China denies that it’s military hacked into British government networks. They also deny hacking into the Pentagon. The funny thing is that they probably did both and everyone knows it.

Think about it. Considering that many people now consider a serious cyber-attack to be an act of war, why would one government raise such a serious accusation unless they had plenty of irrefutable evidence? Besides, anyone who has done any intrusion detection or forensic analysis of any network even remotely associated with the US government knows that China actively seeks to gain access to US government resources.

When I first encountered this a number of years ago, I was surprised when I saw hundreds of IP addresses owned by the Chinese government involved in all stages of network attacks. I was also surprised at the duration and frequency of these attacks. It was very much like some government employee comes to work every day and goes through his list of attack assignments.

If I myself have so much evidence to prove China’s attempts to hack US government, I’m sure the US government has plenty of evidence too.

I have seen this so much over the years now that it really doesn’t surprise me anymore (and its not just the Chinese attacking us, they are just the only ones who make no effort to disguise themselves).

Oh yeah, did I mention that we do it to them too? Every branch of military and every intelligence agency in the U.S. has some form of cyber-warfare group, most of whom follow the “Gain/Exploit Attack/Defend” doctrine. Some of these groups are more focused on the gain and defend aspects and others are more focused on the exploit and attack aspects of information warfare.

So yeah it is kind of funny to see China deny the accusations, but it is also kind of funny to see the accusations in the first place. It’s very much like the cold war era where everyone actively spied on each other and everyone knew they spied on each other, but if one ever got caught the other side exploited that shocking news as much as they could.

There’s actually a more interesting story behind all this, and that is about the most powerful weapon used in this infowar, the 0-day exploit. 0-day exploits are information about some product vulnerability that no one else knows about yet, at least publicly. Often, the hardware and software vendors are not even aware of the vulnerability. It’s no secret that there’s money to be made in the selling of 0-days not only on the black market but also to governments, including the US government who does buy these exploits–if you know who to sell them to.

Naturally this isn’t something any government would admit to, but if a hacker were to approach certain US organizations with a powerful 0-day, they certainly wouldn’t just refer him to the MSRC.

The problem with using 0-days is that for them to be effective you need to keep them secret. Therefore if a contractor of a branch of a US government agency were to obtain a good 0-day, they would need to leave every other branch of government as well as every US business vulnerable in order to exploit this thing. To make things worse, once they use it against some other party, there’s always the chance that other party could discover the exploit and use it right back on our own unprotected systems.

Imagine how upset another branch of government was–I mean would be–if they found out some attack team left the whole country vulnerable just so they could keep a 0-day quiet to exploit it themselves. And these secrets could be kept at any level, even down to the individual cyber-warrior who wants to impress his superiors at a critical moment.

To be clear, I think these attack teams are necessary and I would probably be somewhat disappointed if I found out my government wasn’t actively involved in this. But that act of keeping 0-days secret does present a significant moral dilemma that leaves the rest of us as pawns in the game of cyberwarfare.

Perhaps we can just trust these groups to make the right decision.

Related posts

• No related posts.