New Age War: Cyber Attacks

Espionage is an activity which nations have practised during war and peace since ancient times. It was documented in the Indian epic Mahabharata and is part of the still relevant Art of War, written by famous Chinese General and strategist Sun Tzu in 500 BC. Last century it became more glamorous with agents like Mata Hari and 007 James Bond hitting the celluloid. Unlike manuscripts of the past, all information nowadays resides on computers, and the Internet has effectively connected them all. Stealing important information from computers has become a full-time espionage activity. Also you could deny the information to your enemy by destroying or corrupting the information on enemy’s computer, a term now called ‘hacking’. After the Chinese cyber attack on Google’s computer systems in December 2009, China has been classified as a major cyber threat. Over 50,000 have been employed in this state-sponsored cyber warfare team. All are specially trained and most are English proficient. Americans coined a new term advanced persistent threat (APT) and a Chinese Organisation been designated as APT1. Word ‘advanced’ means top of the line capability, ‘persistent’ means it is not a one-time activity, and ‘threat’ means they have a clear purpose to steal or destroy. A report released by a US cyber security company Mandiant in mid-February this year has focused on activities of People’s Liberation Army (PLA) Unit 61398 which has been very active in cyber espionage and cyber attacks. The unit is located in Pudong area of Shanghai. Pudong also happens to be location of the main undersea cable between China and the United States. APT1 has reportedly stolen hundreds of terabytes of data from at least 141 organisations though an extensive network of computers spread across the world. China of course most vehemently rejects the report. When they went public, Mandiant felt there was more to gain by exposing APT1 than by keeping it in wraps.

Modus Operandi

What is the modus operandi? One gets an email purportedly from a familiar source. It contains an attachment with a ‘sleeper’ programme that then gets embeded on the receiving computer. This computer is then controlled remotely to access documents and arrange for e-mails to be ‘unknowingly’ exfiltrated elsewhere. The computer’s web camera could be remotely operated to monitor the activities in the room. The attack on Google was essentially to steal intellectual property rights. It was also directed to assess and use the near 500 million Google user passwords. It also targeted accounts of Chinese human rights activists. The report lists about 35 more companies that had also been attacked which included military major Northrop Grumman, Yahoo, New York Times, Adobe, among others. Major targets are strategic industries, defence establishments, weapon and military technology companies. Targeted also are those who write against Chinese leadership. China also uses the organisation to exercise greater ‘cyber control’ over its own population.

What is Apt?

It is essentially a threat designation to any country or organisation that has capability and engages in cyber espionage and attack on the Internet. Individual hackers or solo operators are not covered in this definition. It need not be threat only to the western world. There are cyber attack cases from outside China too. The famous Wikileaks was achieved through cyber espionage. The ‘Stuxnet’ Computer Worm that targeted hardware of Iran’s nuclear programme was a cyber attack. Like any military operations, APT has clear objectives with timelines, allocates dedicated resources, does risk analysis, and uses advanced skills and tools. Attempt is made to achieve foothold, normally by spear phishing e-mails using ‘zero-day’ viruses. Compromised systems then become gateways into networks and to expand to other work stations. Hackers normally cover their tracks to allow future similar forays.

A PC World report has said that there was 81 per cent increase in advanced computer attacks from 2010 to 2011. The US Cyber Command’s General Alexander Keith recently briefed media on President Obama’s new cyber security policy and the importance attached therein. Last one decade has seen emergence of Computer Emergency Response Teams (CERT) all over the world. The United States Cyber Command coordinates US military response to cyber threat. Other countries, including India, are in the process of setting up similar military commands. CERT teams are now there in most organisations in India. Cyber is where the action is. Need to be on guard.