With Two You get Malware

By Carl Weiss

Just when you thought it was safe to go back to the Internet, a major wave of cybercrime reared its ugly head this month.  This time it wasn’t inspired by teenage pranksters on the prowl.  Nor was it the Russian mob trying to break into financial institutions once again.  No this time the culprits were state-sponsored hackers who wore military uniforms and lived in military barracks.  What I’m talking about is the latest hack attack by the Chinese People’s Liberation Army which came to light to the nation at large on Monday, March 11, when Tom Donilon, President Obama’s national security adviser stated in a speech in New York City,

“Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyberintrusions emanating from China on an unprecedented scale. The international community cannot tolerate such activity from any country.” (Click here to read the slate.com blog.)

While this may have been news to the masses, to those in the know, this public revelation came as nothing new.  Everyone in the administration from the Department of Defense to Congress has for some time been portraying China as a menace to both national security and business interests who have been methodically stripped of intellectual property in a series of overt attacks that Top US officials admitted posed a greater potential threat then Al Qaeda. 

In a quote from the LA Times, “Mandiant Corp., a U.S. computer security firm based in Alexandria, Va., said in a report last month that it had traced an epidemic of attacks on dozens of U.S. and Canadian companies to an office building in Shanghai occupied by an espionage unit of the People's Liberation Army.”

Unlike many hackers who get a vicarious thrill from penetrating computer networks, what makes this hacking unusual is that many of the Chinese hackers are conscripts who are forced to work long hours for low pay.  This has caused several disaffected hackers to post blogs lamenting the conditions under which they work.  It has also led Mandiant and reporters to track down the nexus of hacking activity to an office building in Shanghai occupied by an espionage unit of the People’s Liberation Army.

“Richard Bejtlich, Mandiant's security chief, said posts written by the blogger, who called himself "Rocy Bird," provided the most detailed first-person account known to date of life inside the hacking establishment. The hacker, whose real family name is Wang, posted some 625 entries between 2006 and 2009. "Fate has made me feel that I am imprisoned," he wrote in his first entry on Sina.com. "I want to escape."

Los Angeles Times reporters tracked down Wang and his blog through an email address that was listed in a published 2006 paper about hacking. A coauthor of the paper was Mei Qiang, identified by Mandiant as a key hacker who operated under the alias "Super Hard" in Unit 61398.

One of many Chinese military units linked to hacking, Unit 61398 falls under the People's Liberation Army's General Staff 3rd Department, 2nd Bureau, which is roughly equivalent to the U.S. National Security Agency.” 

What makes this current iteration of hacking so troubling is its sheer scope.  Where most hacking collectives specialize in homing in on certain high value targets, Unit 613898 has been implicated in attacks on hundreds of American companies, including cyber security firms and government defense contractors.  They have also purportedly gained access to the networks of a company that helps in the operation of the US utility grid.

More troubling still is the fact that this is only the tip of the cyber espionage iceberg.  How far have these hackers gotten?  A recent article by the Washington Poststates that, “Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies,” report my colleagues Craig Timberg and Ellen Nakashima, “and this is the usual answer: almost all of them.”

Known targets have included everything from Washington law firms, news organizations and think tanks, to the Federal Reserve, embassies, congressional offices and even the White House.  The attacks have become so wide spread and commonplace that it has led some to lament that, “If you aren’t being hacked by the Chinese, then you probably don’t matter.”

What’s more troubling still is the lack of response from the federal government to these overt attacks.  A March 3 article in theNew York Times, points out that, “No one in the administration argues that the United States should respond with cyber- or physical retaliation for the theft of secrets. Attorney General Eric H. Holder Jr. has made clear that would be dealt with in criminal courts, though the prosecutions of cybertheft by foreign sources have been few.” 

While some have tried to get the government involved in the defense of private corporate networks, some of which control everything from the Internet and cellphone networks to financial institutions, the Administration has been busy trying to put the onus on private industry.

“We are in a race against time,” Michael Chertoff, the former secretary of homeland security, said last week. “Most of the infrastructure is in private hands. The government is not going to be able to manage this like the air traffic control system. We’re going to have to enlist a large number of independent actors.”

That this trend is a growing menace is all too clear. The potential for a technological Pearl Harbor is an all too real and present danger.  When you consider that there are no fewer than a dozen countries including Iran that are developing offensive cyberweapons designed to cause catastrophic failure in key elements of the US infrastructure, most cyber security experts agree that time is not on our side. 

Carl Weiss is president of W Squared Media Group, a digital marketing agency based in Jacksonville, Florida.   You can listen to Carl live every Tuesday at 4pm Central on BlogTalkRadio.