According to an “unnamed” security analyst, the vast majority of computer system intrusions perpetrated by Chinese Cyber-Agents are the work of just 12 separate groups or entities. There are suspicions and evidence, that China has been active in the arena of offensive computer espionagefor years.
In addition, there is the Chinese Cyber Army, a conglomeration of several Chinese hacktivist groups that act in the interest, and with guidance from, the Chinese Peoples Army and/or the Chinese state apparatus.
China also officially and publicly this year announced the formation of a specialized cadre of cyberwar experts, although whether this was meant as a decoy from the fact that they already possess such forces, or to further enhance their capabilities is difficult to establish.
Our hackers seem to be of a very different type. We have the underground or Black Hat Hacker, primarily focused on financial gain through criminal energy, venting their dissatisfaction with the current status-quo, or for “Lulz”, our Hackers seem to possess very little in terms of government associated patriotism, nor do their hacktivist causes seem quite as profound or existential as their 3rd and 2nd world kin.
We also have the professional hacker, whether programming snoopware for the German federal states, working for Her Majesty’s, or any other Government for only £25k per year, or selling military grade hacking tools without regulation.
The comparison is not one favorable to the western world. There seems to be a disjoint here, that is difficult to explain and rationalize. Why is a nation like China, that is seen as oppressive and controlling in the west, able to motivate, cultivate and harness their hacker types, whilst ours primarily seem occupied in hacking ourselves or for the highest bidder?
At the same time, not only does our offensive talent seem hair bent on working against us, our cyberdefenses have proven grossly inadequate and ineffectual, as this last year of high profile hacks and breaches has shown only too clearly, leaving the security community in need of some honest soul-searching.
When a western government has to resort to a cheap media gimmick to attempt to find cybersecurity talent, and delivers a badly thought-out and executed fiasco, only to offer an even cheaper financial reward at the end of the farce, you sort of get a feeling that we’re in trouble.
When potentially hostile or oppressive powers end up with better hi-tech equipment than our own, and need a hacker group to tell them how badly coded their chosen tool is, that feeling gets ever so slightly stronger.
Of course, we have tried to utilize our hacker pool before in the past, usually with predictably mixed results. The reasons for this are myriad, but the facts that our authorities contact with the hacker community is primarily antagonistic and confrontational, that we have historically attempted to work mainly with the few celebrity hackers that were caught, and that very few organisations are able to create and provide a fertile, productive environment for them to work in, may have had a dominant role to play in this. Supported by current evidence, China and Iran have had more luck in this regard.
I hate to be a doom-monger, but maybe it is time for a good old reality check. I would love to believe that the 21st century will be more peaceful and less defined by competition than the centuries before it, but realistically and rationally assessing the current Zeitgeist and geopolitical realities, and having some knowledge and grasp of history, and in light of the fact that our business is based on the exact diametrically opposed assumption, that the world is getting a less safe and secure place, that time is nowhere near on the horizon.
There is lots of fear-mongering when the topic of Cyberwar is broached, and to a certain extent there is some of that going on, but that does not mean there is no threat. There is real scope for damage, direct, collateral and asymmetric, using offensive Cyberwar strategies, tactics and technologies, even if these are restricted to information gathering or espionage. This centuries conflicts, to a backdrop of resource wars, overpopulation, and a brewing cold war with China, will be characterised by low-frequency, low-risk warfare, i.e. involving indirect proxy attacks and based on probing defences. Cyber-warfare, with the increasing reliance on and propagation of electronic and computerised functions, services and devices, epitomises this. Cyberwar is not a War of its own in the classical sense, but it is another battlefield, another aspect, another set of weapons. If you do not see the threat, then you may not have quite the imagination and out-of-the box thinking that your opponents may display.
That means that we will need the type of people that have a natural affinity for (in)security, if only because right now we are getting it from both sides. Even more so because you cannot teach this to just anyone. It requires out of the box and lateral thinking. These are traits, not skills, and our standardised approaches based on linear logic and processes, have and will continue failing. So we need to get these people back into the fold, and that may also mean changing the way we see and interact with them, and also the way we see and operate ourselves.
We have an entire commercial class of security professional, but very few hackers. Where are our cyberwarriors? Where will they be when we really need them? With us, or against us?