‘Acts of cyber espionage are far more pervasive than acts of cyber warfare and the leading nation that is conducting cyber espionage campaigns on a global scale is the People’s Republic of China‘ (Carr, J. 2010)
Most of the PRC’s concentration since 2001 has been on cyber espionage activities. With their lack in military arms power in contrast to the US, China uses cyber espionage in an effort to extend their military strategy to match the Americans.
Cyber warfare is a secret war where the body count is climbing daily and Codan Limited has been one of its victims.
Codan is a successful Australian multi-national electronics company that has offices in the US and the UK. In 2012, sales figures for their famous and popular metal detectors started plummeting and it took some detective work to figure out why. The Australian Security Intelligence Organisation (ASIO) reported that the reason for the decline in sales figures was that their computer systems had been hacked and blueprints stolen. Codan was a victim of cyber espionage and the cyber-attack allegedly came from China.
“For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries”
- FBI Director, James B. Comey, May, 2014.
Another of Codan best sellers are its portable field radios that can transmit encrypted messages at great distances. They are military-grade field radio systems that use frequency hopping and encryption (Leung, I. 2013). These are widely used by the US, UK and Australian military. There are also versions of the radios by the same company that are used by intelligence agencies.
Interestingly, for sales of the Codan radios it is possible to contact a sales rep at one of their global offices, including one in Beijing.
ASIO reported that an employee of the company that was visiting China had malware inserted into the company laptop whilst staying at a hotel and it was this initial attack that unlocked the front door to all of the company’s data.
A simple question to pose upon the aforementioned facts is “was it a state-sponsored hack through an insider-attack?”
“China’s economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this”
- S. Rep. Mike Rogers, October, 2011.
The Defence Department of Australia was also the victim of cyber espionage and the breach of their systems was identified by chance. An intelligence operation against China revealed information from a classified Australian document in an assessment produced by the Chinese military. It was thought that the US passed on the information to the Australian government.
The Department of Foreign Affairs and Trade in Australia is home to ASIO and in a 2013 report by Australian Broadcast Corporation it was claimed that China was to blame for the hack into the Australian Department of Foreign Affairs systems.
A highly sensitive document was stolen that related to the building plans of a new ASIO headquarters. The document was in-fact a blueprint of the internal structure and layout of the new headquarters. In the hands of a foreign intelligence agency this would give enough information as to the overall network layout and cabling systems. In conclusion the headquarter project had to be scrapped on the grounds of security. It cost the Australian government $600 million dollars. This figure was indicated by the Mandiant report.
China is an increasingly large subject and report for cyber espionage and hacking journalists. There are statistics within the Mandiant Apt1 Report that suggest there are some 20 centres within Beijing that are primarily used for cyber espionage.
“The Mandiant report cited hits on more than 100 mainly US companies from the 2nd Bureau of the People’s Liberation Army (PLC)”
- O’ Brien, K. ABC, 2013
The PLC has a secret espionage system that is performing a fundamental amount of attacks on American and UK industries. Blue Scope Steel is one of their focuses.
“Chinese hackers have reportedly stolen plans for a new $600m Australian spy headquarters as part of a growing wave of cyber-attacks against business and military targets of the US ally.”
The ABC report said that Chinese hackers had targeted Australia-based companies more aggressively than previously thought, including steel-manufacturer Bluescope Steel, and military and civilian communications manufacturer Codan.
Bluescope Steel was in-fact one of the contractors involved in the construction of the new ASIO headquarters and they were one of a several companies that were hacked by the Chinese for military and/or political advantages.
Bob Carr, Australia’s foreign minister, said “that the report would not damage the country’s ties with its biggest trade partner China.”
David Vaile, of the University of New South Wales, talks about the implications of the latest hacking attack;
“I won’t comment on matters of intelligence and security for the obvious reason: we don’t want to share with the world and potential aggressors what we know about what they might be doing, and how they might be doing it.”
Chinese telecommunications giant Huawei was barred last year from bidding for construction contracts on a new Australian high-speed broadband network amid fears of cyber espionage and the Pentagon’s 2013 report on Chinese military developments accused China of trying to break into US defence networks, saying “it is a serious concern”.
China however has denied the claims and dismissed the Pentagon report. Mandiant still stands firm on secretive Chinese military units that they claimed to have been behind the attacks on over 100 US companies.
“Are chip makers building electronic trapdoors in key military hardware? The Pentagon is making its biggest effort yet to find out “
- Adee, S. May, 2008
A European chip maker recently built into its microprocessors a kill switch that could be accessed remotely according to Adee.
Given the fact that generation F-35 can contain a large number of chips from various countries, estimates from other sources put the total threat to more than a thousand and tracing back to its source is not always straightforward.
Outsourcing is no longer an option as Cyber Espionage equally equates to Cyber Warfare.
With IBM being the major and only American supplier of computer or systems components it’s not long before another manufactured chip is infected as IBM still outsources its components. Combined with the phenomenal growth of suppliers in China, estimates from other sources put the total at several hundred to more than a thousand of outsourced components for computer systems and with military and governmental dependency on secrecy, outsourcing shouldn’t be an option.
All manufacturers, with the exception of one IBM plant, are outside of the United States, and the majority in South East Asia. Should an issue arise within one of these countries that are a major fabricator, adverse impacts could be felt through the lack of supplies. This could either be intentional, such as a political measure, or unintentional, such as an accident or act of god.
The implications of the inability to share secure communications in the event of a cyber-attack; whether it is espionage or the use of espionage collected data for warfare, would be catastrophic during a conflict. Giving an adversary the ability to monitor information sent via a computer system and then providing them with the complete ability to shut down a critical system remotely would be detrimental to the safety of any country. The impact of this could be enormous if flight control systems, weapons systems, or other critical infrastructure is shut down.
The ASIO building, being built near the location of Australia’s top-secret Defence Signals Directorate, is supposed to have some of the most sophisticated hacking defences in the country, which is part of a global electronic intelligence gathering network including the US and the UK.
“But its construction had been plagued by delays and cost blowouts, with some builders blaming late changes made to the internal design in response to cyber- attacks”
- Agencies, 2013
But that’s not to say that the two concepts aren’t inter-linked. Cyber espionage can be utilised in warfare for preparing for war, as part of intelligence efforts, and for preparing for peace. Plus, a long-lasting spying campaign that eventually becomes detected may lead to war if it is interpreted to justify pre-emptive or preventive actions.
http://www.aljazeera.com. (2013). Report: Australia spy plans hacked by Chinese. Available: http://www.aljazeera.com/news/asia-pacific/2013/05/20135284536511454.html. Last accessed 24th.
Adee, S. (2008). The Hunt for the Kill Switch. Available: http://spectrum.ieee.org/semiconductors/design/the-hunt-for-the-kill-switch. Last accessed 24th Feb 2015.
Agencies. (2013). Report: Australia spy plans hacked by Chinese. Available: http://mwcnews.net/index.php?option=com_content&task=view&id=27225&Itemid=26. Last accessed 24th Feb 2015.