8

COlIse,,,aril'e
protesters b/lrn
mock NOI'IIl Korean
missiles(llId North Korean
flags during Cl/I {ll/Ii- North
Korea rally denollllcing rhe Nor/It s
cyber allacks {lnd demGllding a release of
u.s. jemale jVl/malis/s detained by lite Norlh,
of a park ill Seolll J I I ~ V /0, 2009. North Korea was
originally a prime sl/specl for lalll/chillg the cyber
altacks. bUl fhe isolated slale was 1101 nOllled all a list of
fil'e cOllllfries where ,he auacks 1 I I ( ~ \ 1 have originated. rile Korea
COllllllllll icariolls Commission (KCC) said. REUTERSIJo }ollg-Hak
Let's get the disclaimers out of the way
first. Virtually no nation state is going
to admit to sponsoring cyberterrorism
activities, And while the U,S, government
has experienced its share of attacks,
there's no way I'm going to discuss
classified government information,
s
o that means what I' m going to di s-
cuss here is ei ther hearsay, claims
by people with a vested interest, or
information previous ly published
elsewhere. It's not exactl y what you' d call
a high-quality intelligence take, But it's still
pretty darn disturbing,
Let 's stan with a line-up of suspects. China, of
course, Then there's Nort h Korea, And, pos-
sibly, Iran and Russia. Since there's so much
going on, I' m going to focus specifically on
China and North Korea for this art icle,
Report: China
Back in the 1960s and 1970s, China was an
anti-social nation. The Great Leap Forward
had pretty much fail ed, entrepreneurship
was acti vely di scouraged, and many work-
ers were forced off of farms into factories.
But as it became more and more apparent
that change was needed to keep its popula-
ti on fed, China began to move into the 20th
and then the 2 1 st century,
Today, China has 1,3 billion people, with
-- according to Stanford Uni versi ty -- the
average "composite urban" Chinese citi-
zen making about $828 a yea r. Those li v-
ing out side urban areas make consi derably
less, but you enter the "middle class" in
China once you earn about $2 a day,
It is undeniable that cyberauacks are hitting
the U,S, from China, Michael Horowitz of
eSecurity Planet reported in Jul y 2009 a
penetrati on attempt of hi s servers coming
from China. The security finn F-Secure
identified three Chinese compani es as the
origin for a Trojan attack against smafl-
phones. And as I reported on CNN last May,
my own firm was hit by about a million
computers a day in a di stributed denial of
service attack, with many of the attacking
machines located in China (as well as Ko-
rea, Iran, and Russia).
But arc these att acks sponsored by the
Ch inese government? And what about
penetration attempts against U.S. military
and government install ations?
According to the National Journal , a pub-
li cati on popular among Beltway insiders,
China uses a mix of corporate and political
cyberespionage on a regular basis, The pub-
lication reported "that Chinese cybcr-spics
routinely pilfer strategy informat ion from
American businesspeople in advance of
their meetings in China."
The publication also reported, " During a
trip to Beijing in December 2007, U.S,
intelligence officials di scovered spyware
programs designed to clandest inely remove
information from personal computers and
other electroni c equipment on devices used
by Commerce Secretmy Carlos Guti errez
and possibly other members ofa U,S, trade
delegat ion,"
Government officials I talk to regularly are
daunted by China. One intelli gence special-
ist told me, "China has more honor students
than we have students."
Is China directly attacking the
United States? One of the most
For example, in June 2007, the Office of
the Secretary of Defense took its informa-
ti on systems amine for more than a week
to defend against a seri oll s infiltrati on that
investi gators attributed to China. "
" In April 2009, reports surfaced that attacks
on defense contractor information systems
in 2007 and 2008 allowed intruders prob-
ably operati ng from Chi na to successfull y
exfillrale "several terabytes of data related
to design and electronics systems" of the
F35 Lightning II , one of the United States'
most advanced fi ght er planes,"
"A large body of both circumstanti al and
forensic evidence strongly indicates Chi-
nese state involvement in sllch activities,
whether through the direct actions of state
entiti es or through the actions of third-party
groups sponsored by the state,"
China, in other words, is not exactly playing
well with others.
Report: North Korea
North Korea is perhaps the rogue-est of
the rogue states. The country is dominated
interest ing documents I've read COUNTfR
recentl y was the 2009
Report to Congress of the '1
TlIIt Journal rJ Co\.or(ef1efroriilTl aJld Homeland
U.S.-China Economicand
Security Review Com-
mission. Although it 's
367 pages of dry govern-
ment analysis, its overall
content is enough to get
your heart racing.
According
to the document:
"Joel Brenner, former
director of the Office of
the National Counter-
intelligence Executi ve,
has idenli li ed China as
the ori gin point of ex-
tensive mali cious cyber
activiti es that target the
United States."
"Anecdotal evidence suggests that
Chinese altacks targeting U.S.
govefllment- and defense-related
information have been damaging.
