Seeing behind the headlines about China’s attack, stealing the governments’ jewels

Summary:  China attacked! Playing a script from countless action-adventure movies, our political leaders and columnists gear up for bold headlines by screaming for war while they know nothing. It’s America. But the info highway gives us information to see beyond the headlines and sort fact from fancy. Here’s the latest news about the massive theft of Federal personnel data. It’s a follow-up to the post describing the attack and who was at fault.

“Experts, shmexperts. Time for action…. Attribution solid enough for the US government is solid enough.”
— Tweets from a man on the street. The kind of American that rulers dream of having.

Contents

1. Dueling US officials.
2. About attribution of attacks.
3. What we know.
4. For more information.

 

(1) Dueling US officials

From the initial announcement of the theft of files from the Federal Office of Personnel Management (OPM), anonymous officials confidently blamed China — which journalists repeated as fact. The FBI has made no official statement since its “we working” on it statement on June 4. China has denied the accusation, of course.

Today we got more useful information from the GeoInt 2015 Symposium (geoint: geospacial intelligence):

“So what really makes you think that, as the head of NSA and Cyber Com, I’m going to talk with you about this,” he told a reporter here today. … Rogers’ response did seem a trifle dismissive of a reasonable question asked reasonably in an open forum. {Breaking Defense}

Rogers spoke in response to a question about how the National Security Agency was going about attributing the breach to the Chinese government. “You’ve put an assumption in your question,” he said. “I’m not going to get into the specifics of attribution. It’s a process that’s ongoing.”

… Rogers’s hedged response, given during a question-and-answer session at the GEOINT symposium in downtown Washington, comes in stark contrast to the NSA’s approach to attribution during the Sony hack. In that case the FBI, working with the NSA and DHS, quickly named North Korea as the perpetrator, resulting in the prompt issuance of sanctions.

Rogers called that a great example of cross-agency collaboration. “Working across the United States government, DHS, FBI and the National Security agency, we were able to relatively quickly come to consensus about the characterization of the activity we were seeing coming in, which formed the basis of our attribution, and with a relatively high confidence factor, which allowed us to respond in a very public and direct way.”

Why hasn’t that collaboration worked in the case of the OPM hack? Said Rogers: “every dataset is different.”  {Defense One}

Director of National Intelligence James Clapper also spoke at GeoInt, giving a remarkably casual statement on a matter of such importance.

“You know on the one hand, please don’t take this the wrong way, but you have to kind of salute the Chinese for what they did … If we had the opportunity to do that, I don’t think we’d hesitate for a minute.” When pressed to clarify whether he was naming China in the theft of potentially tens of millions of people’s data, the intelligence head added, “Well, I mean that’s the leading suspect.”  {The Hill}

(2)  About attribution of attacks: who did it?

After every cyberattack journalists find someone to make a fast confident claim identifying the guilty party. It’s usually nonsense, since determining who conducted a cyberattack ranges from difficult to impossible using purely network tools. For more about this see…

1. About Attribution (identifying your attacker) by Marcus Ranum.
2. How do we identify our attackers in cyberspace? by Marcus Ranum.
3. The horror of cyberspace: we can’t easily identify our attackers by Marcus Ranum.
4. Identifying the guilty: tying nation states to cyber espionage, by Emilio Iasiello.
5. “The Attribution Problem in Cyber Attacks” by Dimitar Kostadinov at INFOSEC Institute.

(3)  What we know

The relevant background shows a clear contrast.  DNI Clapper’s bio shows long experience with intelligence, but none in cybersecurity. NSA Director Michael Rogers has worked in the information warfare field since 1986.

More importantly, Director Roger’s statement is a kind of admission against interest, countering the US government’s long campaign against China — generally convincing the American people that’s its a threat, and specifically that its committed the OPM theft. He’s not likely to have said that lightly, or without good reason.

As with more conventional thefts, exposure becomes more likely when they use the stolen information. Whether it is blackmail of a few key people or mass credit attacks on thousands (or millions), a trail appears for convention police and security services to follow — much as al Qaeda was dismantled after 9/11, until our occupations of Afghanistan and Iraq revitalized it.

All that we can say with confidence today is that we do not know who penetrated OPM’s systems — and that the US government has a long history of lies about such matters (proved false months or years later).

(4)  For More Information

For a timeline and briefing I recommend this by journalist Brian Krebs.  If you liked this post, like us on Facebook and follow us on Twitter. See all posts about cybersecurity and cyberwar.

To learn more about this vital subject, here are some useful books …

• Kevin Mitnick’s Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker,
• Andy Greenberg’s This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World’s Information,
• Brian Krebs’ Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door.
• Kim Zetter’s Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, describing the new era of war and preparing you for the next attack (see a review here).