This article can also be found in the Premium Editorial Download "Information Security magazine: Everything you need to know about today's information security trends."
Download it now to read this article plus other related content.
Chinese cyberattacks: Myth or menace?
Security Experts Marcus Ranum & Bruce Schneier Offer Their Opposing Points of View
Something is definitely going wrong with the U.S. Department of Defense and government agency networks, but it's not what you probably think. When it was announced that more than 10 terabytes of data had been stolen from DOD unclassified networks as part of an orchestrated operation from China, I was as horrified as you. Ten terabytes is a lot, and I'd have expected someone to do something after, say, the first terabyte flew by--especially because I happen to know something about the money spent on monitoring systems for some of those networks, and the sensitivity of the data on them. DOD always counters: no classified information was accessed. But that's BS--the unclassified networks carry logistical, payroll, personnel, medical and operational data.
What's really going on? Could it be that many government networks have access rules that are vastly permissive, and have lost control over the software running behind their firewalls? When I try to get answers from people "in the know," I hear one of two things:
A hacker living in China is probably not going to want to attack Chinese government systems. The Chinese would not slap him on the wrist and let him hit the celebrity hacker circuit alongside Kevin Mitnick.
If there's any strategic thinking going on behind this whole Chinese hacker fiasco, it's possible that some smart intelligence officer in the Chinese government realized it doesn't cost them anything to have U.S. security practitioners distracted. They know the best way to defeat the U.S. is to rattle us until we slap ourselves stupid.
Chinese cyberattacks? Why fabricate elaborate conspiracies when foreign demographics and domestic incompetence are adequate explanation? My concern is not that we're under attack by the Chinese, but rather that our sensitive networks are so lame that someone can steal 10 terabytes of data from them. We shouldn't be asking, "What are the Chinese doing?" We should be asking, "What's going wrong in Virginia, Los Alamos and Livermore?"
This was first published in July 2008