The 800-lb Dragon’s APTitude

Saturday, February 06, 2010

Bill Wildprett, CISSP, CISA

0f48ebb4a6ca02dbf5141affdbfa6898


I’ve been following the news about the Google hacks and ‘Operation Aurora‘ as McAfee called it, for a while.  There’s a plethora of online articles about this and why China would do this, which the PRC government denies pro forma.  It’s about nationalistic young Chinese and about PRC government, economic and military strategic interests.

An excellent source of discussion has been The Dark Visitor website, focused on Chinese hackers and also the SecurityMetrics.org mailing list.

From that, I learned the term Advanced Persistent Threat (APT), used by Mandiant and their M-unition blog.  One of the best comments came from Richard Bejtlich’s TaoSecurity blog; Richard explained what APT is and why it is dangerous.

The long and the short of it is that, in this case, the PRC will use any means whatsoever to obtain information to their advantage.  The usual resource constraints of time, money and people simply don’t matter, nor do ethics as we think of them.  Some have stated that these attacks against Google, Adobe, and according to McAfee, 32 other companies in the technology, financial and defense sectors, are only about malware and the quest for money.

In a sense, this argument is correct, but the financial motivation is different.  Yes, it’s about money because money is about power and the ability, long-term, of the PRC government to retain it against the tide of capitalist democracy.  In other words, as long as the PRC leaders can keep growing their economy, their entrepreneurial class makes money,  and the middle-class gets something, they’ll continue to stay in power.  They have a very vested interest in this odd form of trickle-down economics ~ political survival long enough to ensure their continued relevance and Chinese economic dominance sooner than later this century.

So, if it means the theft of intellectual property, commercial secrets, software, whatever from wherever, that is what China will do, and as their leaders see it, must do, if they are to not just catch-up, but succeed.  As the Mandiant M-unition blog puts it:

“No target is too small, or too obscure, or too well-defended. No organization is too large, too well-known, or too vulnerable. It’s not spy-versus-spy espionage. It’s spy-versus-everyone…

…The APT’s goals are twofold:

  • to steal information to achieve economic, political and strategic advantage.
  • to establish and maintain an occupying force in their target’s environment, a force they can call on at any time…”

It used to be French and Russian intelligence organs we worried about, as far as stealing corporate secrets went.  APT is a whole ‘nother ball game, without umpires and a playbook available to one side only.  Expect other nation-state actors to play the same game; it’s similar to the whack-a-mole the West is playing with Iran over nuclear weapons development where they deny everything vehemently while building enrichment centrifuges as quickly as possible.

The 800-lb Dragon has been around for thousands of years and is feeling re-born and contentious.  Witness the lashing-out and dissing of the West at the Copenhagen Climate summit, criticism of U.S arms sales to Taiwan, the Dalai Lama’s upcoming meeting with President Obama and China’s growing assertiveness in other areas.

Some have commented that criticizing China on this is racist; that opinion is disingenuous and is meant to deflect honest inquiry.  APT isn’t about race; it’s about the means, intentions and long-term motivations of an adversary ~ even one who tries not to seem adversarial, is a key trading partner, owns your debt, etc.,

APT, from China and other actors, will not go away.  This is the new reality and we’d all better begin to pay attention and think how to combat it.  That means working to understand the psychology behind it.  APT crosses the domains of information security, economics, psychology, politics, sociology and more.  It is ultimately about the maintenance of power, its true raison d’etre.

Bill Wildprett

Copyright 2010; Suspicious Minds Blog: http://suspiciousminds.wordpress.com/

Possibly Related Articles:
2721
Breaches Webappsec->General
Google Hacks China
Post Rating I Like this!
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Excellent article! With international cooperation as the linchpin of many security efforts, can we ever expect totalitarian nations like China to actually comply with international accords?

If Chinese trade and copyright practices are any measure, the answer is a resounding "NO".

And they will offer some plausible deniability - as was the response to the evidence in the Google case - by simply allowing a rogue cyber culture to prosper free of prosecution.

Then they can just shrug their shoulders and say, "Wasn't us..."

How will an open society with internet freedom ever be free of Advanced Persistent Threat?
1265564256
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.