http://www.forbes.com/security/2007/07/30/china-cybercrime-war-tech-cx_ag_0730internet.html
By Andy Greenberg
Forbes.com
07.31.07
The Chinese government is an infamous enforcer of digital apartheid;
when its citizens try to access prominent international Web sites like
Wikipedia and Flickr, they hit a filter that blocks politically
sensitive material. In the West, that information blockade is often
described as the "Great Firewall of China."
But in Mandarin, it is called jindun gongcheng, the Golden Shield. As
that name implies, China's controls on the Internet are capable of
blocking inbound as well as outbound traffic. And according to some
security professionals, that means the Golden Shield is more than just a
barrier to free expression; it may also be China's advantage in a future
cyber-war.
"China has powerful controls over content going out and coming in at
every gateway," says Jody Westby, chief executive of security
consultancy Global Cyber Risk. She argues that the tight relationship
between China's government and its Internet service
providers--originally established to stop Web users reading about
censored topics like Tiananmen and Taiwan--also means the country could
better coordinate a defense against online attacks.
In the U.S., by contrast, the autonomy of the Internet may leave it
vulnerable to state-sponsored enemies trying to steal classified data or
shut down servers controlling energy or telecommunications. "They have a
decided defensive advantage," says Westby. "China simply doesn't have
the same issues of coordination [the U.S.] would face in the case of
information warfare."
Sizing up threats in a hypothetical cyber-war is still based on educated
guesswork and speculation, but no longer mere science-fiction: A
political dispute in May over a U.S.S.R. memorial in Estonia led to
massive attacks on the country's government Web sites; state servers
were paralyzed with "distributed denial of service" attacks, which use
tens of thousands of simultaneous requests for information to overwhelm
Web-connected computers. Estonia initially accused the Russian
government of launching the blitzkrieg, though the use of
"botnets"--herds of PCs hijacked with malicious software--made tracing
its origin difficult.
The threat of an information-based war with China is particularly real.
A Department of Defense report earlier this year warned that China's
military is putting more resources into "electromagnetic warfare,"
focusing on attacking and defending computer networks.
The first shots may have already been fired: In August and September
2006, Chinese computers penetrated the State Department and the U.S.
Department of Commerce's Bureau of Industry and Security. The attack,
known as "Titan Rain," forced the government to replace hundreds of
computers and take others offline for a month. While that attack
couldn't be traced to any official source, the U.S.-China Economic and
Security Review commission subsequently claimed that China is developing
computer viruses intended to disable military defense systems.
If China did turn computer viruses into a military tool, the Golden
Shield could be used to prevent collateral damage, says Jayson Street, a
consultant at the computer security firm Stratagem 1 Solutions. "The
firewall would protect China from whatever it releases," says Street.
"When a worm goes out, it's not a gun, it's a bomb. It affects everyone.
That's why the Golden Shield could be so effective."
Chinese cyber-attacks might take the same form as the denial of service
attacks that rattled Estonia, using botnets to overwhelm foreign servers
and depending on the Golden Shield to block attempts at retaliation.
The exact anatomy of the shield is known only to the Chinese government,
but most security professionals believe it's capable of not only
filtering for certain politically charged keywords, but also examining
the structure and origin of information moving into and out of the
country's networks. That means botnet attacks could be deflected more
easily than in the U.S., where there are virtually no checks on
international Internet traffic.
Still, the shield's effectiveness as a defense in cyber-warfare is far
from clear: Bruce Schneier, the founder and chief technology officer of
security firm BT Counterpane, argues that no single strategy can stop
determined hackers.
"It's a pipe dream to think that a country can secure its
cyber-borders," says Schneier. He points out that in general, security
vulnerabilities are much easier to find than they are to patch. "If you
look at what's happening now in the computer security field, the bad
guys are winning, and they're just criminals," says Schneier. "Imagine
if militaries got involved."
If China did face all-out digital war, it might have at least one
resource that the U.S. wouldn't: an Internet kill switch.
"It's true that it's impossible to completely defend against denial of
service attacks and still be accessible," says Marcus Ranum, chief
security officer of Tenable Security. "But if you're willing to go off
the air completely, you could disrupt the enemy's command and control."
Ranum suggests that China's worst-case strategy in a cyber-war would
simply be to "pull the plug," temporarily isolating the Chinese
Internet. That's not an option in the U.S., where the Web is less
regulated and considered a basic freedom.
If China made itself immune from outside attack, it could still be
vulnerable to botnets run from within the country, says Allan Paller,
director of research at the SANS Institute. "Installing malware on
computers within the country would be the real key to an Internet Cold
War," he says. Military enemies could launch denial of service attacks
that begin and end within China's own network.
To grab control of those computers, Paller imagines CIA agents working
in Chinese Internet cafes or other domestic access points. Timed botnet
attacks could also be organized to launch automatically, without an
external go-ahead.
At the end of 2006, China had 26% of the world's malware-infected
computers, more than any other country, according to a report from
Symantec (nasdaq: SYMC - news - people ). But most of those PCs are
likely controlled by spam-sending cyber-criminals, not foreign
militaries.
Whether of note the U.S. military has caught on to these nuances of the
digital arms race, it will soon, Paller argues. "This is going to be an
area of huge investment for the military for the next hundred years," he
says. "It isn't just the future of information warfare. It's the future
of warfare."
Received on Thu Aug 2 05:05:48 2007