Web

China is waging an undeclared cyberwar on the US … but now what?

China is waging cyberwar

If you think the timing of a damning report on China’s government-sponsored cyber-attacks on U.S. industry and government is a coincidence, think again.

The 60-page report (PDF) from cybersecurity firm Mandiant, for those of you who missed the media hellfire it sparked on Tuesday, blames the People’s Republic of China for widespread cyber-attacks and cyber-espionage on U.S. industry and government. Targets include companies like Coca-Cola, as well as companies that operate critical infrastructure, like electrical grids, oil and gas pipelines, and water supply.

The report, which was featured in a front-page story by The New York Times (a former client of Mandiant), pinpoints a 12-story office building in Shanghai which Mandiant researchers believe is home to “APT1,” one of “more than 20” similar hacker outfits supported or employed by the China’s People’s Liberation Army (PLA). The hacker contingent is officially known as “Unit 61398,” and has been labeled the “Comment Crew” or “Shanghai Group.” Mandiant even published video of one of the alleged APT1 hackers in action, an individual known as “DOTA” who creates fake Gmail accounts to launch spear-phishing attacks on targets – one of the primary weapons used by APT1, according to Mandiant.

“APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations,” reads the report, “and has demonstrated the capability and intent to steal from dozens of organizations simultaneously.”

This highly detailed report marks the first time a private company has explicitly called out the PLA as the source of a barrage of cyber-attacks on the U.S. It is also the first publicly available report to reveal exhaustive evidence – if not a “smoking gun” – to support accusations that China’s government poses a major threat to U.S. cybersecurity. Many people have talked about it over the years, few have provided something close to proof.

The Chinese government has firmly denied the credibility of the Mandiant report. “The Chinese army has never supported any hackings,” said China’s Ministry of National Defense in a statement to state-owned news agency Xinhuanet. The ministry also said the report was false and unprofessional.

Of course, this denial is neither new nor particularly believable. During the course of reporting various cybersecurity stories, I have personally witnessed real-time cyber-attacks on major U.S. businesses that originated in China. And the information in the Mandiant report has since been backed up by sources within the U.S. government and by a variety of other cybersecurity firms that have gathered similar data.

So the legitimacy of the Mandiant report is not really in question, whatever the Chinese government has to say about it. What did strike me as odd, however, was the timing of its release.

Since January 31, we have seen high-profile cyber-attacks by Chinese hackers on The New York Times, Wall Street Journal, Washington Post, and Bloomberg News. In the last week, we saw Chinese hackers blamed for infecting a developer’s website that resulted in malware infections at Facebook, Apple, and possibly Twitter.

We also saw President Obama call out cybersecurity as a major priority for the U.S. in the State of the Union address on February 12, and, earlier that day, sign an executive order meant to bolster U.S. critical infrastructure networks. Also that Tuesday, Reps. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA) – implicit support for which Mandiant CEO Kevin Mandia gave during a testimony (PDF) before the House Permanent Select Committee on Intelligence on February 14.

All of this felt eerily familiar. In the months that followed the September 11, 2001, attack on the World Trade Center and the Pentagon, our media and our government constantly bombarded us with evidence for why military action was necessary. Al Qaeda, weapons of mass destruction, and the hideous might of Saddam Hussein saturated our world. Talk of Chinese hackers, and the media reports surrounding them, in no way match the insanity churned up in immediate post-9/11 America. But upon reading The New York Times report about Mandiant’s findings in the wee hours of Tuesday morning, I couldn’t help but wonder: Why now?

“We felt like there’s a bunch of things coming together at the same time,” Richard Bejtlich, Mandiant Chief Security Officer, told me during a phone interview. “Our CEO Kevin Mandian just testified before the House Permanent Select Committee on Intelligence last week all about information sharing. This is what we’re doing; we’re sharing information.”

Bejtlich also points to Obama’s executive order, and the admission by the Times and other news outlets that Chinese hackers had infiltrated their networks, as an indication that “this is the time to let the world know what we know about this one group.” Furthermore, he said, “We had heard through some back channels that there’s some support for less observation of the fireworks – in other words, just watching companies get hacked – and more putting the message out there that this isn’t acceptable, and doing something about it.”

So, what does “doing something about it” look like? According to the Associate Press, the Obama administration has already begun “eyeing fines, penalties and other trade restrictions as initial, more-aggressive steps the U.S. would take in response to what top officials say has been an unrelenting campaign of cyber-stealing linked to the Chinese government.” Hawks, like former FBI executive assistant director and current president of cybersecurity firm CrowdStrike Shawn Henry, are calling for even more aggressive action.

“If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation,” Henry told the AP. “This is happening thousands of times a day. There needs to be some definition of where the red line is and what the repercussions would be.”

