Friday, May 8, 2009

The new Chinese Invasion

The New Indian Express

07 May 2009

On December 8 last year French President Nicolas Sarkozy met the Dalai Lama in Poland during the 25th anniversary of Lech Walesa’s Nobel Peace Prize.

Though Sarkozy said there was no need to ‘dramatise’ the meeting, Beijing fumed.

Deputy foreign minister He Yafei summoned the French ambassador and bluntly told him: “It has undermined the political foundations of Sino-French and Sino-European ties.” A couple of days later, the website of the French embassy in Beijing came under cyber-attack. Even though Chinese foreign ministry spokesman Liu Jianchao declared: “China is against the hacking of the websites of the embassies of other nations,” a French diplomat told AFP that “the embassy website had been inaccessible for several days due to a massive cyber attack following President Nicolas Sarkozy’s weekend meeting with… Dalai Lama.”

During the US presidential elections, the networks of both Barack Obama and John McCain were attacked. Newsweek quoted an FBI agent: “A serious amount of files have been loaded off your system.” Though both camps had admitted that hackers ‘from an undisclosed foreign location’ targeted their network, nobody openly said China was responsible.

In December 2007, then US commerce secretary Carlos Gutierrez went to Beijing.

The National Journal in an article ‘China’s Cyber-Militia’ published in May 2008 alleged that Gutierrez was targeted: “Spyware programs designed to clandestinely remove information from personal computers and other electronic equipment were discovered on devices used by [the US secretary].” India is also on the hackers’ list, but nobody seems to worry. South Block continues to lie low. Our diplomats probably have more ‘pressing’ problems to handle.

But it is so serious that the Pentagon hinted at having spent at least $100 million in the last six months just to respond to and repair damage from cyber attacks. The US Strategic Command refused to divulge the cost of these cyber attacks, but the Obama administration is working full-time on a review of the nation’s cyber-security.

According to the ‘Internet Security Threat Report’ from Symantec: “Threats from cybercriminals, spammers and computer viruses continued to grow at an alarming pace in 2008”. A large percent of the cyber-attacks, particularly against government agencies, originate from China.

Many organisations do not have the resources to protect themselves against attacks.

A recent case that received some publicity is that of the Dalai Lama’s private office, penetrated by hackers.

According to a report entitled ‘Snooping Dragon: Social-malware Surveillance of the Tibetan Movement’, prepared by the computer lab of the University of Cambridge, the Dalai Lama’s office had for some time suspected something wrong.

Once, as the office was setting up a meeting between the Dalai Lama and some foreign dignitaries, “before they could follow it up, the diplomat’s office was contacted by the Chinese government and warned not to go ahead with the meeting.” The Tibetans decided to call for help. With the Chinese government denying any role, whodunit? Here come the Dark Visitors.

A new book, The Dark Visitor by Scott J Henderson answers many questions. The author first gives a historic account of the hacking business in China with a few individuals in the late ’90s; he details the emergence of ‘celebrated’ groups such as the Honker Union of China and Red Hacker Alliance.

He then analyses in detail their methodology, hierarchy, ‘who they are’, their exploits and the content of their sites.

Wan Tao, the leader of China Eagle Union hacker group, also known as the ‘Godfather’ of Chinese hackers explains the distinction between regular hackers and the famed Red Hackers: “Chinese hackers coined the word ‘Red Hacker’, which means someone’s a patriotic hacker.

Unlike our Western counterparts, Chinese hackers tend to get more involved with politics because most of them are young, passionate and patriotic.” The most fascinating aspect of the Chinese hackers is that they are individuals with only loose links to government. Henderson explains: “One of the unique aspects of the Chinese hacker organisation is its nationalism, which is in stark contrast to the loner/anarchist culture many associate with the stereotypical Western hacker.” This sense of patriotism and their own ‘code’ make them act for China’s national honour and never hack inside China.

Shishir Nagaraja and Ross Anderson, the authors of Snooping Dragon explained the Dalai Lama’s office case: “While malware attacks are not new, two aspects of this case make it worth serious study.

First, it was a targeted surveillance attack designed to collect actionable intelligence for use by the police and security services of a repressive state. …Second, the modus operandi combined social phishing with high-grade malware. This combination of well-written malware with well-designed e-mail lures, which we call social malware, is devastatingly effective.” Another report ‘Tracking GhostNet: Investigating a Cyber Espionage Network’ gives even more alarming information.

Greg Walton, editor of the Information Warfare Monitor found 1,295 infected computers in 103 countries. He says: “GhostNet represents a network of compromised computers resident in high-value political, economic, and media locations spread across numerous countries worldwide. … The computers of diplomats, military attach├ęs, secretaries to prime ministers, journalists and others are under the concealed control of unknown assailant(s).” Some computers in the embassies of India in the US, Belgium, Germany, Italy and Kuwait were found infected. The report affirms: “There are several possibilities for attribution. The most obvious explanation, and certainly the one in which the circumstantial evidence tilts the strongest, would be that this set of high profile targets has been exploited by the Chinese state for military and strategic-intelligence purposes.” Though most fingers point East, it is difficult to collect hard proof. Having personally been the victim of ‘circumstantial evidence’, I can say it is a rather unpleasant experience. After posting on my website a large collection of historical documents (including Chinese) related to the 1959 Tibetan uprising, my site has been hacked twice in two months. Not only is it a drag to restore the data, but as Nagaraja and Anderson have pointed, it could be more devastating in the future: “As socialmalware attacks spread, they are bound to target people such as accounts-payable and payroll staff who use computers to make payments. Prevention will be hard.” I wonder if Indian politicians have thought of engaging Dark Visitors to gather intelligence. The EC code of conduct is mute on the subject. But this is probably for the next elections.

No comments: