The breach in the wall
The Chinese government has been engaged in a comprehensive programme of cyber espionage and cyber warfare for many years, writes Ravi Visvesvaraya Prasad.india Updated: Apr 02, 2009 15:47 IST
The newspapers on Monday front-paged GhostNet — the cyber espionage network run by Chinese computer crackers who infiltrated thousands of computers worldwide and stole sensitive information. Some Indian computer networks that were compromised include those of the Prime Minister’s Office, the Ministry of External Affairs, the Indian Embassies in Washington and Beijing, the Bhabha Atomic Research Centre and the Dalai Lama in Dharamshala.
In fact, the Chinese government has been engaged in a comprehensive programme of cyber espionage and cyber warfare for many years. It has successfully integrated ‘Offensive Information Warfare Technologies, Tactics, and Procedures’ into its geopolitical strategies of establishing its hegemony over Asia without actually spilling a drop of blood.
In 1999, China established a task force on information warfare composed of senior politicians, military officers, and academics. It was headed by Xie Guang, Vice-Minister of the Commission of Science, Technology and Industry for National Defence. Other key members were Fu Quanyou, Chief of China’s General Staff, Yuan Banggen, Head of General Staff Directorate, and Major General Wang Pufeng. It formulated a comprehensive ‘Non-Violent Warfare’ doctrine — in stark contrast to the ‘War of a Thousand Cuts’ strategy followed by Pakistan’s Inter-Services Intelligence (ISI) against India in Kashmir and Punjab.
Its salient features included China’s indirect and non-military penetration into the computer networks of key politicians and military leaders in Taiwan, the US, India, Japan, and South Korea, especially at a time when the political leadership of these countries are struggling with other crises. The People’s Liberation Army (PLA) would encourage civilian and student crackers to target the financial, banking, electrical supply, water, sewage, and telecommunications networks of these countries over the next fifteen to thirty years.
Also, Chinese companies would insert malicious codes and viruses in the computers of private companies of these countries after doing business for sometime. Borrowing from Sun-Tzu’s maxim of ‘Kill With a Borrowed Sword’, in order to make it appear that it is the handiwork of adolescent pranksters, the malware would be sent through university computers.
Shishir Nagaraja and Ross Anderson of Cambridge University’s Computer Laboratory who investigated GhostNet say: “First, it was a targeted malware-based electronic surveillance attack designed to collect actionable intelligence for use by the police and security services of a repressive state... Second, the modus operandi combined social phishing with high-grade malware, with well-designed email lures.”
In addition to cyber espionage such as GhostNet, the PLA was one of the first armies to implement ‘Digital Battlefield’ concepts in military operations during the first Gulf War in 1991. Further, it has always been involved in targeting computer and telecom networks of Taiwan, India, Japan, and South Korea by planting information mines, conducting information reconnaissance, changing network data, releasing information bombs, dumping information garbage, disseminating propaganda, releasing clone information and establishing network spy stations.
The success of this strategy can be gauged from the report of the Munk Center for International Studies at the University of Toronto, Canada, which investigated GhostNet. Though they found that the majority of the computers behind the spying were located in China, they cautioned against concluding that China’s government was involved
Countering espionage systems such as GhostNet will not be easy in practical terms. Nagaraja and Anderson believe: “Few organisations could withstand such an attack… Prevention will be hard… Defences against social malware involve expensive and intrusive measures that range from access controls to tiresome operational security procedures... Evolving practical low-cost defences against social-malware attacks will be a real challenge…”
The Indian Computer Emergency Response Team should immediately formulate and implement defensive countermeasures. The Indian government and armed forces may also consider implementing an Offensive Information Warfare strategy.
Ravi Visvesvaraya Prasad heads a group on C4ISRT in South Asia
First Published: Mar 30, 2009 22:00 IST