June 4, 2013:
The non-government victims of China’s long (over a decade) Internet based espionage campaign are desperate to come up with remedies. Building better defenses is a flawed approach because, well, there are so many undiscovered flaws in hardware and software used on the Internet. Some companies can achieve a very high level of protection, but this is very expensive and imposes limitations on how they can use the Internet. What many of these corporations and (much more discreetly) some government officials are discussing is striking back at the attackers. While most counterattack methods are technically illegal, some ideas are gaining traction.
China is the biggest culprit here, but China uses a lot of freelancers and these come from all over. Eastern Europe is a big source of skilled criminal hackers, but there are even a few in the United States and Western Europe. These hackers for hire are everywhere and locating, identifying, and prosecuting them is extremely difficult. The easiest ones to catch (those involved in Internet based fraud, which requires less skill) are not the ones most wanted (the expert hackers who can steal very valuable data).
One suggestion is to hire some of these mercs to fight back. This has actually been going on for a while but not for retaliation. Instead the criminal coders are more often used to do illegal snooping for corporations and governments. Sometimes the bad guys changes sides and become a valuable resource for Internet security companies. The new thinking is to hire the virtuoso criminal hackers to take down the larger hacker gangs by any means necessary. This approach bends or breaks a lot of laws. The degree of desperation the victims are feeling makes all this a lot more acceptable these days. Now lobbyists are being deployed to see what kind of cooperation can be obtained from the government. For example, there are some countries where the “hired mercs” approach is legal (or less illegal) and attacks could be staged from there. If major nations could be persuaded to just look the other way while the retribution was carried out offshore, that might work.
Meanwhile the U.S. Department of Defense is not waiting idly by and revealed earlier this year that it is now spending $30 million to set up offensive Cyber War operations in the army and air force. Two-thirds of the money is being spent by the air force, which has traditionally taken the lead in Cyber War matters. The money is being spent mainly to buy hardware for the hackers, as well as software tools.
Offensive Cyber War involves a lot more than just trying to hack your way into specific enemy computers and networks. First you have to find out what you are up against. This begins with mapping where everything on enemy networks is. China was noted doing this back in 2005, and the mapping they were doing was a prerequisite to a major attack on non-Chinese systems that is still underway.
After the initial mapping you select the best targets. This is done by determining which systems yield the best impact (which ones have the most valuable information and/or are the most vulnerable). Then you go in and collect more information on specific attacks on military targets. After that you carry out the attacks.
The mapping is part of a military operation and the Chinese know that. You have to assume they will respond to the mapping, which is why the mapping is a constant process. Mapping is also done by professional Internet criminals in preparation for their more mercenary attacks (Internet fraud). Over the last decade Internet fraud has been largely taken over by highly disciplined gangs, rather than a lot of individual hackers. The gangs are well organized and have the resources to carry out extensive mapping operations. Thus many periods of heavy mapping activity is usually a prelude to major Internet based heists. Even government and military sites are valuable targets for the Internet hacking gangs because valuable information can be sold on the black market. Governments have been known to hire the gangs for specific jobs or simply let it be known on the black market (for data stolen by hackers) that certain types of data held by some governments will fetch a particularly high price.
The most valuable information in Cyber War offensive operations is data from enemy hackers. Stealing their tools and data (especially mapping and target selection data) is the most valuable prize of all. A lot of it is kept off line to prevent that, but one function of mapping is to discover where someone may have screwed up and left some valuable information available via the Internet.
Offensive Cyber War is a full time process, even when your people are not actually trying to hack their way into an enemy site. Announcing the existence of this $30 million budget was largely to build public support for these operations and ensure that the money will keep coming. This kind of intelligence can be useful to anyone involved in fighting back at the sponsor (China) of so many of the intrusions.
It’s unlikely that there would ever be much cooperation between the U.S. government and a private counter-attack against hackers going after valuable technical data owned by American companies. The risk, if exposed, is too great for most politicians to handle. Keeping secrets is difficult, especially for something this risky. These counterattacks are likely to harm innocent (or semi-innocent) bystanders and cause a major media mess. Criminal hackers, like terrorists, are something everyone can unify in hating. But organizing a joint response, or even agreeing on exactly who is a bad guy, is another matter. So while there may be occasional counterstrikes (this has already happened) a large-scale counterattack that does real damage to the bad guys is unlikely.