The rise of the cyberspy
Scientists recently exposed an elaborate Chinese computer-spying operation, and the Pentagon says it is under near-constant ‘cyber-attack.’ How vulnerable is the U.S. to foreign hackers?
What is cyberwarfare?
It’s the malicious misuse of computer networks to steal from, spy on, and cripple government operations, military defenses, and crucial infrastructure. Cyber-attacks have become much more prevalent—and dangerous—in recent years, as nearly every important government department, corporation, and private organization has opened a window to the outside world through the World Wide Web. A chilling example came to light in March, when a team of British and Canadian researchers reported that a network of Chinese hackers, dubbed GhostNet, had penetrated the computer systems of Tibet’s government in exile, NATO headquarters, and the governments of Germany, Spain, and Iran. Among other things, the hackers stole documents outlining the Tibetans’ strategy for negotiating with Beijing. Computers have also been used to steal plans for advanced U.S. weaponry, siphon millions from banks, and harass political dissidents.
How frequent are these attacks?
“We are under cyber-attack virtually all the time, every day,” says Defense Secretary Robert Gates. There were 5,499 known breaches of federal computer systems in 2008, the Department of Homeland Security reports, up from 2,172 in 2006. Those incidents were “only the tip of the iceberg,” says a Pentagon official. “The vulnerability may be bigger than we think.” In 2007, high-tech spies broke into computers housing data on the F-35 Joint Strike Fighter jet that Lockheed is building for the Pentagon. Utility officials have detected breaches in the computer networks that control the three main U.S. electrical grids. The hacks have raised fears that an enemy, perhaps terrorists, could have planted bugs to disable electrical power sources before an attack. “Do I worry about those grids?” asks Joel Brenner, a top U.S. counterintelligence official. “You bet I do.”
Where do the attacks come from?
Mostly Russia and China, say U.S. officials. But they can’t be sure if Moscow and Beijing are behind the attacks, or if they were carried out by freelance criminals. Russian criminal gangs, after all, pioneered the dark arts of computer hacking. In one spectacular caper in 1994, a gang penetrated Citigroup’s internal network and stole $10 million. Russian hackers also attacked Georgia’s Internet service before Russian forces invaded that country last summer. A blizzard of computer messages overwhelmed servers in Georgia, knocking out telephone service and ATMs. The disruptive messages were traced to computers in Russia, including some belonging to intelligence agencies. “It is, quite simply, implausible that the parallel attacks by land and by cyberspace were a coincidence,” says Eka Tkeshelashvili, head of Georgia’s National Security Council.
How do cyberwarriors penetrate internal systems?
They use some of the same tools and tricks used by spammers and hackers who create and disseminate viruses. The GhostNet hackers took over the computers of the Dalai Lama’s Tibetan government in exile by sending e-mails to people in the Dalai Lama’s office that contained innocent-looking attachments, such as lists of human-rights organizations. Clicking on the attachment unleashed a virus that allowed the hackers to read data on the computer and link it with other hijacked computers into a “botnet”—a secret network controlled by the hackers. Using the botnet, they stole files that helped the Chinese track suspected dissidents. “People in Tibet may have died as a result,” reported the British computer engineers who helped expose GhostNet.
Are all the hackers foreign?
Actually, some of the best work for Uncle Sam. “I believe that it is the Americans who steal the most secrets,” says Chen Wenguang of Beijing’s Tsinghua University. He’s hardly an objective source, of course, but it’s true that computer scientists at the Pentagon and U.S. intelligence agencies developed some of the most advanced cyberwar technologies, including sensors that eavesdrop on computer keystrokes and viruses that use a computer’s own camera and microphone to bug the user. Pentagon officials won’t confirm that they have a cyberwarfare operation, but they hint that foreign attacks don’t go unanswered. “A good defense also depends on a good offense,” says Air Force Gen. Kevin Chilton, head of the U.S. Strategic Command. (See below.)
Can the cybersnoops be stopped?
Fire walls and virus detectors help, but nobody believes they are foolproof. Hackers have learned to crack even heavily encrypted passwords within seconds. Their task is made easier by poor security practices. In 2005, hackers ran wild through the computers at NASA, in part because many employees there used simple and obvious passwords such as “administrator.” In an operation that went undiscovered for seven months, the cyberspies stole 20 gigabytes of compressed data—the equivalent of 30 million pages of information—about the space program. In many cases, the best defense is simply to keep all secret information on computers with no access to the Internet, or to avoid computers altogether. Security experts urged the staff of the Dalai Lama’s office to use nothing more advanced than pen and paper for their most sensitive notes and documents. Says British computer scientist Ross Anderson: “It takes a professor of computer science to have the confidence to say that some things simply should never be put on a computer.”
Although the Pentagon won’t discuss cyberwarfare strategy, there’s little doubt the U.S. is engaged in the battle. “We view cyberspace as a war-fighting domain,” says Pentagon spokesman Bryan Whitman, “and we are going to protect and defend it. The key is to stay one step ahead of the enemy.” Toward that end, the Pentagon is reportedly developing offensive cyberweapons, such as software that sneaks onto a server and destroys any botnets it controls, and doctored chips that allow the U.S. to surreptitiously control computers. As a defensive measure, the Pentagon is building a scale model of the Internet, to simulate attacks on the electrical grid, telecommunications networks, and the financial system. The government has even been recruiting experienced hackers who not long ago were on the other side of the law. “They’re not the kind of soldier that I grew up with,” admits Gen. William Lord, head of the Air Force’s newly formed Cyber Command. But we need this “different kind of crowd,” he says. “This is speed-of-light warfare, not speed-of-sound warfare. It’s faster than the F-22.”