Economic warfare, 21st century style

A little-known cyber-security firm called Mandiant dropped a bombshell last week. The Washington, D.C.

A little-known cyber-security firm called Mandiant dropped a bombshell last week. The Washington, D.C.-based outfit released a report that made a very convincing case that Chinese government agencies are behind a vast range of highly sophisticated electronic attacks on Western companies and governments.

Their report was highly detailed, including video capture of real cyber attacks from Shanghai and an appendix documenting thousands of examples from the Chinese “malware arsenal.”

Many of the attacks are aimed at Western companies, especially those in industries China has identified as strategic, rather than more traditional targets like defence ministries and spy agencies.

Economists seldom make it into James Bond films, despite Ian Fleming’s own espionage work taking place in a sister organization to Britain’s Ministry of Economic Warfare. Undercover economists schemed to debase the German currency, freeze enemy assets and cut off Nazi access to strategic metals like tungsten and chromium. Wassily Leontief even pioneered input-output analysis, a bane of many undergraduate economics courses, to figure out which German factories to bomb.

More recently, economic warfare has been a key part of our fight against terrorism and drug cartels. Most people would be surprised to learn how much effort around the world goes into tracking and disrupting the channels that al-Qaida and other malefactors use to finance their activities.

Mandiant’s report focuses on the activities of one cluster of hackers, which in cyber-security jargon it calls Advanced Persistent Threat 1 (APT1). The report is based on tracking APT1 attacks on 141 corporate and government victims over the last seven years. Some details from the report: 87 per cent were headquartered in English-speaking countries, industries targeted included four of the seven strategic industries in China’s Five Year Plan, and 937 Command and Control servers are controlled in 13 countries controlling thousands of domain names.

Ninety-seven per cent of the time Mandiant was able to track the hackers activating their attack systems: their IP addresses were in Shanghai and their computers’ language settings were “Simplified Chinese.” Mandiant has identified the group as People Liberation Army Unit 61398 in Shanghai and even has the address and the China Telecom form ordering the installation of high-capacity fibre-optic cables for “national defence” purposes.

The Chinese government vehemently denies it is involved in hacking. After claims emerged that Chinese hackers had downloaded huge amounts of Nortel secrets before the bankruptcy of that iconic Canadian high-tech firm, its embassy told the CBC that “cyber attacks are transnational and anonymous. It is irresponsible to prejudge the origin of attacks without thorough investigation and hard evidence.”

The official Chinese line is hard to reconcile with the detailed evidence accumulated by Mandiant and others.

China’s new capabilities upset other nations in three ways: their economic nature, their scale and their threat.

Nations have always spied on each other, including the U.S./U.K./Canada/Australia partnership that has been so successful in the signals-intelligence and code-breaking world. And corporate executives from aerospace and defence companies have always been well advised to keep a close eye on their briefcases during foreign visits, including to nominally allied countries.

But the Mandiant report describes an organization that goes far beyond pilfering an executive’s email during a bidding process. Instead, we have a large organization with hundreds and perhaps thousands of employees dedicated to deeply penetrating Western companies and downloading their fundamental business plans, blueprints and technologies. And the focused nature of the attacks suggest industry specialists are guiding the hackers, ensuring that the terabytes of data can be analyzed and exploited once stolen.

Mandiant doesn’t mention names, but other media reports suggest Chinese hackers had almost unfettered access to Nortel’s most sensitive computer files for years. These files would have been of enormous value to Chinese telecommunications equipment manufacturers.

Then there is the massive scale of the operation. According to Mandiant, early 2011 saw APT1 penetrate 17 new victims in 10 different industries.

APT1 targets include 115 victims in the U.S., two in Canada and 24 others. Industries included technology, media, transportation, banking, law firms and more recently metals and mining companies.

You may recall media reports in Canada in 2010 about a massive cyber attack on Canadian law firms, government ministries and other firms involved in the potential takeover of Potash Corp. of Saskatchewan. China is one of the biggest importers in the potash business and there were unconfirmed suggestions by industry players at the time that China hoped to scuttle the deal.

Then there is the threat. Besides stealing commercially valuable technologies, the hackers can also potentially shut down critical corporate networks. President Obama stressed the problem dramatically in his State of the Union address: “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing.”

The new Chinese capabilities break the established international ground rules. The Chinese would likely retort, if they ever commented publicly, that these ground rules were written by the West and that China will do whatever it thinks is in its interest.

Undoubtedly it will.

