April 18, 2010: U.S. Department of Defense computer security officials continue to urge the government to allow counterattacks. For a decade now, American government and commercial networks have been under attack, and nothing American diplomats, or other government officials, have said to the likely perpetrators (China, Russia, North Korea and so on) has had any effect. The hawks in the American Cyber War community point out that striking back is an idea that at least deserves a try. Nothing else seems to work. American Cyber War officials point out that they have gotten better at tracing the source of attacks, and there's little doubt who is responsible for what damage.
Actually, permission to attack may already have been granted. That's because Cyber War is a conflict that is conducted in the shadows and in a cloud of denials. So continuing to have Department of Defense officials plead before Congress for permission to strike back, would be a good cover for actual attacks.
The U.S. Department of Defense is the largest user of computers, and networks, in the world. This includes 11 million Internet users, over six million PCs and over 15,000 networks. This has always attracted a lot of hacker attention. For over a decade, all the services have been scrambling to get their Cyber War defenses strengthened. But so many networks and PCs make an attractive target, and provide many potential weak areas that can be penetrated. The Department of Defense systems suffer thousands of serious attacks a day.
Many people are trying to get into Department of Defense networks, and the best practitioners are doing it covertly, to avoid the victims realizing the danger and increasing their defenses. The key here is hiding your tracks. The earliest signs of major foreign attacks was the highly damaging Code Red virus of 2001, which apparently came from China. It was discovered, picked apart and the origin of the virus was traced. China denied any responsibility and believed they had got away with it.
This penetration was on the same scale as several others in the last few years. There have been at least a dozen major attacks, hitting targets like the State Department, the National Defense University, the Naval War College and Fort Hood. Each of these cost $20-30 million to clean up after. Nothing was said about how defenses were adjusted as a result of these attacks. But that's normal, as hacking is all about keeping your own secrets, and finding out what everyone else's are.
China, unlike other nations hostile to America (North Korea, Cuba, Iran), has a large and growing Internet presence. China has thousands of skilled Internet programmers, and has admitted it is putting together military units for developing and using cyberweapons. These undeclared, and unofficial, Cyber War operations, mainly for espionage, have been going on for over a decade now. And the tools available to the attackers are becoming more powerful. Helping out the government hackers are several dozen gangs that undertake large scale criminal operations on the Internet. Most people see the results in the form of spam email (over 90 percent of all email is spam) and operations that secretly take over personal and business PCs, so these computers can secretly transmit spam, or huge quantities of bogus messages that shut down targeted web sites (DDOS, or distributed denial or service attacks). The gangs also specialize on finding all manner of secret, or sensitive, information, and selling it. Intelligence agencies are often eager buyers.
It appears that China and Russia, or at least their security services, have made deals with some of the gangs. It works like this. If the secret police want some Internet-based spying done, or a DDOS attack unleashed on someone, the gangs will do it, or help government Cyber War organizations do so. In return, the gangs have a safe haven. The gangs have to refrain from major operations against the country they are in, but most of the targets are in the West (that's where most of the money is). Of course, no one will admit to this sort of thing. But criminal gangs working for the secret police is an ancient practice in these two countries, something that goes back centuries.
Little information on American defensive efforts becomes public, for the obvious reason that this would help the people trying to hack their way in. But there is a lot of activity in the Internet defense area. It will be years, if not decades, before the full story is known of who got what from whom, and how. Just like any past situation involving espionage and technology.