On July 4, the websites of the Departments of Defense, State, and Homeland Security, and more than two dozen other websites in the US and South Korea experienced distributed denial of service attacks (DDoS). This kind of brute-force attack has millions of zombie computers controlled by hackers (botnets) try to access secure content at once to overwhelm security protocols and bring websites offline. Imagine someone installing remote controls on millions of cars and driving all of them to the parking lots of dozens of government agencies at once to prevent federal employees from working. It’s the same principle, only digital.
Finjan announced its discovery of a 1.9 million-computer-strong botnet in April, one of the largest botnets discovered to date, and one of the largest controlled by a single criminal enterprise. Infected computers are bought and sold like commodities in hacker forums worldwide, and this one was traced back to Russia. Thousands of these botnets operate throughout the world, and, apart from brute force hacker attacks, they can be used for identity theft and a host of other illegal purposes, and some experts aren’t convinced the July 4th attacks came from North Korea, or were politically motivated at all.
Core Security Technologies’ Tom Kellermann commented on the economic motivation for cyber attacks, “There’s a trillion dollars in economic losses sustained due to hacking every year, not just financial data theft but also industrial espionage.” Mandiant executive Mike Malin said that in his experience, state-sponsored attacks are usually “under the radar,” and James Lewis, a fellow at the Center for Strategic and International Studies (CSIS) offered, “If you were going to launch a sophisticated attack, you wouldn’t warn people with this kind of attack. This woke up all the network defenders and you lose the element of surprise.”
South Korean intelligence is also unsure that North Korea was behind the attacks. In a statement, the Korean National Intelligence Service (NIS) said it was examining “various pieces of evidence” pointing to North Korea’s responsibility for the attacks. “The NIS… has yet to reach a final conclusion that the acts have been committed by North Korea,” the statement said. But if not North Korea, who is behind the cyber attacks, and why did they choose such conspicuous timing and such a high-visibility type of attack?
One possible culprit: China. Recent ethnic conflict in Xinjiang province, or East Turkestan as the Turkic Muslim minority Uighurs refer to it, has provoked bipartisan criticism from Captiol Hill, with both William Delahunt (D-MA) and Dana Rohrbacher (R-CA) calling for a resolution to condemn China’s harsh reprisals against Uighur demonstrators. The official Chinese figures put the Uighur death toll at 156 and total casualties at over 1,000, but Uighur activist Rebiya Kadeer believes the real number of dead and wounded in the ongoing conflict is much larger.
Were the 4th of July attacks a hard elbow from China on the cyber court, warning the US government to back down from its support of Uighur Muslims in the wake of the release of 17 Uighurs from Guantanamo Bay and ethnic unrest in western China? It’s difficult to call cyber fouls because it is difficult to distinguish between an officially-sanctioned and rogue criminal attacks, and since China and Russia refuse to abide by the 2004 Council of Europe Convention on Cyber Crime, which would criminalize cyberattacks, murky international cyber jurisdictions make these kind of attacks difficult to investigate.
But is it coincidence that “rogue” Chinese hacker groups like GhostNet align themselves with Beijing’s priorities and share information with Chinese Intelligence? Founder of the Technolytics think-tank Kevin Coleman had this to say about the widespread power outages in California in 2001: “There's an interesting report that came out of the European Union, did you know in 2001 when we had those issues out in California with the power grid the report states it was basically China attacking it? Just more reasons for concern about China!”