"In April 2009, reports surfaced
that attacks on defense contractor
information systems in 2007 and
2008 allowed intruders probably
operating from China to successfully
exfiltrate "several terabytes of data
related to design and electronics
systems" of the F35lightning Ii , one
of the Uni ted States' most advanced
fighter planes,"
www.theournalofcounterterrorism.or
by the Bond- villi an-like Kim
Jong-II. This strange little man
is apparent ly a huge James
Bond fil m fan and se lf-styled
"Internet expert," according to
a report by Fox News.
More to the point , North Ko-
rea is economically isolated
and politica ll y bel li gerent.
Wi th about 23 million people,
it has a fraction of the popul a-
tion of China, less than 10%
of the popu lation of the U.S. ,
and onl y slightl y more people
than Canada. North Korea has
a GOP of about 526 billion,
accordi ng to the World Bank,
South, a night sate ll ite photo
s hows a large dark region
where North Korea is. In other
words, there are few li ght s on
at ni ght in Nort h Korea.
It' s int eres tin g then , tha t
thi s dark nat ion should be a
prime s uspect in the worl d
of state-sponsored cyberte r-
rori s m. But it does mak e
se nse. Int erne t weapons of
ma ss di s rupti on are asto n-
is hingly ine x pe ns ive. Yo u
prett y much need a pil e of
PCs, a gaggle o f geeks, and
a n Internet connect ion and
you're good to go.
In Ihis particular case, the USB device
apparently contained secret plans on
the joi nt U.S.lSouth Korea defense of
that nation in the event of attack from
the North. The officer's computer was
penetrated and Chosun reports an IP
address of the attacking computer was
traced to North Korea.
whi ch means the ent ire nation
produces about a tenth of the
revenue of Toyota.
Night sa tellite pic tures o f
North Korea are a marvel to
behold. With China to the
north and South Korea to the
10
COUNTER
In July 2009, co mpu ters
at the White Ho use, the
Pe ntagon, and U.S. Depa rt-
me nt of State, along with
co mput ers in So uth Korea
we re targeted by a coordi -
nated, distribut ed denial of
se rvice atlack.
Vo1.l6, No.1
According to the wire service
AFP, "South Korean lawmak-
ers were quoted as saying that
South Korea 's inte ll ige nce
scrvice believes North Korea
or it s sympathi ze rs may have
staged the attack."
Another attack that was att rib-
uted to North Korea took place
in November o f 2009. Ac-
cording to the South Korean
Chosun IIbo newspaper, citing
thc January edition or its s ister
magaz ine Monthl y Chos lln,
a South Korean offi ccr Icft a
USB device in hi s computer
when he switched from the
secured milit ary network to
the IIHernet.
Regul ar reade rs o f thi s pub-
licat ion will recall my warn-
ing in the last iss ue about
the inherent securit y prob-
lems associated with USB
dev ices. Sometimes, I hate
being ri ght.
In thi s particular case, the
USB device apparently con-
tained secret plans on the j oint
U.S .lSouth Korea defense of
that nation in the evcnt of at-
tack from the North. The offi -
cer's computer was penetrated
and Chosun reports an IP
address of the attacking
comput er was traced to
North Korea.
Closing Thou ghts
ve ry easy to "subcontrac t"
cybcrtcrror islll acti vi ti es to
e nt iti es who aren ' t directly
tr aceab le t o the state. Ac -
tua l doll ar expense is virt u-
a ll y nothing (all you need is a
bunch of PCs). And impact is
high -- e ithcr in damage done,
insight into potential defenses,
or intelligence " take".
I have no doubt wc ' lI see more
and more of these act ivities,
and like other cybcrattacks,
the frequ e ncy and potential
impact is like ly to grow.
About the Author
D(lvid Celll i,.,: is direclor of lit e
u.s. Strategic Perspecfive lilSfilllfe
(llId edit or-iI/- chief of lit e ZATZ
lec/lI1i cal lIIag(l:il/es. He reglliarly
writes commel/lary (llId (II/a lysis
for CNN:'" Andersoll Cooper 360.
(II/(/ "as lI'rillell more "WII 700
arlicles a/)olll technology. David
is a former professor of camp Ill er
sciellce. has lectl/red (It Prillceton.
/J erkeley. UCLA. and S((III!ord. Itas
beell awarded fhe presligious Sigm(l
Xi Researc" Award ill Ellgineering.
lind was a candidate for the 2008
Pulir:er Pri:e in Lellers. He is fhe
Cybcrtcrrori.l'lII Advisor/or/ACS?
To COlllact David go 10:
wlI'lI'.D(l vidCell'irtz.colll
Join the
IACSP's Linkedln
Homeland Securily Network
of Counterterrorism &
Security Professionals.
We've di scussed before
how it 's astonishingly in-
expensive to conduct a cy-
ber-attack against another
party. For potential and
actual U.S. cnemies (and
those countri es like China
that walk a fine line), state-
sponsored cyberlerrori sm
has all the characteristi cs of
a good busi ness deci sion.
" , Get linked today!
In almost all cases, there 's
plausible deniabi lit y. It 's
For more Info contact:
homeJondsecuritynetwork@iacsp.com
For S e c u ~ t y Professionals Only
TIRRORISM
Journal of Counterterrorism & Homeland Security International