China's 128 Cyberattacks a Minute

As the Defense Department slowly moves toward development of a cyber command, it sure looks like the United States needs some kind of defense against cyber aggression from China, even though no one in the Pentagon, quite diplomatically, pins such cyberattacks directly on the Chinese government.

The Chinese cyberattackers -- whoever they work for -- sure are busy bees in cyberspace, according to a transcript of a hearing held in April by the U.S.-China Economic and Security Review Commission, which was released last week.

Kevin Coleman, senior fellow at the Technolytics Institute, a cyber think tank, told the hearing that a survey of nonmilitary government outfits that monitor their Internet firewalls reported an average of 128 acts of "cyber aggression" a minute from China in March.

That works out to 7,680 aggressive cyber acts an hour or 184,320 a day against non-Defense organizations. Coleman said all these attacks came from IP addresses in China but added that he did not know exactly who or what sits behind those IP addresses.

Rafal Rohozinski, principal and chief executive officer at the SecDev Group and an advisory board member at the Citizen Lab, part of the Munk Center for International Studies at the University of Toronto, said the widely reported the GhostNet network uncovered by the center this year was traced back to IP addresses on Hainan Island, China.

GhostNet was designed to attack and infiltrate the Tibetan community, Rohozinski said, but infected over 1,200 computers in 102 countries.

GhostNet, was a "disposable" purpose built network aimed at the Dali Lama and other members of the Tibetan exile community "targeted to the gathering of sensitive political intelligence."

GhostNet lacked technical sophistication, Rohozinski said, calling it "hillbilly SIGINT (signals intelligence)." But hillbilly or not, it worked as it was "targeted against a community that couldn't defend itself very well," he said.

Rohozinski said the center was unable to conclusively prove if Chinese interests or criminal interests were behind GhostNet.

In fact, he believed operation of GhostNet was outsourced to third-party cyber operators "possessing the equivalent of a letter of mark," to operate as "legal pirates of the state." In the 1700s and 1800s, governments issued pirates, who manned armed sailing ships, letters of marquee to search and seize ships belonging to other nations.

I wonder what percentage markup on their services Chinese outsourcing contractors get compared to U.S. contractors?

Whatever they are called, its hard for me to imagine any individual or outfit in China engaging in any kind of activity in cyberspace without an OK from the government, which last week said it will require all computer manufacturers to install Green Dam software that will, among other things, block political and religious Internet sites and track usage.