Is China really 'Cyberdragon'?

Updated: 2011-08-18 08:17

By Tang Lan (China Daily)

  Print Mail Large Medium  Small 分享按钮 0

Is China really 'Cyberdragon'?

Hacking poses a threat to both China and Western countries and politicizing the problem will be detrimental to all

Earlier this month, McAfee, the US cyberspace security company, released a report on its investigation into targeted infiltrations of the computer systems of more than 70 global companies, governments, enterprises and non-profit organizations over the last five years, which it grouped together under the label Operation Shady RAT.

Some Western media outlets immediately jumped to the conclusion that the hacks were a unified attack from a single source and quickly pointed the finger of blame at China, partly because of McAfee's carefully worded comment about the hacks on national Olympic Committees, the International Olympic Committee (IOC) and the World Anti-Doping Agency in the lead-up and immediate follow-up to the 2008 Olympics.

It said that the hacks "potentially pointed a finger at a state actor behind the intrusions" as "there is likely no commercial benefit to be earned from such hacks".

However, as McAfee pointed out the compromises it identified were "standard procedure for these types of targeted intrusions".

In many cases, the infiltration was initiated by an e-mail that triggered a download of malware, that executed and initiated a backdoor communication channel, which enabled live operators to quickly escalate privileges.

Clearly, McAfee has a vested interest in Operation Shady RAT and other well-known cyber security companies have questioned the report.

The chief security expert of Kaspersky Lab, Alex Gostev, wrote to US news media, "the report contains nothing on what particular data has been stolen or how many computers in each organization were hit by the attacks".

Symantec, the largest producer of security software for computers said, "There has been some discussion of this being a government-sponsored attack. However, the finger can't be pointed at any particular government. Not only are the victims located in various places around the globe, so too are the servers involved in these attacks."

This is not the first time China has been the victim of such accusations. In fact, it was also accused of having instigated several previous systemic long-term intrusions, namely Operation Titan Rain, Night Dragon and Operation Aurora. Western governments and media would have people believe that China has become a "cyberdragon", able to infiltrate the computer systems of countries and companies seemingly at will.

However, anybody with any understanding of cyberspace security and international politics will realize how groundless the accusations are.

First, identifying the location where the attacks originate is just one of the problems of countering cyber attacks as they can easily be launched from compromised machines in third-party countries, making it very difficult to know with any certainty who is behind an attack.

For example, hackers can establish a botnet, a group of computers running a computer application controlled and manipulated only by the owner of the software source, or they can implant distant control programs on faraway computers through links contained in e-mails.

As Jeffrey Carr, author of the book Inside Cyber Warfare: Mapping the Cyber Underworld said, hackers can easily pretend that the attacks are from China by renting servers from China's International Service Provider, adding it needs "a higher bar of evidence before making the leap that China did it."

Besides, it is simply untrue to say that China is not a victim of cyber attacks. China was hit by nearly 493,000 cyber attacks last year, about half of which originated from foreign countries, including 14.7 percent from the US and 8 percent from India, according to a report issued on Tuesday by the Computer Network Emergency Response Technical Team / Coordination Center of China (CNCERT/CC), the country's primary computer security monitoring network.

China was also the victim of botnets. CNCERT/CC detected nearly 14,000 IP addresses in China corrupted by botnet viruses in 2010, with the US, India and Turkey the top three countries of origin.

Hacking poses a great threat to both China and Western countries and should be considered a common enemy. It is irresponsible to accuse any other country without ample evidence, and politicizing the problem will only prove detrimental to the interests of all.

As a responsible country, China has long held the principle of strengthening supervision of the Internet, and encourages all countries to cooperate for the common good.

We also hope other countries can hear China's voice, and understand China's efforts in defending the security of all.

The author is deputy director of the Institute of Information and Social Development Studies, China Institutes of Contemporary International Relations.

(China Daily 08/18/2011 page8)