February 19, 2013
With the news that the Chinese military conducted more than 140 cyber attacks on U.S. government agencies and companies, it’s now evident that China, the United States and other countries around the world are in an undeclared and largely unseen state of cyber war.
A report by Mandiant, a cyber security firm based in Alexandria, found that a group of Chinese hackers who are part of the Chinese military have been conducting attacks on American interests over the last seven years. The report claims repeated denials of hacking activities by Chinese officials are lies.
The attacks outlined by Mandiant are the latest in a series of revealed global cyber attacks. According to reports, an attack by the United States and Israel crippled a nuclear facility in Iran. The New York Times, Google and the Wall Street Journal have recently been targets of hackers suspected to be Chinese. Long-time foes India and Pakistan are also actively engaged in cyber warfare against one another, while France has accused the Tunisian military of attacking its networks. Russia used cyber warfare against Georgia during their war in 2008. But it was the attack on Estonia in 2007 that got the world’s attention.
Jaak Aavisksoo, Estonia’s minister of defense, knew there was trouble when he kept getting error messages every time he tried to access a newspaper one morning. He told Wired Magazine, “The attacks were aimed at the essential electronic infrastructure of the Republic of Estonia. All major commercial banks, telcos, media outlets, and name servers — the phone books of the Internet — felt the impact, and this affected the majority of the Estonian population. This was the first time that a botnet threatened the national security of an entire nation." Wired called it Web War One.
It’s not only rivals who are engaged in this war: Allies are attacking allies. The United States reportedly hacked into former French President’s Nicolas Sarkozy’s computer during his final months in office, a charge the United States has denied.
And these instances are only the ones that have become public, as the most successful cyber attacks are ones that go undetected. According to Richard Bejtlich, chief security officer at Mandiant, companies who are victims of cyber attacks are often reluctant to come forward and admit vulnerability.
“Companies would not stand up individually so Mandiant decided to say something” about Chinese hacking activities. “I hope at this point, [the report] will change the conversation.”
IS IT WAR OR ESPIONAGE?
Bejtlich said opinions on whether a global cyber war is taking place are a matter of perspective. Countries like the United States believe that traditional conflicts like the ones fought in Iraq and Afghanistan meet the traditional definition of war.
“It’s a war when you destroy something physically. The only example of that we have so far is Natanz,” he said, referring to the attack the shut down an Iranian nuclear facility. “We haven’t seen [physical destruction] so far in the west.”
But Bejtlich said the eastern perspective was different.
“Both the Russians and the Chinese are fighting [a cyber war], and the United States started it,” he said.
Part of the problem with defining cyber warfare is that formal rules of engagement simply don’t exist. As The Fiscal Times reported Monday, the Pentagon is working on rules but has yet to release them. Defense Secretary Leon Panetta has said all options are on the table in response to a cyber attack, but has set no guidelines on when a cyber attack would warrant a traditional response.
Jeffrey Carr, chief executive officer of Taia Global, a cyber security firm in Virginia, said strict definitions aside, there is a growing perception that a cyber war is being fought.
“It feels like it,” he said when asked whether the United States is in a cyber war with China. “I’ve seen people get all worked out and demand that we respond.”
However, Carr likened what is happening now more to Cold War espionage than traditional war.
“Cyber espionage is designed not to be discovered,” he said. “We don’t have a complete picture of how much cyber espionage is going on. We only know about the operations that have failed.”