Monday, October 31, 2005

China's "Titan Rain" hacker attacks on the U.S.

Interesting column by Ira Winkler, on the Computerworld website. Ira is a security expert and former NSA (National Security Agency) employee who writes and lectures on computer security. He's a great speaker, and a very talented writer, but in this column I don't agree with everything he says.

Ira brings up the old story about massive, skilled hacker attacks on U.S. government and corporate systems originating in China. But he says it's not just because systems there are so poorly secured, and hackers elsewhere use Chinese servers as a staging point.

Winkler says there is an orchestrated effort, known in computer security circles as "Titan Rain," to extract from U.S. computer systems any valuable information, for apparently sinister purposes. He cites the work of Shawn Carpenter, a security analyst at Sandia National Laboratories, to identify the source of the attacks:
Using computer forensics techniques and hacking into the offending systems, Carpenter was able to use the compromised systems against themselves and find the actual origin of the attacks. Doing things that official government agents could not, he determined that the root of the attacks was China. He set up the attack systems to report back to him what the attackers were doing and also performed analysis of the attacks. Based on the volume of the attacks, he determined that there were anywhere from six to 10 people hacking around the clock.

Given the skill and the size of the operation, there could be only two sources of the attack: the Chinese intelligence agencies or the Chinese triads (a.k.a., the Chinese Mafia). As I describe in my book, Spies Among Us (Wiley, 2005), China as a government vacuums up whatever information it can for potential value. Chinese triads examine whatever they can get for profit potential, whether it's to extort money or to sell to the highest bidder. Even worse for non-Chinese entities, the Chinese government cooperates and exchanges information with the triads.
This is an interesting story, but I am a bit skeptical about the claim about "triads." It's part of the trend of Western journalists and authors talking about Chinese organized crime members in awed tones, as if they are these efficient, mysterious, ruthless criminal masterminds capable of doing practically anything to achieve their nefarious aims. While I recognize the power of some of these organizations and secret societies to corrupt Chinese political life (the Nationalists have an especially weak reputation in this regard, starting with the Green Gang/Jiang Jieshi connection and continuing to the present day in Taiwan) and make lots of money through both illegal and legal channels, the idea that some are conducting sweeping computerized espionage against U.S. government and commercial entities is doubtful, in my opinion, for the following three reasons:

1) It doesn't fit their M.O. in terms of traditional criminal rackets

2) It spreads too wide a net rather than going after specific attractive or lucrative targets

3) It targets the U.S. government, which invites investigation, extradition, prosecution, and other forms of retaliation in a foreign environment where guanxi won't get them off the hook.

On the other hand, the idea that the Chinese government is conducting high-level computerized espionage seems very likely. Isn't that what we do to them, too, via various NSA and DoD initiatives?

No comments: