During the past year, with increasing frequency --sometimes for over two hours at a time-- my home server became sluggish and marginally responsive to web-page requests, e-mail and remote logins. The network stayed up, the server wasn't overloaded and all my programs remained running right at their peak performance levels. So what in the world was getting in between me and my server? The thugs and information bandits that were trying to break in from halfway around the world. Like Three Mile Island in 1979, a strong containment was required to prevent this new China Syndrome. I tightened my firewall rules to deny access from nearly every network in the Bamboo Curtain's modern shadow.
On September 30th, the (new) machine that hosts Serendipity35 began sending me alerts about "possible break-in attempts." A review of my auth and security log files revealed a brute force dictionary attack --a break-in attempt that sends every word in a dictionary at a break-neck rate to try and log on to server accounts with weak or empty passwords A re-tracing of its IP address footsteps lead right back to the culprit in China. I e-mailed the network security officer at NJIT and reported the problem. On October 3rd, when I spoke to him on the phone, his response was:
"So what else is new?"
The attacks and break-in attempts from China are so numerous that the University's network security doesn't attempt to block them at the source, but leaves server defense largely up to the individual machine. In order to block all the attacks at the university's firewall, all of China (and a big chunk of South East Asia and South America) would lose all network contact with NJIT. The need for worldwide availability, apparently, trumps the need for network security in the academic research environment.
"U.S. Rep. Frank Wolf (R.-Va.), a frequent advocate of human rights causes, said that in August 2006 an outside attack was made on four of his office computers that contained: 'information about all of the casework I have done on behalf of political dissidents and human rights activists around the world.'"
House Information Resources and FBI officials told Wolf that the attacks came from within the People's Republic of China, he added.
"These cyber-attacks permitted the source to probe our computers to evaluate our system's defenses, and to view and copy information," Wolf said. "My suspicion is that I was targeted by Chinese sources because of my long history of speaking out about China's abysmal human rights record.""
Another House member, Christopher Smith (from my district) in New Jersey reported break-in attempts from China that targeted sensitive files
"These contained legislative proposals directly related to Beijing, including the Global Online Freedom Act, e-mails with human rights groups regarding strategy, information on hearings on China -- I chaired more than 25 hearings on human rights abuses in China -- and the names of Chinese dissidents," Smith recounted. "While this absolutely doesn't prove that Beijing was behind the attack, it raises very serious concern that it was."
Part of China's response to the allegations was to state that they were a developing nation without the resources to mount a clandestine cyber-attack. Reacting to the Chinese response, Jody Westby, CEO of Global Cyber Risk and Carnegie-Mellon University, said:
"That's preposterous, They certainly do have the technical know-how, and have openly stated in their own government documents that they are actively developing the
capability with the goal of being able to win an informatized war by 2050. We know that they have hacked into the Department of Defense, we know that they are all over our systems, and we suspect they have probably penetrated many millions of computers in the United States. The Chinese are probably the country most actively and openly pursuing cyber-warfare capabilities."
When reporting on Google's initiative to establish a government sanctioned and censored version of it's search engine for China in 2006, the BBC wrote:
"The Chinese government keeps a tight rein on the internet and what users can access."
And that is a view that is disputed by very few, Jody Westby has also said about Chinese technical abilities:
"In China, the government has control over communications, so why aren't they cooperating?"
"They're one of the most sophisticated countries when it comes to communications and technology
-- especially when it comes to the Internet."
In a shooting war like World War II, we had blackout curtains to shield our shores and rationing to conserve our natural resources. In the Cold War we had an arms race, nuclear brinkmanship, and air raid shelters in schoolhouse basements to try and limit our exposure to a radioactive holocaust. But, in the silent war of information aggression we have foreign ghosts in our machines and ambivalent strategies to keep them out. The only policy seems to be to accept that there is no global solution, and to pass the problem along to the end-user's network. So the next time you read some mention of a "Denial of Service" attack or your e-mail slows to a crawl, or your favorite website is oddly unavailable, don't dismiss it as just another computer virus. There is a very good chance you've been visited by a dragon.