CFR Presents

Asia Unbound

CFR experts give their take on the cutting-edge issues emerging in Asia today.

Print Print Cite Cite
Style: MLA APA Chicago Close


On Shady Rats

by Adam Segal
August 4, 2011

Flags of member nations flying at United Nations Headquarters. (Courtesy UN/Joao Araujo Pinto)

Another week, another report of massive cyber hacking. This time it is a McAfee report, Revealed: Operation Shady RAT, that details hacking that started at least 5 years ago and targeted companies, governments, and nonprofits in 14 countries and territories as well as international organizations such as the UN, ASEAN, the International Olympic Committee, and the World Anti-Doping Agency.  Few of the organizations and companies that were attacked are named in the report, so it is hard to know if these attacks are different from others reported on Lockheed MartinRSA, the Canadian government, or Oak Ridge National Laboratory to name just a few.  While the attacks described in the McAfee report used one Command and Control server, all of these attacks seem to share the same techniques—a spear phishing email that often exploits a zero-day vulnerability (the security researcher Mikko H. Hypponen has posted a pdf of a presentation that explains all of this)—and go after a similar type of information which makes you wonder how clearly one can divide one “operation” from the next.  So I am less worked up about the specific operations and code names, and more about the larger trend—which is that hackers have been gaining access to and stealing data from companies and countries for years.

As usual, the central, and unanswered, question is who is behind the attacks. Because most of the information has little immediate commercial benefit, the McAfee report concludes that the hackers are likely to be state actors.  What would a criminal want with information from ASEAN? Also, since many of the victims have difficult relations with China, then naturally suspicion falls on Beijing.  Again, so the logic goes, what would the common cyber criminal want with Korean or Taiwanese government information?

With all of these events we are quickly brought to the question of the relationship between the state and the hackers. At the extremes, you can imagine purely state hackers and entirely independent hackers. But since this is almost certainly a false dichotomy, you then end up with much messier variations: state actors acting criminally; criminals who contract or sell information to the state; and hackers who move in and out of the orbit of the state.  (This lack of a clear line between state and nonstate is probably one of the defining characteristics of cyber conflict.  Just this week General Michael Hayden, former director of the NSA and CIA, suggested the government might create privateers or “digital Blackwaters” to conduct operations in cyberspace and the NSA and other agencies are looking for new talent at DefCon, the annual hacker convention.)  As Information Warfare Monitor and the Shadowserver Foundation noted in Shadows in the Cloud, there is an emerging ecosystem of crime and espionage, one in which criminal networks can be repurposed for political espionage and signals intelligence.

No matter who is behind it, how does the United States try and bring this kind of activity under control? Ideas on the table include: agreeing to some “rules of the road” with China about what should be off limits; international pressure; pursue a case against China in the WTO for intellectual property rights theft; better defense, and in particular have the government play a more active role in defending the private sector; and better offense. All of these have some pretty serious limitations, but which do you think might work best?

Post a Comment 1 Comment

  • Posted by Paul Sutphin

    Non-state actors undertaking asymmetrical attacks on nations, their infrastructures, economies and citizens. Those victimized governments seemingly powerless to stop these attacks. Sound familiar? Just as the Geneva Convention was an international effort to put some limits on the conduct of war, new international agreements must be worked out that deal with the pursuit, trial, and punishment of these non-state actors. Such agreements must also address the consequences to sovereign governments found supporting any supposed non-state actors. As with any other illegal act, those responsible must be held accountable.

Post a Comment

CFR seeks to foster civil and informed discussion of foreign policy issues. Opinions expressed on CFR blogs are solely those of the author or commenter, not of CFR, which takes no institutional positions. All comments must abide by CFR's guidelines and will be moderated prior to posting.

* Required