You’re Nobody Until Somebody Hacks You!

The U.S. government is a lean, mean hacking machine. We are everywhere we want to be and more. Whether we conspire with Israel to plant slowly debilitating-worms (the infamous Stuxnet virus) into Iran’s nuclear control software to sliding our stroke-reporting-monitoring-viruses into Chinese government sites, we are really good at it! But Americans are pikers when it comes to the mass hacking of anything that moves in and around a capital city… like Washington, D.C. In fact some analysts estimate that of the aggregation of government, prankster and criminal hacking here in the United States, China alone counts for 80%!

Traveling to China anytime soon? Hooking up to the Internet or using your smart phone while you’re there? Worried about getting hacked? Well, take a hint from major corporations and government agencies who equip their traveling employees with “blank” computers and smart phones with very strong filtering software: leave your regular laptop and smart phone behind or enjoy becoming one more statistical entry into China’s massive database. Oh, and you may be bringing back a nice link for future Chinese inquiries into your employer, friends and personal files. Chinese government hacking provides PRC companies negotiating deals with foreign counterparts with inside peaks at negotiating postures, underlying proprietary information and inside communications with the home office (which itself may be hacked).

That China has shown particular interest in corporate America, with a strong emphasis on financial institutions, tech companies as well as our telecommunications (including major Web servers) and power grid, and it seems to have a pretty direct path to penetrating and perhaps shutting down these major systems… perhaps bringing the United States to its knees. What would happen if they really chose to pursue that path? How would we respond? Does China really want to implement that policy?

But in status-hungry Washington, D.C., you are nobody if you haven’t been hacked by the steely-eyed cadres of the Peoples Liberation Army charged with tracking almost anything that moves. And they are getting into newspapers, television networks, consulting enterprises and law firms. I wonder if any of these “inquiring minds” are ever found slumped over in their chairs, bored to death? Folks in our nation’s capital are literally “complaining as bragging” with their peers about being “China-hacked.” But it’s not so funny.

So how do we civilians know that PRC hacking is so pervasive when our secretive government would most certainly not want us to hit the panic button? The New York Times hired a private firm to trace the source of hacking into their own files. “Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as ‘Comment Crew’ or ‘Shanghai Group’ — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building [pictured above], but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area…

“While Comment Crew has drained terabytes of data from companies like Coca-Cola, increasingly its focus is on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks. According to the security researchers, one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America. The unit was also among those that attacked the computer security firm RSA, whose computer codes protect confidential corporate and government databases. 

“Contacted [February 18^th], officials at the Chinese embassy in Washington again insisted that their government does not engage in computer hacking, and that such activity is illegal. They describe China itself as a victim of computer hacking, and point out, accurately, that there are many hacking groups inside the United States. But in recent years the Chinese attacks have grown significantly, security researchers say. Mandiant has detected more than 140 Comment Crew intrusions since 2006. American intelligence agencies and private security firms that track many of the 20 or so other Chinese groups every day say those groups appear to be contractors with links to the unit.” New York Times, February 18^th.

Since our own government is hacking away, exactly how do we respond to intrusions into our cyber world? First, we really need to take these intrusions seriously. Technological responses from private (non-governmental) entities that are vital to national interests should no longer be optional. Operate in that space and you should be under a governmental security blanket – at no cost to the taxpayers – that is constantly updated and government approved. Second, we need to send a clear message to China that while exchanges of intrusions at a government level are part of the modern world, it is not okay to extend that net into private, non-governmental entities to generate an economic edge or threaten non-military targets.

Banning imports or U.S. investing (directly or indirectly) from Chinese companies (and their affiliates) that have benefited from commercial espionage would be a good start. If the targets are infrastructure, if the PRC will not cease and desist, we need to make it clear that such an attack would be the functional equivalent of dropping a bomb on our key cities; it would be dealt with swiftly and completely as an act of war. So far, it’s just been snooping, but cyber-security needs to be clearly prioritized in our international dealings. We need to make a big scene over these intrusions, letting the PRC that the mutual economic exchange between the two countries has to be a priority to China as well… with appropriate mutual safeguards. With a new administration in Beijing, the message needs to be very loud and very clear.

I’m Peter Dekom, and there is huge mutual benefit to China and the United States to clear this rather nasty air.