The Age of Cyberwars

Stephen DeAngelis

January 20, 2010

Nations and corporations generally think about security in significantly different ways. Since the turn of the century, however, nations and corporations are finding themselves vulnerable to the same kinds of attacks — be they from terrorists or hackers. The headlines continue to be filled with stories about Google’s threat to pull out of China over cyber attacks on its system (see, for example, “Google, Citing Attack, Threatens to Exit China,” by Andrew Jacobs and Miguel Helft, New York Times, 13 January 2010, and “Google threatens to leave China after attacks on activists’ e-mail,” by Ellen Nakashima, Steven Mufson, and John Pomfret, Washington Post, 13 January 2010]. According to Jacobs and Helft:

“Google linked its decision to sophisticated cyberattacks on its computer systems that it suspected originated in China and that were aimed, at least in part, at the Gmail user accounts of Chinese human rights activists. Those attacks, which Google said took place [in early January], were directed at some 34 companies or entities, most of them in Silicon Valley, California, according to people with knowledge of Google’s investigation into the matter. The attackers may have succeeded in penetrating elaborate computer security systems and obtaining crucial corporate data and software source codes, though Google said it did not itself suffer losses of that kind.”

Nakashima and her co-authors provide a similar story:

“The company said it has evidence to suggest that ‘a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists,’ but it said that at least 20 other large companies, including finance, media and chemical firms, have been the targets of similar attacks. Google said it discovered the attack in December. It’s clear that this attack was so pervasive and so essential to the core of Google’s intellectual property that only in such a situation would they contemplate pulling the plug on their entire business model in China,’ said James Mulvenon, a China cyber expert with Defense Group Inc.”

I have written before that China is on the wrong side of the censorship battle and its continued paranoid attempts to censor the availability of information will not only ultimately fail but prove unproductive to its economic growth in the long run. New York Times‘ op-ed columnist Thomas Friedman believes the same thing [“Is China an Enron? (Part 2),” 20 January 2010]. He writes:

“If China forces out Google, I’d like to short the Chinese Communist Party. Here is why: Chinese companies today are both more backward and more advanced than most Americans realize. There are actually two Chinese economies today. There is the Communist Party and its affiliates; let’s call them Command China. These are the very traditional state-owned enterprises. Alongside them, there is a second China, largely concentrated in coastal cities like Shanghai and Hong Kong. This is a highly entrepreneurial sector that has developed sophisticated techniques to generate and participate in diverse, high-value flows of business knowledge. I call that Network China. What is so important about knowledge flows? This, for me, is the key to understanding the Google story and why one might decide to short the Chinese Communist Party. John Hagel, the noted business writer and management consultant argues in his recently released ‘Shift Index’ that we’re in the midst of ‘The Big Shift.’ We are shifting from a world where the key source of strategic advantage was in protecting and extracting value from a given set of knowledge stocks — the sum total of what we know at any point in time, which is now depreciating at an accelerating pace — into a world in which the focus of value creation is effective participation in knowledge flows, which are constantly being renewed. … Therefore, the more your company or country can connect with relevant and diverse sources to create new knowledge, the more it will thrive. And if you don’t, others will. I would argue that Command China, in its efforts to suppress, curtail and channel knowledge flows into politically acceptable domains that will indefinitely sustain the control of the Communist Party — i.e., censoring Google — is increasingly at odds with Network China, which is thriving by participating in global knowledge flows. That is what the war over Google is really all about: It is a proxy and a symbol for whether the Chinese will be able to freely search and connect wherever their imaginations and creative impulses take them, which is critical for the future of Network China. … Command China has thrived up to now largely by perfecting the 20th-century model for low-cost manufacturing based on mining knowledge stocks and limiting flows. But China will only thrive in the 21st century — and the Communist Party survive in power — if it can get more of its firms to shift to the 21st-century model of Network China. That means enabling more and more Chinese people, universities and companies to participate in the world’s great knowledge flows, especially ones that connect well beyond the established industry and market boundaries. Alas, though, China seems to be betting that it can straddle three impulses — control flows for political reasons, maintain 20th-century Command Chinese factories for employment reasons and expand 21st-century Network China for growth reasons. But the contradictions within this straddle could undermine all three. The 20th-century Command model will be under pressure. The future belongs to those who promote richer and ever more diverse knowledge flows and develop the institutions and practices required to harness them. So there you have it: Command China, which wants to censor Google, is working against Network China, which thrives on Google. For now, it looks as if Command China will have its way. If that turns out to be the case, then I’d like to short the Communist Party.”

I agree with Friedman that holding on to power seems to be an overpowering motivation for the regime in Beijing. Since Google’s threat was made public, other stories have been written that claim China is not just going after activists but has mounted a massive cyber espionage campaign [“Google China cyberattack part of vast espionage campaign, experts say,” by Ariana Eunjung Cha and Ellen Nakashima, Washington Post, 14 January 2010]. They report:

“Computer attacks on Google that the search giant said originated in China were part of a concerted political and corporate espionage effort that exploited security flaws in e-mail attachments to sneak into the networks of major financial, defense and technology companies and research institutions in the United States, security experts said. At least 34 companies — including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical — were attacked, according to congressional and industry sources. … Human rights groups as well as Washington-based think tanks that have helped shape the debate in Congress about China were also hit. Security experts say the attacks showed a new level of sophistication, exploiting multiple flaws in different software programs and underscoring what senior administration officials have said over the past year is an increasingly serious cyber threat to the nation’s critical industries.”

This is not, however, the first shot fired in the age of cyberwars. Read, for example, my post entitled Virtual War in Estonia that written back in June of 2007. The seriousness of these security threats should not be underestimated. The global economy relies on international trust, including trust in electronic transactions of all sorts. With each new breach of security, that trust erodes. The Wall Street Journal calls cyberspace “the new front among cold war foes” [“Web Is New Front Among Cold War Foes,” by Siobhan Gorman, 14 January 2010]. Gorman writes:

“In the new cyber war, the targets are U.S. companies as much as embassies or spy services, because corporations hold giant repositories of sensitive information and can be easier to crack. Companies are responding in kind, often launching their own intelligence operations to counter the spies. … While Chinese hackers dominate much of the cyber spying against governments and companies, Russian hackers have specialized in cyber crime, tapping bank accounts, holding personal computers for ransom, selling stolen U.S. government information and attacking the Web sites of political opponents of the Russian government, security specialists say. U.S. intelligence officials acknowledge that they also engage in cyber spying against China, Russia and other countries, but they decline to provide details.”

McAfee, the cyber security company, agrees with the Journal that cyber warfare is here to stay [“McAfee warns of Cold War-style computer attack,” by Alejandro Martínez-Cabrera, San Francisco Chronicle, 18 November 2009]. Martínez-Cabrera reports:

“[McAfee,] the Santa Clara computer security firm concluded that countries like Russia, China, France, Israel and the United States have the technological capabilities to coordinate state-to-state online attacks and are quietly building their computerized arsenals. ‘We believe we’re seeing something a little like a cyber-Cold War, where these nations have the ability to integrate these capabilities to their military strategies but are still very hesitant to launch these attacks,’ said Dmitri Alperovitch, vice president of threat research at McAfee. ‘They know the Internet is the ultimate equalizer, and there’s still a great chance of a strategic attack blowing back and affecting the country that launched it.’ As the digital arms race threatens to escalate, the report’s authors expressed the most concern for the vulnerability of privately owned critical infrastructure, such as power grids, transportation, telecommunications, and health and financial services.”

The U.S. Government is treating this new front seriously and has announced that it will establish a new joint cyber command. Maryland is mounting a stiff campaign to be designated home of this command which could bring with it some 25,000 jobs. Gorman continues:

“The ambitions of China’s People’s Liberation Army in cyberspace have been growing, as detailed in an October report from the U.S.-China Economic and Security Review Commission, a bipartisan panel appointed by Congress. Cyber attacks have become of such concern among the U.S. military and its allies in the North Atlantic Treaty Organization that, as a part of an overhaul of NATO’s guiding strategy, the alliance is expected to debate whether a cyber attack should be covered by the NATO charter, which dictates that an ‘armed attack’ on one ally must be treated as an attack on all. Several Chinese military departments are responsible for components of cyber spying, such as the General Staff Department Third and Fourth Departments, according to the U.S.-China Commission. Together these divisions oversee electronic spying and attack efforts, as well as research and development. Some Western analyses of the Third Department say it maintains a staff of 130,000 people. The PLA’s cyber warfare militia units—which draw on civilians in the telecommunications and technology sectors and on academia—both defend and attack computer networks and conduct psychological warfare and deception operations. One prominent Chinese hacking group called Javaphile, which mounted a cyber attack on the White House, has a formal consulting relationship with a Chinese government security office.”

