Wednesday, August 29, 2012

Great Electric Brain Robbery?




F is for fraud, 1 is for You

Tsunami of Global Crime
The idea of a conquering barbarian horde has haunted European nightmares at least since the Mongol invasion of Eastern Europe. More recently, the term has been used to satirize those who exaggerate threats hypothetically emanating from Asia. Since the 1970s Nixon-Mao rapprochement, many Americans and Europeans and sympathise with the Chinese notion of a "peaceful rise."

However recently, politicians and security chiefs have begun to warn of a tsunami of cyber espionage and cyber theft of intellectual property by ghostly Chinese hackers. The theft was described by one security chief as "the greatest transfer of wealth in history."

US President Barack Obama recently spoke of the need to strengthen US defenses against this threat, citing a figure of US$1 trillion stolen annually by hackers. Supposedly the reason we are not being flooded by news of hacker break-ins and thefts of all kinds is that most of the information is either classified, or in the case of private companies, they don't want to admit that they have been the victim of these crimes.

"What's reported is just the tip of the iceberg," said one US government cyber sleuth recently. "I’ve been circling the iceberg in a submarine. This is the biggest vacuuming up of US proprietary data that we’ve ever seen. It’s a machine.”

Said another security expert, "The activity we’re seeing now is the tremor, but the earthquake is coming." UK intelligence chiefs have made similar claims.

Cyber Hype?

But others have also questioned whether China is the source of this crime wave, because IP addresses can be spoofed. Others claim the figures are exaggerated. They suggest that security forces are hyping the problem to get additional funding, or worse, to strengthen their powers of surveillance and supervision over our own Internet.

Remember the failures of intelligence in the run-up to the invasion of Iraq? Why should we trust them again? What should we make of their claims? Are our offices and companies really being so thoroughly stripped of their intellectual property? Are hackers really turning off our electric power grids, as was also recently claimed? Do the data networks installed in many countries by Chinese companies such as Huaiwei allow the Chinese government to eavesdrop on everything we say?

Without a degree in computer science and clearance for classified information, it is tempting to just shrug one's shoulders and say we really haven't got a clue.

One of the recent reports on Chinese cyber espionage, released by the now-defunct Information War Monitor group, is titled Shadow in the Cloud and describes an organized hacking network called Ghost Net, It's all about shadows, ghosts, mist and fog, and very hard to be sure of anything at all.

But if it's true that we are being robbed blind, this is too important a subject for us to not make a few intelligence guesses. In fact we don't need to be a black belt hacker or work in the CIA to figure out what's going on, the answer is just a few googles away.

More People, More Hackers

In fact it would be strange if we were not being overrun by hordes of Chinese hackers due to the enormous size of the Chinese Internet population which has been growing like the peach in the garden over the last few years. China's online population is already approaching 600 million, equivalent to that of the US and Western Europe combined. More people online means more hackers, it's as simple as that.

As the Beijing police once said to me after I reported the pickpocketing of my wallet, "There are thieves in your country too." We don't have to get into criminology surveys, which are almost as murky as cyber warfare investigations. Let's just assume that China is a country with an average number of hackers, say one for every 10,000 Netizens. In the last five years, China's online population has tripled and an extra 400 million people have gone online. An extra 400 million people online means an additional 40,000 hackers.

That's a lot of extra hackers. And a hacker is not like a traditional burglar, who can only rob one householder at a time, because hacking is automated these days by software suites which can scan websites or web servers for vulnerabilities in just a few seconds. They send hundreds of thousands of e-mails per day, each containing a link to a malware program, which when clicked installs a Trojan horse on the user's computer, which can then be used by the hacker to turn it into a slave node in his network.

After this, he (or she) can control everything on the computer, such as turning off antivirus software, downloading files and contact lists, which in turn can be used to send more virus laden e-mail. In fact, the most effective attack is an e-mail supposedly from a friend or colleague about a subject we're interested in, and our interests can be discerned quite easily once the hacker has access to our whole computer.

But I'm getting sidetracked into the technical side of things, which I want to avoid, because I don't think is necessary to understand all this geeky stuff in order to measure the size of the Chinese hacking wave

Virtual Pickpocketing

So having established that the tsunami of hacking from China is inevitable and to be expected, we are entitled to ask whether this will just be an average size tsunami, as we might expect if the online population of a country with average levels of cyber crime suddenly expanded by 300,000,000, or something bigger or smaller.

I think that wave is a gigantic tsunami rather than an average or pygmy sized one, because in the off-line world, China suffers from endemic stealth crime, i.e. pickpocketing and theft. To support this view, I can only fall back on my own experience of Chinese crime and cyber crime, for what it's worth, which I admit is not very much in terms of a scientific sample.

I have lived for a total of about five years in China, and have frequently been robbed in traditional ways; I have had my wallet pickpocketed, I have had my cellphone, laptop and three cameras removed, all while I was distracted for a split-second.

I have never been mugged at knifepoint or gunpoint or physically assaulted in China, as I have in Europe and South America. I surmise that this kind of theft is rather common in China; silent theft of the kind which you only notice after the thief has disappeared, if you notice at all. And many Internet commentators theorize that what we do in the real world, we tend to replicate in our online world.

And I know from personal experience that the Chinese police have already adopted hacking techniques. My computer was hacked two years ago, either by Chinese police or people working closely with them. They had arrested a Chinese dissident friend, confiscated his computer and then sent everyone on his mailing list an e-mail purporting to be from him, with a link to a blog about his latest detention.

Overcome with curiosity, I clicked the link and I discovered a few days later that I had installed a Trojan horse on my computer. I don't know how much of my personal data was downloaded.

