The End of the World: “Made in China”

This time it’s certain, written in stone – or at least a thick report. This time it’s the Chinese. They are accused of being behind the biggest hacking attack ever witnessed, unprecedented in its scope and length. So much so that Vanity Fair – which was the first to highlight the case in the press – talks about an “Unprecedented Cyber-espionage Campaign” and dedicates a set of articles on the Chinese technological threat.

Unveiled by McAfee (an American computer security company), operation “Shady RAT” is suspected of stealing information from more than 70 governments, companies and organizations over a five-year period. Dmitri Alperovitch, Head of Research at McAfee, decoded the computer virus’ DNA on his blog and in a 15 page report (PDF), although he never openly accused Beijing. He cleared the names of “vaguely organized activist movements” (such as Anonymous and LulzSec), and indicates a much more coordinated perpetrator:

Although Shady RAT’s scope and duration may shock those who have not been as intimately involved in the investigations into these targeted espionage operations as we have been, I would like to caution you that what I have described here has been one specific operation conducted by a single actor/group.

The Chinese muleta

Among the victims of this grand theft – which the direct consequences remain unknown – the United States is the most affected, as 49 targets out of 72 are American. The targets are not arbitrary, as 13 defense companies and several governmental agencies are on the hit-list. Either by coincidence or as an early warning sign, several major military contractors were hacked a few weeks before. Lockheed Martin, L-3 Communications, and Northrop Grumman were victims of these attacks, all worth  billions of dollars.

Other countries were targeted by “Shady RAT,” including Canada, Japan, South Korea, Germany, the United Kingdom, and India. The fact that Taiwan also appears on the list could be a proof of Chinese involvement – or so believes James Lewis, an analyst from the Center for Strategic and International Studies(CSIS), a bipartisan think-tank based in Washington D.C.

All signs indicate China…What other country spies on Taiwan?

What could appear as a hasty conclusion is echoed by many experts, including Microsoft[FR]. Always eager to accuse a very annoying China, they are having a field day. The fear of Chinese spying is very popular in the intelligence world – the Renault case is one example[FR]. Yet it isn’t a muleta invented and waved by Western countries, entangled in a digital revolution they can’t control. During 2010 in the United States, 11 Chinese citizens were prosecuted for espionage – ten were interested in high-profile technology targets.

The race for digital weapons

Chinese authorities spend their time dismissing American accusations[FR], demanding proof which the other side fails to provide. Yet the  Chinese Honker Union (patriotic hackers trained by the Party) and the 2010 attack against Google[FR] permanently changed the geopolitical order.

A new post-Cold War rhetoric has appeared, widely fed by Hillary Clinton’s speeches on Internet freedom. Columnists are talking about a “global cyber arms race,” where the ability to react against viruses replaces nuclear weapons and rockets. During the Las Vegas Black Hat conference, Cofer Black (a former CIA member) told an audience of computer security specialists that “the code war”[FR] would soon commence.

Control the hardware

The bewildering reality makes this new – and largely unknown – playing field extremely complicated and problematic. Try this at home: look behind your CPUs and under your laptop, and count the number of products labelled “Made in China” (which is only at the end of the assembly line, which the New York Times explained in 2006).  The influx of these products and the possible ramifications has reached the point where Congress started interviewing worried specialists. Kevin Coleman affirms that both federal agencies and the Pentagon’s hardware should be controlled more thoroughly:

If we are not going to build everything we need here at home, then we need to advance the current testing and validation tools and techniques as well as our system covert compromise monitoring and detection capabilities.

If tomorrow, Foxconn (Apple’s Chinese subcontractor) decides to program its robots to implement malwares in iPhones sold worldwide, the United States would probably be taken by surprise. And that’s not all – a year ago, 600 executives responsible for computer security in major companies answered a survey[FR] regarding which countries were the most likely to suffer from a hacking attack. The United States came first with 36% of the votes, followed by China.

The study was commissioned by McAfee.