Warning Signs Preceded Cyber Attack On Google
The news of a cyber attack from within China on Google and other companies has prompted a range of reactions, including Google's decision to reassess its operations there and a rebuke from U.S. Secretary of State Hillary Clinton. But no one should be surprised by what happened. Two months earlier, a U.S. government report warned that the private sector was susceptible to this very risk.
The news of a cyber attack from within China on Google and other companies has prompted a range of reactions, including Google's decision to reassess its operations there and a rebuke from U.S. Secretary of State Hillary Clinton. But no one should be surprised by what happened. Two months earlier, a U.S. government report warned that the private sector was susceptible to this very risk.That report, titled "Report on the Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation," should be required reading for all businesses and government agencies. It warns that a "reactive defense model" -- one practiced by many IT departments -- isn't enough to ward off what's described as a "long term, sophisticated computer network exploitation campaign" by the Chinese military.
The 88-page opus, published in October, was prepared by Northrup Grumman's Information Systems Sector for the U.S.-China Economic and Security Review Commission, which was created 10 years ago to monitor the national security implications of trade and economic ties between the U.S. and China.
At the time the report was issued, InformationWeek ran a story with the following headline, "Evidence Points To China In Cyber Attacks." To repeat, that was two months before Google experienced its own targeted attack, which was revealed by Google's chief legal officer David Drummond in a Jan. 12 blog post.
In fact, since Drummond first published that, Google has gone back and provided a link to the Northrup Grumman report. You can download it here.
The report provides a detailed overview of China's cyber warfare and cyber espionage strategy, a case study in advanced cyber intrusion, a timeline of "Chinese related" cyber events over the past 10 years, and a chronology of network exploitations against U.S. and foreign interests that were allegedly undertaken by the Chinese government or its cohorts.
Notably, the report includes examples of socially engineered e-mail and zero-day exploits as among China's methods, both of which may have come into play in the December cyber attacks on U.S. companies. In its report, Northrup Grumman writes that, while conclusive evidence is hard to come by, it has reason to believe that Chinese security services have teamed with "elite individual hackers" in some cases.
The report's authors acknowledge that details are fuzzy and hard to prove, and the Chinese government has denied involvement in the attack on Google. Even so, new reports point to China as a suspected source of cyber attacks on U.S. oil companies back in 2008.
There's also this sobering assessment from Northrup Grumman: "The skill sets needed to penetrate a network for intelligence gathering purposes in peace time are the same skills necessary to penetrate that network for offensive action during war time." As I said, the report should be required reading for senior management and IT pros in business and government alike.
Register now for Black Hat DC, the largest and the most important security conference series in the world. It happens Jan. 31-Feb. 3, 2010, in Arlington, Va. Find out more and register.
About the Author
You May Also Like