“MADE IN CHINA” CYBER

“MADE IN CHINA” CYBER

This post is also available in: heעברית (Hebrew)

thumbnail
To read this article in Hebrew

.

.

By Dr. Gabi Siboni and Y. R.

1Introduction

Over the past several years China has been developing operational capabilities in the field of cyberspace warfare. A cyber attack may be defined as the unauthorized penetration of computer and communications systems belonging to individuals or organizations for the purpose of espionage and information theft, in order thereby to damage or disrupt the functioning of these systems or to damage other systems dependent on them, even to a point of causing actual physical damage. Despite denials by the Chinese government, researchers posit that China is behind a string of cyber attacks against the United States, Japan, France, Australia, and other Western nations.

Chinese activity in the field of cyberspace warfare is intensive and aggressive. It appears that China, focusing on extensive collection of intelligence and commercial information in various fields, is targeting a range of companies – from those with specific technological expertise to organizations with financial and economic knowledge, such as in the cyber attack on the International Monetary Fund in late 2011. However, the fact that companies and organizations providing essential services and communications infrastructures have also been attacked suggests that there many be other motives in play. If so, what underlies these attacks, and is it possible to identify the strategic principle with which China operates in the West in general and the United States in particular? To this end, one must examine China’s cyber warfare strategy, the Chinese organizations involved in recent years, and the resources invested to realize China’s goals through this type of warfare.

It is commonly assumed that before 2009, most of the attacks attributed to China were directed against the American military and the administration, such as Operation Titan Rain against American government agencies and Operation Ghost Net against diplomatic targets in the UN. By contrast, in recent years the attacks attributed to China have been directed against civilian targets, including national infrastructures of critical importance, companies forming a part of the chain of access to those targets, and companies that if attacked, generate an outcome that serves an economic or commercial need.

In recent years there has also been a quantitative leap in attacks against infrastructures. The first was the Shady RAT series of attacks from mid-2006 until February 2011. The second series was Operation Aurora, an especially sophisticated series targeting Google, a critical infrastructure at the global level. These started in mid-2009 and lasted until the end of that year. The third, which received a great deal of media attention, was against RSA, a company specializing in information security and internet servers providing secure ID and one-time password services.

This essay argues that an analysis of the publicly available information about the more recent attacks makes it possible to establish that China does in fact stand behind these attacks and also makes it possible to identify the link between China’s cyberspace warfare strategy and its choice of targets. The analysis includes an examination of the companies attacked to identify possible motives for the attacks. For example, attacking companies and organizations supplying technology allows access to general cutting-edge technology, military technology, and so on. The motives for these attacks are presumably to steal capabilities and conduct industrial espionage against nations and commercial competitors. Attacking companies and organizations in the financial and even political sectors allows access to valuable intelligence in these fields. By contrast, the intelligence value for immediate use in attacking companies providing critical infrastructures and communications services is usually relatively low. Rather, gaining access, if only to some providers of communications and internet services in the West and the United   States, is liable to give attackers the ability to damage these services.

INSS Cyber LogoTo read more, view the full article
(Link to PDF File):

What Lies behind Chinese Cyber Warfare

Dr. Gabi Siboni is a senior research associate and head of the Military and Strategic Affairs Program and Cyber Warfare Program at INSS.

Y. R. is a senior figure at the Prime Minister’s Office.