Enough with ZOMG! China is attacking us! « Jack Whitsitt: Art and Security in Washington, DC

I have to preface this post with the fact that I know I’m speaking out of turn here. I don’t have first source info and my involvement tangential, at best. Still, I’ve felt like saying this for awhile and the past couple of days have bubbled it up to the top again:

This whole “China has infowar capabilities and has been attacking the US goverment!” FUD should be toned down and the real situation assessed. This was forwarded to me this afternoon, for instance:

http://www.bloomberg.com/apps/news?pid=20601087&sid=aP7TPl_IQwFQ&refer=worldwide

Feb. 12 (Bloomberg) — Chinese government and freelance hackers are the primary culprits behind as many as several hundred daily attacks against U.S. government, electric-utility and financial computer networks, a senior congressman said…..Sophisticated hackers could really wreak havoc on our financial systems if they were successful,” House Homeland Security Committee Chairman Bennie Thompson said in an interview. The threat is “primarily from China.”

I don’t buy the Chinese nation-state attribution.

Interestingly and coincidentally, I was in Columbia MD last night with some people for Dojosec and had the opportunity to talk to Marcus Ranum and a few others about cyber war and China specifically afterwards and on the way home. It was an interesting series of discussions.

This is a bastardized amalgamation of my previous thoughts, group consensus, and points from Marcus’ presentation:

1. People who do this for a living probably wouldn’t attack directly from China. A simple example is North Korean hackers going to elementary schools in S. Korea (in person) to launch attacks. A state more evolved than Korea (like China) which isn’t as anti HUMINT as us would much rather embed people in our companies and operate from there. There are plenty of opportunities to do that that would effect much more serious damage. Why would you risk attribution and attack from your own IP’s when it’s so easy not to and you really don’t want anyone knowing you’re doing it? It just doesn’t make sense.

2. China will execute or do “bad things” to Chinese kids who vandalize or attack Chinese systems. They’d allow kids to attack US systems at will (if for no other reason than it’s fun to watch us scramble and hit ourselves on our heads). Do the kids get paid off? Possibly. Does that really mean anything in the big scheme of things? Not so much.

3. If -I- wanted to attack the US’ cyber assets for some reason and I -wasn’t- China, you know what? I’d compromise some Chinese systems and launch the attacks from there. To add to the fact that there would be almost no technical way to attribute the attacks back to me, the current state of politics and international relations would almost guarantee that further possibilities wouldn’t be explored in detail once Chinese IP’s showed up.

4. Large scale misinformation and misdirection is really easy and really useful. Intentionally evolving US defenses in directions beneficial to our adversaries by our adversaries is not trivial, but not out of the realm of possibility. It’s certainly possible to manipulate our politics.

All evidence I’ve seen is weak, in my opinion. A lot of holes are filled in by implicit assumptions ahead of time that China is responsible.

My opinion – subject to change based on actual empirical evidence – is that we’re in a lot of trouble if we can’t stop assuming things and attributing motivation, organization, and activity on a nation-state basis.

Again, I’m not saying the perception and reality aren’t correct, only that the information as presented so far is not remotely conclusive and the conclusions have been, in some respects, is improbable.

Enough with ZOMG! China is attacking us!

Contact Me

art

press

security

stuff

Recent Posts

My Art / Misc. Photo Stream

My Twitter Stream

a

Meta

No comments yet