Search this Blog

How Close is the US to Experiencing a Digital Pearl Harbor?

By Carl Weiss
Courtesy of Flickr

  
December 7, 1941:  “A date which will live in infamy.” — Franklin D. Roosevelt

Who can ever forget President Roosevelt’s utterance of those fateful words that propelled the United States headlong into World War II?  The Japanese sneak attack that spurred our reluctant country into jo
ining the expanding European and Asian conflict 73 years ago is not forgotten.  However, what has been lost during the intervening decades is that the US had actually known, through a series of intercepted and decoded diplomatic communiqués, that a Japanese attack was imminent. Yet the administration did little to take defensive action.


Digital Danger

Fast forward to January 10, 2010.  A new date that will live in infamy in the minds of cybersecurity experts.  That was the day Google and a number of other hi-tech firms announced they'd been hacked by the Chinese.  It was also the day the CEO of McAfee, one of the world's most popular antivirus brands, admitted its software had failed to detect the attacks. In the ongoing cat-and-mouse game of cybersecurity, this isn’t all that unusual.  It's common knowledge that as soon as one security hole is plugged and another piece of malware is defeated, another rears its ugly head. It’s like the self-replicating brooms that relentlessly carried all the sloshing buckets of water in the animated Disney movie, “Fantasia.” With the number of organized hacking rings and government-sponsored cyber warfare units springing up worldwide, are we quickly coming to the point in time where it's nearly impossible to defend our digital assets?  And if multinational corporations and major banking systems are being attacked with impunity, what chance does the average citizen have of being able to secure their own data?  Does a different kind of online security system need to be developed in order to prevent a digital Pearl Harbor?  And what about how our own government chooses to deal with these intentional breaches of our homeland digital security?

U.S. Navy battleships at Pearl Harbor on 7 Dec...
U.S. Navy battleships at Pearl Harbor on 7 December 1941 (l-r): USS West Virginia (BB-48) (sunk), USS Tennessee (BB-43) (damaged), and the USS Arizona (BB-39) (sunk). (Photo credit: Wikipedia)
The reason I bring all this up is to remind us that unless we heed the lessons learned from history, we’re doomed to repeat them. While there are a number of people who still view Franklin D. Roosevelt’s inaction in the days leading to the December 7th attack as a conspiracy designed to force the US to become involved in WWII, an argument can be made that this was just another case of intentional bureaucracy in action. You’ll recall that prior to the Japanese attack, the majority of the American public was against entering the war. Several outspoken celebrities, including Charles Lindbergh, were especially vocal in their opposition.  At the time, nobody in the administration wanted to rock the boat and wind up losing the next election.



The Threat of Cyberwar Rears its Ugly Head

Seventy-three years later, this country is faced with a similar threat.  Not one of an imminent attack from the skies on an isolated military installation, but an attack so widespread in scope that could affect every man, woman and child in our country.  Moreover, this attack could very well disrupt the infrastructure that we all depend upon to live and work.  I’m not talking about nuclear fire raining down from the sky.  While the Cold War nearly turned hot on several occasions, currently the threat of nuclear conflagration is not as great.  The next Pearl Harbor probably won’t come in the form of a missile’s contrail. What’s more likely today is that the biggest threat to our national security will come from the stroke of a computer keyboard. 

Just like the Japanese in 1940, there are forces at work that have been testing our defenses and with whom we’re reluctant to deal with since they’re also business and trading partners.  While more than one nation has used computer hackers to steal industrial and military secrets, none has done so more brazenly than China.  For more than ten years, the US government has been aware that Chinese hackers have broken into scads of corporate and government computers.


Glopbal Security: The Two Key Areas of Concern
Glopbal Security: The Two Key 
Areas of Concern 
(Photo credit: Future Challenges)
2003 – “Titan Rain” was the US designation given to a coordinated series of attacks on US computers that were labeled as Chinese in origin. Through the use of proxy servers and zombie computers, the identity and locations of the hackers were never identified, so it wasn’t known for certain whether the attacks were perpetrated by state-sponsored hackers or if they were carried out by corporate entities.  However, these penetrations occurred in close proximity to other Chinese cyber-attacks perpetrated against government and commercial interests in Taiwan.

2004 – The media reported attacks against several US military installations.

2005 – In December 2005, the director of the SANS Institute said the 2004 attacks were “… most likely the result of Chinese military hackers attempting to gather information on US systems.” * 

2006July: The media reported that the US State Department was recovering from a damaging cyber attack.
            August: Claims of Congressional computers being hacked emerge.
            November: US Naval War College computer infrastructure reportedly attacked.

2007June: The Chinese government hacked a noncritical Defense Department computer system.
            June: The Office of the Secretary of Defense computers were attacked via malicious email.
            June:  US Pentagon email servers compromised for an extended period. (Cost to correct: $100 million.)
             June: American military warns that China is gearing up to launch a cyber war on the US, targeting computer networks that specialize in trade and defense secrets.
Anonymous Attack
Anonymous Attack (Photo credit: HonestReporting.com)
              July: Oak Ridge National Laboratory targeted by Chinese hackers.

2008 May: US Commerce Secretary laptop investigated for data infiltration.
            November: Hacking of White House computers alleged.

