State-sponsored hackers from China have penetrated US institutions. Wayne Rash wants virtual blood
Every government agency, every defence contractor, nearly every human rights group, Congressional office, law firm, embassy and news organisation. The attacks on the nation’s capital were so massive that it probably would be easier to list the organisations that had been missed, assuming there are any.
Worse, the attacks have been mostly successful. The Chinese state-sponsored hackers have collected terabytes of information. In fact the collection of information is so massive that the biggest question isn’t what they got, but how they plan to process it all.
Why the secrecy?
Another troubling aspect is that the Chinese hacking attempts have been so massive that there are many indications that cyber spies from Russia, France and Israel have also been snooping around Washington institutions, using the hacking activity by China as cover.
But what is clear is that the Chinese attacks on Washington and on the US government and its contractors are tantamount to waging a true cyber-war. These attacks aren’t like the ones reported by Mandiant in which the spying was economic and was aimed at benefitting Chinese businesses and economic activity. The attacks on Washington are military spying pure and simple.
So the question is why aren’t US government officials talking about it yet? Sure, there are many news organisations, including The Washington Post, who are admitting that they’ve been penetrated. There are plenty of security experts who are giving specifics of who or what has been attacked by whom and revealing details on what was taken. But the US government is silent on the topic.
Initially it was easy to see why this might be so. The US military and intelligence community didn’t want to admit their networks and databases had been penetrated, because they didn’t want the Chinese to know how successful they’d been. But that time has passed. Everyone knows what the Chinese are up to, and everyone has been hacked. So why the secrecy?
When criminal activity is going on it frequently helps to make the activity public. Crooks hate exposure, which is why security lights and cameras work fairly well. The same is true of covert military and intelligence operations. The Chinese, like every other gang of spies, hate to be uncovered. They’re embarrassed. They lose face.
This is exactly why the Chinese should have their collective noses rubbed in it. This is why the US, with proof of the attacks in hand, should say what happened, who did it, and what they did, all the while pointing fingers at the Chinese government that sponsored the hackers. While there could be some diplomatic repercussions. I’m not sure how significant they might be. After all, China is already attacking us.
Get tough with China?
There is one thing that criminals and spies hate more than having a light shined on their activities, it’s having to deal with the consequences of their actions. Right now the Chinese are betting that we’ll never take action of any kind and that they’ll simply be allowed to break in to whatever they want and take whatever they want while the US sits around whimpering furtively.
But perhaps the time has come to stop whimpering and start delivering consequences. We know who they are, we know where they are. We can deliver a response in the form of a cyber-attack of our own if only we could gather the political will.
Then it would mean that the Chinese would lie defenseless before us while we sucked them dry of the information they’ve gathered from us, as well as whatever else they may have handy. The military secrets of the Chinese, for example.
This sounds like war, you say? That’s because it is. This is the long-talked about cyber-Pearl Harbor. The nation’s inner-most secrets have been laid bare. Worst of all we may not know for many years into the future how this relentless cyber-spying campaign has compromised the nation’s security, its military readiness or the integrity of our critical infrastructure.
China has had a free hand with our IT systems. Returning the favour — in spades — is the least we can do.
Wayne Rash writes for eWEEk.com – TechWeekEuro0pe’s US partner.
Soldier! Do you know Internet Security? Report to our quiz on the double!
Originally published on eWeek.