If all that sounds a bit “out there” for you, you might recall that last July the U.S. and South Korea experienced a number of cyber attacks [“Cyberattacks Jam Government and Commercial Web Sites in U.S. and South Korea,” by Choe Sang-Hung and John Markoff, New York Times, 9 July 2009]. Those attacks were “aimed at 27 American and South Korean government agencies and commercial Web sites.” The attack was launched by “50,000 to 65,000 computers [that] had been commandeered by hackers and ordered to flood specific Web sites with access requests, causing them to slow or stall. Such robotic networks, or botnets, can involve more than a million computers. The Web sites of the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department were all affected.” A year earlier, “Russian hackers hijacked American identities and U.S. software tools and used them in an attack on Georgian government Web sites during the war between Russia and Georgia” [“Hackers Stole IDs for Attacks,” by Siobhan Gorman, Wall Street Journal, 17 August 2009]. The attacks on Georgia were significant because they occurred simultaneously with military operations that involved people fighting and dying. The attacks “significantly disrupted Georgia’s communications capabilities, disabling 20 Web sites for more than a week.” Gorman continues:

“Cyber-warfare has outpaced military and international agreements, which don’t take into account the possibility of American resources and civilian technology being turned into weapons. Identity theft, social networking, and modifying commercial software are all common means of attack, but combining them elevates the attack method to a new level, said Amit Yoran, a former cybersecurity chief at the Department of Homeland Security. ‘Each one of these things by itself is not all that new, but this combines them in ways we just haven’t seen before,’ said Mr. Yoran, now CEO of computer-security company NetWitness Corp.”

Not just nation-states and large corporations are subject to cyber attacks. Small U.S. firms have also come under attack [“European Cyber-Gangs Target Small U.S. Firms, Group Says,” by Brian Krebs, Washington Post, 25 August 2009]. He reports:

“Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States, setting off a multimillion-dollar online crime wave that has begun to worry the nation’s largest financial institutions. … Because the targets tend to be smaller, the attacks have attracted little of the notoriety that has followed larger-scale breaches at big retailers and government agencies. But the industry group said some companies have suffered hundreds of thousands of dollars or more in losses.”

Returning to the story that started this post, analysts claim that Google’s threat to stop doing business there puts Chinese authorities on the horns of a dilemma [“China’s Google dilemma: Soften on censorship or anger millions of Internet users,” by Steven Mufson, Washington Post, 14 January 2010]. Mufson lays out the dilemma:

“Google’s threat to shut down its Chinese Web site and offices over cyberattacks and censorship puts the government here in the awkward position of having to choose between relaxing restrictions and raising the ire of the roughly 80 million Chinese people who use the search engine. Few political and Internet analysts appear to doubt that China will stick to its tough stance and reject Google’s proposal to stop censoring search results on its Chinese sites. But Google’s audience of Chinese ‘netizens,’ a few of whom placed flowers outside the company’s Beijing, … is large enough to make such a reaction risky.”

As noted above, I agree with Mufson and Friedman that China is unlikely to back down in this dispute. Google insists it will try to negotiate with Chinese leadership; but I’m not hopeful that they will succeed in achieving any major softening in the Chinese position. That’s too bad. China’s future holds much promise, but its aging political philosophy will eventually be seen as an anchor to progress. There is no reason that China couldn’t change. Over the past 30 years it has demonstrated remarkable political flexibility on the economic front. Although censorship is an artifact of an even more authoritarian regime, it lingers in the Chinese system because those in authority understand that information is power — and they want to keep that power.