Saturday, June 11, 2011

Fighting it out in cyberspace

This article has been published in The Pioneer (yesterday's edition).

In today’s cyber age, missiles, bombs and guns will become increasingly irrelevant as nations hack into each other’s computer servers to rob data.

Sometimes one can see a smile appearing behind the most serious issues. The ease with which hackers can intrude into the privacy of your e-mail accounts or hack your personal computers is one of these serious issues which make individuals and Governments extremely uncomfortable. But not always. At times, it can also bring a smile, as it happened recently when MI6, Britain’s external spy agency, and the Government Communications Headquart-ers managed to penetrate one of Al Qaeda’s websites whose objective was to recruit ‘lone wolf’ agents.
According to a report in The Daily Telegraph, “When Al Qaeda followers tried to download the 67-page colour magazine, instead of instructions about how to ‘Make a bomb in the kitchen of your mom’ by ‘The AQ Chef’ they were greeted with … cupcake recipes.” The British intelligence hackers had removed the original page containing instructions for making a lethal pipe bomb using sugar, match heads and a miniature light bulb attached to a timer and substituted it with a recipe for making cupcakes.
In April 2010, an incident which lasted 18 minutes sent shivers through the Pentagon and the White House. A report of the US-China Economic and Security Review Commission later admitted that the Internet traffic of the US Administration and military was briefly redirected through servers in China. The 18-minute hijack affected about 15 per cent of the world’s online traffic, particularly that of Nasa, the US Senate, the military and the office of the Secretary of Defence.
More recently, Google has again accused China of stealing personal passwords and breaking into sensitive e-mail boxes. The spokesperson for Google said, “We recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior US Government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.” This was a pointed accusation, as an important signals’ intelligence unit of the PLA is located in Jinan.
Google’s accusation was immediately denied by the Chinese Government. The China Daily spoke of a ‘political farce’: “Google is playing its old tricks at a time when the US Government and the public are making a great whoop on the issue of the Internet. One is led to believe that Google has attempted to play a role in a political farce… Therefore, if Google has really suffered from ‘Chinese hackers’ attacks, it could resort to the judicial cooperation mechanism between China and the US to find solutions.”
A week earlier, the American defence contractor Lockheed Martin admitted that it had also been hacked, though “it managed to stop the ‘tenacious’ attack before any critical data was stolen”. Knowing that Lockheed Martin deals with US defence hardware and software, this news would not have left the Obama Administration indifferent.
What American analysts fear the most is an ‘electronic Pearl Harbour’. The US’s apprehensions are underscored by what Mr James Miller, the Principal Deputy Undersecretary of Defence for Policy, has had to say on this issue: “Over the past decade, we have seen the frequency and sophistication of intrusions into our networks increased. Our networks are scanned thousands of times an hour."
On May 25, China Review News, a publication in Chinese language, reported that the Ministry of National Defence spokesman, Senior Colonel Geng Yansheng, had acknowledged the existence of a professional cyberwarfare unit at Guangzhou Military Region (known as the ‘Online Blue Army’). Col Geng admitted: “China’s network protection is comparatively weak. Enhancing IT capacity and strengthening network security protection are important components of military training for an Army.” He refused to answer whether the objective of the ‘Online Blue Army’ was to attack other countries.
While the Chinese Foreign Ministry has dismissed Google’s allegations, two PLA Senior Colonels, Ye Zheng and Zhao Baoxian, have written an essay for China Youth Daily, arguing that Beijing needs cyberwarfare skills: “Just as nuclear warfare was the strategic war of the industrial era, cyberwarfare has become the strategic war of the information era, and this has become a form of battle that is massively destructive and concerns the life and death of nations.” The PLA is said to have already conducted simulated cyberbattles between a ‘Blue Army’ fighting a ‘Red Team’ using virus and mass spam attacks.
The future is rather depressing. According to The Wall Street Journal the Pentagon is ready to respond to computer sabotage with military force. “The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the US to respond using traditional military force,” the daily said recently. But it is not an easy proposition to decide at what point computer hacking can be construed as an act of war. Apparently the Pentagon has defined some criteria, but are they reliable?
Another issue is how to be sure of the origin of the attack. Further, will missiles solve hacking problems or will they just be a deterrent? Look at the situation in Libya: Despite thousands of missiles being launched, three months into the conflict Colonel Muammar Gaddafi is still going strong. There is clearly no ready-made solutions to cyberwar.
But there is another side to the issue. Kaspersky Security Lab Service recently published a fascinating interview on China’s cybersecurity and the fact that China is itself extremely vulnerable to cyber attacks. A friend commented, “I’m not surprised that China is vulnerable. This is yet another example of why security is asymmetric in nature. It calls for great effort to plug all the holes (defensive action) as opposed to the effort required to find one hole (offensive action).” In the cyberworld, offence is the best defence. This is ‘active defence’.
China’s hackers will probably continue to attack targets abroad. However, the fact remains that China’s servers are possibly not so secure. If Beijing refuses to cooperate, it could also face serious problems with protecting official data.
A Worldwide Cybersecurity Summit was recently held in London with Ministers from the UK, the US, China, India and France gathering to discuss how to combat the threat of cyber-terrorism. Different opinions were shared. France, for example, believes that if nations are able to work together and set up international security standards, national laws are enough to fight this scourge.
For India the situation is different: It sees cyberspace as a borderless world; therefore, a global legal regime is needed to deal with issue. As Mr Kapil Sibal, Minister in charge of IT and communications, says, “The nature of cyberspace is that it is borderless and anonymous and it is not subject to Government territories that have laws,” adding, “There is a fundamental contradiction between Government regulation and the nature of cyberspace.”

No comments: