PLA hackers are just the tip of cyberwarfare risk


The Observer

China is awash with nondescript new office buildings, so the 12-story tower in Shanghai’s Pudong area hardly looked likely to cause global headlines. Not even propaganda posters on walls surrounding it or People’s Liberation Army guards standing at the gates made the building stand out.

Yet recently a U.S. private security firm, Mandiant, based in Virginia, identified it as the headquarters of Unit 61398, a PLA grouping suspected of waging cyberwarfare. The study revealed that 150 highly sophisticated cyber-attacks against targets in the United States had originated from inside. Last week international journalists and TV crews suddenly descending on Unit 61398 were chased away, even as an angry Beijing government denied the allegations. One BBC team was briefly detained.

But the real story was not the existence of the building or the hackers inside. It was that it was merely the tip of an iceberg of cyberwarfare that is now rising dramatically into view. For years experts have warned of a global epidemic of hacking. But now those dire predictions have come true.

This new world is not just about rivalries between Beijing and Washington. Other governments or those acting on their behalf, such as India and Russia, are also big players. Huge corporations are being dragged in, trying to defend themselves against a legion of hackers, or as unscrupulous firms poaching the valuable secrets of rivals. And instead of hiding it, they are now speaking out and the cyber-underworld is hoving into view.

“It is a change of perception. There has been a shift in willingness to make a public disclosure,” said Kurt Baumgartner, a senior security researcher at the Moscow-based cyber security firm Kaspersky Lab.

Where criminals have gone, some fear terrorists might follow. Already the world of cyberwarfare has seen the emergence of powerful “nonstate actors” such as WikiLeaks and the “hacktivist” collective known as Anonymous. Both groups fight for their beliefs, using the Internet to spread information or act against those that have offended them. But coming behind them might lie other groups with agendas of nationalism or religious extremism that might plot to replace old-fashioned bombs with devastating acts of Internet sabotage.

This is what Unit 61398 really represents: not just the ambitions of a stirring China but the growing to maturity of a new ecosystem of warfare, espionage, activism and criminality. Last week, retired CIA director Michael Hayden compared it to the dawning of the atomic age at Hiroshima, saying: “This has the whiff of August, 1945.”

As a result of the Mandiant report, published by its founder and chief executive, Kevin Mandia, a retired military cybercrime investigator, we now know about some of the players in this strange new world. The firm built up a portrait of a few of the Chinese hackers it believes work in the Shanghai complex. One was revealed as a retired PLA rear admiral whose online nom de guerre is UglyGorilla. Another had a fondness for the works of J.K. Rowling as their answers to a security question featured the (misspelled) name Harry Poter. A third was called SuperHard — perhaps showing that frustrated machismo is universal among geeks.

But such hackers and Unit 61398 are only a tiny part of the action. In recent weeks revelation after revelation has emerged about how prevalent Chinese hacking has become. After publishing details about the wealth of the family of a powerful Chinese politician, the New York Times was targeted for infiltration. The Washington Post and the Wall Street Journal said that they too had come under attack, while on Feb. 22 Microsoft revealed that its servers had also been hacked — as Facebook and Twitter have also been this year.

Chinese hackers have relentlessly watched all aspects of Washington. Think tanks, government agencies, human rights groups and law firms have all been penetrated. Last week, The Washington Post reported the extent of the activity last week under the headline: “Chinese cyber-spies have hacked most Washington institutions, experts say.”

The problem is, many experts agree, that is still very easy. Nor does one need to be commanded by Beijing officials to do it. Chinese denials of much hacking activity often have an air of plausibility due to the lack of sophisticated security for many organizations’ networks and the fact that individual hackers, motivated by patriotism or simple mischief, can do it. In 2011, one assault was traced to Chinese academic bodies.

Of course, China is not the world’s only hacker. Few people doubt American spies and companies give as good as they get. Even though Beijing lurks behind the Great Firewall of China and strictly regulates its Internet, the country in 2011 suffered some 500,000 cyber-attacks — with around 15 percent of them from the U.S. The most dramatic act of cyber-espionage is believed to have been a joint project by the U.S. and Israel in which the Stuxnet computer virus was used against Iran’s nuclear program. One report claimed the code damaged up to 1,000 centrifuges at Iran’s Natanz Enrichment Plant that many suspect is key to developing nuclear weapons.

Other countries are in on the act too. A report released by the White House last week identified Russia as a major source of hacking. It warned other countries were also likely to emerge. “One or more fast-growing regional powers may judge that changes in its economic and political interests merit the risk of an aggressive programme of espionage,” the report said.

In private industry it appears cyber-espionage — whether by rivals or criminals — is already the norm. Every year tens of thousands of hacks hit companies, trying to steal secrets or access data. In one report, Dmitri Alperovitch of security firm McAfee, based in California, wrote: “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been comprised (or will be shortly).”

But the real new frontiers of this emerging shadow world lie away from big companies and sovereign states. In the parlance of espionage they are “nonstate actors.” Their most famous grouping is perhaps Anonymous, the amorphous grouping of hackers that has adopted a range of causes, attacking websites, individuals and organizations as it sees fit.

Some causes are small. Members have leapt to the defense of people being bullied at school, attacking tormentors online and forcing them to apologize. In a recent high profile case of alleged rape by members of the football team in the Ohio town of Steubenville, the group published claims culled from social media accounts and vowed retribution against the accused and local officials it accuses of covering up a crime.

Anonymous has also tangled with huge corporations and law enforcement, launching hacks on their websites. “It has become a global phenomenon,” said Fruzsina Eordogh, a freelance technology writer who has covered the activities of the group. “It is becoming more and more mainstream. It won’t be called Anonymous anymore.”

Perhaps the scariest aspect of cyber-espionage is how far some might go. Whether a country, a terrorist group or an individual, one possibility looms above all else: an attack on critical infrastructure, such as the power network. That could cause planes to fall out of the sky, cars to crash or power stations to explode. “That is an act of war. It is beyond civilization,” said professor John Steinbruner from the University of Maryland.

Beyond civilization perhaps. But no longer beyond belief. Steinbruner believes America, China and other nations should draw up a sort of Geneva Conventions of the cyber-sphere, taking certain acts off the table and allowing cooperation to ensure they never happen. But he is pessimistic on the chances of that happening before some sort of catastrophic event forces the issue.

“We ought to be doing that. But at the moment we are just waiting for something godawful to happen,” he said.