Information Warfare: The Shadow Network Attacks

Archives

April 8, 2010:  North American Internet security researchers recently revealed that they had detected a China based espionage group, called the Shadow Network, that had hacked into PCs used by military and civilian personnel working for the Indian armed forces, and made off with huge quantities of data. This was done via Internet based attacks against specific military and government officials. This is often carried out in the form of official looking email, with a file attached, sent to people at a specific military or government organization. It is usually an email they weren't expecting. This is known in the trade as "spear fishing" (or "phishing"), which is an Cyber War technique that sends official looking email to specific individuals, with an attachment which, if opened, secretly installs a program that sends files from the email recipient's PC to the spear fisher's computer. In the last year, an increasing number of military, government, and contractor personnel have received these official looking emails, with a PDF document attached, and asking for prompt attention.

A favorite tool for security researchers to find out how outfits like the Shadow Network operate is Honey Pots. These catch the hackers in the act, and lets you observe the bad guys at work. A Honey pot is an Internet server (PC a Website is running on) that looks real, but is carefully monitored to record everything the hacker does. This way, the researchers can collect information on the hackers and have a better chance of hunting them down. It's not practical to put the monitoring software on every site. Bank and high-security government servers have substantial defenses that monitor any (well nearly any) penetration and shut down if any unauthorized entry is detected. This doesn't help to identify the intruders, but all these sites want to do is remain secure, not play cop.

The Honey pots have proven useful in finding out what tools and techniques the hackers have. This makes it possible to build better defenses. Honey pots also make the hackers uncomfortable and less confident that any server they are hacking into is not rigged to catch them. This makes the security researchers, and their clients, happy.

However, the hackers know the Honey pots are out there, and the technological war of wits continues. The security researchers keep making the Honey pots more convincing. As a bonus, they add elements to non-Honey pot servers to make a knowledgeable black hat think it's a Honey pot.

All of this goes on out of sight. Thousands of server administrators have illegal software planted on their systems for various bits of Web mischief (especially denial of service, or DDOS, attacks.) The U.S. government has detected numerous penetrations of military sites, and theft of information. What worries them is the penetrations they have not detected. Although you don't hear much about it, for obvious reasons, the Honey pot has become a military weapon. In wartime, the militarized hackers could take out Department of Defense servers more quickly than a missile. At that point, some of the script kiddies may realize they are traitors. But until then, the kids are just trying to have some fun.

China, unlike other nations hostile to America (North Korea, Cuba, Iran), has a large and growing Internet presence. China has thousands of skilled Internet programmers, and has admitted it is putting together military units for developing and using cyberweapons. These undeclared, and unofficial, Cyber War operations, mainly espionage, have been going on for over a decade now. And the tools available to the attackers are becoming more powerful. Helping out the government hackers are several dozen gangs that undertake large scale criminal operations on the Internet. The gangs often specialize in finding all manner of secret, or sensitive, information, and selling it. Intelligence agencies are often eager buyers.

It appears that China and Russia, or at least their security services, have made deals with some of the gangs. It works like this. If the secret police want some Internet based spying done, or a DDOS attack unleashed on someone, the gangs will do it, or help government Cyber War organizations do so. In return, the gangs have a safe haven. The gangs have to refrain from major operations against the country they are in, but most of the targets are in the West (that's where most of the money is). Of course, no one will admit to this sort of thing. But criminal gangs working for the secret police is an ancient practice in these two countries, something that goes back centuries.

The U.S. is the main target for the Internet based espionage, and has not yet come up with a way to get the foreign hackers to stop. American officials don't want details of this war reported in the media either, because the losses are embarrassing, as is the lack of an effective plan to halt the plundering. Occasionally, some details leak out, like the military asking Congress for permission to use more aggressive methods in going after the cyber spies. This quiet war could have enormous implications for any future conventional conflict. The Chinese are going after military technology, and it's not always obvious what they've got, and what they haven't. This increases the probability of some nasty, and painful, surprises when the shooting starts.

 Little information on American defensive efforts becomes public, for the obvious reason that this would help the people trying to hack their way in. But there is a lot of activity in the Internet defense area. It will be years, if not decades, before the full story of who got what from whom, and how. Just like any past situation involving espionage and technology.

 

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close