Chinese Hackers Stole Blueprints Of Israel’s Iron Dome Missile Defense System; But, That’s What Other Countries Do – The U.S. May Be The ‘Only’ Exception
Mohit Kumar, writing in the July 28, 2014’s TheHackerNews,com, writes that “Chinese hackers infiltrated the databases of three Israeli defense contractors, and stole plans for Israel’s Iron Dome missile defense system,” according to an investigation by the Maryland-based cyber security firm, ‘Cyber Engineering Services Inc.” Mr. Kumar adds that these China hackers were also able to “nab plans regarding other missile interceptors, including Unmanned Aerial Vehicles (UAVs), ballistic rockets, and the Arrow III missile interceptor, which was designed by Boeing, and other U.S.-based companies.”
Mr. Kumar adds that “the intrusions were though to be executed by Beijing’s infamous “Comment Crew,” hacking group — a group of cyber warriors linked to the Chinese People’s Liberation Army (PLA) — into the corporate networks of top Israeli defense technology Iron Dome missile defense system: including Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems, between October 10, 2011 and August 13, 2012.”
“The Beijing-sponsored hacking group came to light,” Mr. Kumar notes, “earlier this year when the U.S. Justice Department charged five of its alleged members with various hacking and espionage offenses,” something which I wrote at the time, was a mistake. “The group allegedly infiltrated U.S. systems involved in nuclear power, metals and solar products industries, in order to steal information that would provide an economic advantage,” for Chinese companies, Mr. Kimar wrote.
Brian, on the blog, Cyber ESI , “identified more than 700 documents that were stolen from Israeli Aerospace Industries, (IAI), amounting to 763 Mbs, including Word documents, spreadsheets, PDFs, emails, and executable binaries;” although, the number is believed to be quite higher, Mr. Kumar wrote. “The haul also included a 900 page document that provided schematics and specifications for the Arrow III missile,” according to the publication Defense News. Mr. Kumar added that the Comment Crew hacking group, “maintained hooks inside IAI for [at least] four months during the 2012 raid.” During that time Mr. Kumar writes, “the hacking group stole log-on credentials, planted Trojans, and key-loggers; and, dumped Active Directory data from at least two domains.
Indicting Chinese Military Officers Was A Huge Mistake/Unforced Error
Ira Winkler had a May 29, 2014 article on the website DarkReading.com, with the title above. The subtitle of his article reads, “blaming soldiers following lawful orders only deflects from the government’s responsibility to impose trade sanctions — and, take more useful measures.”
Mr. Winkler begins his article writing, “when I read that the Department of Justice (DoJ) was charging five Chinese military officers with cyber espionage related crimes — I immediately knew it was a bad idea from the start. Looking at the rationale for the charges,” he adds, “I have no doubt that the intelligence that identified these five individuals is solid. It is also very likely that the Chinese soldiers are breaking into the corporations named in the indictment. While the DoJ might acknowledge that military officers will commit espionage to further their national interests, the DoJ might believe it is wrong to hack companies for industrial [economic] purposes.”
“The reality though,” argues Mr. Winkler, “is that at best, the indictment is an attempt to deflect fallout from [Edward] Snowden’s treason. It is very true that while the NSA has demonstrated itself to be more effective at gathering intelligence and infiltrating networks, China’s hacking efforts are much more damaging to the U.S. and the world economy. NSA data has not been provided to private companies to make them more competitive, while China uses its cyber espionage to commit a form of technology transfer to Chinese companies. So calling attention to the economic impact of Chinese hacking is a reasonable goal.”
“Unfortunately,” Mr. Winkler contends that “indicting military officers, is a horrible way to show our displeasure,” at what we perceive as unacceptable behavior on the part of Beijing. “While the U.S. might believe that committing espionage for the benefit of private companies is wrong, — that is a relatively rare position to take. Israel, France, Germany, Russia, Japan, South Korea, and just about every other country with an intelligence [collection] capability — believes that supporting their businesses supports their economy; and, is in their national interests. While China might be the most egregious in their actions, they are far from alone,” writes Mr. Winkler.
Former CIA Director and Secretary of Defense Robert (Bob) Gates agrees with that assessment. In a wide-ranging interview at the Council on Foreign Relations in May 2014, Secretary Gates said, “I think that you need to sort of take apart cyber writ large, and look at the different aspects of cyber. What — what we have accused the Chinese of doing, stealing American companies’ secrets and technology is not new, nor is it done only by the Chinese. There are probably a dozen or 15 countries that steal our technology. The difference is,” Mr. Gates said,” and it is hard for people to believe this, but you’ll have to take my word for it. We are nearly alone in the world in not using our intelligence services for the competitive advantage of our businesses.”
“Then there is the issue of charging military officers, who are sitting in their home country, following what are lawful orders (at least for them) from their superiors,” adds Mr. Winkler. “Unless the DoJ is claiming that these five military officers are going rouge; and, committing these actions for their own personal benefit, there is no doubt that the issue is with the Chinese government. These military officers are just doing what they are told to do, and would/will be severely punished for not doing so.”
Industrial Versus Government Espionage
Mr. Winkler notes that he is “against what China and other foreign governments are doing with regard to industrial espionage; however, I am against making soldiers criminally liable for following lawful orders — within their own borders. Again, this is a nation-state issue. When a nation is assigning their military and civilian employees to commit an act that the U.S. considers criminal, the charge should be against the country that is providing the resources to commit the acts. The actions a government can legitimately take include: trade sanctions, eliminating foreign aid, and taking military action. If anyone thinks charging Chinese military officers with crimes is demonstrating support for U.S. businesses, they are fools, as the U.S. is actually refusing to take any tangible actions against China.”
