I have a picture in my head of a huge building just outside of the Forbidden City in Beijing. It is post industrial classical like a lot of the newer government buildings in China’s capital city. It has few windows and no identifier on the front, just a big red poster acclaiming the 2008 Olympics. Inside there are vast rooms with desks and computers. Sitting at those desks are uniform wearing Red Army Hackers. There are large overhead screens reminiscent of Japanese KanBan systems with attack targets and progress charts depicting the daily activity. One floor might be dedicated to censors. Most of them are busy identifying pornography sites but special groups are dedicated to finding and blocking Chinese access to information on Tibet, Taiwan, and Falun Gong.
Another room is dedicated to espionage where tools are developed and deployed to attack the Pentagon, Whitehall, and the German Chancellery. In this room last week the order was spread to infiltrate and spy on organizers and supports of Tibetan protests. The coders quickly modify Trojan Horse software and package it for the English speaking infiltrators to append to documents carefully crafted email messages and documents. Attackers then send the messages to lists of members of Tibetan organizations. Hundreds of “signal analysts” then pour through the results of captured files, keystrokes, and Skype conversations of the unwitting targets.
That is modern information warfare. The fact that the Chinese are doing this indicates to me that the picture in my head is probably fairly accurate. From F-Secure’s superb analysis of one such email:
The exploit silently drops and runs a file called C:\Program Files\Update\winkey.exe. This is a
keylogger that collects and sends everything typed on the affected machine to a server running at xsz.8800.org. And 8800.org is a Chinese DNS-bouncer system that, while not rogue by itself, has been used over and over again in various targeted attacks.
Are you a manufacturer? Are you responsible for IT Security at a government agency or research lab? Are you an athlete? Do you represent the cause of freedom in Tibet or peace in Darfur ? If so, you have a new enemy. The government of the largest country in the world is after your data. They have resources you cannot even dream of. They are organized. They know what they are doing.
Richard Stiennon is a security industry analyst. He is currently consulting, speaking and writing on all manner of security topics for IT-Harvest, the IT research firm he founded to cover the security space. He was most recently chief marketing officer for Fortinet. He has served stints at PricewaterhouseCoopers, Gartner, and Webroot Software.