Saturday, June 14, 2008

Chinese Hackers hit Congress?

The early news from US Representative Frank Wolf (R-VA) came out on June 11th, when Wolf submitted House Resolution 1263, calling for the Sergeant at Arms of the House of Representatives to "ensure that all Members, committees, and offices of the House are alerted to the dangers of electronic attacks on the computers and information systems used in carrying out their official duties and are fully briefed on how to protect themselves, their official records, and their communications from electronic security breaches". This is what the news story should have been -- that Representative Wolf calls for tighter security. A news-worthy and noble action, which is long overdue and would receive wide support from the Security Community.

The single line from his Resolution which has captured all of the attention came from this "Whereas" . . .

Whereas in subsequent meetings with HIR [The House Information Resources office] and officials from the Federal Bureau of Investigation, the outside source responsible for these incides was revealed to be located in the People's Republic of China;

More than 1100 news stories on Google mention the story, with some of the international mud-slinging using headlines like "US Accuses Chinese of Hacking Government Computers" which gained replies of "China says it's incapable of hacking Reps' computers".

Wolf didn't use such headlines -- the news story on his own website is headlined with Wolf Reveals House Computers Compromised by Outside Source. His office works with human rights activists and political dissidents around the world, and his emails and correspondence with some of these individuals was apparently compromised. He does say "My suspicion is that I was targeted by Chinese sources because of my long history of speaking out about China's abysmal human rights record." He also says that the Foreign Affairs Committee computers and that of other members who work "to help people who are suffering around the world" were similarly targeted.

That record is perhaps put most plainly in this impassioned speech by Representative Wolf from July 2007 -- Made in China, accuses China of poisoning toothpaste and toys, dumping products at below the cost of production on the international markets, arresting hundreds for religious beliefs and interring them in "slave labor camps", and compares their bid for the Olympics to that of the Nazis.

Wolf's words of warning on the Hill quote from several other sources as he issued his call for arms -- including a Congressional Research Service report indicating that 140 different foreign intelligence organizations regularly attempt to hack into the computer systems of US government agencies and US companies.

Joel Brenner, National Counterintelligence Executive of the Officer of the Director of National Intelligence used that figure in his speech here, and told CNN in October, it isn't just China, "there are about 140 foreign intelligence organizations trying to hack into the US government and US companies".

(Brenner also discussed the threat by the Chinese in this speech before the American Bar Association, where he says "From a purely fiscal point of view, it also means
the Chinese are leveraging the American R&D budget — your tax dollars and mine — in support of their own war-fighting capability.")

Wolf also made reference to the April 10, 2008 BusinessWeek story: The New E-Espionage Threat, which is a must read for anyone dealing with these threats both in corporate America and the government.

His reference to Shane Harris' alarming cover story of the National Journal magazine, China's Cyber Militia brings up other issues though. Is this fact? or fiction? I've had a copy of the "Northeast Blackout Report" on my hard drive for years, and am very familiar with the incident from both open and classified conversations. This is the first time that I've seen the blackout blamed on the People's Liberation Army, and frankly, I'm skeptical. Harris says:

One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.

Rising to speak after Mr. Wolf, in support of his resolution, was US Representative Chris Smith (R-NJ), who used the opportunity to smear Google and Cisco, and call for support for his "Global Online Freedom" bill:

Google, for its part, has become the de facto center for China's ubiquitous anti-American, anti-Tibetan, anti-religious propaganda machine, while Cisco has made the dreaded Chinese secret police among the most effective in the world.

Like Wolf, Smith has reason to believe the attacks are sponsored by Beijing. He says:

The attackers hacked into files related to China. These contained legislative proposals directly related to Beijing, including the Global Online Freedom Act, e-mails with human rights groups regarding strategy, information on hearings on China--I chaired more than 25 hearings on human rights abuses in China--and the names of Chinese dissidents. While this absolutely doesn't prove that Beijing was behind the attack, it raises very serious concern that it was.

My conclusion is that it is clear that China is developing Cyber espionage capabilities, and it is clear that there are many attacks using Chinese IP addresses, but I have not yet seen any hard evidence that Wolf's computer was definitely attacked by "the Chinese". Even Mr. Smith's accusation indicates that the HIR staff told him "it came through or from a Chinese IP address".

That's why I refused to jump on the Evil China Bandwagon when I was interviewed by IDG News's Robert McMillan for the story he called: Weak Evidence Links Congressmen's Cyber Attacks to China. The truth is that there are many active criminal enterprises hosting "bullet proof servers" in China, which are used by a wide range of cyber criminals for all sorts of attacks. It would simplify things if we could return to a Reaganesque view of the world where all evil comes from a single location, but it takes more evidence than I have seen so far to jump on this particular bandwagon. Certainly there is a great deal of state-sponsored hacking from China, but until the details of each particular investigation are known, we can't make statements with the degree of certainty that Congressman Smith would like.

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.