“China has responded by frankly doing what I would expect;” notes Mr. Winkler, “setting cyber security relations back years. These indictments created no benefit to the U.S. — except to call temporary attention to the Chinese government hacking efforts. While I hate the expression “slippery slope,” says Mr. Winkler, “what the U.S. government has done is a very slippery slope. Let’s consider what happens should China and other nations choose to prosecute any member of the U.S. military, or employee of an intelligence agency. Can China, or any other country choose random NSA employees and prosecute them for potentially spying on them? In even more extreme cases, can drone operators be charged with murder?”
“Regardless of whether or not you believe a country should be spying on another country, to specifically charge [other country’s] soldiers with crimes — when they are [merely] the random operators in the case — is flat out wrong,” he contends. Instead, “the U.S. is shirking the much more difficult political responsibility of imposing trade sanctions on the companies that receive and market stolen technologies, as well as their governments.”
Mr. Winkler concludes, “the fact of the matter is,” charging [foreign] soldiers with a crime of cyber economic/industrial theft – when, “there is no chance in hell of ever prosecuting — it is a damaging act that might make some people happy; but, [such actions] only have a [significant] negative impact on the larger picture. The only tangible impact to come out of this — is that the five Chinese [soldiers] people charged will probably not attend the Black Hat Conference this year [in Las Vegas].”
I think Mr. Winkler should be applauded for this article. Indeed, there is an old saying, “if you can’t beat them, join them.” Attempting to stop the Chinese, or any other nation for that matter, from actively conducting cyber and/or industrial/economic espionage — is a fool’s errand. And, rather than pointing the finger at China, perhaps a better and more troubling question is, how could major U.S. corporations like Alcoa, U.S. Steel, Westinghouse, and others –with hundreds of millions of dollars at stake — allow, what by all accounts was (at most) a moderately sophisticated cyber attack by a low-cost military operation by China?
“People need to realize that the bad guys are persistent, they’re organized,” said Stephen Cobb, a senior cyber security researcher at ESET North America. “People all around the world want to get into somebody else’s computer; and, they’re running automated script looking for holes,” he said.
Cyber ‘False-Flag’ Operations; And, The Difficulty Of Cyber Forensic Attribution
And, it is the cyber attacks that we don’t see — that are probably even more damaging. A fairly common technique among nation-states, cyber “militias,” etc, are the employment of cyber false-flag operations. The Chinese and other nation-states, etc., often hack into the supply-chain and second and third-tier suppliers of major defense contractors, etc. — not to steal their data; but, to “take over’ their personal computers in order to disguise their attacks against bigger fish, like Fortune 100 companies. By camouflaging the origin of the hack; and, masquerading as a legitimate supplier, sophisticated hackers can often bypass a company’s security software and firewall to gain access to sensitive intellectual property and/or, critical research and design schematics. “Think of it like someone hiding behind a parked car in a gunfight,” said Kevin Albano, a cyber security researcher at the firm FireEye. “You know they’re shooting at you, you just don’t know where the shot came from.” This technique makes cyber forensic attribution more difficult to do, more expensive (cyber investigation) to undertake; and, harder to discover in the first place. Instead of “The Great Leap Ahead,” we have the “Great Steal Ahead.”
The difference with respect to Chinese cyber “seems to be their frequency, ubiquity, and sheer brazenness,” wrote The Economist last year (April 6, 2013), “Cyber Hackers: Master’s Of The Cyber Universe.” “This leads to an unnerving conclusion.” wrote the Economist. “They don’t care if they get caught,” said Dmitri Alperovitch, who used to work at the cyber security firm McAfee, where he helped analyze several Chinese hacking operations in 2010 and 2011, and is co-founder of CrowdStrike, a new cyber security firm.
“Cyber security experts outside China have learned how to reverse-engineer methods of attack and trace ‘Internet-Protocol addresses back to their physical origins,” according to the Economist. Using these techniques, “up to 20 ‘Advanced Persistent [Cyber] Threat teams have been identified operating in China, including one that stole valuable commercial secrets from Google, Adobe, and, other Silicon Valley companies; another that for years targeted global energy companies; and, yet others that have hacked hundreds of companies, government-agencies, think-tanks and Non-Governmental Organizations (NGOs) the world over.”
Practicing To Go To War, Fight ‘Disconnected’
The Economist concluded, “the Chinese Army’s doctrine of cyber-warfare (like that of a number of their Western counterparts) is to knock out the enemy’s information infrastructure; and, it’s doctrine of cyber-security is to go on the offensive to defend itself against cyber attacks. Indeed, some of China’s unclassified literature on “Unrestricted Warfare,” refers to fighting “disconnected” — as they assume the adversary will takedown their systems; and, they will attempt to do the same to their opponent.
So, having said all the above, I believe that Mr. Winkler is correct; and, one wonders if this Administration considered and/or, war-gamed the potential consequences that Mr. Winkler alluded to. One also has to wonder, given the Pentagon’s attempt to distance itself from this action (DoJ indictment of 5 Chinese PLA officers) — whether DoJ and or the White House even consulted DoD. Nothing would surprise me coming from this White House. V/R, RCP