How Close is the US to Experiencing a Digital Pearl Harbor?

By Carl Weiss

 

“December 7, 1941 – A date that will live in infamy.”

Who can ever forget President Roosevelt’s utterance of those fateful words that propelled the United States headlong into World War II?  The fact that the Japanese sneak attack spurred our reluctant country into joining the expanding European and Asian conflict seventy three years ago is not forgotten.  However, what has been lost during the intervening decades is the fact that the US had known through a series of intercepted and decoded diplomatic communiqués that a Japanese attack was imminent.  Yet the administration did little to take defensive action.

The reason that I bring up this fact is to remind us that unless we heed the lessons learned from history we are doomed to repeat them.   While there are a number of people who still view Franklin D. Roosevelt’s inaction in the days leading to the December 7 attack as a conspiracy designed to force the US to become involved in WWII, an argument can be made that this was just another case of bureaucracy in action.  You will recall that prior to the attack the majority of the American public was against entering the war. Several outspoken celebrities including Charles Lindbergh were especially vocal in their opposition.  At the time nobody in the administration wanted to rock the boat and wind up losing the next election.

Seventy three years later, this country is faced with a similar threat.  Not one of imminent attack from the skies on an isolated military installation, but an attack that could affect every man, woman and child in our country.  Moreover, this attack could very well disrupt the infrastructure that we all depend upon to live and work.  I’m not talking about nuclear fire raining down from the sky.  While the Cold War nearly turned hot on several occasions, currently the threat of nuclear conflagration is not high.  What is highly likely is that the next Pearl Harbor will not come in the form of a missile’s contrail.  The biggest threat to national security today comes at the stroke of a computer keyboard. 

The Threat of Cyberwar Rears its Ugly Head

Just like the Japanese in 1940, there are forces at work who have been testing our defenses and with whom we are reluctant to deal with since they are also business partners.  While more than one nation has used computer hackers to steal industrial and military secrets, none has done so more brazenly than China.  For more than ten years that US government has been aware that Chinese hackers have broken into scads of corporate and government computers.

Timeline provided courtesy of USCyberLabs 

2003 – Titan Rain was the US designation given to a coordinated series of attacks on US computers that were labeled as Chinese in origin. Through the use of proxy servers and zombie computers, the identity and locations of the hackers were never identified, so it was not known for certain whether the attacks were perpetrated by state-sponsored hackers or whether they were carried out by corporate entities.  However, theses penetrations occurred in close proximity to other Chinese cyber attacks perpetrated against government and commercial interests in Taiwan.

2004 – The media report attacks against several US military installations.

2005 – In December 2005 the director of the SANS Institute said the 2004 attacks were “most likely the result of Chinese military hackers attempting to gather information on US systems.”

2006 – July: Media reported that the US State Department was recovering from a damaging cyber attack.

            August: Claims of Congressional computers being hacked are made.

            November: US Naval War College computer infrastructure reportedly attacked.

2007 – June: The Chinese government hacked a noncritical Defense Department computer system.

            June: Office of the Secretary of Defense computers attacked via malicious email.

            June:  US Pentagon email servers compromised for an extended period.  (Cost to correct $100 million.)

             June: American Military warns that China is gearing up to launch a cyber war on the US targeting computer networks that specialize in trade and defense secrets.

              July: Oak Ridge National Laboratory targeted by Chinese hackers.

2008 – May: US Commerce Secretary laptop investigated for data infiltration.

            November: Hacking of White House computers alleged.

2009 – March: China’s global cyber-espionage network GhostNet penetrates 103 countries and infects at least a dozen new computers every week.

2010 – January: Operation Aurora attacks against Marathon Oil, ExxonMobil and ConocoPhillips.  Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical were also targeted.

             November – A security report to the US Congress warns that hacking of 15 percent of the world’s Internet traffic by a Chinese telecom firm may have been malicious.

In 2011 and 2012 the Chinese hack attacks had ramped up to epic proportions, targeting everything in this country from information and military technology to satellites and telecom infrastructure to transportation, navigation and energy technology.  By 2013 the attacks had become so widespread that the joke in Washington was that, “If you aren’t being hacked by the Chinese, then you probably don’t matter.”

A February 25 article in the Washington Post stated, “Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies,” report my colleagues Craig Timberg and Ellen Nakashima, “and this is the usual answer: almost all of them.”

Even more shocking was the fact that at the time not only was it known which unit in the Chinese military was responsible for perpetrating many of the electronic break ins (Unit 61398), but it was also known where the unit was located. (The 12-story building at right located on the outskirts of Shanghai is the headquarters of Unit 61398 of the People’s Liberation Army.) 

What’s more troubling still is the lack of response from the federal government to these overt attacks.  Other than toothless rhetoric, little was done to confront China regarding its policies of wanton state-sanctioned hacking.  It wasn’t even until 2012 that anyone from the US Government even presented the Chinese with proof that American companies were being hacked.  During the four-hour meeting attended by two members of the State Department and one from the Pentagon, Chinese diplomats were shown extensive case studies that proved conclusively that Chinese state-sponsored  hackers had penetrated US defense and corporate computer networks. 

The Chinese response as reported by the WashingtonPost: ‘This is outrageous!’ ” a second former official said. “ ‘You’re here and you accuse us of such a thing? We don’t do this.’ ”

And until May 19, 2014 other than saber rattling, that’s all that the US was prepared to do about it.  That’s the date when a US grand jury indicted five Chinese individuals for allegedly targeting six American companies for stealing trade secrets. 

According to Newsweek, “The move "indicates that DOJ has 'smoking keyboards' and (is) willing to bring the evidence to a court of law and be more transparent," said Frank Cilluffo, head of the Homeland Security Policy Institute at the George Washington University.  

What’s interesting about the indictments is the fact that it only concerns corporate espionage.  There is nothing in the charges relating to the Defense Department or US infrastructure breaches that could be far more devastating to this country than the theft of trade secrets.  While several people at the State Department thought that the indictment sent a strong message to the Chinese, others lamented the fact that the charges won’t slow China’s cyber attacks down one bit.

Indicting five Chinese is like bringing charges against a drop of water in the ocean.  Unit 613898 alone employs thousands of hackers and has been implicated in attacks on hundreds of American companies, including cyber security firms and government defense contractors.  They have also purportedly gained access to the networks of a company that helps in the operation of the US utility grid.

Michael Chertoff, the former secretary of Homeland Security summed it up best when he said, “We are in a race against time.” 

Speaking of time, just as in 1941 will the government continue to twiddle its thumbs until it is too late to prevent a disaster that will forevermore be burned into this country’s consciousness? Unlike the Japanese battle cry of  "Tora! Tora! Tora!" that rang out as their attack took place in Oahu on that fateful December day, with the Chinese it is more likely to be one of Data! Data! Data!

Carl Weiss is president of Working the Web to Win, a digital marketing agency based in Jacksonville, Florida.   You can listen to Carl live every Tuesday at 4pm Central on BlogTalkRadio.