China has been in the headlines recently for its purge of top leaders and trying to rid its one-party system of corruption. It will be an uphill fight, but it’s battle worth waging. Another battle that the Chinese are going to have to wage is constant battle against cyber threats that emanate from its territory. A couple of years ago China was the second leading source of zombie computers (the UK was first) — a Zombie is a computer connected to the Internet that has had its security compromised. Zombies can be used for all sorts of malicious activities. The latest bad news out of China comes from the U.S. Commerce Department as reported in the Washington Post by Alan Sipress [“Computer System Under Attack,” 06 Oct 2006].
Hackers operating through Chinese Internet servers have launched a debilitating attack on the computer system of a sensitive Commerce Department bureau, forcing it to replace hundreds of workstations and block employees from regular use of the Internet for more than a month, Commerce officials said yesterday. The attack targeted the computers of the Bureau of Industry and Security, which is responsible for controlling U.S. exports of commodities, software and technology having both commercial and military uses. The bureau has stepped up its activity in regulating trade with China in recent years as the United States increased its exports of such dual-use items to the growing Chinese market.
Resilient organizations have known for years that protecting networks and data bases are critical. Billions are spent each year in this effort. Recently, makers of security software cried foul because Microsoft’s new Vista operating system makes it more difficult for them to stay in this lucrative business. Sipress’ article underscores the fact that despite most organizations’ best efforts they are still at risk. He notes that this latest incident is the second recent attack against government computers that has been traced to China.
In July, the State Department confirmed that hackers in China had broken into its computers in Washington and overseas. Last year, U.S. officials reported that the Defense Department and other U.S. agencies were under relentless attack from unidentified computers in China.
The attacks have been fairly sophisticated:
A source familiar with the security breach said the hackers had penetrated the computers with a “rootkit” program, a stealthy form of software that allows attackers to mask their presence and then gain privileged access to the computer system. The attacks were traced to Web sites registered on Chinese Internet service providers, Commerce officials said. “We determined they were owned by the Chinese,” a senior Commerce official said. He did not say who in China was responsible or whether officials had even been able to identify the culprits.
China’s future success depends on continued trade with the West, particularly with America. Playing by the rules, whether they are WTO rules or rules pertaining to prosecuting hackers, is crucial to maintaining its status as a trusted partner. The breach at the Commerce Department has been so serious that all but a few specially designated computers have been disconnected from the Web. Old computers are going to be replaced and loaded with new clean software. It is scenarios like this that have people thinking about what the next generation Internet can do to make law abiding users safer to use it.
China has long been a focus of high-level attention at [the Bureau of Industry and Security, which is responsible for controlling U.S. exports of commodities], and was the destination for the largest number of licenses approved by the bureau in 2004, according to the bureau’s most recent annual report. In weighing applications for licenses, bureau officials seek to protect U.S. national security interests without hamstringing legitimate commercial trade.
Watching how China deals with this kind of situation will indicate a lot about how serious China is about fully joining the global economy. My instinct is that China will attempt to get this challenge under control, but with its Internet community growing so quickly it will take years to catch up.