25 March 2014

Information Warfare: The Chinese Police Join The Cyber War

March 24, 2014: China is now training police to be hackers. Not just imparting defensive skills, but training selected cops to launch attacks. It’s unclear what this is for although it’s most likely related to the growing incidence of Internet based criminal activity inside China. Apparently several units of police Cyber War experts are being organized. Some will probably be dedicated to helping Chinese firms and local governments improve their network security, but at least one of these new organizations will have an offensive capability, probably for harassing groups perceived as enemies of China.

The U.S. is still trying to get details on the military and non-military Internet hacking organizations active in China. It wasn’t until 2013 that one of the major military Cyber War operations, “Unit 61398” was identified and connected to a large number of foreign hacking operations. Unit 61398 is believed responsible for over a thousand attacks on foreign government organizations and commercial firms since 2006. China denied this revelation, and some Unit 61398 attacks ceased and others changed their methods for a month or so. But after that brief pause Unit 61398 returned to business as usual. The Chinese found that, as usual, even when one of their Cyber War organizations was identified by name and described in detail there was little anyone would or could do about it. There was obviously a Chinese reaction when the initial news became headlines, but after a month or so it was realized that it didn’t make any difference and the Chinese hackers went back to making war on the rest of the world. Unit 61398 is believed to consist of several thousand full time military and civilian personnel as well as part-time civilians (often contractors brought in for a specific project).

China's Cyber War hackers have become easier to identify because they have been getting cocky and careless. Internet security researchers have found identical bits of code (the human readable text that programmers create and then turn into smaller binary code for computers to use) and techniques for using it in hacking software used against Tibetan independence groups and commercial software sold by some firms in China and known to be used by the Chinese military. Similar patterns have been found in hacker code left behind during attacks on American military and corporate networks. The best hackers hide their tracks better than this. The Chinese hackers have found that it doesn’t matter. Their government will protect them. The new Chinese police Cyber War units are using hacking tools developed inside China and probably get assistance from military hackers.

It's been noted that Chinese behavior is distinctly different from that encountered among East European hacking operations. The East European hackers are more disciplined and go in like commandos and get out quickly once they have what they were looking for. The Chinese go after more targets with less skillful attacks and stick around longer than they should. That's how so many hackers are tracked back to China, often to specific servers known to be owned by the Chinese military or government research institutes. Chinese criminal hackers working inside China are even more lax and that’s probably because a lot of them are not skilled enough to get into criminal gangs that specialize in hacking foreigners on government contracts or independently.

The East Europeans have been at this longer and most of the hackers work for criminal gangs, who enforce discipline, select targets, and protect their hackers from local and foreign police. The East European hacker groups are harder to detect (when they are breaking in) and much more difficult to track down. Thus the East Europeans go after more difficult (and lucrative) targets. The Chinese hackers are a more diverse group. Some work for the government, many more are contractors, and even more are independents who sometimes slip over to the dark side and scam Chinese. These are the ones the Chinese police are hunting. Chinese who do hacking for the government are forbidden to use their skills against Chinese targets. Those few that do and get caught are punished, or simply disappear. The Chinese hackers are, compared the East Europeans, less skilled and disciplined. There are some very, very good Chinese hackers but they often lack adult supervision, or some Ukrainian gangster ready to put a bullet in their head if they don't follow orders exactly.

For Chinese hackers that behave (don't do cybercrimes against Chinese targets) the rewards are great. Large bounties are paid for sensitive military and government data taken from the West. This encourages some unqualified hackers to take on targets they can't handle. This was noted when a group of hackers were caught trying to get into a high-security network in the White House (the one dealing with emergency communications with the military and nuclear forces). These amateurs are often caught and prosecuted if identified and then leave China for business or pleasure. But the pros tend to leave nothing behind but hints that can be teased out of heavy use of data mining and pattern analysis.

For the amateurs, semi-pros or lazy the booming Chinese Internet is a tempting target. That’s because there are over half a billion Chinese Internet users and many businesses using pirated software that is often out of date and lacking much security. There’s much opportunity here, especially if you are hacking from outside China.

http://www.strategypage.com/htmw/htiw/articles/20140324.aspx

No comments: