms of where these groups are largely based, because it’s often said to be China?

– So, we’ve got strong indicators that there are a large number of groups emanating from China. However, we are seeing an increasing number of attack groups from Eastern Europe, from parts of the Middle East, so there’s an increasing globalization of this problem.

David DeWalt Although it’s relatively easy to see where a conventional missile might have been launched from, it’s much harder to be sure about the source of a cyber attack. Attackers can disguise what they do by going through computers in another country. But earlier this year an American cyber security company called Mandiant published a report that was something of a game changer. It traced attacks against 140 Western companies to the doorstep of a single building in Shanghai, a building which Mandiant said also housed Unit 61398 of China’s People’s Liberation Army. Mandiant chairman, David DeWalt:

– We studied the activity into exact building with the exact people involved. Not only did we know the exact individuals involved, we had pictures of the people, we tracked what information they were stealing, where they were going with it. So the evidence became so obvious that this was what was happening, and of course it’s been happening over years.

General Michael Hayden Never before had the finger been pointed so directly and so publicly at not just China, but the Chinese State. The Mandiant report helped Washington push the subject to the top of the political and diplomatic agenda. Its conclusions though came as no surprise to General Michael Hayden. For 6 years he presided over the National Security Agency, or NSA, America’s electronic intelligence agency.

– I had someone from the press call me and say: “This is really big news!” And my response was: “Well, it’s big, but it’s not news.”

– How big is the scale of Chinese espionage, do you think?

– I actually state publicly that I stand back in awe, as a professional, at the breadth, depth, sophistication and persistence of the Chinese espionage effort against the USA. As a professional, it’s awesome. I don’t know how they handle all the data they steal.

– It’s on a different scale, you mean?

– Yes, it is, and I’ve got to be careful about going too far in terms of classified information, but yes, the Chinese are very candid. We steal secrets too. But we steal only as does GCHQ. We steal only those things that keep British or American subjects safe and free. We don’t steal things to make Americans, or in GCHQ’s case, British subjects rich. The Chinese do, and they do it on a massive scale. That’s the difference between what free peoples do in terms of signals intelligence and what the Chinese are doing. And what makes that so pernicious is that they are a powerful nation state not attacking a nation state’s telecommunications or IT infrastructure, but attacking private industry’s IT infrastructure. That’s an incredibly uneven playing field, when the resources of a nation state are massed against even a sophisticated company, like Google or RSA.

Gathering intelligence on other states for reasons of national security has always taken place. The western objection to China is that it targets Western companies for commercial gain. For Beijing though, economic growth is a national security issue, key to its social and political stability. At a recent conference a Chinese military official is said to have got up and told his American counterparts: “In the US economic espionage is a crime and military espionage is heroic. But in China that line is not so clear.”

– Everywhere you look in Beijing there are signs of China’s enormous economic growth in recent years: huge skyscrapers reaching for the sky, new ones being built, fancy cars driving along the streets. But one question is how far that amazing economic growth has been built on economic espionage?

– I personally have lived through more than three decades of Chinese development.

Victor Gould is emblematic of China’s success, a former official turned international businessman.

– I was fortunate and privileged enough to be an interpreter in the 1980s, and I’ve known many Chinese leaders at the very top level. My fundamental belief is that the Chinese economic development and the political reform are real, and they are based on back-breaking hard work. Now, if anyone believes that by committing commercial espionage you can really gain an upper hand in manufactory, in R&D, in economic development, etc., you are dreaming about building a castle of cards. It’s impossible. The real foundation of the Chinese economic miracle is hard work.

Dr. Huang Huikang Perhaps weary of the tide of accusations from the West, China has begun to respond in public. We’re invited through the gates and pass the stiff-back soldiers into the foreign ministry in Central Beijing for a rare interview with Dr. Huang Huikang, the country’s lead negotiator on cyber issues. He begins with a statement setting out China’s position.

– We try to not only protect Internet freedom, but also safeguard social order, public and national security.

– America has accused China though of supporting hackers and of the government supporting hackers attacking American companies. What does China think about it?

– It is not true. China is one of those countries suffering most hacker attacks.

– So, other countries are saying that your state is sponsoring these attacks, but you’re saying you’re the victim of hacker attacks?

– Right.

– Do you think China gets singled out though for particular attention? Sometimes people say: China, China, China…

– It is not fair, because some people, I think… First, they are misunderstanding what happened in China. And sometimes we think this is a political game. It’s not true and not fair.

The view from Beijing, it seems, is that America and its allies are using the charge of economic espionage to distract from their own aggressive cyber activities. Leaked documents from the former US intelligence contractor Edward Snowden suggest the US has been spying on Chinese computers and sweeping up communications on a huge scale. A former general in the People’s Liberation Army says:

– Countries are always attempting to obtain intelligence from each other by all kinds of means. There was no need to make more of this than we need to. Getting hold of technological secrets so that you can learn from another country is nothing new. It happened well before cyber space came along. The main thing is that control of cyber space is too concentrated in the hands of the US.

Read previous: Under Attack 2: Major Security Agency Executives on Industrial Espionage

Read next: Under Attack 4: Cyber Threats to Critical Infrastructure

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: