Google, China, and the coming threat from cyberspace Cyberspace attacks are set to increase. Here’s why – and here’s what we can do to stop them. By Ron Deibert and Rafal Rohozinski / January 28, 2010 [Time 2]
The recent cyberespionage attacks on Google and that company’s subsequent announcement that it would reconsider its search engine services in China gripped the world’s focus and set off a debate about China’s aggressive cybersecurity strategy. The apparent scope of the attacks – more than 30 companies affected, Gmail accounts compromised, human rights groups targeted – took many by surprise. Some observers believe the attacks were highly sophisticated in nature, employing never-before-seen techniques. Many reports concluded that the Chinese government undertook the attacks. As principal investigators in the Information Warfare Monitor, a project formed in 2002 to investigate and analyze the exercise of power in cyberspace, we have seen many of these types of attacks first hand in our research, and have followed closely those examined by other researchers. From our vantage point, the Google cyberattacks are unusual not in apparent scope or sophistication – as some commentators believe – but rather in terms of the high-profile nature of the victim and the victim’s very public reaction. Indeed, we believe targeted cyber attacks such as these will grow in frequency as cyberspace becomes more heavily contested. Defense against cyberattacks The question is what to do about them. Solutions won’t be easy. Nor will they be solved by technical means alone. They will require widespread and comprehensive public policy changes, greater awareness of network security practices, and above all else a recognition by governments worldwide that an arms race in cyberspace serves no country’s national strategic interest. [241 words]
[Time 3]
For their part, companies should be encouraged to be more transparent and willing to share information about attacks on their infrastructure and less concerned about the liabilities of doing so. Google’s actions are exemplary in this regard and may set a new standard of disclosure. Although many people point to China as an aggressive cyberactor, it is important to understand that cyberspace has become a battleground for intense military competition. Many countries are developing offensive cyberwarfare capabilities, including targeted espionage. Just recently, for example, Dennis Blair, the director of US National Intelligence, argued the United States should be more aggressive in stealing other countries’ secrets in cyberspace. Other countries are less open about such intentions, but no less ambitious. Many successful operations, no doubt, are hidden. The actors in this intense arms race are not just states. Cyberspace allows anyone with the intent and capability to exploit network vulnerabilities. For example, there are countless criminal organizations thriving in the hidden ecosystems of cyberspace, profiting from cyberattacks, cybercrime, and cyberfraud. These organizations employ techniques and tools that are virtually indistinguishable from those that were uncovered in the Google attacks, and by us earlier in our Tracking Ghostnet investigation, a 10-month examination of alleged Chinese cyberspying of numerous diplomatic missions, ministries of foreign affairs, and international organizations. Such groups also offer their services for hire, giving other actors who want to benefit from them a good cover and plausible deniability. It’s called cyberprivateering, and it’s one of the best ways to avoid being caught. Indeed, it’s a major reason why sourcing attacks like the one on Google is so difficult. [268 words]
[Time 4]
Risks from Web 2.0 companies Second, attacks such as these are becoming more common because of changes to the character of cyberspace itself. The services of Web 2.0 companies – so-called cloud computing platforms and social-networking groups – are the primary vehicles through which most people experience and interact with the Internet today. While Twitter, Google Groups, Yahoo Mail, and Flickr may make our cyberexperiences much more convenient, interactive, and richly engaging, they also create two risks: a wide spectrum of new security vulnerabilities and a multiplicity of ever-evolving vectors through which victims can be targeted and attacks mounted. It is common today for cyberespionage or fraud networks to propagate their malware by exploiting and infiltrating popular social-networking forums like these, or to command their systems through blogging sites and multiple, redundant groups, free hosting services, or anonymous mail accounts. It’s often said that dark clouds may have silver linings, but cyberclouds have turbulent and very dark hidden cores. A final ironic factor contributing to cyberespionage attacks relates to the very success of cyberspace itself. Over the past decade, numerous countries, organizations, nongovernmental organizations, and citizen groups have rushed to embrace new information and communication technologies. This is a way to jump-start economic development or take advantage of social-networking opportunities. But they have done so largely without attention to proper security protocols. Private, sensitive, and even highly classified documents that were once locked away in file cabinets now circulate through proprietary clouds and pass between USB sticks, from the home to the office to the laptop, from the coffee shop to the airport lounge. Vulnerabilities multiply as networking increases. When we issued our Tracking Ghostnet report, we concluded that it was not the first nor would it be the last of its kind. Unfortunately, the Google attacks have borne out that prediction. And there will surely be more. [306 words]
Source:csmonitor
http://www.csmonitor.com/Commentary/Opinion/2010/0128/Google-China-and-the-coming-threat-from-cyberspace/(page)/2
China's progress is not in theft of trade secrets The US indictment of five Chinese military men for cyber-espionage against American firms is really a challenge to Beijing to fulfill its own goal of sustaining growth through home-grown innovation in technology. By the Monitor's Editorial Board / May 20, 2014
[Time 5]
For nearly a decade, China has tried to create a strong culture of innovation among its technology researchers. The party line: Be creative, discover new ideas, and accept temporary setbacks like a Steve Jobs. Imagine the shock then on Monday when the United States indicted five Chinese military officers for allegedly stealing secrets from several American companies such as Alcoa and Westinghouse. In accusing China of massive cyber-espionage, the US is challenging Beijing to live up to its own goal of becoming a global leader in science and technology by 2020. “Success in the international marketplace should be based solely on a company’s ability to innovate and compete, not on a sponsor government’s ability to spy and steal business secrets,” US Attorney General Eric Holder said in announcing the indictments. The alleged thievery involved hackers at a spying operation near Shanghai extracting such information as nuclear plant designs and the price for solar panels from the US. The military is involved because it has a heavy hand in state-linked enterprises that dominate the Chinese economy. Many of those enterprises have lately begun to falter in global export markets. The five suspects were named and their pictures put on the FBI’s most-wanted posters – although they are unlikely to face trial in the US. The main point of the indictments is to shame China into ending its official campaign of pirating intellectual property from abroad and to speed up innovation at home. China has many successful technology companies, such as Alibaba, Lenovo, and Huawei. But none are in the Top 100 Global Innovators (the US has 45). And much of China’s progress since 1980 has been based on borrowed technology, either stolen or coerced out of foreign companies seeking to enter the large Chinese market. [294 words]
[Time 6]
As its economic growth slows, China needs to move up faster in the world’s high-tech supply chain in manufacturing and software. Yet it still spends far more in buying royalties than earning from royalties. Changing this will entail a second cultural revolution, one that promotes free-spirited innovation, risk-taking, a tolerance for mistakes, and opportunities for second chances. “We prefer honest work, even if it comes to nothing,” said China’s science and technology minister, Wan Gang, in 2010. “We need a society which has enough patience to be able to withstand failures.” Other cultural shifts are needed. Mr. Gang expressed outrage last year at the level of cheating by China’s scientists. While Chinese patents are now more numerous, many are deemed not to be innovative. The number of Chinese scientific publications has boomed, but the papers are often plagiarized or infrequently cited. The country educates more than a million engineering graduates a year, but Chinese schools still emphasize rote learning over creative thinking. China’s political culture keeps a tight lid on the truth while encouraging scientific researchers to seek the truth. Its leaders push for rapid progress in industry but do little to dispel the notion in China that wealth is a zero-sum game. The world’s second largest economy can shift away from being a copycat of technology if it sees progress as based on a constant flow of new ideas available to those able to uncover them. Innovation cannot be hacked. It requires a culture in which individual creativity and the breaking of mental bounds are nurtured through freedom and protected by rule of law. [266 words]
Source:csmonitor
http://www.csmonitor.com/Commentary/the-monitors-view/2014/0520/China-s-progress-is-not-in-theft-of-trade-secrets
|