Sunday, September 03, 2006

Chinese Hackers Attacking U.S Department of Defense Networks

This may prove to be an informative forum, and I feel that the quality of the questions and the discussion faciliator's insights in the topic -- as a matter of fact GCN has proven a reliable source on the topic -- will be my benchmark for a provocative many-to-many discussion.

Here are my questions :

- Despite PRC's growing Internet population and military thinking greatly emphasizing on pros of information/cyber warfare -- the concepts copied from the U.S in between Sun Tzu's mode of thinking and attitude may indeed prove a dangerous combination -- I find it a bit more complex issue as: "Let's don't forget the use and abuse of island hopping points fueling further tensions in key regions and abusing the momentum itself, physically locating a network device in the future IPv6 network space is of key interest to all parties." China's growing Internet population results in lots of already infected malware hosts that could easily act as stepping stones by third-parties.

My point : Is it a geopolitical tension engineering, or an active doctrine already in implementation?

- If it's indeed a Red Storm Rising, what's North Korea's place in the situation, could it be North Korea engineering and impersonating China's cyber forces thus helping the enemies of its enemies?

- What significant is the threat from actual PRC's cyber warfare devisions, compared to utilizing the massess of script kiddies and promoting -- and not prosecuting attacks on foreign adversaries -- hacking activities? Script kiddies pretending to be l33t, or cyber warfare divisions using retro techniques to disinform on the actual state of military preparedness? The rise of intellectual property theft worms that I discussed, especially Myfip has been connected with the Titan Rain attacks on military networks, but this can be so easily engineered to point out wherever you want it to :

"Myfip doesn't spread back out via the Simple Mail Transfer Protocol (SMTP). "There is no code in the worm to do this," the report said. "From certain key headers in the message, we can tell that the attachment was sent directly to [users]." One element that stands out is that Myfip e-mails always have one of two X-Mailer headers: X-Mailer: FoxMail 4.0 beta 2 [cn] and X-Mailer: FoxMail 3.11 Release [cn]. Also, it always uses the same MIME boundary tag:_NextPart_2rfkindysadvnqw3nerasdf. "These are signs of a frequently-seen Chinese spamtool…," the report said. Stewart said his team was easily able to trace the source of Myfip and its variants. "They barely make any effort to cover their tracks," he said. And in each case, the road leads back to China. Every IP address involved in the scheme, from the originating SMTP hosts to the "document collector" hosts, are all based there, mostly in the Tianjin province."

- Where does the real threat come from exactly? Hackers reading unclassified but sensitive clerk's emails thus exposing the network's design and gathering intelligence for the future "momentum", or the use of PSYOPS online? How is the second measured as a key foundation for successful information warfare battle?

- Is it a state sponsored espionage and cyber warfare practices, or mainland hacktivists, perhaps even hired third party guns?

Image courtesy of Chinese hacktivists diversifying their attacks and causing more noise during the U.S/China cyber skirmish.

Related resources and posts:
Cyber Warfare
Information Warfare
Hacktivism Tensions - Israel vs Palestine Cyberwars
Cyber War Strategies and Tactics
Who's who in Cyber Warfare?