Thursday, September 06, 2007

A Mystery, Wrapped in Cat-5 Cable..

This Spyblog post, regarding the Grauniad's splash story yesterday that the TITAN RAIN inquiry into alleged Chinese hackers attacking the US government had spread to attacks on the Foreign & Commonwealth Office, raises some interesting questions.

For a start, like all Chinese-hacker stories, it's based heavily on semi-military sources and quotes from doctrinal publications. What, precisely, is "cyberwar" anyway? It's not as if the FCO website (or the DOD's websites) are critical operational functions. Cyber-intelligence - theft of information - is easily imaginable, but some of the tales going around have to be mocked to be believed.

Apparently, "people's war" has been expanded to include hordes of simplistic attackers battering on the websites of the city from the countryside; which frankly reminds me of the old joke about the two Soviet tank commanders looking up at the Eiffel Tower. One says to the other, "Tell me, Sasha, who did win the air war?" Clearly there are economic targets in cyberspace, but they are more likely to be network entities (routers, exchange points, DNS servers and the like) than government websites.

Note that this has yet to happen anywhere; the much-hyped attack on Estonia didn't attempt to bring down ISP networks, and anyway was mitigated by well-understood network operations practices. Attacking the Internet itself also has the problem that success brings an end to the usefulness of one's own infrastructure; it's like having one nuclear bomb. Given the global interconnection topology, China would be especially foolish to try this, as most of their interconnections could be cut off with comparatively little harm to global reachability: see the CAIDA Skitter graph here, which I have on my wall..(muhahahahaha!!!)

Further, a lot of the descriptions of this stuff you see seem to have been written by people who have very little knowledge of computers, and none of Internetworking. The factoid that the attacks apparently originate in Guangdong province, "which has a large concentration of PLA", is risible. Guangdong has a large concentration of people, for a start, and more significantly it's where the vast bulk of China's international cable landings are located, as can clearly be seen on this Alcatel map.

Now, perhaps it's all true, but the detail is too secret to mention. Perhaps, but then that's frankly too Straussian for me. Alternatively, the dread government-IT interface has struck again, and organisations with little ability to orientate themselves in the technical and strategic context are being duped by security-industrial lobbyists. No doubt hackers from China are indeed trying to break into DoD systems; we know, after all, that British ones are, if only to look for UFOs. The danger is that generalised hacker activity is being classified as "PLA threat!!", which converts it from a network security issue - take two firewalls with a pot of coffee - to a national security issue, which involves billions of pounds and intense paranoia.

There may even be signs that a matching dynamic exists in China. The founding text of Chinese-hacker paranoia is the famous Unrestricted Warfare, a book published by two Chinese army officers in 1999. This has usually been seen as a doctrine for asymmetric warfare against the United States; unscrupulous persons pirated the book with the addition of a WTC-on-fire jacket and the subtitle "China's Blueprint to Destroy America". Here is the second paragraph, from Conflictwiki:
One war changed the world. Linking such a conclusion to a war which occurred one time in a limited area and which only lasted 42 days seems like something of an exaggeration. However, that is indeed what the facts are, and there is no need to enumerate one by one all the new words that began to appear after 17 January 1991. It is only necessary to cite the former Soviet Union, Bosnia-Herzegovina, Kosovo, cloning, Microsoft, hackers, the Internet, the Southeast Asian financial crisis, the euro, as well as the world's final and only superpower -- the United States. These are sufficient. They pretty much constitute the main subjects on this planet for the past decade.
I've selected this because it so charmingly mirrors the paranoias and glibbery of the average rightwing newspaper columnist. Is it not superbly journamalistic? Unrestricted Warfare famously cited terrorism, the use of international law, economic warfare, network/electronic warfare, propaganda, and even "environmental warfare" as forms of war.

But what strikes me about it is that the real function of this meme is to characterise forms of nonmilitary activity as "war"; all kinds of things that are part of the normal course of trade and international politics, world public opinion, and especially internal dissent in China, can be slotted into one of those options. It isn't criticism, or a lawsuit, or a demonstration by peasants against water pollution; it's war, and the people doing it are the enemy, and therefore they must be destroyed.

Are you with me? Rather, are you with us? Or are you with the terrorists? It's probably worth pointing that Glenn Reynolds is very keen on complaining about "lawfare".

Update: Just to put some more data in this post, note that Sophos puts the APNIC region at 40 per cent of worldwide spam output. China and the Hong Kong SAR account for half of that; 20 per cent of the world total, compared to 23 per cent for the US. China Unicom's internetworking division manages to be both in the top 20 for botnet control servers and the top 10 for spam. The US, mark, still accounts for a majority of almost every online evil. But in 2006, 26 per cent of the world's supply of zombie PCs were Chinese, by far the greatest concentration of hacked computers; Beijing is the world's most hacked city, with 5 per cent of the total. (Figures from Symantec, the ISOTF C&C Report, Spamhaus.) It is predicted that China will become the world's biggest source of Internet trouble as soon as the number of users surpasses that in the US, which is predicted for any time now.


Anonymous said...

The attack on Estonia was *tiny* - it was blown up into a situation greater than it was due to: silly season, and fearmongering over Russia at the time.

And yes - Gadi is (i'm sorry to say) a moron when it came to describing the attack.

Alex said...

Gadi gave the strong impression that it was indeed tiny, silly, and fearmongering.

Shutter said...

Sounds like Titan Rain is a product of the late night endeavours of the Lady Dame Jane Pauine Neville Fan Club in the Mess of the RUSI.

Note the reports are sans "amazing pictures".

Anyway Chinese hackers would waste their time acking the FCO - a different language is in use in their communications to standard Emglish. What would Comrade Wu make of "simply not cricket old boy!" or "'Boks haven't a chance against the kilted hordes in Frogland"

kostenloser Counter