David Sanger of the New York Times has the best sources in the world. He posted a series of articles on the Stuxnet worm that were right out of the White House meetings where the subject was being discussed. His book detailed dramatic meetings where the President chose drone targets for death. In Tuesday's New York Times [China's Army Seen as Tied to hacking Against U.S.] he relates the story of a PLA Unit 61398 which is attacking US industries and government offices. He says, "confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years" and a classified National Intelligence Estimate that some people in Washington have actually read, though probably not as many as have commented on it.
I wonder if hacking has changed since my days running SHADOW, an intrusion detection system in Ballistic Missile Defense. Steve Northcutt, now of SANS, was the technical guy behind SHADOW, but there were a lot of good analysts working with us who taught us how some of these penetrations were taking place. We watched them work, identified the places where they kept the things they took, and showed our leaders where they were going with their development. These guys were not in any hurry, were very careful, and very, very good. One group eventually attacked E-bay and a few others, just to prove it. For the longer version, see my book at http://www.amazon.com/Chinese-Information-War-Communications-ebook/dp/B00BUTEHEA/ref=sr_1_1?s=books&ie=UTF8&qid=1369408735&sr=1-1
One day, we thought we knew where one group was coming from, a government office in a country friendly to us. We had a meeting and came in with several of our closest friends to look at the evidence. We showed them where the attack was coming from and identified the office. One of the tech guys said, "Denny, did you think this guy was from [country name] because that is where you linked back to after all of this tracing your people did? Didn't it occur to you that the people you are talking about are pretty good at what they do? You would never know who they were if they were the ones doing it." It was like a bright light in the room and we all knew what he was saying was true. We knew this guy's name, his government office and his IP address. They would have done better than that.
Don Parker told me once that computer criminals spend as much time at their jobs as you do at yours. They are good at what they do and they don't get caught very often. Prisons are full of the ones who do. The ones you are afraid of are the ones you can't see.
So, I can ask David if he should be thinking that someone who can identify someone down to their Army unit number, building address, and network in a country where hackers have abilities at least equal to the best in the world might be putting him on a little? It kind of makes me wonder if hackers are still as good as they used to be. It makes me wonder where the real bad guys are hiding.
Thursday, February 21, 2013
Chinese Hacking: War in the Wires
The Chinese have not just started hacking the U.S. when they tried to determine sources for the New York Times and Wall Street Journal series of articles. They have been doing it for a long, long time.
The most interesting report on how the Chinese hack their targets is in Shadows in the Cloud: Investigating Cyber Espionage 2.0, at http://shadows-in-the-cloud.net. This report by the Information Warfare Monitor and Shadowserver Foundation shows the fabric of embassies and consulates hacked by the Chinese. It is already 3 years old, but it traces their involvement in trying to find out the workings of Ghostnet, the network used in the attacks. The report follows Chinese efforts to obtain plans and internal letters of the Dalai Lama. Since this is a guy who never hurt anyone and is certainly not an enemy of China, we have to wonder why they would go to such ends to get almost 1500 of his personal letters, hacking the embassies of both India and Pakistan in the U.S. (among the many others in 36 countries).
They do it for the same reasons they hacked the campaigns of President Obama and Senator McCain, because they want to know plans and strategies of the people around a leader. They will influence those who are in a position to influence the persons involved. They want to know why people do what they do, and who influences them to move in one direction or another. They don't just hack to steal software from a vendor or military secrets from a defense contractor. They want to know why the software is made the way it is, the strategy for selling and marketing it, and the next steps the vendor is anticipating. If they are going to compete, and win, they need that type of information about a lot of different companies, and they are certainly working hard to get it. We don't have many secrets from the Chinese.
Our national strategy does not allow us to do the same thing the Chinese are doing to us. If our Intelligence Agencies find something out about where the Chinese are going to market their new network equipment or the bribes they paid to those Afghan workers to get a contract, we cannot pass it along to the contractors competing against them. We play with both hands tied behind our back, and the Chinese know it. We need to think about this a little bit. We need to think about whether it is enough to give businesses information about who is hacking them and what they can do about it. We have been doing that for 10 years and it doesn't help. We need to tell them why they are being hacked and how that information is being used. Two things come from that: (1) they will protect their information better than they do now and (2) they can use that information to adjust their strategies to compete with the insider information being collected from them.
Tuesday, February 19, 2013
Are Chinese Businesses Like Ours?
The answer to the question of whether Chinese businesses are like ours depends on who is doing the answer for you. The government of China would say, "they are just like yours" having Boards of Directors, being offered on foreign stock markets, and being independent of the government. It is the last one I take issue with.
There are several examples in my book that lead a reasonable person to say they are not like our companies in one respect. Performance in the Communist Party has nothing to do with the career of business leaders outside of China, but inside, it does. http://www.amazon.com/The-Chinese-Information-Communications-ebook/dp/B00BUTEHEA/ref=sr_1_1?s=digital-text&ie=UTF8&qid=1366117421&sr=1-1&keywords=dennis+f.+poindexter
Today brings another good example to add to China Mobile and Alibaba. The Wall Street Journal has the story of Jiang Jianqing, "who built Industrial & Commercial Bank of China, Ltd. into the most profitable state-owned bank in China." [see Tor a Top Chinese Banker, Profits Hinder Political Rise, Lingling Wei and Bob Davis in today's Journal] Once again, we see profit and loss has less to do with rising in the ranks of China's business than position and likability in the Party. Like China Mobile, this leader of the banking industry was passed over for promotion because he didn't pay more attention to the Party. The fact that he was successful in business was no help there.
If we were more like the Chinese, we could rise to the top of our career field by being a good member of the Democratic Party and being successful in our business area. Those two might get a person elected to public office here, but they might not.
So, when the Chinese say, "We are just like you" they don't mean it literally. They just want you to believe they are just like us. Where it matters is when the state says to loan more money to our growing industries, when the bank knows there is greater risk in doing that and declines to increase its risk. For that judgement and good business sense, a person can never go any higher in his career. So, are they just like us? I would hate to think so.
There are several examples in my book that lead a reasonable person to say they are not like our companies in one respect. Performance in the Communist Party has nothing to do with the career of business leaders outside of China, but inside, it does. http://www.amazon.com/The-Chinese-Information-Communications-ebook/dp/B00BUTEHEA/ref=sr_1_1?s=digital-text&ie=UTF8&qid=1366117421&sr=1-1&keywords=dennis+f.+poindexter
Today brings another good example to add to China Mobile and Alibaba. The Wall Street Journal has the story of Jiang Jianqing, "who built Industrial & Commercial Bank of China, Ltd. into the most profitable state-owned bank in China." [see Tor a Top Chinese Banker, Profits Hinder Political Rise, Lingling Wei and Bob Davis in today's Journal] Once again, we see profit and loss has less to do with rising in the ranks of China's business than position and likability in the Party. Like China Mobile, this leader of the banking industry was passed over for promotion because he didn't pay more attention to the Party. The fact that he was successful in business was no help there.
If we were more like the Chinese, we could rise to the top of our career field by being a good member of the Democratic Party and being successful in our business area. Those two might get a person elected to public office here, but they might not.
So, when the Chinese say, "We are just like you" they don't mean it literally. They just want you to believe they are just like us. Where it matters is when the state says to loan more money to our growing industries, when the bank knows there is greater risk in doing that and declines to increase its risk. For that judgement and good business sense, a person can never go any higher in his career. So, are they just like us? I would hate to think so.
Subscribe to:
Posts (Atom)