Economic warfare, 21st century style

A little-known cyber-security firm called Mandiant dropped a bombshell last week. The Washington, D.C.

A little-known cyber-security firm called Mandiant dropped a bombshell last week. The Washington, D.C.-based outfit released a report that made a very convincing case that Chinese government agencies are behind a vast range of highly sophisticated electronic attacks on Western companies and governments.

Their report was highly detailed, including video capture of real cyber attacks from Shanghai and an appendix documenting thousands of examples from the Chinese “malware arsenal.”

Many of the attacks are aimed at Western companies, especially those in industries China has identified as strategic, rather than more traditional targets like defence ministries and spy agencies.

Economists seldom make it into James Bond films, despite Ian Fleming’s own espionage work taking place in a sister organization to Britain’s Ministry of Economic Warfare. Undercover economists schemed to debase the German currency, freeze enemy assets and cut off Nazi access to strategic metals like tungsten and chromium. Wassily Leontief even pioneered input-output analysis, a bane of many undergraduate economics courses, to figure out which German factories to bomb.

More recently, economic warfare has been a key part of our fight against terrorism and drug cartels. Most people would be surprised to learn how much effort around the world goes into tracking and disrupting the channels that al-Qaida and other malefactors use to finance their activities.

Mandiant’s report focuses on the activities of one cluster of hackers, which in cyber-security jargon it calls Advanced Persistent Threat 1 (APT1). The report is based on tracking APT1 attacks on 141 corporate and government victims over the last seven years. Some details from the report: 87 per cent were headquartered in English-speaking countries, industries targeted included four of the seven strategic industries in China’s Five Year Plan, and 937 Command and Control servers are controlled in 13 countries controlling thousands of domain names.

Ninety-seven per cent of the time Mandiant was able to track the hackers activating their attack systems: their IP addresses were in Shanghai and their computers’ language settings were “Simplified Chinese.” Mandiant has identified the group as People Liberation Army Unit 61398 in Shanghai and even has the address and the China Telecom form ordering the installation of high-capacity fibre-optic cables for “national defence” purposes.

The Chinese government vehemently denies it is involved in hacking. After claims emerged that Chinese hackers had downloaded huge amounts of Nortel secrets before the bankruptcy of that iconic Canadian high-tech firm, its embassy told the CBC that “cyber attacks are transnational and anonymous. It is irresponsible to prejudge the origin of attacks without thorough investigation and hard evidence.”

The official Chinese line is hard to reconcile with the detailed evidence accumulated by Mandiant and others.

China’s new capabilities upset other nations in three ways: their economic nature, their scale and their threat.

Nations have always spied on each other, including the U.S./U.K./Canada/Australia partnership that has been so successful in the signals-intelligence and code-breaking world. And corporate executives from aerospace and defence companies have always been well advised to keep a close eye on their briefcases during foreign visits, including to nominally allied countries.

But the Mandiant report describes an organization that goes far beyond pilfering an executive’s email during a bidding process. Instead, we have a large organization with hundreds and perhaps thousands of employees dedicated to deeply penetrating Western companies and downloading their fundamental business plans, blueprints and technologies. And the focused nature of the attacks suggest industry specialists are guiding the hackers, ensuring that the terabytes of data can be analyzed and exploited once stolen.

Mandiant doesn’t mention names, but other media reports suggest Chinese hackers had almost unfettered access to Nortel’s most sensitive computer files for years. These files would have been of enormous value to Chinese telecommunications equipment manufacturers.

Then there is the massive scale of the operation. According to Mandiant, early 2011 saw APT1 penetrate 17 new victims in 10 different industries.

APT1 targets include 115 victims in the U.S., two in Canada and 24 others. Industries included technology, media, transportation, banking, law firms and more recently metals and mining companies.

You may recall media reports in Canada in 2010 about a massive cyber attack on Canadian law firms, government ministries and other firms involved in the potential takeover of Potash Corp. of Saskatchewan. China is one of the biggest importers in the potash business and there were unconfirmed suggestions by industry players at the time that China hoped to scuttle the deal.

Then there is the threat. Besides stealing commercially valuable technologies, the hackers can also potentially shut down critical corporate networks. President Obama stressed the problem dramatically in his State of the Union address: “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing.”

The new Chinese capabilities break the established international ground rules. The Chinese would likely retort, if they ever commented publicly, that these ground rules were written by the West and that China will do whatever it thinks is in its interest.

Undoubtedly it will.

Economics teaches us that trade with China should be mutually beneficial. But Machiavellian business practices can seriously harm Canadian companies and workers. We should consider ourselves warned, and our corporations and governments need to significantly step up their cyber defences.

This is an issue that will be with us in a big way for a long time. Which brings up another fact about Mandiant that emerged last week, and which will be of significant interest to young people thinking about careers: Mandiant cyber-security consultants charge $450 or more per hour, and are in high demand.

Keith Halliday is a Yukon economist and author of the MacBride Museum’s Aurore of the Yukon series of historical children’s adventure novels.

Just Posted

YG helping Whistle Bend hires facing housing hunt

‘We always knew there would be significant housing required’

Kaska Dena Council hunting consultation trial wraps up

Yukon government has a ‘selective case of amnesia’ about the KDC, the society’s lawyer said

City of Whitehorse to unveil plans for Whistle Bend town square

‘We’re not trying to reinvent the wheel’

Jessica Frotten captures 4 medals at Canadian Track and Field Championships

‘I’ve had such amazing support system, that’s number one’

Whitehorse dressage show a competition for all ages

‘It’s about being one with your horse and working as a team and celebrating the harmony’

Dawson regional land use planning commission to be restored by fall

Plans were suspended while the Peel planning commission case worked its way through the courts

Great Northern Tournament returns for fourth medieval combat event

‘Every year it grows a little more and we get a little better at it’

Chilkat Challenge Triathlon holds second race

Dozens of racers paddled, biked and ran from Mosquito Lake to Chilkat State Park

YESAB report urges traffic lights at Alaska Highway intersection

Lower speed limits suggested ahead of new gas station construction

Yukon government denies it owes substitute teachers unpaid wages

The Department of Education filed responses July 5 to five lawsuits launched against it by substitute teachers

Some women won the marriage lottery in the Klondike

Others did not fare so well in love

Most Read