Home > Information Security Magazine > Columns > Face-Off: Chinese Cyberattacks: Myth or Menace?
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Face-Off: Chinese Cyberattacks: Myth or Menace?
by Bruce Schneier and Marcus Ranum
Issue: Jul 2008
printer-friendly
< PREV PAGE   |   1  |   2  |   NEXT PAGE  >

Chinese cyberattacks: Myth or menace?

Security Experts Marcus Ranum & Bruce Schneier Offer Their Opposing Points of View

[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Send comments on this column to feedback@infosecuritymag.com.
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]


POINT by Marcus Ranum

Something is definitely going wrong with the U.S. Department of Defense and government agency networks, but it's not what you probably think. When it was announced that more than 10 terabytes of data had been stolen from DOD unclassified networks as part of an orchestrated operation from China, I was as horrified as you. Ten terabytes is a lot, and I'd have expected someone to do something after, say, the first terabyte flew by--especially because I happen to know something about the money spent on monitoring systems for some of those networks, and the sensitivity of the data on them. DOD always counters: no classified information was accessed. But that's BS--the unclassified networks carry logistical, payroll, personnel, medical and operational data.

What's really going on? Could it be that many government networks have access rules that are vastly permissive, and have lost control over the software running behind their firewalls? When I try to get answers from people "in the know," I hear one of two things:

  • A common sense assessment of the number of Trojan horses infecting desktop systems, and the difficulty of controlling traffic: It's not rocket science to imagine that getting a bot inside a DOD network would be an exciting score for any hacker. Or,
  • Secret Squirrel mumbo jumbo: "I could tell you but then I'd have to kill you" unsubstantiated hand-waving about "Chinese government hackers."
...


Given I'm cynical, when someone from the FBI says, "Well, there's evidence but we can't talk about it," I assume he's lying--because if he did have solid evidence, he couldn't say as much. Or he'd be presenting it. The best evidence I've heard that there's a Chinese cyber-espionage operation in progress are "The IP addresses are in China," "We hear stuff in chat rooms" and "I can't tell you but my buddy's cousin's uncle says it's true." Excuse me for crying "BS!", but if we're going to make public accusations of espionage, they need to be accompanied by equally public and compelling evidence. The FBI and our intelligence community are not the pinnacles of credibility we wish they were. Here are three pieces of data:
  • The number of Internet users in China is about the same as in the U.S.
  • China has been known to sentence hackers/cybercriminals to death.
  • No state-level intelligence agency would be so sloppy as to noisily and obviously steal 10 terabytes of information.
If you're the spymaster for a nation-state's intelligence arm, and you've got budget and personnel, an open society like ours must be easy game. This is especially true if the target has an uncoordinated mass of government agencies desperate to outsource all their information assets into the hands of beltway bandits. Stealing information openly and obviously through an Internet connection (with the termination in your country) would be shockingly crude and amateurish. I'm willing to bet there are Chinese spies looking at our networks--but doing it from the safety and the comfort of our own data centers.

A hacker living in China is probably not going to want to attack Chinese government systems. The Chinese would not slap him on the wrist and let him hit the celebrity hacker circuit alongside Kevin Mitnick.

If there's any strategic thinking going on behind this whole Chinese hacker fiasco, it's possible that some smart intelligence officer in the Chinese government realized it doesn't cost them anything to have U.S. security practitioners distracted. They know the best way to defeat the U.S. is to rattle us until we slap ourselves stupid.

Chinese cyberattacks? Why fabricate elaborate conspiracies when foreign demographics and domestic incompetence are adequate explanation? My concern is not that we're under attack by the Chinese, but rather that our sensitive networks are so lame that someone can steal 10 terabytes of data from them. We shouldn't be asking, "What are the Chinese doing?" We should be asking, "What's going wrong in Virginia, Los Alamos and Livermore?"


< PREV PAGE   |   1  |   2  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts