Uh. Things are heating up in ‘The Code War.’ Last week we wrote about the rise in un-armed conflict between…well between pretty much everyone (organised crime, hackers, governments, terrorists etc). This week there are a lot of ‘pre-incident’ indicators that suggest we’re on the verge of a new era of permanent on-line conflict in which systems that control information are one of many targets.
The event that caught our eye this week was a report that the White House Military Office was the target of a ‘spear phishing’ attack that originated from computer servers in China. ‘Spear phishing’ is an attack where a credible looking email convinces a recipient to divulge valuable or sensitive information like a password or account information. It’s not to be confused with ‘spear trading’, which is when Murray makes a high-risk trade in Slipstream Trader that’s not part of his larger portfolio.
We should consider the possibility that the report of the attack and the link to China are both attempts by the US to stir up suspicion and distrust of China. Having an enemy is good for the defence industry. With the US officially out of Iraq and headed out of Afghanistan by 2014, the ‘Pacific pivot’ President Obama made right here in Australia last year makes China the obvious candidate to be America’s next big enemy.
But it’s not paranoia if they really are out to get you, as the old saying goes. ‘I can tell you that the Chinese have an aggressive goal to infiltrate all levels of U.S. government and private sector networks,’ says Dmitri Alperovitch, a former cyber-threat researcher for McAfee. ‘The White House network would be the crown jewel of that campaign so it is hardly surprising that they would try their hardest to compromise it,’ he tells Bill Gertz.
The White House Military Office controls the President’s travel and of course, the infamous nuclear football with US nuclear launch codes. The White House itself confirmed the network intrusion to the BBC today, but said the network that was penetrated was unclassified and no data was stolen. There is no need to go to your bomb shelter yet, in other words.
But all the ‘pre-incident indicators’ are in place to suggest that ‘The Code War’ is getting more serious by the day. The United States government now has a Cyber Command. Every command needs someone in charge. Rear Admiral Samuel Cox is the director of the US Cyber Command and last week he told Reuters that the Chinese, ‘level of effort against the Department of Defence is constant.’
Cox says attempts to break into the Pentagon’s networks are ‘continuing apace…In fact, I’d say it’s still accelerating.’ His remarks follow a 2011 report which concluded that, ‘Chinese actors are the world’s most persistent perpetrators of economic espionage.’ You can read the whole report by the US Office of the National Counterintelligence Executive yourself here. And THAT report was hot on the heels of a 2009 report by the US-China Economic and Security Review Commission on the same subject.
Given the amount of thought the US has put into preparing for a cyber threat from China, you wouldn’t blame the Chinese for being paranoid about the Americans either, would you? Regardless of who started it, there isn’t much doubt ‘The Code War’ is on. The question now is how will it evolve?
For nation states, computer networks are both key strengths and key vulnerabilities. You can expect more attacks and more efforts to defend. At the very least, there will be a lot more cooperation between the telecommunications industry and the government. At the extreme, the government may decide the infrastructure of the Internet is a strategic asset that should be nationalised. Stephen Conroy probably can’t wait for that!
But systems disruption and vulnerabilities are already a clear and present danger for ordinary people. Techworld reports that 30 more Australian businesses have been hit by ‘ransom malware‘. This is probably the ‘new normal’ for doing business on the Internet. It’s the 21st century equivalent of a stick up or a kidnapping, but all done on-line.
If someone really wanted to undermine confidence in the economy, though, they’d keep attacking the big banks, which is pretty much exactly what’s been happening for the last month. Distributed denial of service (DDOS) attacks on US banks are ‘escalating’, according to cyber security expert Sean McGurk.
Bloomberg reports that Bank of America, JP Morgan Chase, Citigroup, Wells Fargo, US Bancorp, and PNC Financial Services have all been targeted in what experts describe as a ‘campaign’ to disrupt normal business. Maybe Occupy Wall Street is back, and this time they brought hackers instead of hippies.
Seriously though, we raise these points to illustrate how fragile the financial system is when it’s digital architecture is under attack. The same Bloomberg story reports that President Obama is circulating a draft Executive Order that would shield vital US information networks from cyber attacks. Just how that would work is unclear.
What IS clear is that all the pre-incident indicators are in place for a brave new world of financial cyber warfare. To us it’s a reminder that the more complex a system is, the more fragile it becomes. It’s also a reminder that when it comes to your money, if you don’t have it, it’s not really yours. Attacks on the architecture of the financial system lead people to withdraw from it, which itself accelerates the system’s instability (a bank run).
In this evolving environment, we suspect people will opt for a simpler, less-risky financial lifestyle. We have no idea what that means. But we’re working on it. And we’ll let you know when we have more to say. Send your thoughts and comments to firstname.lastname@example.org.
for Markets and Money
From the Archives…
28-09-2012 – Greg Canavan
Banks versus the Farms
27-09-2012 – Greg Canavan
A Familiar Sequence: Print, Spend, Crash
26-09-2012 – Bill Bonner
The Hamburglar’s Budget
25-09-2012 – Dan Denning
The Cheeseburger Police
24-09-2012 – Dan Denning