A few days ago, following the well-known Mandiant Report “APT1”, we published a small post where we made some assessments about the alleged Chinese attacks on various public and private organizations. We made public a set of Snort rules that could be used to detect —provided that the information from the report Mandiant is true— if an organization had been infected. Obviously, if you receive an alert that should raise some suspicions, but the opposite should not make you assume you are not infected. The resources used for infection are certainly very dynamic and after the report many of them may have been replaced or eliminated.
But this is not what I wanted to talk about. The truth is that I wrote the post with some urgency because we wanted to publish the rules the same day, and I didn’t had the time to think about the complexity of the Chinese attack, its implications, origins and specificities. So I was surprised that none of our readers (you) pointed to some obvious errors in the post that I thought after a while, but I resisted to correct. The entry stated:
The question here is, as pointed accurately by Securosis in their blog, that the difference is not that China has a cyber espionage program, but that its objectives and beneficiaries are both the public and private sectors. From an economic standpoint it makes sense. In an economy largely state-operated and conducted as China, it seems normal that such government “initiatives” benefit economic areas that are in many cases and at least partially, also state. At the end everything remains at home.
The fact is that this is not cyber espionage is not in the sense in which we are accustomed to think about it. This is “something else” and the reason why many people should start to be concerned. Not “classic” or industrial espionage. There is no one to prosecute or to send to the WTO. This is not a criminal action as we understand it. Because it’s more than “simple” military information or technology what is at stake. Is the entire Western economic and social model. It is said that China is a giant that is waking up, but in the light of such reports, may be the Western powers who are sleeping.
One last note. It is true that there is something called Echelon and occasionally this or that power get into suspicious activity (industrial espionage, bribery, etc.) through which they try to favor their national companies in contracts worth millions (see eg , vs. Boeing case. Airbus), but it is conceivable that the volume and size of these bad practices is not even remotely the same as the Chinese (although that is something that we really do not know). There isn’t, to our knowledge, anything like a program of intellectual property stealing coordinated and led by the states (in the political sense, not the U.S.). Such practices belong, in any case, to the private sector, which is subject to the laws and legislations of such states.
This is an approach somewhat underdeveloped and certainly simplistic, but the actions contained in the Mandiant report are not actions of espionage or data theft. These are actions of a political nature that are part of a much broader geopolitical strategy. Carl Von Clausewitz said that war is the continuation of politics by other means. The updated version of the XXI century is clear: cyberwar is nothing more than a tool of politics, with the difference that while the war is legally illegal, there is no such consideration for cyberwar.
Summarizing. This is not about computers anymore. It’s politics. We can “play” hackers meanwhile.