China's Cold Cyberwar: Rise of 5th-Dimension Red Army and Economic Pearl Harbour?
London, UK - 18th January 2010, 19:10 GMT
Dear ATCA Open & Philanthropia Friends
[Please note that the views presented by individual contributors are not necessarily representative of the views of ATCA, which is neutral. ATCA conducts collective Socratic dialogue on global opportunities and threats.]
The recent China-based cyber attacks on more than 30 Silicon Valley companies including Google -- in which source code and user information were targeted and stolen -- are the beginning of a new stage in the evolution of cyber warfare according to the mi2g Intelligence Unit. The sophistication and scope of the attacks has led security experts to conclude that state sponsored actors were behind them. Behind all the handshakes and warm fuzzy feelings, we are in the midst of a Cold Cyberwar, which straddles the trans-national corporate sector, major governments, defence industry players and global criminal syndicates.
5th Dimension Warfare
Top companies targeted digitally from within China include a list of who's who. In parallel, a few days ago a group calling itself the Iranian Cyber Army brought down China’s biggest search engine: baidu.com. The China digital attacks represent a turning point in cyber conflict for a variety of reasons:
. Largest and most sophisticated cyberattacks targeted at specific corporations in many years; and
. Targeted and coordinated cyberattacks with the most visible goals of controlling information flows in- and out- of China and acquiring core intellectual property and digital identities of foreign competitor entities.
Google has said that as a result of the incidents:
. It will no longer censor its search results in China; and
. It may withdraw from doing business in China altogether.
Economic Pearl Harbour?
The exploit code for a zero-day hole in Microsoft's Internet Explorer (IE), which has been linked to the attacks, was released on the Internet last week. Microsoft is working on a patch and has warned that IE 6, 7, and 8 on all the modern versions of Windows, including Windows 7, are affected by the vulnerability.
The German and French governments have just responded by advising their agencies to halt use of the IE browser and warning their citizens of their continuing vulnerability when using IE. The German authorities have, in effect, identified a key weakness in the web of an excessively concentrated and homogeneous use of the Internet Explorer browser as a potential weak link. This enables intruders to target penetration and concentrate attacks. Hidden deeper in Berlin and Paris leadership is growing awareness that Beijing has been able to acquire critical parts of source code not only of IE but much of the underlying platform and proprietary software. There is growing apprehension of an “economic Pearl Harbour” for Western intellectual property and digital identities in the context of all information flows concentrated within one proprietary software umbrella, just like the extremely vulnerable US Navy anchored together at Pearl Harbour in December, 1941.
China's 5th Dimension Cyber Army
For the moment, what the world sees is a Google-China dispute, primarily about Chinese successes in penetrating the Google-mail (G-mail) cloud and using access to it to pursue people whom it designates as threatening political activists. This by itself is no small matter, and has been amply debated on ATCA by distinguished members. At the same time, the G-mail cloud has become widely used throughout the world as an “overflow” eMail system. Even the US military web system has been overburdened by quasi-official digital traffic, with the result that G-mail has become a major overflow system for private communication amongst members of the armed forces.
The US Ambassador to China, Jon Huntsman, has said that China-based attacks on US government computers have been ongoing for a long time. For the first time in 2007, a US military report into the future of geo-political relations with China outlined that the Chinese government was developing a cyber -- 5th Dimension -- warfare division for use in possible future conflicts.
"The Military Power of the People's Republic of China" report suggested that, in addition to the Red Army's army, navy, air force and rocket arms, the Chinese government was putting together a team to deal with "electronic and online arenas." According to the report, "People's Liberation Army authors often cite the need in modern warfare to control information, sometimes termed an 'information blockade'... China is pursuing this ability by improving information and operational security, developing electronic warfare and information warfare capabilities, denial-of-service and deception... China's concept of an 'information blockade' likely extends beyond the strictly military realm to include other elements of state power."
The same US defence report suggested that the People's Republic of China is developing teams to handle computer network attack, defence and exploitation with a separate section handling electronic countermeasures. It cited logistics systems and satellite communications as possible targets, and claims that exercises have been held in cooperation with other Red Army wings since 2005.
One objective of the People's Republic of China (PRC) cyber warfare program is not very different from that of US electronic and cyber warfare capabilities: to access and render inoperable the command and control systems of adversaries whether earth- or space-based.
But the potential of cyber warfare goes far beyond infiltration into the communications systems of a potential adversary. If we look back at the height of the Cold War with the USSR, nuclear missile technology and weaponry were focused on physical destruction of the infrastructure of adversaries, with psychological deterrence as one objective but decimation of the functioning of the economies of potential adversaries as an alternative in the event conflict became inevitable. Today, it is becoming increasingly evident that cyber-attacks have the capability to render modern economies severely dysfunctional. Increasingly, the advanced economies of the world have become dependent on the worldwide web for managing banking and finance, telecommunications, energy flows and power grids, transportation and delivery systems, industrial processes and inventory management, emergency services, remote diagnostic medical assistance, and so on.
An economic Pearl Harbour is no longer just a hypothetical but a low probability high impact outcome. Bear in mind that this type of unanticipated attack can be carried out by proxies or mercenaries with the assistance of first rate cyber warfare groups in China.
Eleven years after the mi2g initial forecast, and 14 years after we began to do research into the vulnerability of the fragile digital environment, the world has arrived at another predicted precipice brought to the global consciousness via the unfolding China-Google impasse.
In January 1999, after three years of research and development, the mi2g Intelligence Unit published an internal memorandum titled, "Cyber Warfare: The Threat to Government, Business and Financial Markets." In the internal memorandum, released in the public domain post the NATO-Serbia first cyber war in April 1999, it was stated, "Historically war has been classified as physical attacks with bombs & bullets between nation states. It was beyond the means of an individual to wage war. Today, in the Information Age, the launch pad for war is no longer a runway but a computer. The attacker is no longer a pilot or soldier but a civilian Hacker. An individual with relatively simple computer capability can do things via the internet that can impact economic infrastructures, social utilities and national security. This is the problem we face in moving from the industrial world to the Information Age, which is the essence of Cyber War."
In the Estonia-Russia Cyber War in May 2007, which the mi2g Intelligence Unit followed closely, there was a significant degradation to the Estonian digital eco-system and infrastructure for a protracted period of nearly one month. During this period of cyber war, the native defence forces, government departments, businesses and individuals all suffered over and beyond their imagination by way of expectations for digital services' reliability, availability and sustainability.
The digital attackers used a giant network of bots (enslaved computers) -- perhaps as many as one million slave computers in places as far away as North America and the Far East -- to amplify the impact of their assault. In a sign of their financial resources, there is evidence that they rented time from trans-national criminal syndicates on Botnets. The combination of very, very large packets of information streams -- generated by tens of thousands of machines -- provide the mechanism for very damaging Distributed Denial-of-Service (DDoS) attacks. On several occasions during that conflict, traffic spiked to thousands of times the normal flow. This forced Estonia's biggest bank to shut down its online service for more than an hour. On subsequent days, the bank, HansaBanka, remained under assault and continued to block access to 300 suspect Internet addresses. Finally, on 10th May that year, it would appear that the attackers' time on the rented servers expired, and the botnet attacks fell off abruptly.
In November 2002, almost five years before the debilitating Estonia cyber attacks, the mi2g Intelligence Unit released a public briefing titled "Government backed counter-attack-forces necessary in future," which stated, "As the damage done by radical, criminal and intellectually motivated hackers continues to rise, about six Billion Dollars of economic value was destroyed worldwide by overt and covert digital attacks including viruses and worms in October alone. As a result, the mi2g Intelligence Unit predicts there will be a growing requirement for Governments to intervene and to mobilise counter-attack-forces that protect economic targets and critical national infrastructure constituents on a 24/7 basis."
The 2002 mi2g Intelligence Unit briefing continued: "Historically, politicians in civilised Western democracies have challenged their defence forces to provide adequate defence capability within limited resources. The focus has been on the four physical dimensions - land, sea, air and outer space - and not on the new 5th Dimension, which is cyberspace. There is no real digital defence capability deployed so far -- other than occasional simulations and exercises which are to uncover gaps in the national critical infrastructure's digital defences. The redressal lies primarily in developing counter-attack-forces, which would begin to arrest the imbalance of power between ill-motivated hackers on the one hand and little-prepared businesses on the other. It is unrealistic to expect that any defence department can provide 'counter-attack-forces' against digital attacks for an entire nation's economic targets immediately and, in any case, the expertise needed is relatively fast moving and cannot be 'trained' into would be combatants in a short period of time."
Solutions for The Cyber Warfare Paradigm Shift
The Pandora's box of full scale cyber war is open now and the world is far more dependent on digital networks than it was eleven years ago, when the mi2g Internal Memorandum was placed in the public domain in the wake of the NATO-Serbia cyber war. Where are the solutions? Going back to the mi2g Intelligence Briefing from November 2002, governments and large businesses are still in need of following the recommendations made nearly eight years ago:
"In the future, when seeking to protect the critical infrastructure constituents and business digital systems at a national level, the economically prudent way forward would be to combine knowledge management, analysis and counter-attack tools with on-the-ground human intelligence sources. Surveillance and reconnaissance dashboards of digital systems would need to be managed by experienced counter-attack-forces on a 24/7 basis. mi2g believes that this war... can be won decisively and effectively. As in all wars, our collective national defences must excel enemy aggression. We will therefore need to understand that:
. Defence has always been about securing trade routes and markets. Given that several Trillion Dollars of trade is routed digitally, counter-attack-forces with electronic weapons that can disable attacking systems from various parts of the world will ultimately need to be deployed with Governments' backing as part of their 5th dimension defence shield. Counter-attack-forces will save businesses a lot of lost time and money in dealing with rogue, politically motivated, electronic attacks from radical and criminal groups scattered across the world and within the nation(s)...
. Mobilisation of resources including new investment will become necessary on interoperable distributed knowledge management and analysis systems, which allow data to be shared easily from and between different sources and agencies collecting intelligence. Also, investment in more local human intelligence across the globe will be essential. The expertise of the very few available people who are proficient in the technologies of the 5th dimension would need to be utilised to train the counter-attack-forces through the establishment of national centre(s) of excellence for digital defence. Nothing significant can be achieved without this cohesive sharing capability being made available to the future counter-attack-forces, who would be able to ensure reliability, availability, maintainability and scalability of business systems in the event of protracted hacker attacks."
We must ultimately hope that the pace of dissemination of real time information throughout the world will outpace the determination of a few governments and their proxies to disrupt our freedom and way of life. Victor Hugo (1802-1885), the French writer who witnessed the revolutions in France that succeeded 1789, ie, 1830, 1832, 1848 and 1870, has said, "An invasion of armies can be resisted, but not an idea whose time has come!"
We welcome your thoughts, observations and views. To reflect further on this subject and others, please respond within Twitter, Facebook and LinkedIn's ATCA Open and related discussion platform of HQR. Should you wish to connect directly with real time Twitter feeds, please click as appropriate:
. ATCA Open
. mi2g Intelligence Unit
. Open HQR
. DK Matai