Nations blame China for recent cyber hackings

• IBTimes RSS
• Print
• E-Mail
• digg
• Del.icio.us

As India woke up to the campaign targeted towards mapping and discovering weak points within its IT infrastructure which had been running over the past 18 months, now more nations have come forward questioning China's involvement and for backing the hackers.

As the UN raised the issue in Geneva, US, Belgium, France and Russia have also stated that China is attempting to control the cyberspace "offensively ". The ruling Chinese People's Liberation Army is known to operate highly sophisticated divisions and commands for cyber operations. An official declaration has even set the deadline of 2050 for China to be able to stop any army in its tracks through cyber warfare. The hackers have been mobilized into Unions and Red Alliances with alleged 'official backing.'

China's underlying modus-operandi came to surface in September 2007 when the Chinese military was found to be plotting for a cyber-attack which targeted a Pentagon computer system serving the office of US defense secretary Robert Gates.

Off late, a diplomatic spat has been brewing between Belgian and the Chinese government as Belgian justice minister Jo Vandeurzen claims that attacks against the Belgian Federal Government have originated from China, and are likely to have been sanctioned by the Beijing government.

Belgian minister of foreign affairs Karel De Gucht also told the parliament that his ministry was the subject of "cyber-espionage" by Chinese agents several weeks ago.

The Belgian government speculates that China may be interested in spying on them because NATO and the European Union have headquarters in the country as well as in exploring Belgium's historical connections with Central Africa.

Meanwhile, infiltration into protected information is a critically sensitive matter for India since the information that the Chinese hackers were trying to procure would give China an advantage in any potential conflict.

Security experts fear that apart from giving China a good idea of the content, the hacking also enables them to disable the networks during a conflict. Further the information could be used for battlefield purposes and into designing new weapons and equipment.

With reports published in a national daily, several big attacks have been sourced to China over the last few months including prominent ones on National Informatics Centre (NIC) aimed at the National Security Council (NSC), and on the Ministry of External Affairs (MEA).

Senior MEA officials have revealed that that the computers at the Indian Embassy in Beijing had been targeted in April by hackers. The Government also admits that its websites and portals are under sustained attack from Chinese cyber crawlers but said classified information has not been compromised. Consolatory fact is that the computers storing sensitive data are standalone systems not linked to the Internet.

CERT-IN, the official watchdog that tracks hacking of government networks, has refused to comment on the matter. But they do presume that these attacks are not isolated incidents of hacking but a more sophisticated and methodical one.

"No website is 100 percent safe. There are websites with high level of security but there is always some weakness," said China's cyber 'ethical' hacker Xiao Chen.

Chen and his friends run a hacking website in China which reportedly has 10,000 registered users and gets 50,000 hits a day, with the site featuring advice and free software for breaking into computer systems.

Chen even boasts that two of his colleagues were successful in hacking into the Pentagon.

Despite such claims, Chinese officials have dismissed all the allegations as "baseless reports" declining the government's involvement in any cyber warfare towards any country as it did the last couple of times when Chinese hackers were found to be involved in hacking Pentagon's computers and into computer networks of German Chancellor Angela Merkel's chancery and three other ministries.

"The Chinese government has nothing to do with it. The Chinese government discourages such activities against all countries, including India. These reports are baseless. They are not in tune with the growing trust and friendship between India and China," said a senior Chinese embassy official.

"Hacking is a worldwide phenomenon. The Chinese networks have also been victims of hacking," the official added, while recollecting how one of the websites of the Chinese government was found to be hacked by someone from North America last year.

China has also been the target of a big increase in cyber-attacks in recent years and faces more of a threat from hackers than any country in the West.

Wang Xinjun, a researcher at the Academy of Military Sciences quips, "The countries that are victims of computer hackers should work together instead of arbitrarily blaming China."

"In fact, hackers' attacks on China's computer systems have surged in recent years and China is facing a more severe information security situation than any Western country. But the Chinese government never blames it on any other country and insists on calling for international cooperation to crack down on internet-wrecking crime," Wang asserted as he finds it strange that China was singled out when only one or two attacks out of thousands worldwide had been traced back to China.

Governments should put aside their prejudices towards China and abandon their "cold war mentality" he further added.

Meanwhile, Sophos, a world leader in IT security and control conducted research and checks to consolidate the claims and check for any discrepancies in China's role.

"There is not enough evidence to say whether these attacks were sponsored by the Chinese government or not, but since it is unusual for a nation to accuse another of engaging in this activity, especially when it can be extraordinarily difficult to prove an attack is being sponsored by a government or is a lone hacker acting independently, nations need to consider making computer security a priority," said Graham Cluley, senior technology consultant at Sophos.

Sophos does believe China to have an important part to play in the global fight against cybercrime. Research reveals that the country presently accounts for 30.1 percent of the world's malware-infected web-pages, second only to the USA.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

India, per se, has been slack in developing corrective measures in the event of a web-attack even when it has constituted a dedicated team to deflect these attacks; it is still to come up with an aggressive strategy to counter them.

Cyber warfare is yet to become a big component of India's security doctrine. Even in the US the military's role in cyber-security is still in its relative infancy, thereby India is but one of many countries in the process of evaluating how cyber-security and cyber warfare impact its safety.

Cyber experts have expressed that India must move quickly to plug gaps in its cyber security.

"India as such doesn't have any concrete laws for cyber security and we need a Government policy to prevent hacking," said cyber law expert, Pawan Duggal.

Hemal Patel, CEO Cyberoam believes, "The problem is that Indian government is buying and installing China-made software on computers that store sensitive information." He said that earlier the Chinese had no access to our secrets but now since we rely on their software; we've laid it all bare for them.

Experts affirm that a critical information infrastructure protection policy must be framed, together with the revision of IT Act, passed eight years ago, with safeguards with cyber security being considered a national security standpoint to prevent its websites being hacked.

But Admiral Suresh Mehta, Chairman, Central Security Commission (CSC) sums it up, "There is reasonable fire-walling and crypto for our systems. These kinds of thing will keep happening as even the best of the computers can be hacked. Despite all this, our work goes on. These cat-and-mouse games will continue."