2009March: China’s global cyber-espionage network, GhostNet, penetrates 103 countries and infects at least a dozen new computers every week.

2010January: “Operation Aurora” attacks Marathon Oil, ExxonMobil and ConocoPhillips.  Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical were also targeted.
             November:  A security report to the US Congress warns that hacking of 15% of the world’s Internet traffic by a Chinese telecom firm may have been malicious.

In 2011 and 2012, the Chinese hack attacks had ramped up to epic proportions, targeting everything in this country from information and military technologies, to satellites and telecom infrastructure, to transportation, navigation and energy technology.  By 2013, the attacks had become so widespread that the running joke in Washington was, “If you aren’t being hacked by the Chinese, then you probably don’t matter.”

A February 25 article in the “Washington Post” stated, “Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies,” report my colleagues Craig Timberg and Ellen Nakashima, “and this is the usual answer: almost all of them.”

At the time, not only was it known which unit in the Chinese military was responsible for perpetrating many of the electronic brake ins (Unit 61398), but it was also known where the unit was located.

This 12-story building on the outskirts of Shanghai is the 
headquarters of Unit 61398 of the People’s Liberation Army.
Lackadaisical Laxness

Still what’s even more troubling is the lack of response from our federal government to these overt Chinese attacks.  Other than toothless rhetoric, little was or has been done to confront China regarding its policies of wanton state-sanctioned hacking.  It wasn’t until 2012 that anyone from the US Government even presented the Chinese with proof that American companies were being hacked. During the four-hour meeting 
attended by two members of the State Department and one from the Pentagon, Chinese diplomats were shown extensive case studies that proved conclusively that Chinese state-sponsored hackers had penetrated US defense and corporate computer networks. 

The Chinese response as reported by the “Washington Post”: “‘This is outrageous!’ A second former official said, ‘You’re here and you accuse us of such a thing? We don’t do this.’”

And until May 19, 2014, other than saber-rattling, that’s all that the US was prepared to do about it
. That’s when a US grand jury indicted five Chinese individuals for allegedly targeting six American companies for stealing trade secrets. 

According to “Newsweek,” “‘The move indicates that DOJ has 'smoking keyboards' and (is) willing to bring the evidence to a court of law and be more transparent," said Frank Cilluffo, head of the Homeland Security Policy Institute at the George Washington University.  http://www.newsweek.com/us-will-hit-chinese-officials-spy-charges-251383

  
 “Wonton” Inaction?

Sheriff Joe Arpaio:  Money Shot
Sheriff Joe Arpaio: Money Shot (Photo credit: cobalt123)
What’s interesting about the indictments is they only concerned corporate espionage.  There was nothing in the charges relating to the Defense Department or US infrastructure breaches, which could be far more devastating to this country than the theft of trade secrets.  While several people at the State Department thought the indictment sent a strong message to the Chinese, others lamented the fact the charges won’t slow China’s cyberattacks down one bit.

Indicting five Chinese is like bringing charges against a drop of water in the ocean. Unit 613898 alone employs thousands of hackers and has been implicated in attacks on hundreds of American companies, including cybersecurity firms and government defense contractors.  They have also purportedly gained access to the networks of a company that helps in the operation of the US’ utility grid.

Michael Chertoff, the former secretary of Homeland Security summed it up best, “We are in a race against time.” 

Speaking of time, as in 1941, will our government continue to twiddle its thumbs until it’s too late to prevent a disaster that will forevermore be burned into this country’s consciousness? Unlike the Japanese battle cry of "Tora! Tora! Tora!" which rang out as their attack bombarded Oahu that fateful December day, the Chinese will be more apt to shout, “Data! Data! Data!”

In this article, I discussed the similarities between the attack on Pear Harbor in WWII and the imamate threat of attack by foreign governments, namely China. I’ve laid out the scary state of how government-sponsored hacking is threatening our infrastructure and way of life. This article suggests that if banks, large multinational corporations, and government security agencies can’t protect themselves, how can individual users.

Here are links to related cybersecurity articles we’ve written about worth reading; 

 If you found this article informative — if not the least bit disconcerting — share it with your friends, family and co-workers. If you feel you have something to add or just want to leave a comment, do so below. I look forward to reading your comments. Thanks again for reading and sharing.  
Get your FREE eBook above.

If you like this article, you can find more by typing “social media” "Internet security" or "Internet terrorism" in the search box at the top left of this blog. 

*According to its website: SANS is the most trusted and by far the largest source for information security training and security certification in the world.” 


If you'd like a FREE Copy of our eBook, "Internet Marketing Tips for the 21st Century," please fill in the form in the upper right-hand sidebar, where you will receive instant access to our eBook. Your information is always kept private and is never sold.

Carl Weiss is president of Working the Web to Win, a digital marketing agency based in Jacksonville, Florida.   You can listen to Carl live every Tuesday at 4 p.m. Eastern on BlogTalkRadio.

Related articles

3 comments:

  1. Frightening indeed. How can the average citizen product themselves when our gov't seems so nonchalant about this?

    ReplyDelete
  2. I had no idea this amount of e-espionage was being perpetrated by the Chinese! Very enlightening.

    ReplyDelete
  3. The worst thing is that the US government is doing practically nothing about it.

    ReplyDelete