"Cyber China", from Operation Aurora to China Cyber Attacks Syndrome

When we think of China in relation to cyber warfare, we imagine an army of hackers hired by the government in a computer room ready to successfully attack any potential target. China is perceived as a cyber power and ready to march against any insurmountable obstacle using any means. In this connection we read everything and its opposite, and we are ready to blame all sorts of cyber threat to the Country of the Rising Sun.

The truth, however, is quite different, at least in my opinion, and understands that the Chinese people before others have understood the importance of a strategic hegemony in cyber space. However, many doubts are beginning to gather on the real technological capabilities of China. It certainly has a high potential for cyber offensive but its quality is really arguable.

China has the most extensive cyber-warfare capabilities. It began to implement an Information Warfare strategy in 1995 conducting a huge quantity of exercises in which computer viruses have been used to interrupt military and private communications. In 2000, China established a strategic Information Warfare unit, Net Force, which is responsible for "wage combat through computer networks to manipulate enemy information systems spanning spare parts deliveries to fire control and guidance systems." Today The PLA GSD Third Department and Fourth Departments are considered to be the two largest players in China's burgeoning cyber-infrastructure.

In November 2011, Desmond Ball, a professor in the Strategic and Defense Studies Centre at Australia's National University argues that the Chinese offensive capabilities today are pretty limited and he has also declared that the internal security has a bunch of vulnerabilities.

Ball says that China's cyber-warfare capabilities are "fairly rudimentary", and is actually able to organize massive attacks (e.g. DDoS attacks) with little sophistication. The technology solutions behind the malware used are really poor and this makes them really simple to detect and remove before any damage has been done or data stolen. The capabilities shown cannot be sufficient to penetrate highly secure networks or covertly steal or falsify critical data.

According cyber analysts, hackers in China and their attacks have different digital fingerprints, easily recognizable by analyzing the used computer code, and studying the command and control computers that they used to move their malicious software.

No doubt, analysts are convinced that attacks are coming from the Chinese government, because they have tracked enough intrusions to specific locations to be confident they are linked to Beijing cyber structures. Consider that the threat was persistent, spreading malware in target computer networks again and again over the course of several months or even years.

Many cyber-intelligence operations have been conducted against numerous countries, including the United States, UK, Australia, New Zealand, Canada, Germany, France, the Netherlands, Portugal, Japan, South Korea, Taiwan, India, Pakistan, Iran, Thailand, the Philippines and Indonesia.

Consider that according to what has been published in the Office of the National Counterintelligence Executive report, prevalent usage of cyber operations is related to attempting to gain business and industrial secrets from companies, in this case from Americans.

Companies are frustrated that the government isn't doing enough to pressure China to stop the attacks which the Chinese government has officially been providing protection and anonymity to those groups of hackers.

In the last ten years the attacks have increased dramatically broadened to target defense companies, critical industries, major firms also including critical infrastructure.

China is considered one of the most dangerous players of cyber-espionage operations against world wide business. Forecast for the next years aren't encouraging because the government of China will maintain an aggressive approach and be capable of collecting sensitive economic, military and industrial information related foreign Nations.

To give you an idea of the huge quantity of attacks reported in 2011 for which China was directly or indirectly considered responsible I submit an interesting table prepared by the security expert Paolo Passeri. The list includes prominent victims such as RSA. Obviously we do not have total certainty on the array of attacks, but the evidence suggests that behind all of these operations there is a single performer, China.

Just last week Julian Assange has declared that Chinese intelligence penetrated into the intelligence system of the Indian government including the Indian equivalent of FBI, the Central Bureau of Investigation. This event brings to the fore the need for governments to have an appropriate cyber strategy so that National Security cannot be affected by such attacks. The economic development of a nation can no longer ignore these cyber attacks regardless of its awareness of the cyber threat.

Based on the above facts, I believe it is wrong to consider these attacks rudimentary as the effects demonstrate that they are really dangerous and efficient.

Another erroneous belief is that the Chinese government uses a large group of hackers to make the attack. According to a report supplied by the Associated Press the majority of the attacks emanating from China are conducted by a few as a dozen groups of hackers under the control and coordination of the Chinese government.

Considering a report recently released by the United States Office of the Counterintelligence Executive (ONCIX) several billions of dollars are lost in intellectual property and classified information disclosure every year due cyber espionage.

We are warned that the constant barrage of cyber attacks against economic and critical systems will require a unified effort by government and the private sector to improve security following a well defined cyber strategy addressed by the central Governments. Cyber warfare has just begun, stay sharp.

[Cross Post from Securityaffairs]