 |
| Courtesy of Flickr |
December 7, 1941: “A date which will live in infamy.” — Franklin
D. Roosevelt
Who can ever forget President Roosevelt’s utterance of
those fateful words that propelled the United States headlong into World War
II? The Japanese sneak attack that spurred
our reluctant country into jo
ining the expanding European and Asian conflict 73
years ago is not forgotten. However,
what has been lost during the intervening decades is that the US had actually known,
through a series of intercepted and decoded diplomatic communiqués, that a Japanese
attack was imminent. Yet the administration did little to take defensive
action.
Digital
Danger
Fast
forward to January 10, 2010. A new date
that will live in infamy in the minds of cybersecurity experts. That was
the day Google and a number of other hi-tech firms announced they'd been hacked
by the Chinese. It was also the day the CEO of McAfee, one of the world's
most popular antivirus brands, admitted its software had failed to detect the
attacks. In the ongoing cat-and-mouse game of cybersecurity, this isn’t
all that unusual. It's common
knowledge that as soon as one security hole is plugged and another piece of
malware is defeated, another rears its ugly head. It’s like the
self-replicating brooms that relentlessly carried all the sloshing buckets of
water in the animated Disney movie, “Fantasia.” With the number of organized
hacking rings and government-sponsored cyber warfare units springing up
worldwide, are we quickly coming to the point in time where it's nearly
impossible to defend our digital assets? And if multinational
corporations and major banking systems are being attacked with impunity, what
chance does the average citizen have of being able to secure their own data?
Does a different kind of online security system need to be developed in order
to prevent a digital Pearl Harbor? And
what about how our own government chooses to deal with these intentional breaches
of our homeland digital security?
 |
| U.S. Navy battleships at Pearl Harbor on 7 December 1941 (l-r): USS West Virginia (BB-48) (sunk), USS Tennessee (BB-43) (damaged), and the USS Arizona (BB-39) (sunk). (Photo credit: Wikipedia) |
The
Threat of Cyberwar Rears its Ugly Head
Seventy-three years later, this country is faced with a
similar threat. Not one of an imminent
attack from the skies on an isolated military installation, but an attack so
widespread in scope that could affect every man, woman and child in our
country. Moreover, this attack could
very well disrupt the infrastructure that we all depend upon to live and
work. I’m not talking about nuclear fire
raining down from the sky. While the
Cold War nearly turned hot on several occasions, currently the threat of
nuclear conflagration is not as great. The
next Pearl Harbor probably won’t come in the form of a missile’s contrail. What’s
more likely today is that the biggest threat to our national security will come
from the stroke of a computer keyboard.
Timeline
provided courtesy of USCyberLabs: http://uscyberlabs.com/blog/2011/06/23/chinese-hacker-cyber-timeline/
 |
| Glopbal Security: The Two Key Areas of Concern (Photo credit: Future Challenges) |
2004 – The
media reported attacks against several US military installations.
2005 –
In December 2005, the director of the SANS Institute said the 2004 attacks were
“… most likely the result of Chinese military hackers attempting to gather
information on US systems.” *
2006 – July: The media reported that the US
State Department was recovering from a damaging cyber attack.
August: Claims of Congressional
computers being hacked emerge.
November: US Naval War College computer
infrastructure reportedly attacked.
2007 – June: The Chinese government hacked a
noncritical Defense Department computer system.
June: The Office of the Secretary of Defense computers were attacked
via malicious email.
June:
US Pentagon email servers compromised for an extended period. (Cost to
correct: $100 million.)
June: American military warns that
China is gearing up to launch a cyber war on the US, targeting computer
networks that specialize in trade and defense secrets.
 |
| Anonymous Attack (Photo credit: HonestReporting.com) |
July:
Oak Ridge National Laboratory targeted by Chinese hackers.
2008
– May: US Commerce
Secretary laptop investigated for data infiltration.
November: Hacking of White House
computers alleged.
2009 – March: China’s global cyber-espionage
network, GhostNet, penetrates 103 countries and infects at least a dozen new
computers every week.
2010 – January: “Operation Aurora” attacks
Marathon Oil, ExxonMobil and ConocoPhillips.
Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical were
also targeted.
November: A security report to the US Congress warns
that hacking of 15% of the world’s Internet traffic by a Chinese telecom firm
may have been malicious.
In 2011 and 2012, the Chinese hack attacks had ramped
up to epic proportions, targeting everything in this country from information
and military technologies, to satellites and telecom infrastructure, to
transportation, navigation and energy technology. By 2013, the attacks had become so widespread
that the running joke in Washington was, “If you aren’t being hacked by the
Chinese, then you probably don’t matter.”
A February 25 article in the “Washington Post” stated, “Start asking security
experts which powerful Washington institutions have been penetrated by Chinese
cyberspies,” report my colleagues Craig Timberg and
Ellen Nakashima, “and this is the usual answer: almost all of them.”
