Hacks of war

Google may withdraw its services from China following attempted Gmail hacks. Pic credit: M Weitzel

Google’s threat to withdraw its services from China last week following evidence of attempted hacks on Chinese human rights activists’ Gmail accounts, highlights how cyberspace is increasingly becoming a geopolitical battleground.

Google was quick to clarify that it could not be sure the attacks were state sponsored, but its threat to withdraw services from China unless internet censorship is stopped was a clear challenge to state authorities – and one the US was quick to echo.

US secretary of state Hillary Clinton said last week: “We look to the Chinese government for an explanation. The ability to operate with confidence in cyberspace is critical in a modern society and economy.”

The Chinese authorities have said they are talking with Google and have not yet responded directly to the allegations, highlighting one of the chief issues with cyber espionage and warfare – the difficulty of proving who is responsible.

However, security minister Lord West told a Lords committee last week, the lack of clear evidence should not mean there is any doubt that all players are moving into this space, including nation states, organised crime, petty criminals, and mercenary hackers.

He said: “This is now a major threat worldwide... We are toe to toe with these people on a daily basis.”

A paper released by the Conservatives last week called A Resilient Nation also said many did not realise the gravity of the threat of cyber crime.

Attack on Estonia
Hacking attacks emanating from Russian computer systems on Estonia’s critical national infrastructure in 2007 and on Georgia’s later the same year were both pinned on the Russian government by the victims.

However, because of the difficulty of collecting irrefutable evidence on the culprits as well as the nuances of international diplomacy, dealing with such incidents can be difficult, according to West.

He said: “If you complain to a government in any one country – and this has happened to me – they’ll say ‘Very sorry, we didn’t know this was going on, thanks for telling us, we’ll stop it happening’. The activity stops and starts up again from a different set of computers four days later.”

The lack of barriers on the internet is a key problem because it makes both cross-border and cross-sector hacking easier, thereby blurring the boundaries of responsibility.

The Google hack was accompanied by similar, heavily bespoke operations on at least 20 other firms. If proven to be state sponsored, it would not be the first time a state had hacked a business rather than state system, though a state hacking individual email accounts is more unusual.

And as the Gary McKinnon case proved, individuals are perfectly capable of hacking state systems as well as business ones.

Critical infrastructure
In terms of UK security, this means that businesses that are part of the critical national infrastructure need to start working closely with government to repel such attacks, whether they come from individuals, businesses or the state.

Two years ago this was not happening and one chief security officer at a major UK utility told Computing they received no help from government at all. He described the situation as “utter bedlam”.

This was partly the result of the decision to subsume the National Hi-Tech Crime Unit into the Serious Organised Crime Agency, which severed links with the private sector.

Lord West insists the situation has now improved, with the Centre for the Protection of National Infrastructure working with key businesses to share best practice, and the government publishing its first cyber security strategy last year.

While he says water and energy systems are relatively secure because they can leave an “air gap” between themselves and the internet, he admits the teleco mmunications infrastructure is by default more at risk, admitting BT suffers thousands of attacks every week.

With cyberspace becoming a highly effective and risk-free battleground, many think it is only a matter of time before terrorist organisations become involved. West too admitted that this is among his greatest concerns.

“Terrorists have not yet done this on a great scale but where people know how to hack government systems they could learn the rest very quickly,” he said.

The government’s cyber security strategy
The government says it will reduce the threat of cyber operations by “reducing an adversary’s motivation and capability” as well as “reducing the vulnerability of UK interests to cyber operations by furthering expertise and awareness”. It is setting up two offices tasked with addressing cyber crime.

An Office of Cyber Security (OCS) will be set up within the Cabinet Office to provide strategic leadership for and coherence across government ,while a Cyber Security Operations Centre (CSOC) will co-ordinate incident response, enable better understanding of attacks on the UK and advise businesses and the public accordingly.