Reliable Security Information

Cyberwar, cyberespionage and media manipulation

If you've been following along it's no secret the US government and the national security industry have been waging an increasingly concerted campaign to boost cyber-defense spending. The lynchpin of the strategy is the relentless argument that Chinese hackers, under the guidance of its government and military, are into all American corporate business, military networks and the nation's infrastructure. Because of this catastrophe looms.

Another ploy in this orchestrated theatrical production arrived today in the guise of the Defense Science Board report, Resilient Military Systems and the Advanced Cyber Threat.

The report is here.

However, it is not the same report the Washington Post's Ellen Nakashima publicized in a big story on alleged deep Chinese cyberespionage directed against the US military and its arms manufacturers.

"Designs for many of the nation's most sensitive advanced weapons systems have been compromised by Chinese hackers, according to a report prepared for the Pentagon and to officials from government and the defense industry," writes Nakashima for the Post.

The Post's report never makes clear if classified information was taken. And it informs that internal US government discussion of some of the incidents with China is now over a year old.

What does seem to be secret, but in a selective way, is the Defense Science Board report.

The Post reporter delivers the information on Chinese cyber-espionage, writing that it comes from a "confidential" section of the report not included in the copy made generally available to the public.

One of the definitions for "confidential" in Merriam-Webster is "private, secret."

The public version of the DSB report contains only three instances of the word "China" and only one of "Chinese." "Espionage" appears only four times in the report's 146 .pdf pages.

What does this mean?

It means one of the Defense Science Board's members or minions -- which can be any number of a pool of representatives from arms manufacturers like Boeing and Northrop Grumman, to consultants to these same businesses or small national security "think tanks" or lawyers in legal firms providing consultation on cybersecurity issues under contract to the Department of Defense -- leaked the real report, the "confidential" part, to the Washington Post.

These are never selfless acts to get word out about an emerging national threat. That's not how things work.

What it is is another report, among an increasing number, aimed at growing the national security industry's cyberwar and cyber-defense programs, in which many of the Defense Science Board's members are employed.

The secret report, the one the Washington Post tells us about, is to redirect attention to a new threat. It is part of a national argument that generally lumps all cyber-crime , cyber-spying and claimed cyberwar into one big threat aimed at the United States, over everyone else.

Nakashima's report for the Post grudging includes the information that spokesmen for the Chinese government have complained that it is the victim of hacking and cyberespionage, too.

Indeed, a recent set of articles in the Financial Times on the subject includes an analysis that recounts internal cyberespionage in China, a case in which groups of young hackers invade Chinese firms, as well as those in other countries, in collection of information and e-mails which can be sold to competing firms or used in extortion schemes.

China's corporate security businesses are not as mature as American competitors, the FT informs. As a result, criminal hacking groups and espionage efforts can be very successful.

Reads the FT:

China's leading internet security firms such as Kingsoft, Qihoo 360, Inspur, Topsec or Venustech have little or no ambition in investing in forensics, the capability that supports long-term, in-depth analysis of the origin, structure and technical detail of past attacks that is being built by firms such as Symantec or TrendMicro. "Our internet security sector is light years behind the US, partly because there is very little awareness of the problems yet and companies are not willing to pay for such services," says Tony Yuan, head of Netentsec, a Beijing security company ...

For Chinese experts, therefore, foreign complaints about hacking attacks originating in their country are far down the priority list. "Those who accuse the Chinese government of cyber attacks lack sincerity," says Liu Deliang, a cyber law expert from Beijing Normal University. "Cyber crime is the main problem and we should close ranks to fight it."

Obviously, the Chinese read the Washington Post and they are not naive.

They know how the system works in America, too. And they are unlikely to be cowed or embarrassed by a newspaper story about a "confidential" Pentagon report, news of which is a fairly obvious case of insider manipulation. Of course, everyone connected with the DSB report knows this, too.

Thought question: What's the difference between a good leak and a bad leak?

Answer: Bad leaks are those the Department of Justice is commanded to investigate. Good leaks are when contractor/consultants give "confidential" material on an expanding national security threat to the WaPost.

Yes, China is engaged in cyber-espionage against us. The US military is the largest and most powerful in world history. It would be a surprise if everyone wasn't spying on it and its vast private sector infrastructure of giant arms and services contractors.

How do you secure such a large globe-spanning enterprise, one in which there will always be thousands of people, or even many more, who dumbly click on e-mail attachments, idly insert foreign media, go off secure protocols or copy sensitive materials to networked home or unsecured devices for convenience? Rhetorical question.

So what can be seen in the non-secret version of Resilient Military Systems and the Advanced Cyber Threat?

Well, there is a loud call for mounting a big defensive and offensive military cyberwar capability, claiming that the cybersecurity threat facing the nation is equivalent to, or even more serious and complex than things like mounting strategy against the German U-boat campaign in WW2 and the achievement of nuclear deterrence during the Cold War (page 38).

Readers may recall the latter was the building of a survivable capability to blow up the entire world in the case of a doomsday thermonuclear attack.

Cyberthreats are given a taxonomy and a graphic illustration. They range from nuisances, Tier 1 threats, to Tier 6 threats, malware hardware/software as yet unmade that is an "existential" threat.

A threat to existence!

It then proceeds to explain what constitutes various tier threats.

The Stuxnet virus, which the report coyly declines to mention was developed and deployed by the United States, was a Tier 4 threat. The Agent.btz worm/malware, a piece that circulated worldwide in 2008, is given the same rating.

Which I and others would call inflated but which left a lasting scar on the US military because it demonstrated that DoD was no better at keeping viruses off its networks than anyone else.

Agent.btz is never actually named in the Advanced Cyber Threat report. Instead the authors reference only the problem contained by "Buckshot Yankee," which means nothing to laymen because it is not explained in the edition released to the public audience.

Buckshot Yankee was the name given to the operation aimed at neutralizing Agent.btz.

As an illustrative example of what constitutes a past Tier 6 threat, the DSP report comes up with the spying IBM Selectric typerwriter, machines that were altered by the Soviets to collect and transmit what was typed on them. The spying typewriters were put into US embassies in Moscow and Leningrad.

A newer Tier 6 threat is what I call the Subversive Chip of Cyber Doom.

The subversive chip would work normally in US computing and weapons systems until triggered by conditions or an outside signal. At which point it could transmit compromised information or destroy the processor and operating system.

So let's not outsource all computer manufacturing to China. Oh, wait...

Other parts of the document discuss growing the US capacity for offensive cyberwar and establishing a "resilient" cyber force, a potentially immense open-ended project that is said to be of the utmost urgency.

Originally published at Dick Destiny blog. About the author.

Subscribe to SitRep: SitRep RSS Feed SitRep ATOM Feed