March 29, 2009
Cyber espionage is an issue whose time has come. In this second report rom the Inormation WarareMonitor, we lay out the ndings o a 10-month investigation o alleged Chinese cyber spying againstTibetan institutions.The investigation, consisting o eldwork, technical scouting, and laboratory analysis, discovered a lot more.The investigation ultimately uncovered a network o over 1,295 inected hosts in 103 countries.Up to 30% o the inected hosts are considered high-value targets and include computers locatedat ministries o oreign aairs, embassies, international organizations, news media, and NGOs. TheTibetan computer systems we manually investigated, and rom which our investigations began,were conclusively compromised by multiple inections that gave attackers unprecedented access topotentially sensitive inormation.But the study clearly raises more questions than it answers.From the evidence at hand, it is not clear whether the attacker(s) really knew what they hadpenetrated, or i the inormation was ever exploited or commercial or intelligence value.Some may conclude that what we lay out here points denitively to China as the culprit. CertainlyChinese cyber-espionage is a major global concern. Chinese authorities have made it clear that theyconsider cyberspace a strategic domain, one which helps redress the military imbalance betweenChina and the rest o the world (particularly the United States). They have correctly identiedcyberspace as the strategic ulcrum upon which U.S. military and economic dominance depends.But attributing all Chinese malware to deliberate or targeted intelligence gathering operations bythe Chinese state is wrong and misleading. Numbers can tell a dierent story. China is presentlythe world’s largest Internet population. The sheer number o young digital natives online can morethan account or the increase in Chinese malware. With more creative people using computers, it’sexpected that China (and Chinese individuals) will account or a larger proportion o cybercrime.Likewise, the threshold or engaging in cyber espionage is alling. Cybercrime kits are now availableonline, and their use is clearly on the rise, in some cases by organized crime and other private actors.Socially engineered malware is the most common and potent; it introduces Trojans onto a system,and then exploits social contacts and les to propagate inections urther.Furthermore, the Internet was never built with security in mind. As institutions ranging romgovernments through to businesses and individuals depend on 24-hour Internet connectivity, theopportunities or exploiting these systems increases.