At the time, not only was it known which unit in the
Chinese military was responsible for perpetrating many of the electronic brake
ins (Unit 61398), but it was also known where
the unit was located.
 |
This 12-story building on the outskirts of Shanghai is the
headquarters of Unit 61398 of the People’s Liberation Army.
|
Lackadaisical Laxness
Still what’s
even more troubling is the lack of response from our federal government to
these overt Chinese attacks. Other
than toothless rhetoric, little was or has been done to confront China
regarding its policies of wanton state-sanctioned hacking. It wasn’t until 2012 that anyone from the US
Government even presented the Chinese with proof that American companies were
being hacked. During the four-hour meeting
attended by two members of the State
Department and one from the Pentagon, Chinese diplomats were shown extensive case studies that proved conclusively that
Chinese state-sponsored hackers had penetrated US defense and corporate
computer networks.
The Chinese response as reported by the “Washington
Post”: “‘This is outrageous!’ A second former
official said, ‘You’re here and you accuse us of such a thing? We don’t do
this.’”
And until May 19, 2014, other than saber-rattling,
that’s all that the US was prepared
to do about it
. That’s when a US grand jury indicted five Chinese individuals
for allegedly targeting six American companies for stealing trade secrets.
According to “Newsweek,” “‘The move indicates that DOJ has 'smoking
keyboards' and (is) willing to bring the evidence to a court of law and be more
transparent," said Frank Cilluffo, head of the Homeland Security Policy
Institute at the George Washington University.
http://www.newsweek.com/us-will-hit-chinese-officials-spy-charges-251383
“Wonton” Inaction?
 |
| Sheriff Joe Arpaio: Money Shot (Photo credit: cobalt123) |
What’s
interesting about the indictments is they only concerned corporate
espionage. There was nothing in the
charges relating to the Defense Department or US infrastructure breaches, which
could be far more devastating to this country than the theft of trade
secrets. While several people at the
State Department thought the indictment sent a strong message to the Chinese,
others lamented the fact the charges won’t slow China’s cyberattacks down one
bit.
Indicting
five Chinese is like bringing charges against a drop of water in the ocean. Unit
613898 alone employs thousands of hackers and has been implicated in attacks on
hundreds of American companies, including cybersecurity firms and government
defense contractors. They have also purportedly gained access to the
networks of a company that helps in the operation of the US’ utility grid.
Michael
Chertoff, the former secretary of Homeland Security summed it up best, “We are
in a race against time.”
Speaking of
time, as in 1941, will our government continue to twiddle its thumbs until it’s
too late to prevent a disaster that will forevermore be burned into this
country’s consciousness? Unlike the Japanese battle cry of "Tora! Tora!
Tora!" which rang out as their attack bombarded Oahu that fateful December
day, the Chinese will be more apt to shout, “Data! Data! Data!”
In
this article, I discussed the similarities between the attack on Pear Harbor in
WWII and the imamate threat of attack by foreign governments, namely China. I’ve
laid out the scary state of how government-sponsored hacking is threatening our
infrastructure and way of life. This article suggests that if banks, large
multinational corporations, and government security agencies can’t protect
themselves, how can individual users.
Here
are links to related cybersecurity articles we’ve written about worth reading;
- Chinese Hack Attack,
- IsThere a Cyber Stalker in Your Future?
- The Scariest Stuff Online,
- Who’sWatching the Watchers?
- Big Data Comes Wrapped in Big Danger,
- Who’s Watching Who In the Surveillance Society?
- Working The Web - Is There a Cyber Attack in Your future?
If
you found this article informative — if not the least bit disconcerting — share
it with your friends, family and co-workers. If you feel you have something to
add or just want to leave a comment, do so below. I look forward to reading
your comments. Thanks again for reading and sharing.
If you like this article, you can find more by typing “social media” "Internet security" or "Internet terrorism" in the search box at the top left of this blog.
*According to its website: “SANS is the most trusted and by far the largest source for information security training and security certification in the world.”
If you'd like a FREE Copy of our eBook, "Internet Marketing Tips for the 21st Century," please fill in the form in the upper right-hand sidebar, where you will receive instant access to our eBook. Your information is always kept private and is never sold.
Carl Weiss is president of Working the Web to Win, a digital marketing agency based in Jacksonville, Florida. You can listen to Carl live every Tuesday at 4 p.m. Eastern on BlogTalkRadio.
 |
| Get your FREE eBook above. |
If you like this article, you can find more by typing “social media” "Internet security" or "Internet terrorism" in the search box at the top left of this blog.
*According to its website: “SANS is the most trusted and by far the largest source for information security training and security certification in the world.”
If you'd like a FREE Copy of our eBook, "Internet Marketing Tips for the 21st Century," please fill in the form in the upper right-hand sidebar, where you will receive instant access to our eBook. Your information is always kept private and is never sold.
Carl Weiss is president of Working the Web to Win, a digital marketing agency based in Jacksonville, Florida. You can listen to Carl live every Tuesday at 4 p.m. Eastern on BlogTalkRadio.
Related articles
Frightening indeed. How can the average citizen product themselves when our gov't seems so nonchalant about this?
ReplyDeleteI had no idea this amount of e-espionage was being perpetrated by the Chinese! Very enlightening.
ReplyDeleteThe worst thing is that the US government is doing practically nothing about it.
ReplyDelete