Secondly, I think we need to face the fact that an awful lot of Chinese people don't like us, and would like to get even by hacking into our governments or companies. By us I mean the United States and its allies. Which is not to say that many of them do like us as well; it's just that there is a large number of angry young men who buy into the patriotic discourse of a victimized China which is being deliberately usurped by Western powers.

One of the main themes of CPC propaganda is that China is under siege from these hostile Western powers, who use dissidents as pawns and promote human rights in order to overthrow China's government. Didn't you know that the 1989 democracy movement was blocked by the CIA to overthrow the Chinese government? That's why when 911 happened, there were scenes of jubilation and rejoicing throughout China. Of course that was over a decade ago, but if you log on to the popular Chinese online forums such as Strong Nation or Blood and Iron, you will find much the same sentiments being expressed every day.

So we have this big country, with hundreds of millions of people online for the first time, many of them angry and resentful of both Western governments and Western companies, which they tend to see as working hand in glove. Added to this is the widening wealth gap, which tends everywhere to fuel crime. And hacking is cheap fun which is suitable for the legions of young people who are trying to get by on US$2-300 per month. Is it surprising then that we have an epidemic of cyber burglary?

But hang on, haven't we forgotten something, after all isn't China's supposed to be a totalitarian state where the Internet is used spy on everybody and journalists or dissidents are arrested and imprisoned for posting opinions online? If China is that controlled, surely there cannot be so much hacking allowed? This is one of the major misconceptions of Westerners who only know about China through the Western media.

Surprisingly Free Country

The Western media tends to focus on certain issues in its reporting of China, one of which is human rights abuses. Exposed to other constant stream of such reports, Westerners get the impression that China is a police state like Orwell's 1984. And in some ways they are right. In Orwell's dystopia. common criminals are treated better than political dissidents. But in other ways China departs from 1984, because people have a degree of freedom to do what they want which is hard to imagine in Western countries, where citizens are brought up to respect the rule of law. That kind of respect is still a novelty in China. For example, recently, the Chinese government banned smoking in public places, but nobody took any notice. Restaurants still distributed ashtrays.

There are almost endless examples of lawlessness. I remember in the 1990s seeing motorcycles and even cars driving on the sidewalks. When I enquired why they did this despite the obvious danger to pedestrians, they told me it was because they did not have a driving licence and thus could not take the risk of riding the highway.

One of the most common complaints of political commentators in China is that Chinese citizens no longer have any sense of morality. Traditional Confucian and Buddhist morality was largely swept aside by socialism in the first years after the Communists took power, but that has now effectively been abandoned, leaving only greed and materialism.

Thieving by Remote Control

There's a common colloquial expression in Chinese, "Rabbits don't eat the grass around the burrow.” Thanks to the Internet, new job creation opportunities have emerged that allow young thieves to work remotely. From the perspective of the Chinese authorities, China's international hacking is actually a domestic crime reduction program.

It's obviously not a priority for the Chinese police to crack down this, it is not even near the top of their priorities list. That would be cracking down on organ smugglers, people traffickers, drug traffickers and fake drug manufacturers, poisonous food and drink manufacturers, large-scale industrial polluters-the list goes on.

The Chinese state seems to have already given up on most of these battles, which are much more important to its survival. It has lost control of the skies, the rivers, and food production, all of which are hopelessly contaminated with toxins. Why would they crack down on a group of harmless hackers, when they don't have what it takes to combat these much greater evils?

And after all, the hackers are harmless, at least as long as they don't target the Chinese government, and I don't think we would hear from them for very long if they did that. In fact more than harmless, amateur hackers provide a good recruiting ground for the professional cyber warfare battalions of the PLA. Besides, the transfer of intellectual property by traditional means has a long history in China, whether it be private enterprise which knocks off copies of branded Western goods for sale to tourists in downtown Shanghai shopping malls, or the government, which recently copied high-speed train technology from Germany.

And finally, having retreated to the refuge of patriotism after abandoning socialist rhetoric in the 1990s, the party state relies on these nationalists as its main supporters, and doesn't want to annoy them any more than you or I want to poke a stick at a wasp's nest at the end of the garden.

Amateurs or Professionals?

Western journalists often ask a related question; is the Chinese hacking organized by the government, autonomous groups and individuals, or an alliance of both? Of course there's really no way of answering this question fully. We know that China's military has both electronic warfare and cyber espionage capabilities, just as other armies do. And we can be pretty sure that not every hacker in China is working for the PLA, after all some of them are too young to join up or prefer to work from home in their slippers. But what we can be sure of is that the Chinese government is not doing much to stop this wave of cyber crime.

And we know that they have the ability. They roundup political dissidents pretty quickly every time the politburo sneezes. It's pretty easy for them to keep track on people nowadays when everybody has a cellphone.

Beware the Golden Cyber Horde

So in summary, the Chinese police are not going to crack down vigorously on international hackers, although they might slap a few on the wrist from time to time for the sake of appearances. And the hacking wave from China is just beginning, the netizen population there is still growing fast, with a new wave of smart cellphones likely to double the number of Internet connected devices in the next five years. Network connections will inevitably get faster and as computers spread deeper into our lives in the West, we are exposing an ever larger software and hardware surface area to the potential attacker.

And hackers are learning fast; there are a lot of smart people in China; remember that China tops the world in high school maths and China's Huaiwei is now the world's biggest network company. Make no mistake about it, the invasion of the Golden cyber Horde is just beginning.

(Stephen Thompson is a Hong Kong-based Sinologist and writer under the name
唐肆啼 for Open Magazine, (open.com.hk), a dissident monthly magazine published in Hong Kong)

No comments:

Post a Comment