SecurityWorkspace

US: Strike Back After China’s Cyber Pearl Harbor!

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Follow on: Google +
Google + Linkedin Subscribe to our newsletter 2 Comments

State-sponsored hackers from China have penetrated US institutions. Wayne Rash wants virtual blood

The news broke over Washington like the flash of an exploding meteor. China, according to The Washington Post, had hacked its way into the computers of virtually every institution in the city.

Every government agency, every defence contractor, nearly every human rights group, Congressional office, law firm, embassy and news organisation. The attacks on the nation’s capital were so massive that it probably would be easier to list the organisations that had been missed, assuming there are any.

Worse, the attacks have been mostly successful. The Chinese state-sponsored hackers have collected terabytes of information. In fact the collection of information is so massive that the biggest question isn’t what they got, but how they plan to process it all.

Why the secrecy?

America US China - Shutterstock © AquirAnother troubling aspect is that the Chinese hacking attempts have been so massive that there are many indications that cyber spies from Russia, France and Israel have also been snooping around Washington institutions, using the hacking activity by China as cover.

Right now it’s not clear how successful those three nations have been because they’ve either covered their tracks so well that we can’t find out or they never accomplished much. Considering the players involved, my guess is that Russia and Israel probably got what they wanted, and left without evidence. The motives and goals of the French are less clear.

But what is clear is that the Chinese attacks on Washington and on the US government and its contractors are tantamount to waging a true cyber-war. These attacks aren’t like the ones reported by Mandiant in which the spying was economic and was aimed at benefitting Chinese businesses and economic activity. The attacks on Washington are military spying pure and simple.

So the question is why aren’t US government officials talking about it yet? Sure, there are many news organisations, including The Washington Post, who are admitting that they’ve been penetrated. There are plenty of security experts who are giving specifics of who or what has been attacked by whom and revealing details on what was taken. But the US government is silent on the topic.

Initially it was easy to see why this might be so. The US military and intelligence community didn’t want to admit their networks and databases had been penetrated, because they didn’t want the Chinese to know how successful they’d been. But that time has passed. Everyone knows what the Chinese are up to, and everyone has been hacked. So why the secrecy?

When criminal activity is going on it frequently helps to make the activity public. Crooks hate exposure, which is why security lights and cameras work fairly well. The same is true of covert military and intelligence operations. The Chinese, like every other gang of spies, hate to be uncovered. They’re embarrassed. They lose face.

This is exactly why the Chinese should have their collective noses rubbed in it. This is why the US, with proof of the attacks in hand, should say what happened, who did it, and what they did, all the while pointing fingers at the Chinese government that sponsored the hackers. While there could be some diplomatic repercussions. I’m not sure how significant they might be. After all, China is already attacking us.

Get tough with China?

There is one thing that criminals and spies hate more than having a light shined on their activities, it’s having to deal with the consequences of their actions. Right now the Chinese are betting that we’ll never take action of any kind and that they’ll simply be allowed to break in to whatever they want and take whatever they want while the US sits around whimpering furtively.

But perhaps the time has come to stop whimpering and start delivering consequences. We know who they are, we know where they are. We can deliver a response in the form of a cyber-attack of our own if only we could gather the political will.

But it would, in other words, take guts. It would take someone who is willing to make the Chinese pay for their actions by having their networks taken down, their data erased, and their base of operations made useless.

Then it would mean that the Chinese would lie defenseless before us while we sucked them dry of the information they’ve gathered from us, as well as whatever else they may have handy. The military secrets of the Chinese, for example.

This sounds like war, you say? That’s because it is. This is the long-talked about cyber-Pearl Harbor. The nation’s inner-most secrets have been laid bare. Worst of all we may not know for many years into the future how this relentless cyber-spying campaign has compromised the nation’s security, its military readiness or the integrity of our critical infrastructure.

China has had a free hand with our IT systems. Returning the favour — in spades — is the least we can do.

Wayne Rash writes for eWEEk.com – TechWeekEuro0pe’s US partner. 

Soldier! Do you know  Internet Security? Report to our quiz on the double!

Originally published on eWeek.