Others have linked the current situation between the U.S. and China as something akin to the Cold War between the U.S. and the Soviet Union – an analogy Bejtlich echoed during our conversation.

“For those of us that remember the Cold War, we had this sort of mindset that it’s expected that the Russians are out there, and that they had a certain world view, and there’s certain things that they do, and we deal with them in a certain way,” said Bejtlich. “We’re not in a Cold War now, thankfully, but we are in a different sort of conflict.”

In an interview with CNN, former CIA and Homeland Security official Chad Sweet also equates the current U.S.-China relationship to the Cold War – but adds that the dangers of this conflict could be even more severe.

“We’re essentially facing a new Cold War – a cyber Cold War,” he said. “The destructive capacity is equal to that of a nuclear warhead … But what makes it more sinister than the nuclear age is that there’s no easily identifiable plume.”

The U.S. government’s view on the severity of cyber-attacks was made most clear last October, when Defense Secretary Leon Panetta warned that the U.S. could face a “cyber-Pearl Harbor.”

“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” said Panetta. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

Why passenger trains would be loaded with lethal chemicals, Panetta did not say. But the message is clear: cyber-attacks are serious business. And the Mandiant report further promotes this worldview.

Now, I won’t pretend for a second to understand the massively complicated relationship between the U.S. and China, or the degree to which the Mandiant report complicates those ties even further. But as a citizen witnessing the sudden deluge of activity surrounding cybersecurity, I can’t help but wonder – and worry – about where all this is headed.

The passage of legislation like CISPA – a bill civil rights advocates see as a threat to our Fourth Amendment rights – seems all but certain. But then what? How does the Internet change for everyday people once it’s become an officially declared battleground of the world’s two most powerful countries? I have no idea, and have yet to find an answer. One can only hope that when that answer comes, it will be a good one. For now, we wait.

Emerging Tech

Exploding vape pen battery starts fire on SkyWest flight

A vape pen battery caused a fire in an overhead bin on a SkyWest Airlines flight on Wednesday. It's the latest in a string of incidents where faulty or poorly made lithium-ion batteries have caused gadgets to catch fire.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Home Theater

The best movies on Netflix in December, from 'Buster Scruggs’ to 'Roma'

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, witty humor, or anything else.
Business

Apple loses battle to use Intel modems in Germany in latest clash with Qualcomm

Apple is following the Federal Trade Commission's lead and has sued Qualcomm for a massive $1 billion in the U.S., $145 million in China, and also in the U.K., claiming the company charged onerous royalties for its patented tech.
Computing

Russia will ‘unplug’ from the internet as part of a cyber-defense test

Authorities across Russia are planning on unplugging the country from the global internet as part of a test of its cyber defenses. The disconnection will briefly keep all internet traffic inside the country.
Gaming

These are the coolest games you can play on your Google Chrome browser right now

Not only is Google Chrome a fantastic web browser, it's also a versatile gaming platform that you can access from just about anywhere. Here are a few of our favorite titles for the platform.
Mobile

Is the 5G spectrum harmful to our health? Experts say, 'Don't freak out'

There's plenty of consumer anxiety about radiofrequency (RF) radiation, specifically around millimeter waves (mmWave) used on 5G networks, but is it based in reality? We asked the FDA to give us its official view on the subject.
Web

Gmail adds lots of new functionality to its right-click menu

Right-click on an email in Gmail and the list of actions is pretty limited. That's about to change, though, as Google has just announced it's expanding the list of options to make its email client that little bit more useful.
Computing

Tired of paying a monthly fee for Word? The best Microsoft Office alternatives

Looking for a competent word processor that isn't Microsoft Word? Thankfully, the best alternatives to Microsoft Office offer robust features, expansive compatibility, and an all-too-familiar aesthetic. Here are our favorites.
Computing

File Transfer Protocol explained: What FTP is and what it does

FTP stands for "File Transfer Protocol," and it's used to transfer files online. Most internet users don't need it, but web developers use it constantly. Here's what FTP is, how it works, and how you can get started using it.
Computing

Make a GIF of your favorite YouTube video with these great tools

Making a GIF from a YouTube video is easier today than ever, but choosing the right tool for the job isn't always so simple. In this guide, we'll teach you how to make a GIF from a YouTube video with our two favorite online tools.
Computing

Lose the key for your favorite software? These handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.
Computing

From beautiful to downright weird, check out these great dual-monitor wallpapers

Multitasking with two monitors doesn't necessarily mean you need to split your screens with two separate wallpapers. From beautiful to downright weird, here are our top sites for finding the best dual-monitor wallpapers for you.
Social Media

Instagram test reveals direct messages may be coming to browsers

Instagram for the web has always been a minimalist affair compared to the feature-rich smartphone app, but in the last few years that's started to change. The latest news is that Instagram is considering adding direct messages.