Information Warfare: Chinese Horde of Hackers

Archives

October 20, 2024: During the last ten years China has vastly increased its Cyber War (attacks on computer networks, usually via the Internet) operations. Chinese hackers are now responsible for over a third of the hacking activities worldwide. This includes the acquisition of Zero Day Exploits or ZDEs. These are freshly discovered and exploitable defects in software that runs on the Internet. These flaws enable a hacker to get into other people's networks and PCs. In the right hands these flaws enable criminals to pull off a large online heist or simply maintain secret control over someone's computer. Currently China has collected more than 80 percent of the existing ZDEs.

ZDEs are rare. They are in great demand and are increasingly expensive to find, or buy, from legitimate researchers or on the hacker black market. The price of ZDEs varies a lot. That's because not all vulnerabilities are equal. Some are much more valuable than others because they are more effective or allow attacks on a larger number of targets. Commercial Internet security firms offer rewards to software engineers who first discover a zero day vulnerability. These vulnerabilities are software bugs that have not yet been put to use by a hacker to create a ZDE. The rewards for really good ZDEs can sometimes exceed a million dollars. The commercial security firms, which provide services for corporate and government clients, offer the rewards openly. There is a more lucrative underground market, financed by criminals and some governments that offer even larger rewards.

The users, especially large companies, get after the software publishers to find and fix the bugs quickly. This rarely happens, and discovering and fixing these vulnerabilities usually takes several months and sometimes as long as a year or more. This is largely because fixing these bugs is expensive and publishers don't want to risk creating new ones. The publishers know that every time they open their source code to repair something there is high risk of creating more bugs. Moreover, it's expensive to fix the bug, test the patched software and then distribute it to their customers. Thus, unless the bug is highly likely to be exploited, it is not attended to right away. The problem with this approach is that the software publisher may not be aware of how exploitable the bug is. Criminals and Cyber Warriors have an interest in finding ways to exploit bugs that appear relatively harmless. That turns the bug into ammunition for the Cyber War, and a way to make money for the criminals.

The Chinese lead in Cyber War means that China is now the most powerful Cyber War operator in the world, with the most ZDEs, the most hackers and the most ability to damage the networks of any nation that is considered an enemy. Currently this capability is theoretical because China is not at war with anyone, at least not openly.

In preparation for a Cyber War ammo supply is critical. Whoever finds the largest number of quality unpatched vulnerabilities and turns them into exploits will win. There's a lot of evidence that the United States and China have both compiled large arsenals and tested a lot of their stuff. Other countries are players as well, but until recently the U.S. and China appeared to be the superpowers of Cyber War. Now it is evident that China has taken the lead and is the largest Cyber War operator on the planet.

At one time the U.S. had an edge in the number of potential commercial security firms and freelance experts it could enlist for the war effort. China openly encourages its hackers to go out and practice on foreigners, especially the Japanese, who are still hated for World War II era atrocities, and the United States. China is also believed to have arrangements and understandings with the gangs that specialize in Internet based crime. Remember, China is still a police state and communist secret police organizations have long been known to use criminal organizations for all sorts of things.

For over a decade now Cyber War and criminal hackers have secretly placed malware software in computers belonging to corporations or government agencies. These Trojan horse programs turn the infected PCs into zombies or bots which are under the control of the botmasters who planted them. Such control allows the botmaster to steal, modify, or destroy data or shut down the computer systems the zombies are on. You infect new PCs and turn them into zombies by using ZDEs. This is a big business, although a lot of that business is delivering spam. But mixed in with all the garden variety criminality is a lot of corporate and military espionage.

Cyber War commanders are resigned to the fact that they will have to use mercenaries if they want to survive any future Internet based conflict. Much use is being made of mercenaries right now in the race to build up stockpiles of munitions. In Cyber War the ammo is information. That is, knowledge of vulnerabilities in software connected to the Internet or major networks not connected to the Internet. It's feared that China actually has a lead in this area, a lead they will not discuss but that the victims know exists.

Cyber War is usually conducted all the time, like espionage in general. Many people don’t realize that NATO nations often spy on each other. This is usually kept quiet because this espionage is a way for friendly states to test each other’s Cyber War defenses without being a threat. This is how the current increase in Chinese Cyber War activities was discovered and measured.

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close