Economics teaches us that trade with China should be mutually beneficial. But Machiavellian business practices can seriously harm Canadian companies and workers. We should consider ourselves warned, and our corporations and governments need to significantly step up their cyber defences.

This is an issue that will be with us in a big way for a long time. Which brings up another fact about Mandiant that emerged last week, and which will be of significant interest to young people thinking about careers: Mandiant cyber-security consultants charge $450 or more per hour, and are in high demand.

Keith Halliday is a Yukon economist and author of the MacBride Museum’s Aurore of the Yukon series of historical children’s adventure novels.

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Premier Sandy Silver, left, and Yukon’s Chief Medical Officer of Health Dr. Brendan Hanley speak at a COVID-19 update press conference in Whitehorse on Nov. 19. On Nov. 24, Silver and Hanley announced masks will be mandatory in public places as of Dec. 1, and encouraged Yukoners to begin wearing masks immediately. (Crystal Schick/Yukon News file)
Masks mandatory in public places starting on Dec. 1

“The safe six has just got a plus one,” Silver said.

Dr. Brendan Hanley, Yukon’s chief medical officer of health, speaks at a press conference in Whitehorse on March 30. Hanley announced three more COVID-19 cases in a release on Nov. 21. (Crystal Schick/Yukon News file)
Three more COVID-19 cases, new exposure notice announced

The Yukon’s Chief Medical Officer of Health, Dr. Brendan Hanley, announced three… Continue reading

Yukonomist Keith Halliday
Yukonomist: COVID-19 strikes another blow at high-school students

They don’t show up very often in COVID-19 case statistics, but they… Continue reading

The Cornerstone housing project under construction at the end of Main Street in Whitehorse on Nov. 19. Community Services Minister John Streicker said he will consult with the Yukon Contractors Association after concerns were raised in the legislature about COVID-19 isolation procedures for Outside workers at the site. (Crystal Schick/Yukon News)
Concerns raised about alternate self-isolation plans for construction

Minister Streicker said going forward, official safety plans should be shared across a worksite

Beatrice Lorne was always remembered by gold rush veterans as the ‘Klondike Nightingale’. (Yukon Archives/Maggies Museum Collection)
History Hunter: Beatrice Lorne — The ‘Klondike Nightingale’

In June of 1929, 11 years after the end of the First… Continue reading

Samson Hartland is the executive director of the Yukon Chamber of Mines. The Yukon Chamber of Mines elected a new board of directors during its annual general meeting held virtually on Nov. 17. (Joel Krahn/Yukon News file)
Yukon Chamber of Mines elects new board

The Yukon Chamber of Mines elected a new board of directors during… Continue reading

The Yukon Hospital Corporation has released its annual report for 2019-20, and — unsurprisingly — hospital visitations were down. (Crystal Schick/Yukon News file)
Annual report says COVID-19 had a large impact visitation numbers at Whitehorse General

The Yukon Hospital Corporation has released its annual report for 2019-20, and… Continue reading

Whitehorse City Hall. (Joel Krahn/Yukon News file)
City hall, briefly

A look at decisions made by Whitehorse city council this week

City council was closed to public on March 23 due to gathering rules brought on by the COVID-19 pandemic. The council is now hoping there will be ways to improve access for residents to directly address council, even if it’s a virtual connection. (Crystal Schick/Yukon News file)
Solution sought to allow for more public presentations with council

Teleconference or video may provide opportunities, Roddick says

Megan Waterman, director of the Lastraw Ranch, is using remediated placer mine land in the Dawson area to raise local meat in a new initiative undertaken with the Yukon government’s agriculture branch. (Submitted)
Dawson-area farm using placer miner partnership to raise pigs on leased land

“Who in their right mind is going to do agriculture at a mining claim? But this made sense.”

Riverdale residents can learn more details of the City of Whitehorse’s plan to FireSmart a total of 24 hectares in the area of Chadburn Lake Road and south of the Hidden Lakes trail at a meeting on Nov. 26. (Ian Stewart/Yukon News file)
Meeting will focus on FireSmart plans

Riverdale residents will learn more details of the City of Whitehorse’s FireSmarting… Continue reading

The City of Whitehorse is planning to borrow $10 million to help pay for the construction of the operations building (pictured), a move that has one concillor questioning why they don’t just use reserve funds. (Crystal Schick/Yukon News)
Councillor questions borrowing plan

City of Whitehorse would borrow $10 million for operations building

Most Read