US President Barack Obama hopes to lay the foundations for a long-term relationship when he meets Xi Jinping, China’s new president, for a two-day summit in Southern California on Friday. Obama has a difficult line to maintain as he must form a workable relationship with the leader of the world’s most significant growing power, while broaching the matter of cyber-espionage. He is under increasing pressure from lawmakers and business interests to confront Xi about China’s alleged cyber-theft of high value state and commercial secrets.
Obama’s dilemma is a little more complicated than it might first appear. Probably the biggest problem he will have in trying to complain to the Chinese about their hacking endeavours is that the Chinese claim they have “mountains” of evidence that the US has been just as active against the Chinese.
Actually, the evidence that many rely upon when blaming another country for hacking is very much open to interpretation. It is no longer sufficient to trace where an attack was “launched from”. It is not like tracking ballistic missiles. Modern cyber-warfare is more akin to grabbing the missile in mid-flight, disassembling it to see if there are any clues as to who built it, and then letting it carry on it way to see who is the intended target. And even then it is quite easy to plant “false flags” that can implicate an innocent party.
The Russian security company Kaspersky has uncovered a cyber-espionage ring known as NetTraveler. It appears to have been operating for 10 years and has been hitting high profile targets in military, diplomatic and related commercial circles. Many believe it originates from China because the most infected countries include Mongolia, Russia and Tajikstan; and the code appears to have been written by Chinese speakers with a “working knowledge” of English.
But many of the command and control servers, the machines to which the stolen information is posted, are in the US. And the US is less affected than China itself. Suddenly the evidence is not quite so compelling.
It was the Chinese who, in response to much press attention about their alleged online exploits, recently pointed out in their own press that considerable amounts of malicious software still appeared to come from the US. The Chinese Computer Emergency Response Team (CNCERT) publishes weekly reports on the attacks China suffers.
Some of the recent ones show that more than 4,000 servers in the US have been attacking nearly three million machines in China. But one has to be careful not to confuse apples and oranges. Many of the attacks the Chinese complain about are from cyber-criminals seeking to steal money or similar “malicious” activities, not from government.
The US is not going to reveal the additional information which convinces them the Chinese are engaged in significant cyber-espionage. That means in the public relations war China will always be able to claim that the US is just as much at fault as anyone else. But for those who take the time to read the details there are some surprising nuggets of information included in the many reports being released by the US.
For example, recently the US Department of Defense released a public version of a confidential report into the cyber-threats aimed at weapons designs. The scale of these attacks makes it clear that they are state-sponsored attacks. In many ways it is irrelevant which state. This report recommends, as do many others, that an aggressive approach to cyber-security should be adopted.
The European Union has some way to go in preventing malicious websites as was noted in a report from Microsoft earlier this week. It shows that most regions have a role to play in cleaning up the internet. In the UK, the government’s Internet & Security Committee has just published a report asking a stronger involvement in checking Chinese equipments that are used in the country’s communication infrastructure.
With the scale of attacks on the US it is not surprising that they intend to mount a robust defence. But regardless of what is said behind closed doors, there is a glimmer of hope for cooperation between the US and China. CNCERT reports that in the first three months of 2013 they have begun to work with the US on a growing cybercrime.
This new collaborative approach could turn into a global collaboration. Such a collaboration is required, as the internet means national boundaries are more easily crossed. Unless all sides cooperate, just like outlaws in the Wild West used to go to South America to avoid the law, we will have criminals evading justice by simply choosing an appropriate base of operations.