Inside Cyber Warfare - Jeffrey Carr [6]
Cyber Espionage
Acts of cyber espionage are far more pervasive than acts of cyber warfare, and the leading nation that is conducting cyber espionage campaigns on a global scale is the People’s Republic of China.
In December 2007, Jonathan Evans, the director-general of MI5, informed 300 British companies that they were “under attack by Chinese organizations,” including the People’s Liberation Army.
Titan Rain
“Titan Rain” is the informal code name for ongoing acts of Chinese cyber espionage directed against the US Department of Defense since 2002. According to Lieutenant General William Lord, the Air Force’s Chief of Warfighting Integration and Chief Information Officer, “China has downloaded 10 to 20 terabytes of data from the NIPRNet (DOD’s Non-Classified IP Router Network).” This stolen data came from such agencies as the US Army Information Systems Engineering Command, The Naval Ocean Systems Center, the Missile Defense Agency, and Sandia National Laboratories.
According to testimony by Lt. Col. Timothy L. Thomas (US Army, Retired) of the Foreign Military Studies Office, Joint Reserve Intelligence Office, Ft. Leavenworth, Kansas, before the US-China Economic and Security Review Commission in 2008, DOD computers experienced a 31% increase in malicious activity over the previous year, amounting to 43,880 incidents.
In 2006, Department of Defense officials claimed that the Pentagon network backbone, known as the Global Information Grid, was the recipient of three million daily scans, and that China and the United States were the top two sources.
Acts of cyber espionage are not only directed at US government websites but also at private companies that do classified work on government contracts. According to Allan Paller of the SANS Institute, large government contractors such as Raytheon, Lockheed Martin, Boeing, and Northrup Grumman, among others, experienced data breaches in 2007.
In January 2009, SRA, a company that specializes in providing computer security services to the US government, reported that personal information on its employees and customers was at risk when it discovered malware on one of its servers.
Cyber Crime
At this time it is unknown if the attacks originated from the North Korean Army, a lonely South Korean Student, or the Japanse-Korean Mafia. Indeed, all of these entities could have been involved in the attacks at the same time. This is because the differentiation between Cyber Crime, Cyber Warfare and Cyber Terror can be a misleading one—in reality, Cyber Terror is often Cyber Warfare utilizing Cyber Crime.
--Alexander Klimburg, Cyber-Attacken als Warnung ( DiePresse.com, July 15, 2009)
Most of the sources on cyber warfare that are publicly available do not address the problem of cyber crime. The reasoning goes that one is a military problem, whereas the other is a law enforcement problem; hence these two threats are dealt with by different agencies that rarely speak with one another.
Unfortunately, this approach is not only counterproductive, but it also creates serious information gaps in intelligence gathering and analysis. My experience as Principal Investigator of the open source intelligence effort Project Grey Goose provides ample evidence that many of the nonstate hackers who participated in the Georgian and Gaza cyber wars were also involved in cyber crime. It was, in effect, their “day job.”
Additionally, cyber crime is the laboratory where the malicious payloads and exploits used in cyber warfare are developed, tested, and refined.