Reaching out to China
Intelligence agencies and the Foreign and Commonwealth Office working together to reach out to China on cyber security, is one of the topics discussed at a Chatham House conference.
China is the origin of the vast majority of state-sponsored hacking attacks on Western targets, although it also claims to be the biggest victim of cyber crime.
Russia and its neighbours are the origin of a great deal of global cyber-crime (although Russian groups also engage in cyber espionage and cyber-attacks).
Many of the Russian state organisations charged with investigating cyber crime are former Cold-War intelligence agencies whose history makes it difficult if not impossible for British intelligence to engage with them.
Cyber-conflict: Who does what
Malicious activity in cyberspace is split into three main areas:
Cyber-crime – use of the internet and/or hacking for crime, typically identity theft, fraud, extortion, or the making and distribution of child abuse images, but increasingly encompassing more and more areas of crime.
Cyber-espionage – hacking into systems in order to discover state secrets or steal intellectual property. The steps taken to effect the hacking (for instance identity theft) may also be aspects of cyber crime.
Cyber-attack – hacking into systems in order to disable or destroy the system itself, or the real world infrastructure it supports.
The last two activities are sometime grouped under the heading “cyber conflict.”
The “Big Three” countries engaged in cyber-conflict are China, the US and Russia, and each show different characteristics and methods.
“Russia acts like they do because they lost [the Cold War]” said as US source with close knowledge of the international cyber threat, displaying high degrees of sensitivity about their “near abroad” for instance the cyber-attacks on Estonia in 2007 and Georgia in 2008.
Many Russian cyber-attacks also did not come from state agencies, but from groups of hackers encouraged and enabled by the Russian state.
A UK government source added that much of Russian cyber-espionage efforts against the UK focused on UK government departments, energy firms and some tech firms.
“The US does stuff in cyberspace because they can” the source added, noting that the US saw no reason for restraint in cyberspace, as evidenced by its use of the Stuxnet virus, and its private justification that the use of the virus was justified as it had forestalled military action.
He postulated that same justification could potentially trigger a cyber attack against US forces in the South China Sea, especially give the People’s Liberation Army favours an “early use doctrine” for key capabilities.
“Stuxnet [the subsequent Iranian attack against Saudi oil company] Aramco and the [Iranian] DDOS attacks against the US have created an environment of low-level shadowy conflict between states. For that reason Stuxnet may not be in the United States’ long-term interests.”
US cyber conflict efforts are typically highly directed, involving dedicated teams of hackers from the military or intelligence agencies, acting on high-level orders and supported by teams of lawyers.
In an event where a cyber attack from US soil is brought to the US government’s attention but is being carried out by a non-state actor, the US will typically act swiftly to investigate and prosecute.
“China is behind, and feels anything it needs to do is justified because of this” the US source added.
This outlook informs China’s huge push over the last decade in the field of cyber-espionage, a push that according to General Keith Alexander of US Cyber Command this push has been responsible for “the biggest wealth transfer in history”.
From a Chinese perspective things look different, with the US private sector’s vast dominance of the web effectively encircling China’s position.
British government sources stated that China’s key targets in the UK were companies operating in the fields of defence, aerospace, finance, pharmaceuticals, telecommunications and IT, academia and mining, strongly reflecting China’s global strategic interests.
Other significant players in cyber conflict are Israel, Iran and North Korea.
Israel is widely believed to have cooperated with the US on the development of Stuxnet.
Iran has launched numerous cyber-attacks in retaliation against financial, media and energy interests in the US and Middle east, and North Korea recently deployed a major cyber attack against banks, media companies and government targets in South Korea.
Intelligence agencies take the cyber-war to al-Qaeda
Although international terrorist groups have largely not employed either cyber espionage or cyber attacks, they are known to use online fraud as a revenue stream, as well as to produce online propaganda and instruction manuals for carrying out a terrorist attack.
The most significant of these publications is Inspire magazine, produced by al-Qaida’s Yemeni offshoot “al-Qaida in the Arabian Peninsula”.
Both UK and American intelligence agencies have carried the cyber-war to al-Qaida. US hackers recently sabotaged an issue of Inspire which was published on the 14th of May.
Security analyst Evan Kohlman, who captured an image of the sabotaged edition, said it contained an image of a fighter with rocket-launcher on the cover, followed by 20 or so garbled or blank pages.
A US intelligence official, speaking on condition of anonymity, told the Washington post: “You can make it hard for them to distribute it. Or you can mess with the content. And you can mess with the content in a way that is obvious, or in ways that are not obvious,” raising the possibility that intelligence agencies might be able to introduce malware to the magazine which could track where and when it was downloaded and distributed.
Hackers for the UK’s intelligence agencies had previously hacked an edition of the magazine which contained bomb making instructions by removing articles and uploading a cupcake recipe in place of the bomb-making instructions.