Face-Off: Chinese Cyberattacks: Myth or Menace?


This article can also be found in the Premium Editorial Download "Information Security magazine: Everything you need to know about today's information security trends."

Download it now to read this article plus other related content.

Chinese cyberattacks: Myth or menace?

Security Experts Marcus Ranum & Bruce Schneier Offer Their Opposing Points of View

    Requires Free Membership to View

Send comments on this column to feedback@infosecuritymag.com.

POINT by Marcus Ranum

Something is definitely going wrong with the U.S. Department of Defense and government agency networks, but it's not what you probably think. When it was announced that more than 10 terabytes of data had been stolen from DOD unclassified networks as part of an orchestrated operation from China, I was as horrified as you. Ten terabytes is a lot, and I'd have expected someone to do something after, say, the first terabyte flew by--especially because I happen to know something about the money spent on monitoring systems for some of those networks, and the sensitivity of the data on them. DOD always counters: no classified information was accessed. But that's BS--the unclassified networks carry logistical, payroll, personnel, medical and operational data.

What's really going on? Could it be that many government networks have access rules that are vastly permissive, and have lost control over the software running behind their firewalls? When I try to get answers from people "in the know," I hear one of two things:

  • A common sense assessment of the number of Trojan horses infecting desktop systems, and the difficulty of controlling traffic: It's not rocket science to imagine that getting a bot inside a DOD network would be an exciting score for any hacker. Or,
  • Secret Squirrel mumbo jumbo: "I could tell you but then I'd have to kill you" unsubstantiated hand-waving about "Chinese government hackers."
Given I'm cynical, when someone from the FBI says, "Well, there's evidence but we can't talk about it," I assume he's lying--because if he did have solid evidence, he couldn't say as much. Or he'd be presenting it. The best evidence I've heard that there's a Chinese cyber-espionage operation in progress are "The IP addresses are in China," "We hear stuff in chat rooms" and "I can't tell you but my buddy's cousin's uncle says it's true." Excuse me for crying "BS!", but if we're going to make public accusations of espionage, they need to be accompanied by equally public and compelling evidence. The FBI and our intelligence community are not the pinnacles of credibility we wish they were. Here are three pieces of data:
  • The number of Internet users in China is about the same as in the U.S.
  • China has been known to sentence hackers/cybercriminals to death.
  • No state-level intelligence agency would be so sloppy as to noisily and obviously steal 10 terabytes of information.
If you're the spymaster for a nation-state's intelligence arm, and you've got budget and personnel, an open society like ours must be easy game. This is especially true if the target has an uncoordinated mass of government agencies desperate to outsource all their information assets into the hands of beltway bandits. Stealing information openly and obviously through an Internet connection (with the termination in your country) would be shockingly crude and amateurish. I'm willing to bet there are Chinese spies looking at our networks--but doing it from the safety and the comfort of our own data centers.

A hacker living in China is probably not going to want to attack Chinese government systems. The Chinese would not slap him on the wrist and let him hit the celebrity hacker circuit alongside Kevin Mitnick.

If there's any strategic thinking going on behind this whole Chinese hacker fiasco, it's possible that some smart intelligence officer in the Chinese government realized it doesn't cost them anything to have U.S. security practitioners distracted. They know the best way to defeat the U.S. is to rattle us until we slap ourselves stupid.

Chinese cyberattacks? Why fabricate elaborate conspiracies when foreign demographics and domestic incompetence are adequate explanation? My concern is not that we're under attack by the Chinese, but rather that our sensitive networks are so lame that someone can steal 10 terabytes of data from them. We shouldn't be asking, "What are the Chinese doing?" We should be asking, "What's going wrong in Virginia, Los Alamos and Livermore?"

This was first published in July 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: