How Chinese cyber attacks work

Strategy Page:
The longer Western intelligence analysts and Internet security researchers look into Chinese Internet based espionage efforts, the more clearly the Chinese strategy becomes. Put simply, China has been seeking out military and government secrets, but not as diligently as they have been looking for commercial secrets and industrial technology. This is not how the Chinese hacking is described in the media, as a military campaign. But it's mostly about industrial espionage. 
For example, last year it was big news that there had been a large scale effort to obtain information about American jet powered and space based (X-37) UAVs via Internet hacking. The methods, and source of the attack, had been traced back to China. These attacks are carried out via Internet based snooping efforts against specific civilian, military, and government individuals. This sort of thing is often carried out in the form of official looking email, with a file attached, sent to people at a specific military or government organization. It is usually an email they weren't expecting. This is known in the trade as "spear fishing" (or "phishing"), which is a Cyber War technique that sends official looking email to specific individuals with an attachment which, if opened, secretly installs a program that sends files from the email recipient's PC to the spear fisher's computer. In the last year, an increasing number of military, government, and contractor personnel have received these official-looking emails with a PDF document attached, and asking for prompt attention. But a greater number of attacks are being made against commercial targets. 
The phishing phase takes place after the Chinese have done research on the organization to find the names of specific people they were going to send the emails to. The emails must then be composed to be realistic but not something that would alarm the recipient and cause them to call the Internet security experts. For those recipients who open the email, other Chinese hackers get involved studying the victims computer and how it is connected to the company network. This process enables the intruders to get to the most valuable secrets and do the most damage. Other specialists are then brought in to help get data back to China without being discovered and, finally, another crew of experts tries to ensure that the intrusion, and the damage that was done, is never discovered. 
What is not given as much publicity is that the same techniques are used, on a much larger scale, to obtain details about commercial technologies. Most of this stuff was not military-related, but was the sort of thing Chinese firms could use to improve their competitiveness in world markets. This reflects Chinese thinking that economic power is the basis for military power. A strong economy will make China a strong military power. 
... 
We need to have the ability to send programs to destroy the computers that are receiving the data.  It would be a cyber defense weapon that makes it costly to try to steal the data.  It is not enough just to block the attack.  We need programs that make it dangerous to attempt the theft.

Comments

Post a Comment

Popular posts from this blog

Should Republicans go ahead and add Supreme Court Justices to head off Democrats

Washington Post: Some Democrats eye adding more justices to the Supreme Court to change its ideological bent The once-remote idea has gained the attention of liberals angered by the GOP push to remake the federal courts. Probably the easy way to defeat this court-packing scheme is for Trump to propose doing the same thing now.  It would lead to Democrat denunciations and claims that it would be wrong, thereby blowing up any attempt by them in the unfortunate event of Democrats winning a presidential election.
Read more

29 % of companies say they are unlikely to keep insurance after Obamacare

Conn Carroll: A new survey of 368 midsize to large companies found that 29% of them are considering terminating their active employee health care plans when Obamacare is full implemented in 2014. Only 71% of employers surveyed said they did not expect to drop their health coverage, while 20% said they did not know and 9% said they were planning to exit. The latest survey, conducted by Towers Watson, echoes an ealier survey by McKinsey & Co. finding that 30% of private-sector employers were planning to drop their employee health insurance coverage by 2014. When the Congressional Budget Office crunched Obamacare's spending numbers, they estimated that only 7% of employees currently covered by employer-sponsored plans would lose their plans. ... This means the cost of the health care fiasco will be hundreds of billions more than estimated by the CBO and Congressional Democrat. It is also clear that Obama's pledge that you could keep your health care plan if you wanted t
Read more

Bin Laden's concern about Zarqawi's remains

James Robbins: ... Bin Laden suggests that President Bush should allow Zarqawi’s body to be returned to his family in Jordan, but this is a matter that is up to the Jordanian government, which so far has not shown much interest in facilitating a homecoming. Bin Laden mocks King Abdullah II, calling him a Coalition minion, and asking “w hat scares you about Abu Musab after he’s dead? You know that his funeral, if allowed to happen, would be a huge funeral showing the extent of sympathy with the mujahedin.” A large crowd would definitely turn out, though most people would be on hand to demonstrate their anger and disgust. Last November’s hotel bombings in Amman , masterminded by Zarqawi, are still fresh in people’s memory, and mentioning them to Jordanians has the same visceral impact as memory of the 9/11 attacks does here. Jordan has adopted a zero-tolerance policy towards those who choose to mourn the country’s least favorite son, and four opposition members of parliament who paid con
Read more