The Warring States of NPF - Cyber Espionage

The Warring States of NPF (http://www.nuklearforums.com/index.php)

- Dead threads (http://www.nuklearforums.com/forumdisplay.php?f=91)

- - Cyber Espionage (http://www.nuklearforums.com/showthread.php?t=23858)

Quote:

Originally Posted by Independent Online Edition

Invisible arms race: The internet balance of power
Claims that China has been hacking into the West's military computers have led to concern that future global conflicts may be fought in cyberspace. Clifford Coonan investigates
Published: 06 September 2007
Somewhere here in Guangzhou, the balmy capital of the booming southern province of Guangdong, a shadowy group of computer scientists is said to be hard at work under the supervision of the People's Liberation Army, waging cyber warfare on Western military and industrial targets.

Their fellow scientists in the dusty city of Lanzhou in northwestern China, not far from where the Chinese space mission is based, are also reportedly hacking into government files in Whitehall and the Pentagon.

It's hard to believe in the 30-degree-plus heat of Guangzhou, but this city has been named one of the epicentres of the Cold Cyber War. Instead of missiles pointing atcapital cities, and huge standing armies facing each other across ideological divides and barbed-wire fences, the only weapons in this secret war are keyboards, some sharp minds and a lot of caffeine pills.

The experts tell of how cyber spies breach supposedly unbreachable firewalls as smoothly as a skilled jewel thief, before swooping on a hard drive, snatching the secret files, and sending them to a third country, usually somewhere in Asia such as South Korea or Hong Kong. Then they make good their escape, often leaving no trace of the raid.

The secret agents and operatives are bleary-eyed computer whizzkids, cranked on cigarettes and coffee as they snoop through computer networks at Western military bases, armaments companies and aerospace giants. They hang out in online chatrooms rather than barrack rooms or smoky bars in communist enclaves, but they are just as hard to track as their Cold War counterparts.

Their methods may be hi-tech but the strategy is ancient � Trojan Horse software developed by the PLA's computer whizzes, disguised as PowerPoint or Word programmes, which find their way into computer systems in the corridors of power of London, into the Foreign Ministry and other government departments, even into the House of Commons. They redirect the programmes via South Korean networks or Taiwanese servers to disguise where they came from.

"There's a huge amount of cyber warfare going on here aimed at gathering intelligence and probing networks. There is also a huge amount of cyber espionage to access information about intellectual property rights and trade matters," said one security expert who did not wish to be named.

The US House of Representatives has said that intelligence gained through cyber espionage has allowed China to copy many scientific and technological breakthroughs from the West.

And traditional espionage is also on the rise as global competition intensifies for new products. Defectors tell of plans to obtain hush-hush industrial information through operatives working at embassies, and post-graduate students or private individuals employed by companies for years. Pure John Le Carr� territory.

At times, cyber espionage and good-old fashioned spying overlap � the greater use of laptop computers has led to more people having their secrets stolen from beside them on the evening train home or from their hotel room on business trips. German businessmen travelling to China with the Chancellor, Angela Merkel, were told to bring their computers with them during state banquets.

Cyber espionage costs British companies billions of pounds every year, not only in the direct effects of stolen secrets, but in the loss of competitive advantage. There have long been reports that China operates a web of operatives throughout Europe, who penetrate all levels of key industries. "As cyber warfare grows, so does cyber espionage. There have been significant advances in China but I still think China is playing catch-up on the West in this game � the West has a lot more to spend � just look at the Chinese military budget and compare it to the American spending on defence," said the analyst.

Chinese cyber warfare and cyber espionage have been in the news since the German magazine Der Spiegel ran a report about Chinese hackers breaking into IT systems in the Chancellery using Trojans � just as Ms Merkel's plane was touching down at Beijing airport.

The timing of the report was embarrassing for the Chinese government, forcing Premier Wen Jiabao to stress China's anti-hacker credentials and pledge that China would co-operate closely with Germany to prevent such activity.

"The Chinese government attaches great importance to the hacker attack on the German government networks," he said, promising "determined" and "forceful" measures to combat it.

The news of cyber warfare from China was followed by reports that cyber warriors had penetrated the computer systems of the Pentagon in June.

Computer security experts say the key to the success of the cyber wars was deniability. The cyber spies use third-party computers in other countries as a way of covering their tracks. There could easily be a Trojan Horse sitting on your computer, creating a network right now, without your knowledge.

News of a security compromise is normally confined to officials with high security clearance, and not for public consumption, which has made some commentators sceptical that the Government would ever reveal any information about security breaches, unless it had sound political reasons for doing so.

"Ultimately, if Whitehall's secret networks were accessed, then there was a weakness there, so we'll never know how deeply the security breach went because no government will ever reveal that kind of weakness.

"A lot of this is a kneejerk reaction. If the alarm system in your house was compromised and someone broke into your house, would you publicise it?" said a security analyst.

One internet commentator points out how the US controls the domain name system (DNS), and could do a lot of damage to China by simply removing the "cn" domain.

The webheads speculate about just how the hackers were tracked, given that the routes they took are supposedly untraceable. And they say that spammers and organised gangs using automated penetration tools are a much greater threat than the Chinese army.

Other security experts believe that China is as much a victim as it is a perpetrator in this conflict and that the Chinese are being scapegoated for what is a much wider problem.

Around 60 per cent of attacks on US national defence systems are said to emanate from within America itself, said the analyst. That leaves 40 per cent for the rest of the world, which means that it can't all be China.

Russians are no slouches when it comes to hacking. In May this year, Estonia's websites were the victims of the world's biggest online assault by cyber vigilantes from Russia. Government ministries, banks and newspapers had their websites jammed after Estonia caused offence by re-burying a Russian soldier from the Second World War.

"Every government does it and no government is beyond accusation. The manner in which these breaches were supposed to have been carried out shows it was extremely clever programming. And at the end of the day, totally deniable."

A Chinese Foreign Ministry spokesman, Jiang Yu, said the accusations were groundless and reflected a Cold War mentality. "China and the US are now devoted to constructive relations and co-operation. The bilateral military ties enjoy a sound momentum of development. Under this backdrop, some people make wild accusations against China, suggesting that the PLA made cyber raids against the Pentagon," said Jiang. "Hacking is a global issue and China is a frequent victim in this regard. China is ready to enhance co-operation with other countries including the US in countering internet crimes".

Since the 9/11 attacks on US targets, officials have become much more aware of cyber espionage and the growing threat of China has been noted. In 2003, a cyber espionage ring codenamed Titan Rain by US investigators was tracked to Guangdong province after a network break-in at Lockheed Martin.

Beijing is keen to match its growing economic strength with political and diplomatic influence in the Asian region, but regularly emphasises that the country is undergoing a "peaceful rise". China's defence budget has been increasing by double-digit percentages for several years, stepping up fear in self-ruled Taiwan, which Beijing sees as a renegade province, that China will invade if it ever tries to declare independence from the mainland.

At the National People's Congress in March, China said it would boost defence spending by 17.8 per cent, to �22bn, this year, though the US says the figure could reach �63bn.

Beijing points out that Washington spends �244bn a year on its military, not including Iraq and Afghanistan.

To some extent this is a form of asymmetric warfare, where countries which do not possess the same level of military power as their bigger enemies adopt dissimilar tactics to wage conflict. While China has 2.3 million soldiers, 800,000 reservists, and a People's Armed Police of 1.5 million, its military still lags that of many Western powers. So China's confronting Whitehall's and the Pentagon's IT installations is a way of undermining Western military might with clever computer hacking skills.

A key driver in the sudden interest in cyber warfare by the Americans was the confirmation in January this year that the Chinese had successfully shot down one of its own satellites. The test was criticised by the US, Japan, Canada and Australia and read as a sign that China was flexing its military muscle, a way of showing that it is capable of taking out spy satellites should the US follow up on its pledge to assist Taiwan in the event of a military escalation across the straits.

The test also came as a shock to military commanders in the West, a revelation about the level which Chinese technology had attained and they were surprised by the developments. If the reports are true of breaches in Whitehall, Berlin and the Pentagon, it is a sign that China's technological progress is taking place even faster than expected.

Link. I suppose this sort of thing was inevitable. I'm just suprised that people, knowing the threat hackers possess, are still storing sensitive information on web-accessable computers. Seriously, take that shit off-line already. Will we even have shooting wars in a couple of years? As it stands now it'll all be guerilla warfare fought by terrorist types and hackers.

Trojan Horses are actually pretty easily avoidable. Especially with regular computer scans using heuristic analysis. But there are other means, which I unfortunately can't list right now, because I don't have my Computer Info Security textbook right now and only looked through the chapter as a passing interest.

But needless to say, if they used Trojan Horses, it's possible to trace the signal all the way back to the source because of the way they spread. If you think of a tree, the target computers represent the leaves. Now, each leaf is on a branch, which can be followed back to a crotch, which we'll let represent the computer that infected the final target. If you keep tracing back from there, to the crotch below that and so on, you'll eventually reach the trunk, which, if you'll pardon my pun, will take you straight to the root of the problem.

Even the biggest computer newbs are trained to NEVER open an email attachment from someone that they do not know or trust, and to use a reliable antivirus scanner before downloading attachments even from people they trust. I think that military IT departments would be even more stringent about safeguarding their data, since personnel are typically trained to watch out for attacks that might compromise military security. A breach in security could cost millions of lives if the information gets into the wrong hands.

On a more scary note, many people automatically accept email attachments sent from people that they know and trust, whether they are at work or not. I'm sure that many countries have agents who could be trained to befriend people with access to sensitive information by posing as ordinary, innocent friends, neighbors, or even coworkers. Any IT person worth his or her commission, however, would not open an attachment from a non-work-related source at work or keep sensitive information stored on the hard drive of any computer with Internet access that he or she has at home.

Once the Internet became a publicly used means of communication, the governments of countries that use the Internet should have put safeguards and rules in place to prevent hacking and the theft of sensitive data.

Like bluestarultor stated, there is no known way of completely covering one's tracks when one has sent an email or implanted a virus. Data and emails can be erased, hard drives can be destroyed, but there is always a trail, if a searcher knows where to look.

This thing seems like a huge beat up to me. The cold war is over, China is concerned with it economics and is not going to seek a war with the US over something like this.
Every country has hackers and the most likely place they will hack is US based things because they are the biggest and most prominent.

Quote:

Originally Posted by Lady Cygnet

Yeah, one would think that, but I remember hearing about how a large swath of intelligence data from Desert Storm was lost because somebody fucked up while installing a game on a computer they shouldn't have. The military is comprised of people, and people do shit they know they shouldn't all the time.

Quote:

Originally Posted by BHS

Ever hear of industrial espionage? Or hell, how much money do you think they could save in their military budget by not having to do R&D? And I think Taiwan and Tibet would disagree with you about that bit on China only being interested in economics.

OH NOES ITS HAPPENING ALREADY!!!11!

Quote:

....In "Men In Black," Kay said something which epitomized this:

"...No, no, no. A person is smart. People are stupid."

Any system is vunerable if its accessable by the interwebs, kids always want to try thier skills on a real system, non-extradition countries and possible government okays make it happen. Heuristics work only so well and honestly the people running security on many big companies aren't your young wizkids, a root attack that gets through the security they have isn't something they can handle.

And who says you have to willingly download something that carries the virus? I visited a webpage only half a week ago and it was triggered to automatically install viruses without my knowing or doing anything.

It's true about the online-offline vulnerability too. Though I did get the main Trojan downloader, it couldn't actually make things any worse because I simply shut down my wireless connection. If it's that easy to keep bad files out, I don't see why big corporations and military facilities can't just keep their stuff isolated? Or at least on a closed network that's not a part of the internet?

First off, the reason the internet is around is BECAUSE it started out linking government computers, and people just kinda jumped in. Frankly, it would cost a lot of money to have a second, private, internet and to make sure that the lines were all secure to avoid the process happening all over again.

Second of all, better security measures could probably be put into effect. Someone did a study a while ago on one of the educational channels on business security. A disturbing amount of big corporations were protected by the same password. Which was, in fact, "password." Now if they were smart, they might have gotten a little more creative than that. But no, they were guarding all their important files with "password." Hopefully, the gov't is a little smarter about this.

See, what it should be is some random code. Say, "dsfauy74e893rhfedjsk." Then, they should have more than one to cycle through on a daily basis. After about a month, they should get a new set. And to top it all off, they should allow only three attempts before the IP is banned until such time as an administrator of the system unlocks it either remotely or in person with one of a similar set of secret override codes, after looking into the the computer's a) level of access, b) state of being accounted for as not being stolen, and c) recent activity.

"Password"!? You're kidding me, right? Wowie. Dumb must be ingenious to affect our society so high up.

I didn't mean a private secondary internet; that would indeed be very expensive. I just meant a network. LAN based probably. The computers could all have no internet and still be connected to each other. With wires if necessary. Which would be ghetto, but it would work.

Bluestar, there's already something very much like your suggestion, at my Dad's work. The health centre sends important medical data to other computers in an encrypted format with a 26 character password. It is re randomized every ten seconds so that the file cannot be cracked and intercepted mid-transmission. People don't put in the passwords thankfully, the computers use them internally to communicate the data across their networks.